mkosi: put various script-related status lines together
For some reason the build script was described quite far from the
other scripts. Since 19a989fdafe3b50b7c6629efa64e6e4b1fa0c31a the same
environment is used for all scripts, so the "Script Environment" line
is now under all scripts, since it applies to all of them.
mkosi: verify scripts after parsing config, show status in summary
We would refuse a script if not found or not executable immediately when
parsing the argument. But only the last specified script matters, so it's
better to delay the check: in initial parsing store the path, and later check
that it exists and matches the relevant criteria, at the time when we also
check the outputs.
Similarly for tree inputs: they are checked at this time too.
This fixes #1167.
Instead of trying to generate error messages, just reuse normal Python
exceptions: i.e. os.access() is replaced by open(). This way we don't need to
come up with error messages for various conditions and possibly get them wrong.
Rework status command to show status of inputs and scripts:
Bind-mount directories with nspawn's rootidmap option to prevent files
ownership discrepancies: files (and directories) created from within the
container in the mounted directory will be owned by the owner of the
directory on the backing filesystem.
This means, mkosi-generated directories and owner by any other user that
root won't be polluted by root-owned files and folders once the
container is stopped.
Change the owner of directories created by mkosi, unless --no-chown is
used. Directories owner will be set to SUDO_UID or PKEXEC_UID if
defined, or to current UID otherwise.
Daan De Meyer [Thu, 27 Oct 2022 08:09:45 +0000 (10:09 +0200)]
Add --noplugins when calling dnf
Let's isolate image builds using dnf from the host a bit more by
disabling all plugins. For example, plugins such as versionlock
can interfere with the version of packages installed in the image
which we want to avoid.
We build a precise error message, but then bury it under a wall of text
produced by print_usage(). The printing of help (or some subset of it) on
parsing error is just useless. Most likely the user made a typo in an option,
and printing a few dozen lines (and more in the future) of unhelpful
semi-related information is counterproductive.
I'm surprised that argparse doesn't make this configurable, but looking at the
code, it seems that the behaviour is hardcoded. Docs and stackoverflow also
yield no hints.
For interactive use, we have both short options and tab-completion.
Abbreviated options are problematic because of forward-compatibility:
if we add more options in the future, an older abbreviation might become
non-unique and stop working.
mkosi: do not build a temporary dictionary for kwargs
Let's use the usual method for passing mixed inherited and local keyword args.
We don't need to put the argument names in quotes so this looks nicer. Also,
if we were to make a mistake and pass the same kwargs in two places, previously
the local assignment would silently override the other value. But that seems
inverted because now the base class overwrites something specified by the daughter
class. Anyway, it's better to throw an error, which we now will do:
TypeError: argparse.ArgumentParser.__init__() got multiple values for keyword argument '…'
I used mkosi without any explicit distro/version parameters and was surprised
that it built for Fedora 36 after successfully detecting that it's running on
Fedora 37. Using the host version is more likely to be what users expect, and
also avoids the awkward issue that when we hardcode some default version, this
version is likely to be "wrong" (not the latest) until both the distro and we
make a release.
Looking at this more generally, if we have some constant config that doesn't
specify the distro version, we have three possible source of the version
default: host distro version, latest version that was known was mkosi was
released, and actual latest released distro version. It is nice to use the
first option, because that is what users generally expect, and also this makes
mkosi "stable", i.e. we may upgrade it at any time and users will not observe
unexpected changes in defaults. This makes mkosi closer to guidelines for
upgrades in stable distros, see
https://docs.fedoraproject.org/en-US/fesco/Updates_Policy/#stable-releases.
093d48a97b8211ff549f78f2b3b2ef77fcd45573 was aiming for "consistent results",
but this gives consistency with the wrong thing. For a normal user, the host
distro version would never change "unexpectedly", and in fact it is expected
that the defaults of programs change when the host distro is upgraded and not
at any other time. Mkosi itself should provide stable and backwards-compatible
behaviour over releases.
gsegatti [Wed, 19 Oct 2022 02:56:18 +0000 (23:56 -0300)]
Adding custom retry amount to Machine.run()
This PR aims to introduce a variable "retry_amount" passed via Machine's constructor.
This variable will define how many times a command will attempt to run when using a VM.
Default value remain as 30 if not explicitly set.
William Roberts [Wed, 26 Oct 2022 15:46:21 +0000 (10:46 -0500)]
ssh: fix copy_file for authorized_keys
When attempting to copy the public key to the remote images
authorized_keys file, the parent path does not exist and the following
exception is thrown[1]:
‣ Generating SSH key pair…
‣ (Unmounting image)
‣ (Detaching /dev/loop17)
Traceback (most recent call last):
File "/home/wcrobert/workspace/mkosi/mkosi/__init__.py", line 7357, in setup_ssh
copy_file(f"{f.name}.pub", authorized_keys)
File "/home/wcrobert/workspace/mkosi/mkosi/__init__.py", line 614, in copy_file
with open_close(newpath, os.O_WRONLY | os.O_CREAT | os.O_EXCL, st.st_mode) as newfd:
File "/usr/lib/python3.8/contextlib.py", line 113, in __enter__
return next(self.gen)
File "/home/wcrobert/workspace/mkosi/mkosi/__init__.py", line 571, in open_close
fd = os.open(path, flags | os.O_CLOEXEC, mode)
FileNotFoundError: [Errno 2] No such file or directory: '/var/tmp/mkosi-_0v_4emp/root/root/.ssh/authorized_keys'
The path only existed up to "/var/tmp/mkosi-_0v_4emp/root", thus a mkdir
with -p semantics is required to create the full path, add that in.
[1] Note line numbers are off due to having some print's scattered
through the code for debugging.
Fixes: #1238 Signed-off-by: William Roberts <william.c.roberts@intel.com>
Make inserted root or /usr partition at least as big as RootSize
When using SquashFS in particular, the size of the partition inserted will
always be the size of the SquashFS image. This change allows the partition
size to be set which allows for future growth.
Daan De Meyer [Fri, 14 Oct 2022 20:05:24 +0000 (22:05 +0200)]
Streamline basic config installation
Let's do our basic config installation a little earlier in the build
to allow users the opportunity to override it if needed. Also, rename
all the functions for more consistency.
Daan De Meyer [Fri, 14 Oct 2022 19:41:41 +0000 (21:41 +0200)]
Don't cache bootloader installation
bootctl might configure itself differently depending on what's on
the rest of the system. If we run it as part of the cached image
build, we're doing the installation with files missing that might
influence the end result, so let's not do the installation as part
of the cached image build.
Workaround for Debian based hosts shipping a patch to store the rpmdb under ~/.
The rpmdb is moved to where the guest expects it
(/usr/lib/sysimage/rpm or /var/lib/rpm)
So rpm on Debian has to be told to search in that location.
Joerg Behrmann [Mon, 3 Oct 2022 14:55:57 +0000 (16:55 +0200)]
Make SignExpectedPCR tri-valued
This makes SignEpectedPCR a tri-valued option using aspecial value "auto" in
addition to boolean values, where it will check whether cryptography is
importable and systemd-measure in the PATH and value True in that case and False
else.
For a True value it checks both conditions and fails hard if they are not met.
The checks are kept in the CLI definition so that what comes out stays a clean
boolean value and doesn't leak any decisions into layers further down. This
unfortunately necesitates a custom default value in the tests, so that they are
robust against what's installed on the system they run on and also needs to use
a function for the argparse type=, since actions are not called for every value.
Marek Vasut [Sun, 25 Sep 2022 04:39:39 +0000 (06:39 +0200)]
ubuntu: Replace platform.machine() check with args.architecture check
Test args.architecture instead when selecting the ports.ubuntu.com .
The args.architecture will default to "aarch64" if running on a aarch64
machine and respect command line --architecture switch as well. This is
necessary in case the mkosi is generating foreign architecture container
(e.g. mkosi on amd64 generates arm64 container).
Fix security.ubuntu.com URL, which has to point to ubuntu-ports for
aarch64 machines.
Marek Vasut [Sun, 25 Sep 2022 23:12:08 +0000 (01:12 +0200)]
archlinux: Replace platform.machine() check with args.architecture check
Test args.architecture instead when selecting the mirror.archlinuxarm.org .
The args.architecture will default to "aarch64" if running on a aarch64
machine and respect command line --architecture switch as well. This is
necessary in case the mkosi is generating foreign architecture container
(e.g. mkosi on amd64 generates arm64 container).
Fix Architecture parameter passed into pacman.conf to permit generation
of foreign architecture containers.
The test on debian/sid amd64 used to generate archlinuxarm aarch64
container looks something like this:
1) Setup pacman
```
$ pacman-key --init
```
- Download http://mirror.archlinuxarm.org/aarch64/core/archlinuxarm-keyring-20140119-2-any.pkg.tar.xz
- Verify the download
- Extract keys into /usr/share/keyrings
```
$ pacman-key --populate
$ pacman-key --populate archlinuxarm
$ pacman-key --refresh-keys
```
2) Run `mkosi --architecture aarch64 ...`
Let's always start swtpm when we're going to run a qemu machine.
To avoid callers having to do the setup themselves, let's start
swtpm from within run_qemu_cmdline(). We can reuse the context
stack inside run_qemu_cmdline() to manage the start_swtpm()
context.
As LGTM is going to be shut down by EOY[0], let's move the code scanning to
CodeQL as recommended. Thanks to GH integration the results from such
scans will be shown both in the respective PR and in the Security ->
Code Scanning tab[1].
Allow single files to be used with --extra-search-paths
Sometimes we just want to use one file from a directory of files
with --extra-search-paths. Let's make sure we support this by putting
a symlink to the file in a temporary directory and adding that directory
to PATH.
Mkosi uses 4 spaces for indentation, fix 2 functions with 8 spaces.
Since #779 formatting with black wasn't enforced but still mentioned as required in README.
Start nspawn containers with read/write permissions
Don't set the --read-only flag for nspawn containers if just the root partition is read-only.
Don't set the --volatile=overlay flag for images created with usr-only or a generated root.
If the --volatile=overlay flag is set the container won't find the shell or init program.
Currently, we have package managers installed by default in Arch/Ubuntu
but not in Fedora/CentOS and variants. Let's make this more consistent
by making a package manager available by default in all distributions.
Include image ID and version in environment variables
This change will allow the image ID and image version arguments to be referenced
in scripts (prepare, build, postinst, finalize). This is useful for substituting
or adding into relevant files.
This change also moves the environment from MkosiConfig to MkosiState.
Marek Vasut [Thu, 1 Sep 2022 00:46:21 +0000 (20:46 -0400)]
debian/ubuntu: Increase apt recursive limit
With debian 11.4 amd64 host, mkosi fails with the following:
"
Chrooting into /var/tmp/mkosi-_elvunh3/root/
dpkg: error: cannot stat pathname '/tmp/apt-dpkg-install-LyrJgL': No such file or directory
"
By increasing the recursive limit, the parameter --recursive
is not passed to dpkg and the list of packages is passed to
dpkg on a command line instead of in the /tmp/apt-dpkg-install
temp file, which also avoids the aforementioned failure. There
seem to be no way to explicitly disable passing the --recursive
parameter to dpkg via apt options.
However, this is still a workaround. It is not clear why the
temp files are not found. Furthermore, add Debug::pkgDPkgPM=1
apt option makes this problem go away as well, which might
indicate some sort of race condition.
We have quite a few functions that take both state.config and
state.root as arguments. Instead of passing these arguments separately,
let's just pass the state directly to these functions.
Instead of modifying the config object when we're reusing a
machine ID from a cached image, let's set the final machine id in
MkosiState and only the machine ID in MkosiConfig for any machine
ID provided by the user.
From the description of --uuid in nspawn's man page:
> Set the specified UUID for the container. The init system will
> initialize /etc/machine-id from this if this file is not set yet.
> Note that this option takes effect only if /etc/machine-id in the
> container is unpopulated.
Since we run the build with a machine ID in /etc/machine-id, there's
no point in passing the --uuid option.
Instead of changing the config cache path to the new temporary
cache path if no cache path is configured, let's not touch the
config and store the final cache path in the state instead.
This also changes the temporary cache path to be in the workspace
instead of in the output directory.
Marek Vasut [Thu, 1 Sep 2022 00:16:09 +0000 (20:16 -0400)]
debian/ubuntu: Pass Architecture option to apt
Pass the target architecture to apt, otherwise mkosi ... --architecture
pulls in packages for the host architecture. This fixes generation of
container images for non-host architectures, e.g. generation of images
on amd64 host for arm64 target.
Don't pass environment when running kernel-install
Initially introduced in 32d09033e94f36993bede7016948e0702a4cb185,
but the reason wasn't recorded. Generally, we don't want to pass
just any environment variables to kernel-install, so let's not pass
the entire environment when running it.
If secure boot signing is enabled with UEFI then `systemd-boot` binaries which
are at `/usr/lib/systemd/boot/efi` should be signed with the same signing key
that is used for EFI binaries within the ESP. In comparison to signed ESP
binaries, the '.signed' extension will be kept.
Without this change, any tool that copies these binaries into the ESP will
(likely) be copying an unsigned copy of `systemd-boot`. The service
`systemd-boot-update.service` is just one example of a service that will
regularly attempt to update `systemd-boot` within the ESP.
Daan De Meyer [Wed, 31 Aug 2022 13:17:14 +0000 (15:17 +0200)]
Always prefer architecture specific qemu paths
The generic paths might not be for the current architecture, so
let's make sure we prefer architecture specific firmware without
secure boot support over generic firmware with secure boot support.
This change allows setting password files to be readable only by root
for added security. Additionally, if encryption is requested and no
passphrase file exists, the user will not be prompted to enter a
passphrase unless the mkosi invocation results in an image build.
Luca Boccassi [Sat, 27 Aug 2022 23:11:13 +0000 (00:11 +0100)]
Verity: rename split files to match what systemd expects
foo.raw means systemd searches automatically for foo.verity, foo.roothash/usrhash,
foo.roothash/usrhash.p7s so make the output match these existing
expectations
projects / thirdparty / mkosi.git / log
