for binary in ("useradd", "groupadd"):
if context.config.find_binary(binary):
scripts[binary] = (binary, "--root", "/buildroot")
+ if ukify := context.config.find_binary("ukify"):
+ # A script will always run with the tools tree mounted so we pass binary=None to disable the conditional search
+ # logic of python_binary() depending on whether the binary is in an extra search path or not.
+ scripts["ukify"] = (python_binary(context.config, binary=None), ukify)
return finalize_scripts(context.config, scripts | dict(helpers))
return output
-def python_binary(config: Config) -> str:
+def python_binary(config: Config, *, binary: Optional[PathString]) -> str:
+ tools = (
+ not binary or
+ not (path := config.find_binary(binary)) or
+ not any(path.is_relative_to(d) for d in config.extra_search_paths)
+ )
+
# If there's no tools tree, prefer the interpreter from MKOSI_INTERPRETER. If there is a tools
# tree, just use the default python3 interpreter.
- return "python3" if config.tools_tree else os.getenv("MKOSI_INTERPRETER", "python3")
+ return "python3" if tools and config.tools_tree else os.getenv("MKOSI_INTERPRETER", "python3")
def extract_pe_section(context: Context, binary: Path, section: str, output: Path) -> Path:
with open(output, "wb") as f:
result = run(
- [python_binary(context.config)],
+ [python_binary(context.config, binary=None)],
input=pefile,
stdout=f,
- sandbox=context.sandbox(binary=python_binary(context.config), mounts=[Mount(binary, binary, ro=True)]),
+ sandbox=context.sandbox(
+ binary=python_binary(context.config, binary=None),
+ mounts=[Mount(binary, binary, ro=True),
+ ]),
success_exit_status=(0, 67),
)
if result.returncode == 67:
die("Could not find ukify")
cmd: list[PathString] = [
+ python_binary(context.config, binary=ukify),
ukify,
"--cmdline", f"@{context.workspace / 'cmdline'}",
"--os-release", f"@{context.root / 'usr/lib/os-release'}",
if microcodes:
# new .ucode section support?
if (
- systemd_tool_version(context.config, ukify) >= "256" and
+ systemd_tool_version(context.config, python_binary(context.config, binary=ukify), ukify) >= "256" and
(version := systemd_stub_version(context, stub)) and
version >= "256"
):
hint=f"Use ToolsTree=default to get a newer version of '{tools[0]}'.")
+def check_ukify(
+ config: Config,
+ version: str,
+ reason: str,
+ hint: Optional[str] = None,
+) -> None:
+ ukify = check_tool(config, "ukify", "/usr/lib/systemd/ukify", reason=reason, hint=hint)
+
+ v = systemd_tool_version(config, python_binary(config, binary=ukify), ukify)
+ if v < version:
+ die(f"Found '{ukify}' with version {v} but version {version} or newer is required to {reason}.",
+ hint="Use ToolsTree=default to get a newer version of 'ukify'.")
+
+
def check_tools(config: Config, verb: Verb) -> None:
check_tool(config, "bwrap", reason="execute sandboxed commands")
check_tool(config, "depmod", reason="generate kernel module dependencies")
if want_efi(config) and config.unified_kernel_images == ConfigFeature.enabled:
- check_systemd_tool(
+ check_ukify(
config,
- "ukify", "/usr/lib/systemd/ukify",
version="254",
reason="build bootable images",
hint="Use ToolsTree=default to download most required tools including ukify automatically or use "
check_tool(config, "setfiles", reason="relabel files")
if config.secure_boot_key_source.type != KeySource.Type.file:
- check_systemd_tool(
+ check_ukify(
config,
- "ukify", "/usr/lib/systemd/ukify",
version="256",
reason="sign Unified Kernel Image with OpenSSL engine",
)
"""Serve the output directory via a tiny HTTP server"""
run(
- [python_binary(config), "-m", "http.server", "8081"],
+ [python_binary(config, binary=None), "-m", "http.server", "8081"],
stdin=sys.stdin, stdout=sys.stdout,
sandbox=config.sandbox(
- binary=python_binary(config),
+ binary=python_binary(config, binary=None),
network=True,
relaxed=True,
options=["--chdir", config.output_dir_or_cwd()],
projects / thirdparty / mkosi.git / commitdiff
