]> git.ipfire.org Git - thirdparty/systemd.git/blob - mkosi.build
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #24555 from medhefgo/bootctl
[thirdparty/systemd.git] / mkosi.build
1 #!/bin/sh
2 # SPDX-License-Identifier: LGPL-2.1-or-later
3 set -e
4
5 # This is a build script for OS image generation using mkosi (https://github.com/systemd/mkosi).
6 # Simply invoke "mkosi" in the project directory to build an OS image.
7
8 ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:disable_coredump=0:use_madv_dontdump=1
9 UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
10
11 # On Fedora "ld" is (unfortunately — if you ask me) managed via
12 # "alternatives". Since we'd like to support building images in environments
13 # with only /usr/ around (e.g. mkosi's UsrOnly=1 option), we have the problem
14 # that /usr/bin/ld is a symlink that points to a non-existing file in
15 # /etc/alternative/ in this mode. Let's work around this for now by manually
16 # redirect "ld" to "ld.bfd", i.e. circumventing the /usr/bin/ld symlink.
17 if [ ! -x /usr/bin/ld ] && [ -x /usr/bin/ld.bfd ]; then
18 mkdir -p "$HOME"/bin
19 ln -s /usr/bin/ld.bfd "$HOME"/bin/ld
20 PATH="$HOME/bin:$PATH"
21 fi
22
23 # If mkosi.builddir/ exists mkosi will set $BUILDDIR to it, let's then use it
24 # as out-of-tree build dir. Otherwise, let's make up our own builddir.
25 [ -z "$BUILDDIR" ] && BUILDDIR=build
26
27 # Meson uses Python 3 and requires a locale with an UTF-8 character map.
28 # Not running under UTF-8 makes the `ninja test` step break with a CodecError.
29 # So let's ensure we're running under UTF-8.
30 #
31 # If our current locale already is UTF-8, then we don't need to do anything:
32 if [ "$(locale charmap 2>/dev/null)" != "UTF-8" ] ; then
33 # Try using C.UTF-8 locale, if available. This locale is not shipped
34 # by upstream glibc, so it's not available in all distros.
35 # (In particular, it's not available in Arch Linux.)
36 if locale -a | grep -q -E "C.UTF-8|C.utf8"; then
37 export LC_CTYPE=C.UTF-8
38 # Finally, try something like en_US.UTF-8, which should be
39 # available in Arch Linux, but is not present in Debian's
40 # minimal image in our mkosi config.
41 elif locale -a | grep -q en_US.utf8; then
42 export LC_CTYPE=en_US.UTF-8
43 else
44 # If nothing works, fail early.
45 echo "*** Could not find a valid locale that supports UTF-8. ***" >&2
46 exit 1
47 fi
48 fi
49
50 # The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and
51 # using the current kernel version. This obviously doesn't work in containers. As a workaround, we override
52 # the ubuntu script with a symlink to the first bpftool program we can find.
53 for bpftool in /usr/lib/linux-tools/*/bpftool; do
54 [ -x "$bpftool" ] || continue
55 ln -sf "$bpftool" /usr/sbin/bpftool
56 break
57 done
58
59 # CentOS Stream 8 includes bpftool 4.18.0 which is lower than what we need. However, they've backported the
60 # specific feature we need ("gen skeleton") to this version, so we replace bpftool with a script that reports
61 # version 5.6.0 to satisfy meson which makes bpf work on CentOS Stream 8 as well.
62 if [ "$(grep '^ID=' /etc/os-release)" = "ID=\"centos\"" ] && [ "$(grep '^VERSION=' /etc/os-release)" = "VERSION=\"8\"" ]; then
63 cp /usr/sbin/bpftool /usr/sbin/bpftool.real
64 cat >/usr/sbin/bpftool <<EOF
65 #!/bin/sh
66 if [ "\$1" = --version ]; then
67 echo 5.6.0
68 else
69 exec /usr/sbin/bpftool.real \$@
70 fi
71 EOF
72 chmod +x /usr/sbin/bpftool
73 fi
74
75 if [ ! -f "$BUILDDIR"/build.ninja ] ; then
76 sysvinit_path=$(realpath /etc/init.d)
77
78 init_path=$(realpath /sbin/init 2>/dev/null)
79 if [ -z "$init_path" ] ; then
80 rootprefix=""
81 else
82 rootprefix=${init_path%/lib/systemd/systemd}
83 rootprefix=/${rootprefix#/}
84 fi
85
86 meson "$BUILDDIR" \
87 -D "sysvinit-path=$sysvinit_path" \
88 -D "rootprefix=$rootprefix" \
89 -D man=false \
90 -D translations=false \
91 -D version-tag="${VERSION_TAG}" \
92 -D mode=developer \
93 -D b_sanitize="${SANITIZERS:-none}" \
94 -D install-tests=true \
95 -D tests=unsafe \
96 -D slow-tests=true \
97 -D utmp=true \
98 -D hibernate=true \
99 -D ldconfig=true \
100 -D resolve=true \
101 -D efi=true \
102 -D tpm=true \
103 -D environment-d=true \
104 -D binfmt=true \
105 -D repart=true \
106 -D sysupdate=true \
107 -D coredump=true \
108 -D pstore=true \
109 -D oomd=true \
110 -D logind=true \
111 -D hostnamed=true \
112 -D localed=true \
113 -D machined=true \
114 -D portabled=true \
115 -D sysext=true \
116 -D userdb=true \
117 -D homed=true \
118 -D networkd=true \
119 -D timedated=true \
120 -D timesyncd=true \
121 -D remote=true \
122 -D nss-myhostname=true \
123 -D nss-mymachines=true \
124 -D nss-resolve=true \
125 -D nss-systemd=true \
126 -D firstboot=true \
127 -D randomseed=true \
128 -D backlight=true \
129 -D vconsole=true \
130 -D quotacheck=true \
131 -D sysusers=true \
132 -D tmpfiles=true \
133 -D importd=true \
134 -D hwdb=true \
135 -D rfkill=true \
136 -D xdg-autostart=true \
137 -D translations=true \
138 -D polkit=true \
139 -D acl=true \
140 -D audit=true \
141 -D blkid=true \
142 -D fdisk=true \
143 -D kmod=true \
144 -D pam=true \
145 -D pwquality=true \
146 -D microhttpd=true \
147 -D libcryptsetup=true \
148 -D libcurl=true \
149 -D idn=true \
150 -D libidn2=true \
151 -D qrencode=true \
152 -D gcrypt=true \
153 -D gnutls=true \
154 -D openssl=true \
155 -D cryptolib=openssl \
156 -D p11kit=true \
157 -D libfido2=true \
158 -D tpm2=true \
159 -D elfutils=true \
160 -D zstd=true \
161 -D xkbcommon=true \
162 -D pcre2=true \
163 -D glib=true \
164 -D dbus=true \
165 -D gnu-efi=true \
166 -D kernel-install=true \
167 -D analyze=true \
168 -D bpf-framework=true
169 fi
170
171 cd "$BUILDDIR"
172 ninja "$@"
173 if [ "$WITH_TESTS" = 1 ] ; then
174 for id in 1 2 3; do
175 getent group $id >/dev/null || echo "g testgroup$id $id -" | ./systemd-sysusers -
176 done
177
178 if [ -n "$SANITIZERS" ]; then
179 export ASAN_OPTIONS="$ASAN_OPTIONS"
180 export UBSAN_OPTIONS="$UBSAN_OPTIONS"
181 TIMEOUT_MULTIPLIER=3
182 else
183 TIMEOUT_MULTIPLIER=1
184 fi
185
186 meson test --print-errorlogs --timeout-multiplier=$TIMEOUT_MULTIPLIER
187 fi
188 cd "$SRCDIR"
189
190 # Ubuntu Focal is stuck with meson 0.53.0.
191 if [ "$(meson -v | cut -d . -f 2)" -gt 53 ] ; then
192 meson install -C "$BUILDDIR" --quiet --no-rebuild --only-changed
193 else
194 meson install -C "$BUILDDIR" --no-rebuild --only-changed
195 fi
196
197 mkdir -p "$DESTDIR"/etc
198
199 cat >"$DESTDIR"/etc/issue <<EOF
200 \S (built from systemd tree)
201 Kernel \r on an \m (\l)
202
203 EOF
204
205 if [ -n "$IMAGE_ID" ] ; then
206 mkdir -p "$DESTDIR"/usr/lib
207 sed -n \
208 -e '/^IMAGE_ID=/!p' \
209 -e "\$aIMAGE_ID=$IMAGE_ID" <"/usr/lib/os-release" >"${DESTDIR}/usr/lib/os-release"
210
211 OSRELEASEFILE="$DESTDIR"/usr/lib/os-release
212 else
213 OSRELEASEFILE=/usr/lib/os-release
214 fi
215
216
217 if [ -n "$IMAGE_VERSION" ] ; then
218 mkdir -p "$DESTDIR"/usr/lib
219 sed -n \
220 -e '/^IMAGE_VERSION=/!p' \
221 -e "\$aIMAGE_VERSION=$IMAGE_VERSION" <$OSRELEASEFILE >"/tmp/os-release.tmp"
222
223 cat /tmp/os-release.tmp >"$DESTDIR"/usr/lib/os-release
224 rm /tmp/os-release.tmp
225 fi
226
227 # If $CI_BUILD is set, copy over the CI service which executes a service check
228 # after boot and then shuts down the machine
229 if [ -n "$CI_BUILD" ]; then
230 mkdir -p "$DESTDIR/usr/lib/systemd/system"
231 cp -v "$SRCDIR/test/mkosi-check-and-shutdown.service" "$DESTDIR/usr/lib/systemd/system/mkosi-check-and-shutdown.service"
232 cp -v "$SRCDIR/test/mkosi-check-and-shutdown.sh" "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh"
233 chmod +x "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh"
234 fi
235
236 if [ -n "$SANITIZERS" ]; then
237 LD_PRELOAD=$(ldd $BUILDDIR/systemd | grep libasan.so | awk '{print $3}')
238
239 mkdir -p "$DESTDIR/etc/systemd/system.conf.d"
240
241 cat >"$DESTDIR/etc/systemd/system.conf.d/10-asan.conf" <<EOF
242 [Manager]
243 ManagerEnvironment=ASAN_OPTIONS=$ASAN_OPTIONS\\
244 UBSAN_OPTIONS=$UBSAN_OPTIONS\\
245 LD_PRELOAD=$LD_PRELOAD
246 DefaultEnvironment=ASAN_OPTIONS=$ASAN_OPTIONS\\
247 UBSAN_OPTIONS=$UBSAN_OPTIONS\\
248 LD_PRELOAD=$LD_PRELOAD
249 EOF
250
251 # ASAN logs to stderr by default. However, journald's stderr is connected to /dev/null, so we lose
252 # all the ASAN logs. To rectify that, let's connect journald's stdout to the console so that any
253 # sanitizer failures appear directly on the user's console.
254 mkdir -p "$DESTDIR/etc/systemd/system/systemd-journald.service.d"
255
256 cat >"$DESTDIR/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf" <<EOF
257 [Service]
258 StandardOutput=tty
259 EOF
260
261 # Both systemd and util-linux's login call vhangup() on /dev/console which disconnects all users.
262 # This means systemd-journald can't log to /dev/console even if we configure `StandardOutput=tty`. As
263 # a workaround, we modify console-getty.service to disable systemd's vhangup() and disallow login
264 # from calling vhangup() so that journald's ASAN logs correctly end up in the console.
265
266 mkdir -p "$DESTDIR/etc/systemd/system/console-getty.service.d"
267
268 cat >"$DESTDIR/etc/systemd/system/console-getty.service.d/10-no-vhangup.conf" <<EOF
269 [Service]
270 TTYVHangup=no
271 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
272 EOF
273 fi
274
275 # Make sure services aren't enabled by default on Debian/Ubuntu.
276 mkdir -p "$DESTDIR/etc/systemd/system-preset"
277 echo "disable *" >"$DESTDIR/etc/systemd/system-preset/99-mkosi.preset"
278
279 if [ -d mkosi.kernel/ ]; then
280 cd "$SRCDIR/mkosi.kernel"
281 mkdir -p "$BUILDDIR/mkosi.kernel"
282
283 # Ensure fast incremental builds by fixating these values which usually change for each build.
284 export KBUILD_BUILD_TIMESTAMP="Fri Jun 5 15:58:00 CEST 2015"
285 export KBUILD_BUILD_HOST="mkosi"
286
287 make O="$BUILDDIR/mkosi.kernel" defconfig
288
289 scripts/config \
290 --file "$BUILDDIR/mkosi.kernel/.config" \
291 --enable BPF_SYSCALL \
292 --enable BPF_JIT \
293 --enable BPF_JIT_ALWAYS_ON \
294 --enable BPF_JIT_DEFAULT_ON \
295 --enable BPF_UNPRIV_DEFAULT_OFF \
296 --enable USERMODE_DRIVER \
297 --enable BPF_PRELOAD \
298 --enable BPF_PRELOAD_UMD \
299 --enable BPF_LSM \
300 --enable DEBUG_INFO_DWARF_TOOLCHAIN_DEFAULT \
301 --enable DEBUG_INFO_BTF \
302 --enable BTRFS_FS \
303 --enable BTRFS_FS_POSIX_ACL \
304 --enable PSI \
305 --enable CGROUPS \
306 --enable CGROUP_BPF \
307 --enable MEMCG \
308 --enable MEMCG_SWAP \
309 --enable MEMCG_KMEM \
310 --enable IMA_ARCH_POLICY \
311 --enable DM_VERITY_VERIFY_ROOTHASH_SIG \
312 --enable DM_VERITY_VERIFY_ROOTHASH_SIG_SECONDARY_KEYRING \
313 --enable INTEGRITY_MACHINE_KEYRING \
314 --enable NETFILTER_ADVANCED \
315 --enable NF_CONNTRACK_MARK
316
317 # Make sure all unset options are set to their default value.
318 make O="$BUILDDIR/mkosi.kernel" olddefconfig
319
320 make O="$BUILDDIR/mkosi.kernel" -j "$(nproc)"
321
322 KERNEL_RELEASE="$(make O=$BUILDDIR/mkosi.kernel -s kernelrelease)"
323 mkdir -p "$DESTDIR/usr/lib/modules/$KERNEL_RELEASE"
324 make O="$BUILDDIR/mkosi.kernel" INSTALL_HDR_PATH=/usr headers_install
325 make O="$BUILDDIR/mkosi.kernel" INSTALL_MOD_PATH="$DESTDIR/usr" modules_install
326 make O="$BUILDDIR/mkosi.kernel" INSTALL_PATH="$DESTDIR/usr/lib/modules/$KERNEL_RELEASE" install
327 mkdir -p "$DESTDIR/usr/lib/kernel/selftests"
328 make -C tools/testing/selftests -j "$(nproc)" O="$BUILDDIR/mkosi.kernel" KSFT_INSTALL_PATH="$DESTDIR/usr/lib/kernel/selftests" SKIP_TARGETS="" install
329 fi
Unnamed repository; edit this file 'description' to name the repository.