Daan De Meyer [Thu, 28 Nov 2024 21:43:03 +0000 (22:43 +0100)]
Fix Partition split_path calculation
Now that we use workdir() in make_image(), we have to change the
Partition initializer to remove the path added by workdir() again
to get the proper path on the host.
Daan De Meyer [Sun, 24 Nov 2024 20:34:57 +0000 (21:34 +0100)]
mkosi-initrd: Install btrfs-progs
Even if fsck.btrfs doesn't do anything particularly useful, given we
install the fs tools of all the other filesystems, let's install btrfs-progs
as well. This is also useful when using systemd-repart to create the
root filesystem on first boot.
Daan De Meyer [Sat, 23 Nov 2024 13:54:59 +0000 (14:54 +0100)]
Drop ForwardJournal= integration for coredumpctl and journalctl verbs
Now that we have the sandbox verb, this is trivial to achieve with the
sandbox verb so let's keep the coredumpctl and journalctl verbs focused
solely on reading the journal and coredumps from the image itself and leave
inspecting the forwarded journal to mkosi sandbox.
Technically this breaks compat but I'm convinced nobody's actually using this
specific bit of integration so it shouldn't matter if we remove it.
Daan De Meyer [Sat, 23 Nov 2024 13:36:19 +0000 (14:36 +0100)]
Use tools tree again for ssh, coredumpctl and journalctl
In effect these verbs are very similar to the sandbox verb except
they run a predefined command line instead of an arbitrary one. So
let's make them behave the same as the sandbox verb when it comes to
the tools tree.
Brendan Jackman [Fri, 22 Nov 2024 14:14:58 +0000 (14:14 +0000)]
Clarify shell vs boot in man page
In retrospect it seems like this should have been obvious but it
confused me. Thanks to Daan for pointing it out on Matrix. Reword to
help out people like me in the future.
Daan De Meyer [Fri, 22 Nov 2024 09:37:06 +0000 (10:37 +0100)]
Include machine name in virtiofsd unit name
If the same directory is shared across multiple guests, we end up
with duplicate unit names even though we need separate virtiofsd
instances. Let's fix this by including the machine name in the
virtiofsd unit name so that the unit names will be unique across
guests.
Daan De Meyer [Thu, 21 Nov 2024 20:51:43 +0000 (21:51 +0100)]
sysupdate: Make it work in combination with a tools tree
- We have to make sure systemd-sysupdate looks at the os-release
from the host even when using a tools tree.
- systemd-sysupdate can't detect the root block device when running
with a tools tree. Let's abuse /run/systemd/volatile-root to shortcut
the detection logic instead.
Septatrix [Wed, 20 Nov 2024 22:10:45 +0000 (23:10 +0100)]
Keep track of collection resets from CLI arguments (fixes #3208)
Previously it was only possible to completely reset but not append,
or only append but not reset to collection/list settings
via command line arguments.
Now we track if a setting has ever been set to None (i.e. reset)
during command line parsing.
This information is used during value finalization
to decide whether to merge both collections or only keep the CLI value.
Martin Hundebøll [Tue, 19 Nov 2024 11:11:25 +0000 (12:11 +0100)]
Propagate --tools-tree-certificates to initrd build
The initrd build uses a config created from a "hand-crafted" command
line passed to `parse_config()`. This command line includes the relevant
settings (i.e. those deemed relevant for build the initrd) from the
"proper" config object.
Since the --tools-tree-certificates setting wasn't added to that command
line, it defaults to true regardless of any setting configured when
invoking mkosi. When building behind a cooperate (transparent) proxy
using a self-signed certificate, the initrd build fails when trying to
download packages (unless the needed packages happened to be downloaded
as part of a previous image build).
Make sure the --tools-tree-certificates setting applies to the initrd
build also, by explicitly including it in the hand-crafted command line.
The setting can be added unconditionally because of the default value
specified in config.py.
Daan De Meyer [Mon, 18 Nov 2024 20:06:17 +0000 (21:06 +0100)]
Also fail early if default tools tree is out of date without --force
We fail early if the tools tree does not exist and build or --force
was not specified, let's do the same if the tools tree is incremental
and the cache is out-of-date.
Daan De Meyer [Sat, 16 Nov 2024 14:47:43 +0000 (15:47 +0100)]
Add ToolsTreePackageDirectories=
Sometimes, we want to add locally built rpm packages to the default
tools tree. For example, systemd-repart depends on mkfs binaries that
might not be available on the host system, so the only way to run it
is from within the tools tree, which means we need a way to install
systemd-repart built from source within the tools tree.
Daan De Meyer [Fri, 15 Nov 2024 15:24:18 +0000 (16:24 +0100)]
Use passwd symlinks instead of bind mounts
Bind mounts don't reflect changes to the original files if they're
replaced instead of modified. Let's use symlinks instead so that
changes to the original files are always reflected.
Daan De Meyer [Fri, 15 Nov 2024 11:51:19 +0000 (12:51 +0100)]
Add --debug-sandbox
This will help in debugging sandbox related issues. We run the sandbox
with strace and detach on execve() so we don't strace the command that
we're running.
Davide Cavalca [Wed, 13 Nov 2024 02:41:12 +0000 (18:41 -0800)]
fixup: GitHub Action: Install all required mkosi dependencies
8505a5303bb0c65991faf59a45409330e0c16a92 lost the --assume-yes
--no-install-recommends. While the former seems to be implicit in the
GitHub runner environment, the latter isn't, and it seems best to leave
both in place.
Michael Ferrari [Mon, 11 Nov 2024 01:18:22 +0000 (02:18 +0100)]
Refactor resolve_deps and reorder after configure
As a configure script can modify the config in nearly any way it pleases
it is not impossible that dependencies may be resolved at runtime. So
just rerun dependency resolution after all configure scripts have done
their stuff.
Daan De Meyer [Sun, 3 Nov 2024 19:18:39 +0000 (20:18 +0100)]
Remove sandbox verb from needs_build()
It's not a clear cut case whether the sandbox needs a build or not.
The needs_build() method was originally intended for verbs that need
a full image build but the sandbox build only needs the tools tree.
Also, the tools tree is only built if ToolsTree=default and not if
set explicitly.
More practically, we don't want the JSON history from .mkosi-private
to be used when using mkosi sandbox, and that's the only usage of
the needs_build() method, so to fix that problem let's remove the sandbox
verb from needs_build().
Daan De Meyer [Fri, 1 Nov 2024 18:50:10 +0000 (19:50 +0100)]
Set up a private session keyring for engine pin caching
If we're using an engine as a key source, let's set up a private
session keyring and configure systemd tooling to store pins in the
session keyring with infinite lifetime. This means systemd will only
prompt for a pin once per key and reuse the cached pin from the session
keyring from that point onwards. The session keyring is automatically
removed when mkosi exits.
Daan De Meyer [Sat, 2 Nov 2024 17:57:31 +0000 (18:57 +0100)]
Add sandbox verb
In systemd, to run the integration tests, we need to run meson on
the host which will itself invoke mkosi to run the integration tests.
This means all the dependencies to run meson need to be installed on
the host. This doesn't just mean meson needs to be installed, but also
a compiler and various required build dependencies of systemd to allow
building tools invoked by mkosi to build the image.
To avoid having to install these dependencies on the host system, let's
introduce a sandbox verb which runs a command in the mkosi sandbox that's
also used by other verbs such as boot, qemu and shell. This then allows
extra required tools to be installed in the tools tree via ToolsTreePackages=
to allow running these commands without having to install them on the host
system.
projects / thirdparty / mkosi.git / log
