Let's introduce a new "auto" mode where we decide the firmware
based on whether we built a cpio image or a disk image. Let's also
use this as the new default.
Install ca-certificates in tools tree and make sure it's used
Too old ca-certificates on the host can cause package manager failures
when using a tools tree, so let's install ca-certificates into the
tools tree and make sure it is used.
Make the empty string reset settings to their default value
If the empty string is assigned, we should make sure the setting
is assigned its default value so let's make sure we return None in
that case after all
We also simplify the match callbacks to not take optional values
anymore. If the value is set to None, then we automatically fail
the match.
This causes issues on CentOS Stream 8 with errors about not being
able to find builtin modules.
Aside from the issues, running modinfo on builtin modules also does
not make a lot of sense. We run modinfo to fetch module and firmware
dependencies, but a builtin module that has non-builtin module
dependencies is not really valuable because the dependent module has
to be loaded from disk then. The same goes for firmware dependencies.
Instead of requiring users to always set up a tools tree preset, let's
allow specifying "default" as the tools tree to have mkosi build a default
tools tree itself. This default tools tree includes all the software that
might be necessary to build an image (excluding software that might be
required by various user scripts).
For distributions that do not have a rolling release variant, we use the
closest matching distribution. e.g. for CentOS, we use Fedora and for
Ubuntu we use Debian.
Only pass extra tools to ukify when not using tools tree
If we're using a tools tree, we don't want to use any binaries
specifed in extra search paths as they will very likely be incompatible
with the tools tree being used.
We generally don't want host configuration to influence the image build,
so let's make sure we override whatever distro shipped configuration file
with an empty one to avoid the host system interfering with the image build.
ci: enable jammy-proposed-updates to test new libzypp
I got some patches backported to jammy to try and fix https issues,
enable proposed-updates so that it can be tested before moving to
the release stage
For distro kernels, depmod is already executed by the package
manager, so let's make sure we don't rerun it unless needed.
To make this work, we have to run depmod and modinfo from inside the
image, as running modinfo from the host on files generated by depmod
from the image can lead to all sorts of compatibility issues so we opt
to run both depmod and modinfo from inside the image.
The only reason that MkosiConfigParser is a class is to store the
lookup hashmaps required for configuration parsing. Yet we can
easily do that as well by just declaring the functions that need
those inline in a function. So let's simplify the configuration
parsing interface by replacing MkosiConfigParser with a function
parse_config().
Replace `!` operator for lists with empty string assignment
Let's behave more like systemd and replace the `!` operator for
removing values from lists with assigning the empty string to remove
all values instead.
Daan De Meyer [Mon, 28 Aug 2023 11:24:59 +0000 (13:24 +0200)]
Rework ini file parsing
Python's configparser module is rather inadequate for our purposes.
Specifically, it's built around every setting only being specified once
in a config file and even though we got it to kind of parse more than
one of the same setting with our own custom dict type, there's a lot of
limitations involved. Specifically, assigning the empty value is
impossible with the current approach. To avoid all these issues, let's
introduce our own ini parser.
This also splits off the matching logic into a new method match_config()
and moves setting the debugging level just after we've parsed CLI options
so we get debug messages from the parser as well.
Daan De Meyer [Mon, 28 Aug 2023 09:35:23 +0000 (11:35 +0200)]
Read paths after parsing configuration files
Let's first take into account the main configuration file before parsing
any configured paths. This allow the main configuration files to reset
any configured settings without resetting its own defaults configured via
paths.
Daan De Meyer [Thu, 31 Aug 2023 09:37:55 +0000 (11:37 +0200)]
Ignore ssh configuration files when running ssh
When in a user namespace, the ssh config files from /etc/ will be
owned by nobody which makes ssh fail. Let's ignore these configuration
files when running ssh to avoid such failures.
Paul Meyer [Fri, 25 Aug 2023 14:53:08 +0000 (16:53 +0200)]
normalize mtime
If set, the time stamp from SOURCE_DATE_EPOCH is used to normalize
mtime of files. We also need to pass the environment trough when
mkosi is invoking itself.
Blair Bonnett [Tue, 29 Aug 2023 12:43:52 +0000 (14:43 +0200)]
Disable index and metacopy options of overlayfs.
If these are enabled (e.g., if the kernel enables them by default), the
mount will fail if the upper directory has been earlier used with a
different lower directory, such as with a build overlay that was
generated on top of a different temporary root.
Daan De Meyer [Fri, 25 Aug 2023 07:27:53 +0000 (09:27 +0200)]
Support configuring default values for settings
This allows configuring the default value for a setting. This is
useful to set a custom default value for a setting while still
allowing an explicit value from the CLI to take precedence.
To make this work properly in combination with default_factory, we
also introduce a new default_factory_depends field that lists all
the other settings that a setting's default_factory implementation
depends on. Then, when we finalize a setting's default value, we also
finalize the default value of settings it depends on so that its
default_factory function can do the right thing.
We also integrate the "paths" field from MkosiConfigSetting in this.
By default, paths will modify the defaults namespace instead of the
regular namespace, meaning their values will only be used if the
setting is not explicitly configured. The only exception to this are
mkosi.extra/, mkosi.skeleton/ and mkosi.repart/, whose values are just
merged with any explicitly specified directories.
Joerg Behrmann [Fri, 25 Aug 2023 12:30:19 +0000 (14:30 +0200)]
doc: make formatting more uniform
- Quotes are exchanged in favour of emphasis markers. Emphasis for terms,
strong emphasis section names.
- Section names formatted as truetype/monospace are exchanged from strong
emphasis.
- Section names are written consistently.
- Literals for settings, setting snippets and paths are formatted as
monospace.
- Paragraphs that are formmated incorrectly in the markdown extensions for
definition lists (using :) are moved such, that generate a single visual
block in the pandoc generated man page.
- Superfluous quotes are removed.
- A numbered list is used for the execution flow to make it easier to follow
and to visually seperate it from the list of mounted directories.
- URLs are formatted as links with adjacent text, since this formats them
less bare in the generated man page.
- The remaning http URL is moved to https
Daan De Meyer [Thu, 24 Aug 2023 10:25:47 +0000 (12:25 +0200)]
Drop "first assignment wins" logic
From experience in the systemd repository's usage of presets, we've
learned that we want to have fixed values for certain settings for
presets that cannot be overridden by either the CLI options or by
global config. Good examples are that the Format= of a base image
should always be "directory" and the Format= of an initrd image
should always be "cpio" or that Bootable= should always be "no" for
both the base image and the initrd image and their list of packages
should not be affected by any packages specified on the CLI.
The issue is that with "first assignment wins" logic, we need to add
an explicit "override" mechanism which almost all settings in these
presets would then use to make sure they can't be changed by CLI
options. This seems rather backwards, and is a good indication that
any settings configured in config should not be overridden by settings
set on the CLI.
Even disregarding usage of presets, any existing mkosi config will almost
certainly not be written to expect arbitrary changes in the config due
to options set on the CLI.
Also, it's currently not entirely trivial to set default values for
presets from the global config, because any values set in the global
config cannot be overridden anymore by presets. By not doing "first
assignment wins" logic, this becomes trivial as the global config can
simply set a default value and it can be overridden by presets.
Of course by removing "first assignment wins" logic, we do introduce
the issue again that "first assignment wins" solves in the first place,
which is that it becomes possible to assign a value to a setting, match
on that value and then change the setting later. We acknowledge this by
documenting it in the manual. Also, in some cases, this is exactly what
you want. For example, if you want to use a Fedora rawhide tools tree to
build CentOS 8 images, you have to first match on distribution == centos
and then set Distribution=fedora afterwards for the tools tree preset, so
this actually makes perfect sense in some cases.
While this is technically a compat break, it will only be noticed by users
doing advanced stuff with mkosi, which AFAIK does not exist yet outside of
the systemd repo. In fact even the systemd repo was not broken by this change,
so we should be OK with making it, given the large benefits we get out of it.
This commit also simplifies the interfaces of the parser and matching callbacks
to not take the namespace as an argument anymore, but to simply take the existing
value as an argument instead.
Daan De Meyer [Fri, 18 Aug 2023 11:58:08 +0000 (13:58 +0200)]
Add grub EFI support
Note that we only generate the necessary menu entries for the grub
configuration to chainload into our generated UKIs, we do not yet
install grub for EFI ourselves as this is a distribution specific
mess that we still need to figure out. On Fedora, because the
shim and grub2-efi packages install directly to /boot which we
redirect to /efi, this is sufficient to boot with grub on EFI by
simply installing the shim and grub2-efi packages.
For other distributions, a post install or finalize script will be
necessary that installs grub (and optionally shim) to the correct
locations in the ESP.
Daan De Meyer [Mon, 14 Aug 2023 11:52:29 +0000 (13:52 +0200)]
Add back BIOS support using grub
Let's add back support for booting on BIOS using grub. This comes
with the following limitations:
- grub does not support UKIs on BIOS, so we set up the individual
components instead
- grub cannot search partitions by PARTUUID, so we're forced to have
it find the ESP by partition number instead.
We opt to generate grub.cfg ourselves instead of relying on grub-mkconfig.
grub-mkconfig is basically like kernel-install but for grub configuration,
it has a ton of distro specific cruft that we want to ignore, so we simply
don't use it and generate the grub configuration ourselves.
To allow for unprivileged installation of grub, we can't use grub-install
as it insists on opening the root device and probing its filesystem, which
isn't possible unprivileged. Instead, we run grub-mkimage and grub-bios-setup
ourselves, and manually copy the required files to the ESP.
We use the ESP to store the kernels, initrds and grub config. In the event
that grub adds support for UKIs on BIOS in the future, we can simply modify
the generated grub configuration to use our generated UKIs instead.
projects / thirdparty / mkosi.git / log
