mkosi might be invoked from a terminal but redirected to a file, in
that case we should ignore $TERM from the environment, so let's make
sure we handle that properly.
Let's make sure the limits are configured so we can always write at
least 4G of logs. We also enable compact mode again in all cases to
reduce the size used by journal files as for example Github Actions
machines aren't exactly swimming in free space.
(We pick 4G because that's the max journal file size when the compact
mode is used)
(We'll probably have to revisit this again at some point but for now
this should do the trick)
We want to support users writing to these directories from the host
so --cache=always is not an option as that assumes virtiofsd has
exclusive write access.
If we find a binary in any path configured with ExtraSearchPaths=,
we prefer using it over the tools tree.
This commit also gets rid of all the find_binary() for "btrfs" in
tree.py and stops passing in the tools tree to those functions.
Instead, we rely on the new behavior of run() to not fail hard
when check=False and the btrfs binary is not found.
Make check argument apply to whether the command exists
Let's not fail hard when check=False and the command is not found.
This will allow us to avoid having to pass the tools tree path around
in various places.
Let's drop this compat kludge for OpenMandriva. No other distro
does this and we should just assume gnu tar/cpio as the official
API of the tar/cpio binaries.
Switch to reprepro for generating local apt repositories
We don't install dpkg-dev in tools trees anymore to avoid pulling
in perl, which means we don't have access to dpkg-scanpackages in
tools trees anymore.
Instead of adding back dpkg-dev, let's instead switch to reprepro
for generating our local apt repository. It's written in C, packaged
everywhere and has hardly any dependencies.
Same as systemd. While in development we suffix with ~devel. Also
update the do-a-release script to add a second commit to switch back
to ~devel when we do a release.
We keep the old version in pyproject.toml because suffixing with
~devel conflicts with PEP 440 and python tools complain about that.
Add VolatilePackages= and InitrdVolatilePackages= settings
Let's allow configuring packages which should be installed after
running build scripts and which are not cached. This is useful for
installing packages which are built in a build script or which change
often and shouldn't invalidate the cache.
Every part of the default tools tree is cached. Thus, we can check
if the cache is out of date on incremental builds and if it isn't,
just reuse the previous tools tree instead of doing unnecessary work.
Only force repository metadata refresh if -ff was specified
Let's make sure we use the default metadata expiration checks unless
-ff was specified. Apt doesn't support anything like this so we don't
change anything there.
Let's run this logic for all distributions, and also run it after
running postinst scripts, to deal with kernel packages that are
installed in a postinst script.
When building an image using internal repositories, often various
internal certificates are required to be able to access these. These
are of course not going to be available in any default tools tree, so
let's add an option to use certificates and keys from the host with a
tools tree.
makepkg is always invoked in the image itself to build a package,
so there's no point in mounting over the makepkg.conf from the tools
tree into the sandbox.
bubblewrap does not support forwarding signals yet,
see https://github.com/containers/bubblewrap/pull/586. As a workaround,
we need to make sure we send our signals to the inner process. To
make this work, we create a pipe, pass it through to the subprocess,
and prefix with a bash command that writes its pid to the pipe before
exec-ing the actual command.
The other thing we get from this is that we can register the inner pid
as a scope which makes the systemctl status output for the scopes we
create a lot more useful.
This allows us to get rid of the shell hack to create and clean up
a subdirectory of /var/tmp. To avoid having to change every callsite
to use with(), we pass in a context manager directly into run() and
spawn().
Because we don't return a list anymore from sandbox_cmd(), we add an
extra "extra" argument to allow appending extra commands to the sandbox.
Stop installing dpkg-dev explicitly in tools trees
apt will pull in dpkg as a dependency. dpkg-dev specifically only
includes stuff required to build packages, which you generally only
want to install in the image itself as the dpkg build tooling does
not support operating on a chroot.
This gets rid of perl in tools trees as dpkg-dev depends on a bunch
of perl scripts but dpkg doesn't.
In spawn(), if an exception is raised by the context manager block,
we'll let it take priority over any exception we raise in spawn()
itself. Let's make use of this to make sure the qemu/VM exit code
always takes priority by raising the CalledProcessError from within
the qemu spawn() block.
We also let any qemu error take precedence over any EXIT_STATUS error.
Introduce CACHE_UID/CACHE_GID for use in the cache manifest
The INVOKING_USER uid and gid are potentially modified in become_root(),
causing cache mismatches depending on whether have_cache() is called
inside or outside of the user namespace.
Let's instead introduce two new constants resolved at module load time
which won't change.
Use the builtin constants for --include= to include the default initrd
and tools tree so that parse_config() makes the scripts executable for
us instead of having to do it ourselves.
opensuse: Don't install distribution-release by default
distribution-release is a virtual package that is satisfied by
multiple packages. By installing it by default in the first transaction
we can't override it anymore later. Let's fix the issue by not explicitly
installing distribution-release.
To make sure openSUSE-release is pulled in by default to satisfy
distribution-release, we install patterns-base-minimal_base which has
a Suggests dependency on openSUSE-release.
In systemd, we want to have a default set of kernel command line
arguments and override a few of them via the command line. Introduce
--append so that we can specify settings via the command line that
are parsed after all configuration have files have been parsed to
make this possible.
This setting mounts the build sources and build directory into a
booted container/virtual machine in the same location that they were
mounted to do the build.
This helps both with making gdb more useful in the container as the
sources will be available for use by gdb without having to do any
source directory mapping. It also helps with doing incremental builds
inside the container.
Make sure the build directory is owner by root (in the userns)
The build directory will (unless mkosi-as-caller is used) contain
files owned by root (in the userns). To make sure the correct uidmap
is used when using this directory in RuntimeTrees=, let's make sure
the directory is owned by root (in the userns).
Translate paths to SELinux policy files to /buildroot
The setfiles call was broken by 62cee058cb116684294831c4cab20924dde93e45
because the binary policy and file context files were still using the
host path in the run arguments.
Fixes the error `Error opening
/home/user/.cache/mkosi/mkosi-workspaceb5nodee6/root/etc/selinux/targeted/policy/policy.33:
No such file or directory`
Check in spawn() whether the command we're trying to run is available
Currently, if we try to run a command within a sandbox, we fail with
an unclear error if the program is not installed. This is because our
FileNotFoundError exception handler is never triggered as the program
we run via subprocess is almost always "sh" or "bwrap". Let's make sure
we also check for the actual program we're going to run in the sandbox
and show a clear error if it's not available.
Pass environment the usual way when we're invoking the package manager
Let's only use "env" in the package manager scripts we make available
when running user scripts. If we're invoking the package manager ourselves,
pass the environment in the usual way.
projects / thirdparty / mkosi.git / log
