Before this patch, mkosi wouldn't even run --help on a platform that
wasn't amd64 or arm64. That's unnecessarily harsh, a lot of functionality
is platform-independent and will work anywhere.
Georges Discry [Tue, 23 Jan 2018 23:52:41 +0000 (00:52 +0100)]
arch: better package selection
The package selection for Arch Linux is not optimal, especially when the
image is not bootable. The main issue is that a kernel is still
installed when the image is not bootable.
Optional packages from the `base` group that are required under specific
configurations are first deleted from the package selection and
explicitly re-added when required. For example, the `cryptsetup` and
`device-mapper` packages are included only if the image is bootable and
encrypted. Similarly, a kernel is included only if the image is
bootable or if the user selected one explicitly.
Sets are now better used in the package selection. The appropriate
operators and methods are directly used instead of relying on
intermediary sets.
The installation of the packages is split into two operations. The first
only installs the packages from the `base` group and the second installs
the packages selected by the user. This is necessary because some
packages (e.g. `git`) have an install script that depends on the `base`
group without listing those in their dependencies. If they are installed
before their implicit dependency, their install script will most likely
fail.
Georges Discry [Wed, 18 Oct 2017 01:00:18 +0000 (03:00 +0200)]
arch: always use the custom pacman.conf
The custom pacman.conf is completed to contain a full explicit
configuration based on the `root` directory inside the workspace.
All the calls to pacman (and related commands) use that configuration
and never touch the host system. Particularly, the host keyring and sync
databases are left untouched.
Lucas De Marchi [Thu, 8 Feb 2018 00:23:30 +0000 (16:23 -0800)]
Support copying git submodule files
Besides getting the files from the git directory, iterate through each
submodules to copy them over to the build image as well. We had some
(better) alternative, but each of them failing to provide what we need:
- Recent versions for git-ls-files learned a --recurse-submodules
but they are not support together with --others
- git-submodule foreach --recursive would allow us to git-ls-files
inside each submodule, however there's no easy way to control from
which submodule the command is printing the files in order to
prepend the submodule path
So for now we live with getting the list of submodules from
`git submodule status --recursive` and calling git-ls-files on each of
them.
Lucas De Marchi [Wed, 7 Feb 2018 23:07:54 +0000 (15:07 -0800)]
Fix copy of symlinks
When copying files we should not be following the symlinks. This became
a problem in kmod after removing the git-clone method to copy files
because we have intentionally broken symlinks there:
File "/usr/bin/mkosi", line 170, in open_close
fd = os.open(path, flags | os.O_CLOEXEC, mode)
FileNotFoundError: [Errno 2] No such file or directory:
'/home/lucas/p/kmod/testsuite/rootfs-pristine/test-loaded/sys/module/btusb/drivers/usb:btusb'
make: *** [Makefile:3009: mkosi] Error 1
Although it's worse when the symlink is broken, it would silently succeed when
it's not but producing an invalid output.
Lucas De Marchi [Wed, 7 Feb 2018 21:57:41 +0000 (13:57 -0800)]
Stop using git-clone to copy files
This partially reverts "0c8d7d5 (rework copy_git_files() to use a git
clone)", retaining the fixes to ls-files. Using git clone allowed build
systems to get commit information through git and work with submodules,
but it didn't come without drawbacks like modifying the mtime and
permissions of the copied files. The drawbacks means that the build
cache doesn't really work as intended.
For git-submodules another solution will be provided later.
This variable keeps a colon-delimited list of paths to be prepended to
PATH in the context of mkosi execution. Unlike shell variable
expansion, if any path refers to an unset variable, that path will be
ignored.
Besides the environment variables, the variable SUDO_HOME can be used
to refer to the home directory of the user calling mkosi with
sudo. This allows settings like
Use delimiter as parameter. ListAction with a different delimiter will
be used later for colon delimited lists.
Opted to make a CommaDelimitedListAction instead of making "," the
default delimiter so that the lines adding arguments will be more
explicitly about what kind of list they are using.
mkosi: rework how we reenable kernel-install snippets
The old code doesn't really work: we can't store the list of snippets we
masked in a global variable, since we run the whole build process
multiple times and data from the first run might confuse follow-up runs
and really should not.
This reworks the logic so that we keep track precisely which snippets
are masked and return this from disable_kernel_install(). We then pass
that back into reenable_kernel_install() to undo the effect later on.
This way the information never leaks into later runs.
Let's make the funciton more like the other install_xyz() functions.
Let's invoke it from the same place.
Also, most importantly: let's unconditionally remove /etc/hostname
first, so that either what the user configured takes effect or the file
doesn't exist at all, so that systemd's internal default hostname logic
can take place. This is also the better choice in case /etc/hostname is
a symlink.
When resetting machine-id and it doesn't exist, don't fail, just
proceed to create a new one. The basic filesystem of Clear Linux we
will be using for bootstrap doesn't have a /etc/machine-id
out-of-the-box.
Lénaïc Huard [Mon, 8 Jan 2018 08:37:34 +0000 (09:37 +0100)]
Use an UTF-8 locale on Arch Linux (#214)
Commit 0dc40f40 introduced the generation of an UTF-8 locale at build time.
This commit makes it used.
For example, before this commit, we still had:
```
[root@archlinux ~]# systemctl status
* archlinux
State: running
Jobs: 0 queued
Failed: 0 units
Since: Sun 2018-01-07 22:13:47 CET; 32min ago
CGroup: /
|-user.slice
| `-user-0.slice
| |-session-c1.scope
| | |-125 login -- root
```
whereas with this commit, we now have a prettier printed:
```
[root@archlinux ~]# systemctl status
● archlinux
State: running
Jobs: 0 queued
Failed: 0 units
Since: Sun 2018-01-07 22:13:47 CET; 33min ago
CGroup: /
├─user.slice
│ └─user-0.slice
│ ├─session-c1.scope
│ │ ├─125 login -- root
```
Lénaïc Huard [Sun, 7 Jan 2018 21:27:51 +0000 (22:27 +0100)]
Stop patching nsswitch.conf and make resolv.conf points to stub-resolv.conf on Arch Linux
The `nsswitch.conf` file that comes by default on Arch Linux is now fully systemd-resolved compatible.
Its `hosts:` line is now:
```
hosts: files mymachines resolve [!UNAVAIL=return] dns myhostname
```
So, there is no need to patch this file when enabling systemd-resolved on Arch Linux anymore.
Also make `/etc/resolv.conf` points to the new dynamic `/run/systemd/resolve/stub-resolv.conf` rather than the older static `/usr/lib/systemd/resolv.conf`.
Lucas De Marchi [Fri, 5 Jan 2018 19:12:35 +0000 (11:12 -0800)]
Re-enable kernel install scripts (#211)
After doing the distro installation we'd better re-enable the install
scripts from the distro so we can continue to support scripts that
install kernels following the Bootloader Spec (even though we prefer
a unified image here).
Lucas De Marchi [Thu, 4 Jan 2018 22:45:34 +0000 (14:45 -0800)]
Add tar archive support for extra and skeleton trees
Like documentation here says, it allows one to preseve file ownership
when adding files to the final image. This may be particularly useful if
you are adding configuration files for a daemon that is not supposed to
run as root, but as a pre-defined user.
Lucas De Marchi [Thu, 4 Jan 2018 22:23:40 +0000 (14:23 -0800)]
Simplify assignments by using empty lists as default
Make argparse use empty lists as default rather than None
for arguments that receive lists. This allows us to simplify all the
conditional assign or extend throught the code.
This is done for packages, build_packages, extra_trees and
skeleton_trees, removing the conditional assignments and leaving only
a call to extend() that can handle the case the list is empty. Also
checks for `if X is None` need to be converted to `if not X`.
Lucas De Marchi [Wed, 8 Nov 2017 16:09:32 +0000 (08:09 -0800)]
Add support to skeleton trees
It's already possible to pass extra trees to copy over the final tree
after installing all packages. However in some cases it is desirable to
copy the tree before installing packages or running anything in the
image. One of the cases is if we want to enable additional repositories
for the package manager or want to configure it in a particular way.
Now mkosi can use a mkosi.skeleton directory (or by passing a
--skeleton-tree argument) in the same way it currently supports extra
trees, however copying them before running the "install_distro" phase.
To allow changing the package manager configuration distros may need
more tweaks to point the package manager to the right files. Right now
this has been tested with Fedora 27 by adding
`mkosi.skeleton/etc/yum.repos.d/rpmfusion-free.repo` and installing a
package from that repo.
Sebastian [Mon, 27 Nov 2017 07:04:49 +0000 (08:04 +0100)]
Change opensuse zypper pattern to a form that works everywhere (#109)
[zj: The pattern "lost visibility" at some point. This is fixed in tumbleweed, but
not in some other versions, so let's use the form that works everywhere for now.
See https://bugzilla.opensuse.org/show_bug.cgi?id=1049997.]
... instead of using subprocess.run etc. We use those in some many places it makes
sense to economize a bit. It makes the long lines much shorter and more readable.
Georges Discry [Fri, 17 Nov 2017 15:52:59 +0000 (16:52 +0100)]
mkosi: Recursively delete btrfs subvolumes (#177)
`btrfs subvol delete` can only delete a subvolume if it is not read-only
and if it does not contain another subvolume.
`btrfs subvol list -o` prints the subvolumes below a certain path, but
only gives the paths relative to the filesystem mount point for those
subvolumes. To compute the paths of the children, we need the relative
path of the parent subvolume given by `btrfs subvol show`.
Read-only subvolumes also have to be writeable again before being
deleted. We unconditionally unset the readonly property on a subvolume
before deletion.
This adds a new "mkosi qemu" verb that is like "mkosi boot" but invokes
things in a QEMU environment.
This tries to find the native qemu implementation, with a couple of
fallbacks if none is found, always opting for KVM acceleration.
This also tries to automatically discover the UEFI firmware blobs. For
now only the location where the files are on Fedora is encoded in the
search path, but this can be updated for other distributions easily
later on.
mkosi: rework "mkosi shell"/"mkosi boot" to use os.execvp()
When invoked this way we are just preparators for the final nspawn
command, hence it makes a lot of sense to simply replace our process
with nspawn, hence don't fork off nspawn, but simply invoke os.execvp().
Dracut really should imply that the "qemu" module is used when
"nohostonly" mode is selected (which we select), but it currently does
not, so deal with that.
mkosi: make sure when copying files we unlink existing matching files first (#198)
Previously, if a file already existed before, we'd open it for write and
write the new file into the same file. If the old file was larger than
the new file we'd not truncate it, so that in that case the resulting
file was a combination of the new small file plus the old suffix.
Florent Thiery [Tue, 14 Nov 2017 09:56:56 +0000 (10:56 +0100)]
rework image cache logic so that it works without the presence of a build script (#155)
In that case, pre-dev and dev images are not generated at all anymore, so that cache images are
not generated every time; note that this means that pre-dev and pre-inst images currently need to
be manually removed to be re-generated.
Fixes #143.
I my build-less case i used the mkosi.postinst to perform the actual customizations, and in that case
the image caching was not used and it took way longer. With these patches the postinst is applied to
the mediacoder-image.raw.cache-pre-inst cache image, speeding up the process.
I use the postinst script to create users, enable/disable services, setup locale, install custom prebuilt
packages. Rebuilding the base image is pretty slow, so i think it is still useful to support -i without
caching (ex: for producing distro spins).
[zj: add commit message based on comments in the PR]
There are various circumstances in which it is OK to have permissions
mask which goes above 0o700:
- when the user has own group
- when the file is shared with others using a special group
- when doing QA and the password should be set but is not secret
- when the access is limited through other means
So let's not be too strict here.
Also, let's use plain octal mask instead of the stat.S_* macros. This
is way more legible! This is inspired by a recent comment from Linus
Torvalds:
https://github.com/torvalds/linux/commit/277642dcca765a1955d4c753a5a315ff7f2eb09d.
In Python we have the advantage that we have an unambigous notation
for octal numbers, so let's just use them.
Lucas De Marchi [Tue, 14 Nov 2017 08:36:59 +0000 (00:36 -0800)]
Fix breakage when generating image without bmap (#195)
When generating an image without bmap it was failing with:
‣ Creating BMAP file...
Traceback (most recent call last):
File "/usr/bin/mkosi", line 3304, in <module>
main()
File "/usr/bin/mkosi", line 3297, in main
build_stuff(args)
File "/usr/bin/mkosi", line 3231, in build_stuff
bmap = calculate_bmap(args, raw)
File "/usr/bin/mkosi", line 1995, in calculate_bmap
dir=os.path.dirname(args.output_bmap))
AttributeError: 'Namespace' object has no attribute 'output_bmap'
Fix it by doing the same as we do in other functions, checking if
bmap is actually enabled.
Lucas De Marchi [Sun, 12 Nov 2017 21:47:59 +0000 (13:47 -0800)]
Add support to bmap-tools (#190)
bmap-tools (https://github.com/intel/bmap-tools) allows us to write
images to physical disks like USB drives without having to write the
entire image. It rather writes only the used blocks. With this we
reduce the time to write to a disk when we manually set the size of the
partitions.
The general idea is to copy everything, preserving access mode, times,
xattrs on files. An attempt to create the new object is first made,
followed by an unlink and a repeated attempt. This optimizes for the
case where the output tree is empty, which seems to be the common
thing in our case.
Reflink is attempted for normal files.
Symlinks are not adjusted: if they pointed outside of the tree being
copied, they might be dangling now.
Block and character device nodes and any other special files are not
copied.
mkosi: create builddir if configured but missing (#181)
If a builddir is explicitly configured but missing, automatically create
it.
This follows the logic already implemented for mkosi.output/ and
mkosi.cache/.
This is particularly useful when storing mkosi settings in a git repo,
as git normally doesn't allow us to store empty directories, and hence
we cannot make use of auto-discovery of mkosi.output/ and mkosi.cache/.
By configuring these paths explicitly in mkosi.default however, we can
work around this, as in that case we'll create the directories if
needed.
mkosi: exclude all cache and output directories from the copied build sources
We should exclude mkosi.builddir/, mkosi.output/, mkosi.cache/ when
preparing the build image, as they aren't really part of the sources,
but contain artifacts of previous mkosi invocations.
Franck Bui [Thu, 12 Oct 2017 15:08:11 +0000 (17:08 +0200)]
openSUSE: don't use https to access mirrors for the time being
Some openSUSE mirrors redirect https to http and this seems to make
curl(1) unhappy now.
There's a request to fix that on mirror side:
https://github.com/openSUSE/mirrorbrain/issues/3 but for the time
being switch to http to access all mirrors.
There seems to be no additional values in https:// as the rpms are
signed by gpg keys already, so is the repodata anyways.
Let's add a way to store the root pw in a separate file, outside of
mkosi.default. That way it's easy for people to build images locally of
an upstream project without having to modify the mkosi.default file,
simply by dropping their own file.
mkosi: unbreak the squashfs mode, when used together with build trees (#160)
We need to create the mount point for the build tree early on, so that
it is included in the read-only squashfs image, and we can mount the
host's builddir into it.
Without this patch squashfs builds with builddir usage fail.
projects / thirdparty / mkosi.git / log
