with complete_step("Running finalize script…"):
bwrap([state.config.finalize_script],
- root=state.config.tools_tree,
+ tools=state.config.tools_tree,
env={**state.environment, "BUILDROOT": str(state.root), "OUTPUTDIR": str(state.staging)})
"-subject",
"-nameopt", "multiline",
"-in", certificate,
- ], root=state.config.tools_tree, stdout=subprocess.PIPE).stdout
+ ], tools=state.config.tools_tree, stdout=subprocess.PIPE).stdout
for line in output.splitlines():
if not line.strip().startswith("commonName"):
"-out", state.workspace / "secure-boot.p12",
"-inkey", state.config.secure_boot_key,
"-in", state.config.secure_boot_certificate],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
bwrap(["pk12util",
"-K", "",
"-W", "",
"-i", state.workspace / "secure-boot.p12",
"-d", state.workspace / "pesign"],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
def install_boot_loader(state: MkosiState) -> None:
"--cert", state.config.secure_boot_certificate,
"--output", output,
input],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
elif (state.config.secure_boot_sign_tool == SecureBootSignTool.pesign or
state.config.secure_boot_sign_tool == SecureBootSignTool.auto and
shutil.which("pesign") is not None):
"--force",
"--in", input,
"--out", output],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
else:
die("One of sbsign or pesign is required to use SecureBoot=")
with complete_step("Installing boot loader…"):
bwrap(["bootctl", "install", "--root", state.root, "--all-architectures"],
- env={"SYSTEMD_ESP_PATH": "/efi"}, root=state.config.tools_tree)
+ env={"SYSTEMD_ESP_PATH": "/efi"}, tools=state.config.tools_tree)
if state.config.secure_boot:
assert state.config.secure_boot_key
"-outform", "DER",
"-in", state.config.secure_boot_certificate,
"-out", state.workspace / "mkosi.der"],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
bwrap(["sbsiglist",
"--owner", str(uuid.uuid4()),
"--type", "x509",
"--output", state.workspace / "mkosi.esl",
state.workspace / "mkosi.der"],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
# We reuse the key for all secure boot databases to keep things simple.
for db in ["PK", "KEK", "db"]:
"--output", keys / f"{db}.auth",
db,
state.workspace / "mkosi.esl"],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
def install_base_trees(state: MkosiState) -> None:
shutil.unpack_archive(path, state.root)
elif path.suffix == ".raw":
bwrap(["systemd-dissect", "--copy-from", path, "/", state.root],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
else:
die(f"Unsupported base tree source {path}")
t.parent.mkdir(mode=0o755, parents=True, exist_ok=True)
if source.is_dir() or target:
- copy_path(source, t, preserve_owner=False, root=state.config.tools_tree)
+ copy_path(source, t, preserve_owner=False, tools=state.config.tools_tree)
else:
shutil.unpack_archive(source, t)
t.parent.mkdir(mode=0o755, parents=True, exist_ok=True)
if source.is_dir() or target:
- copy_path(source, t, preserve_owner=False, root=state.config.tools_tree)
+ copy_path(source, t, preserve_owner=False, tools=state.config.tools_tree)
else:
shutil.unpack_archive(source, t)
t.parent.mkdir(mode=0o755, parents=True, exist_ok=True)
if source.is_dir() or target:
- copy_path(source, t, preserve_owner=False, root=state.config.tools_tree)
+ copy_path(source, t, preserve_owner=False, tools=state.config.tools_tree)
else:
shutil.unpack_archive(source, t)
return
with complete_step("Copying in build tree…"):
- copy_path(state.install_dir, state.root, root=state.config.tools_tree)
+ copy_path(state.install_dir, state.root, tools=state.config.tools_tree)
def gzip_binary() -> str:
]
with complete_step("Creating archive…"):
- bwrap(cmd, root=state.config.tools_tree)
+ bwrap(cmd, tools=state.config.tools_tree)
def find_files(dir: Path, root: Path) -> Iterator[Path]:
def make_cpio(state: MkosiState, files: Iterator[Path], output: Path) -> None:
- with complete_step(f"Creating cpio {output}…"), bwrap_cmd(root=state.config.tools_tree) as bwrap:
+ with complete_step(f"Creating cpio {output}…"), bwrap_cmd(tools=state.config.tools_tree) as bwrap:
cmd: list[PathString] = [
*bwrap,
"cpio",
# modinfo and it'll process them all in a single go. We get the modinfo for all modules to build two maps
# that map the path of the module to its module dependencies and its firmware dependencies respectively.
info = bwrap(["modinfo", "--basedir", state.root, "--set-version", kver, "--null", *nametofile.keys(), *builtin],
- stdout=subprocess.PIPE, root=state.config.tools_tree).stdout
+ stdout=subprocess.PIPE, tools=state.config.tools_tree).stdout
moddep = {}
firmwaredep = {}
if state.config.kernel_modules_initrd:
cmd += [gen_kernel_modules_initrd(state, kver)]
- bwrap(cmd, root=state.config.tools_tree)
+ bwrap(cmd, tools=state.config.tools_tree)
if not state.staging.joinpath(state.config.output_split_uki).exists():
shutil.copy(boot_binary, state.staging / state.config.output_split_uki)
with dst.open("wb") as o:
bwrap(compressor_command(compression), user=state.uid, group=state.gid, stdin=i, stdout=o,
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
def copy_nspawn_settings(state: MkosiState) -> None:
Path(os.environ['HOME']).joinpath('.gnupg')
)
},
- root=state.config.tools_tree,
+ tools=state.config.tools_tree,
)
process_kernel_modules(state, kver)
with complete_step(f"Running depmod for {kver}"):
- bwrap(["depmod", "--all", "--basedir", state.root, kver], root=state.config.tools_tree)
+ bwrap(["depmod", "--all", "--basedir", state.root, kver], tools=state.config.tools_tree)
def run_sysusers(state: MkosiState) -> None:
with complete_step("Generating system users"):
- bwrap(["systemd-sysusers", "--root", state.root], root=state.config.tools_tree)
+ bwrap(["systemd-sysusers", "--root", state.root], tools=state.config.tools_tree)
def run_preset(state: MkosiState) -> None:
with complete_step("Applying presets…"):
- bwrap(["systemctl", "--root", state.root, "preset-all"], root=state.config.tools_tree)
+ bwrap(["systemctl", "--root", state.root, "preset-all"], tools=state.config.tools_tree)
def run_hwdb(state: MkosiState) -> None:
with complete_step("Generating hardware database"):
bwrap(["systemd-hwdb", "--root", state.root, "--usr", "--strict", "update"],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
def run_firstboot(state: MkosiState) -> None:
with complete_step("Applying first boot settings"):
bwrap(["systemd-firstboot", "--root", state.root, "--force", *options],
- root=state.config.tools_tree)
+ tools=state.config.tools_tree)
# Initrds generally don't ship with only /usr so there's not much point in putting the credentials in
# /usr/lib/credstore.
return
policy = bwrap(["sh", "-c", f". {selinux} && echo $SELINUXTYPE"],
- stdout=subprocess.PIPE, root=state.config.tools_tree).stdout.strip()
+ stdout=subprocess.PIPE, tools=state.config.tools_tree).stdout.strip()
if not policy:
return
with complete_step("Generating disk image"):
output = json.loads(bwrap(cmdline, stdout=subprocess.PIPE, env=env,
- root=state.config.tools_tree).stdout)
+ tools=state.config.tools_tree).stdout)
roothash = usrhash = None
for p in output:
"--modify" if allow else "--remove",
f"user:{uid}:rwx" if allow else f"user:{uid}",
"-"],
- root=config.tools_tree,
+ tools=config.tools_tree,
# Supply files via stdin so we don't clutter --debug run output too much
input="\n".join([str(root),
*(e.path for e in cast(Iterator[os.DirEntry[str]], scandir_recursive(root)) if e.is_dir())])
has_acl = f"user:{uid}:rwx" in bwrap([
"getfacl", "-n", root.relative_to(Path.cwd())],
stdout=subprocess.PIPE,
- root=config.tools_tree,
+ tools=config.tools_tree,
).stdout
if not has_acl and not always:
"--dry-run=no",
"--offline=no",
fname],
- root=config.tools_tree)
+ tools=config.tools_tree)
if config.output_format == OutputFormat.directory:
cmdline += ["--directory", fname]
stdout=sys.stdout,
env=os.environ,
log=False,
- root=config.tools_tree)
+ tools=config.tools_tree)
def run_ssh(args: MkosiArgs, config: MkosiConfig) -> None:
cmd += args.cmdline
- bwrap(cmd, stdin=sys.stdin, stdout=sys.stdout, env=os.environ, log=False, root=config.tools_tree)
+ bwrap(cmd, stdin=sys.stdin, stdout=sys.stdout, env=os.environ, log=False, tools=config.tools_tree)
def run_serve(config: MkosiConfig) -> None:
projects / thirdparty / mkosi.git / commitdiff
