Daan De Meyer [Wed, 16 Feb 2022 10:46:42 +0000 (10:46 +0000)]
Default to -cpu max when running VMs using QEMU
Currently, we don't specify the -cpu option when running under the TCG
accelerator. This leads QEMU to choose a very conservative default that
doesn't emulate all the instructions that modern distros are compiled with.
To avoid such issues, let's default to having QEMU emulate as many CPU
instructions as possible to avoid illegal opcode errors when running
virtual machines.
Daan De Meyer [Wed, 16 Feb 2022 10:44:41 +0000 (10:44 +0000)]
Change --qemu-smp default from 2 to 1
When trying to a boot a centos epel VM using QEMU, it will hang during
boot if the qemu smp option is set to a number higher than 1. To avoid
this and similar issues, let's default to 1 core per VM. If users need
more they can always configure the option explicitly.
Daan De Meyer [Mon, 16 May 2022 14:57:02 +0000 (16:57 +0200)]
ci: Update to Ubuntu 22.04 LTS
Note: The LTS image is still in beta (https://github.com/actions/virtual-environments/issues/5490).
In Jammy, we have recent versions of zypper and dnf packaged so we
don't have to build them from source anymore. Also, sq is packaged
so we don't have to build sq from source anymore either.
The setup-github-actions.sh script is renamed to setup-pacman.sh
and it's reduced to only install the dependencies necessary to
build pacman and archlinux-keyring.
All other dependencies are moved to action.yaml and the action
mkosi.default script.
Daan De Meyer [Thu, 16 Jun 2022 21:43:45 +0000 (17:43 -0400)]
Communicate the associated dir in the ESP via /etc/kernel/entry-token
/etc/kernel/entry-token is the new way introduced in systemd v251 to
identify the directory that kernel-install and bootctl should install
their stuff to. If it exists, bootctl and kernel-install will read it
and use the directory inside to install things to.
Currently, in mkosi, we generate a random machine ID during the build
and use that as the directory under the ESP to install things to. Until
all distros we support get support for /etc/kernel/entry-token, we're
limited to using the machine ID as the directory to install stuff under
in the ESP.
Since the machine ID used during the build is scrubbed from the image,
users don't a way to figure out the directory in the ESP associated
with the rootfs after the build is finished. To fix this, let's write
the machine ID to /etc/kernel/entry-token before it is scrubbed so
that users can read the file to figure out which directory in the ESP
that they should look under to find stuff associated with the
corresponding rootfs.
Daan De Meyer [Mon, 13 Jun 2022 15:09:00 +0000 (11:09 -0400)]
Rework initramfs generation (again)
Currently, when building without unified kernel images, the generated
initramfs is generated as part of running the package manager for the
first time. Because of this, none of the changes made to the rootfs
after running the package manager (build script, extra-trees, postinst
script, ...) are taken into account when generating the initramfs. Also,
when building with unified kernel images, the generated initramfs does
take all changes made to the image into account.
To solve this inconsistency, let's generate the initrd manually instead
of relying on the package manager to do it for us. With the addition
of KERNEL_INSTALL_BYPASS, we can skip initramfs generation when
kernel-install is called by a post-installation script to generate the
initramfs. Similarly, we can use the INITRD environment variable to
do the same on Debian/Ubuntu systems.
To generate the initramfs manually, we simply call kernel-install at
a later point in the image build process. Because kernel-install doesn't
actually regenerate the initramfs on Debian/Ubuntu, we call
"dpkg-reconfigure dracut" there to make sure the initramfs is regenerated
before calling kernel-install.
Finally, because we now make sure the initramfs always includes all changes
made to the image, we modify install_unified_kernel() to call objcopy
again instead of dracut as we used to do but had to revert because calling
objcopy meant the initramfs wasn't regenerated.
Daan De Meyer [Fri, 17 Jun 2022 14:16:18 +0000 (10:16 -0400)]
machine: Add retries for ssh
We've been seeing quite a bit of "connection refused" errors in CI.
These are likely happening because sshd hasn't finished starting
yet.
The proper fix for this is to add notify socket support for systemd
running qemu VMs via virtio sockets, but even if that's added, it
will be a very long time before we can rely on it.
For now, let's add a retry mechanism for SSH connections to make
our CI setup more reliable.
Daan De Meyer [Fri, 17 Jun 2022 14:13:49 +0000 (10:13 -0400)]
Refactor command running in integration tests
Let's move run_command_image() into Machine.run(), introduce
run_systemd_cmdline() to get the systemd-run command line, and
remove all arguments from run_ssh() that aren't required anymore
now.
mkosi: optimize/fix patching of root part-type uuid
The bug was that the part-type write we did would get overwritten when the
partition table was subsequently rewritten when we were adding the verity and
verity-sig paritions. We don't need to write out the part-type manually, it's
enough to store the right value in our partition list. This makes things a bit
faster too.
We know that if we calculated the verity info, we'll insert a partition soon
after and then it'll get written correctly.
Daan De Meyer [Wed, 15 Jun 2022 20:24:41 +0000 (16:24 -0400)]
arch: Use gpgdir from host system
Instead of setting up the keyring in the image, let's reuse the
keyring from the host. If users want to use pacman in the image,
they just have to run pacman-key themselves in a postinst script
or such.
This speeds up building of images and hopefully also gets rid of
our CI issues with Arch where there's something keeping files open
in the root mount (which I expect is gpg-agent).
Daan De Meyer [Fri, 20 May 2022 13:05:09 +0000 (15:05 +0200)]
Fix losetup race condition with initializing partition devices
This fixes the same issue we've seen in the systemd repo where
using PARTSCAN introduces a race condition with trying to use
the partition device since the kernel initializes the partition
devices asynchronously. To avoid the issue, we initialize partition
devices manually using the BLKPG ioctl(). We also avoid the same
problem on detaching loop devices by removing partition devices
explicitly using the BLKPG ioctl().
See https://github.com/systemd/systemd/pull/22992,
https://github.com/systemd/systemd/pull/23427,
https://github.com/systemd/systemd/issues/23174 and
https://github.com/systemd/systemd/issues/17469 for more context.
The default formatter would wrap all text into a single paragraph,
which is rather hard to read in case when we have a list of options
and an explanation for each of the values. Let's add a custom formatter.
Also, never split option names or other words.
Part of output wrapped to the default 80 columns:
--source-file-transfer-final METHOD
How to copy build sources to the final image:
'copy-all': normal file copy
'copy-git-cached': use git ls-files --cached, ignoring
any file that git itself ignores
'copy-git-others': use git ls-files --others, ignoring
any file that git itself ignores
'copy-git-more': use git ls-files --cached, ignoring
any file that git itself ignores, but include the
.git/ directory
(default: None)
--source-resolve-symlinks [BOOL]
If true, symbolic links in the build sources are
followed and the file contents copied to the build
image. If false, they are left as symbolic links. Only
applies if --source-file-transfer-final is set to
'copy-all'.
(default: false)
--source-resolve-symlinks-final [BOOL]
If true, symbolic links in the build sources are
followed and the file contents copied to the final
image. If false, they are left as symbolic links in
the final image. Only applies if
--source-file-transfer-final is set to 'copy-all'.
(default: false)
--with-network [WITH_NETWORK]
Run build and postinst scripts with network access
(instead of private network)
--settings PATH Add in .nspawn settings file
--help would print something like "--source-file-transfer-final SOURCE_FILE_TRANSFER_FINAL"
which takes a lot of space but is not very helpful. In particular it
might not be clear whether this expects some custom string or just a
yes/no boolean. Let's use "BOOL" instead to tell the user the type of
the argument, which immediately implies what values can be specified.
Similarly, say "--source-file-transfer METHOD", "--source-file-transfer-final METHOD".
Also drop metavar= when it matches the default value anyway.
Creation of bmap files needs to take place before any compression
happens, since bmaptool has to know where the "holes" of the image lie.
Compression removes the holes, preventing bmap from recreating the
original raw image. Move the bmap calculation step before the
compression.
Joerg Behrmann [Wed, 1 Jun 2022 17:35:39 +0000 (19:35 +0200)]
ssh: make parse_ssh_agent only handle strings
pyright complains (wrongly I think) about value being None when passed to Path
to create the socket variable. Let's work around this by eliminating Nones as
values.
Daan De Meyer [Mon, 16 May 2022 13:57:53 +0000 (15:57 +0200)]
mkosi: Always use the embedded default version when no release is specified
Let's not have the host system determine the image distribution release.
Instead, let's always default to the default release embedded within mkosi.
This gives more consistent results when building images for a single distro
regardless of the host distribution.
Daan De Meyer [Tue, 17 May 2022 09:45:08 +0000 (11:45 +0200)]
machine: Translate \r\n to \n in logfile
Output lines from pexpect sent to the logfile will always end with
"\r\n" (side-effect of working with pseudo-TTYs) . On Github Actions,
this results in blank lines in the test output. Let's add a simple
adapter that translates "\r\n" back to "\n" before actually writing
to the logfile.
Daan De Meyer [Wed, 11 May 2022 11:54:24 +0000 (13:54 +0200)]
Install util-linux explicitly on Fedora
In Fedora 36, by default only util-linux-core is pulled in which
is missing /bin/login which is required by /sbin/agetty to function
properly. Let's pull it in explicitly until the bug is resolved.
Joerg Behrmann [Wed, 11 May 2022 07:41:35 +0000 (09:41 +0200)]
debian: include ca-certificates for bootstrap packages
apt throws warnings because it cannot verify the certificates for the security
repositories we included recently. We could add this to extra-packages, but then
ca-certificates is missing when we call apt update for the first time, so add it
to the debootsrap call.
Daan De Meyer [Thu, 5 May 2022 09:23:29 +0000 (11:23 +0200)]
Add nspawn version check to check_native()
From systemd-nspawn v250 onwards, it's possible to run build scripts
on non-native architectures (as long as binfmt.d is configured correctly)
so update the native check to consider that.
Right now mkosi.skeleton cannot be used for dpkg-based distributions, since
debootstrap will not work on a non-empty target. This adds a parameter to
install_skeleton_trees to hack around this for Debian and Ubuntu, so that the
call before install_distribution is skipped and we only add skeletons before
invoking apt again after doing the initial debootstrap.
py3.11: fix Enum formatting to work with python3.11-a7
Something strange is happening with .__repr__() access in python3.11:
>>> mkosi.backend.ManifestFormat.mro()
[<enum 'ManifestFormat'>, <class 'mkosi.backend.Parseable'>, <enum 'Enum'>, <class 'object'>]
>>> mkosi.backend.ManifestFormat.changelog.__repr__()
Traceback (most recent call last):
File "<stdin>", line 1, in <module>
File "/usr/lib64/python3.11/enum.py", line 1194, in __repr__
return "<%s.%s: %s>" % (self.__class__.__name__, self._name_, v_repr(self._value_))
^^^^^^^^^^^^^^^^^^^^
File "/home/zbyszek/src/mkosi/mkosi/backend.py", line 95, in __repr__
return cast(str, getattr(self, "name"))
^^^^^^^^^^^^^^^^^^^^^
AttributeError: 'str' object has no attribute 'name'
Enum somehow subverts normal lookup and makes its own __repr__ function be
used, even though Parseable is listed first in MRO. This seems to be related to
PEP 663, which was rejected, and the changes reverted for -a4 [1], but then the revert
was reverted [2].
Let's just sidestep MRO with a method redefinition:
>>> mkosi.backend.ManifestFormat.changelog.__repr__
<bound method ManifestFormat.__repr__ of changelog>
>>> mkosi.backend.ManifestFormat.changelog.__repr__()
'changelog'
This should work on all python versions. If python3.11 returns to previous
semantics before the final release, we can remove the workaround.
ubuntu/debian: Set up locale correctly on Debian/Ubuntu
Let's make sure we configure the locale. Also, some programs
expect /etc/default/locale to exist on Ubuntu/Debian so let's
create a symlink from there to /etc/locale.conf as well.
Let's not capture output by default. Instead, let's forward it
directly to stdout/stderr to simplify debugging. Similar to the
subprocess.run() function, let's add a capture_output argument
to allow configuring whether to capture the output.
We also remove the debug argument from Machine since logging to
stdout/stderr is now the default.
Drop --hostonly-initrd from test machine bootable images
Causes a few boot issues with rocky and alma bootable images so
let's remove the option as it the speed improvement shouldn't matter
too much for integration tests.
ci: Remove systemd.volatile from kernel command line
volatile doesn't work on many distros. We initially added it to
support booting GPT squashfs images but since we don't test those
in CI anymore, we can safely remove volatile from the kernel
commandline as well.
projects / thirdparty / mkosi.git / log
