Luca Boccassi [Sat, 27 Aug 2022 23:11:13 +0000 (00:11 +0100)]
Verity: rename split files to match what systemd expects
foo.raw means systemd searches automatically for foo.verity, foo.roothash/usrhash,
foo.roothash/usrhash.p7s so make the output match these existing
expectations
Daan De Meyer [Mon, 29 Aug 2022 19:54:43 +0000 (21:54 +0200)]
fedora: Automatically pick latest rawhide release
We can automatically get the key for the latest rawhide now as there's
a symlink we can use to get it. For remote GPG keys, the existing
mechanism can be used.
Luca Boccassi [Sun, 21 Aug 2022 11:20:36 +0000 (12:20 +0100)]
Rename use_mirror_verbatim to local_mirror, support Debian/Arch/SUSE
With some distros the mirror has to be configured inside the image
(apt, zypper), so having a boolean flag is not enough.
We need to use the local mirror only for the local image build, but
configure the actual remote repositories in the image configuration,
so that it can be used once installed.
Daan De Meyer [Mon, 29 Aug 2022 17:19:02 +0000 (19:19 +0200)]
debian/ubuntu: Ignore apt config from the host system
We only want to consider the apt config from the target system.
Because apt is rather inflexible and only parses the Dir option we
pass via the CLI after parsing all the config files from the host,
we have to resort to bind mounting an empty directory over /etc/apt
on the host to prevent it from reading configuration from there.
Daan De Meyer [Mon, 29 Aug 2022 12:36:26 +0000 (14:36 +0200)]
debian/ubuntu: Run apt/dpkg on the host instead of in the root
Similar to the other package managers, run apt/dpkg on the host
instead of in the container. This should allow us to implement
--repository-directory for apt as well and brings it more in line
with the other package managers.
Daan De Meyer [Sat, 27 Aug 2022 09:33:09 +0000 (11:33 +0200)]
Drop BIOS/grub support
As discussed in the last biweekly, there's no interest in maintaining
BIOS support in mkosi. Given the non-trivial amount of time that has to
be spent to keep BIOS/grub working as we develop new features, we'd rather
drop support than keep maintaining it.
Users that are still interested in BIOS support can fork mkosi at any point
before BIOS/grub support was removed.
Daan De Meyer [Sat, 27 Aug 2022 09:03:57 +0000 (11:03 +0200)]
Drop CentOS 7 support
Dropping CentOS 7 allows us to unify on systemd-boot as the bootloader
for EFI systems. Being able to assume systemd-boot as the bootloader on
EFI simplifies our support matrix and sets the stage for removing grub
support completely when we remove BIOS support in a future commit.
Daan De Meyer [Fri, 19 Aug 2022 12:03:35 +0000 (14:03 +0200)]
Always use a pseudo-tty when boot verb is used
A container where we boot systemd is not useful without /dev/console
in it. If --pipe is used, /dev/console is not available. To make sure
/dev/console is always available when we're booting the container,
only apply the --pipe logic when booting in shell mode.
Fixes missing console output when booting a container image in a
non-interactive shell script.
Daan De Meyer [Thu, 18 Aug 2022 22:09:12 +0000 (00:09 +0200)]
Drop call to blkdiscard
This was originally added to make a sparse copy with dd work right
after the discard. Since we don't do the copy with dd anymore,
we shouldn't need to do the blkdiscard anymore either, so let's
drop it.
Daan De Meyer [Thu, 18 Aug 2022 20:51:53 +0000 (22:51 +0200)]
Replace blockdev --reread-pt by manually adding partitions
Instead of relying on blockdev, let's use our own infra to make
sure all partitions have appeared after we modify the partition
table. This should hopefully reduce the number of race conditions
involved with modifying the partition table and loop devices.
Luca Boccassi [Wed, 17 Aug 2022 23:53:41 +0000 (00:53 +0100)]
Add --use-mirror-=verbatim=[bool] option
Allows to configure a single plain mirror, without the os/updates/media
repositories for RPM distros. Necessary to be able to perform fully
offline builds when the build system provides the required packages
configured in a local directory.
Daan De Meyer [Tue, 9 Aug 2022 18:18:12 +0000 (20:18 +0200)]
Always use a distro~release subdirectory for output, cache, builddir
Let's be consistent and always use a distro~release subdirectory for
these directories, instead of only using these when the correct directory
exists in the directory mkosi is invoked from.
Let's have a single mount() function that's a context manager and
build everything else on top of that. To handle the non-fixed amounts
of context managers, we use ExitStack().
Luca Boccassi [Fri, 5 Aug 2022 22:08:14 +0000 (23:08 +0100)]
Fix manifest creation when running on Bionic
Very old dpkg doesn't have the db-fsys:Last-Modified field
so it errors out. Skip creating manifests for sysext when
building on such old distros. Only affects Bionic right now.
Daan De Meyer [Tue, 2 Aug 2022 12:12:37 +0000 (14:12 +0200)]
Add support for mkosi.conf and mkosi.conf.d configuration files/dirs
"default" is a rather unintuitive file extension for a config file.
Let's prefer the more widespread "conf" file extension instead. We'll
now look for mkosi.conf and mkosi.conf.d in addition to the already
supported mkosi.default and mkosi.default.d.
We also rename the --default option to --config.
All mentions of mkosi.default, mkosi.default.d and --default in the
docs have been replaced with their conf counterpart.
Skip setting kernel root cmdline parameter for UsrOnly with ImageID and without verity
When an image is built as a /usr only image and does not use verity, the kernel
command line should (and already does) contain the parameter `mount.usr`. It
should not contain a root parameter since `systemd-repart` and
`systemd-gpt-auto-generator` will take care of generating and mounting the root
partition.
Without this change the root partition label used on the kernel command line
will be invalid.
When running using a build script and the option `--skip-final-phase` is given,
no image is generated causing an issue linking the image. This change skips any
attempts to link the image or print the resulting output size.
action: Download archlinux-keyring from Michel Salim's kernel-utils PPA
Pending availability in Ubuntu itself, let's download the archlinux-keyring
from the kernel-utils PPA maintained by Michel Salim. This means we can
update the Archlinux keyring without having to commit to mkosi itself
which means that users of the action will pick up the keyring updates
automatically.
This can happen just after inserting a partition, probably because
udev starts operating on a device which makes us unable to remove
the partition, let's ignore EBUSY as a workaround until we get a
proper fix
This ensures that argparse treats all values read from configfiles as
explicit arguments associated with their respective keys, rather than
attempting to parse them as options in their options in their own right.
Repeated arguments are valid in a QEMU command line (for example,
setting multiple `-device` flags to attach several devices to the VM),
and removing these duplicate tokens breaks the QEMU invocation.
Only pass arguments to build script when verb is "build"
When we're building the image because it's required for another verb,
any passed arguments are most likely intended for the target verb,
and not for "build", so don't add them in that case.
Pass kernel args to systemd when booting in nspawn
When booting systemd in systemd-nspawn, additional arguments can
be passed to systemd via nspawn's command line. The arguments get
interpreted by systemd in the container as if they were kernel
command line args.
To take advantage of this, let's pass any configured kernel command
line arguments to systemd running in nspawn as well. For example,
this allows using systemd.setenv to set environment variables as
early as possible for both qemu VMs and nspawn containers.
Move debian/ubuntu kernel-install workaround to a kernel-install script
Instead of manually running dpkg-reconfigure dracut in mkosi. Let's
drop in a kernel install script that runs dpkg-reconfigure dracut. We
can install this script as part of the install function and get rid
of a distribution specific check.
Very niche repo for a very specific use case. Let's not enable it
by default for Alma Linux images. It can always be added back via
--repository-directory if needed.
The configured repos don't end up in the actual image, so we don't
need to bother with a fancy name for the repos, let's just use the
repo ID instead and get rid of a bunch of cruft.
Use distro~release subdirectories under mkosi.output/mkosi.builddir
Currently, when using incremental mode, building for a different
release or distribution means throwing away the cached images for
the previous distribution or release used unless each distro/release
combo is configured with an explicit output directory. Let's try to
be smarter here, by using the same logic as used for the cache path.
We create distro~release subdirectory under mkosi.output/ and use that
as the output directory. This makes sure cached images stay intact
even if we build for a different distribution. The same reasoning
applies to mkosi.builddir/.
This will end up using slightly more disk space when building for many
different distros when using mkosi.output/, but this should be a good
tradeoff to make regardless. If looking to regain disk space, a user
simply has to remove the output or build subdirectory for the distros
they're not interested in keeping.
projects / thirdparty / mkosi.git / log
