mkosi: Ensure we build all features/components in mkosi

Explicitly enable all features/components in the mkosi build to
ensure they all get built and we get an error if they can't be built.

We also rework the packages sections of all mkosi configs to reduce
duplication and cover all the dependencies necessary to build/use all
systemd features.

Note that for the final image, since systemd is installed by default
in base images, we rely on that to install the base library dependencies
and we only list extra optional dependencies and tools that aren't already
installed by default into the base image.

We also drop the centos stream 8 mkosi build as dependencies on that
distro are too out-of-date to be able to build all systemd features.
Since centos stream 9 has been out for a while, let's focus on that
and leave it to downstream to keep systemd building on centos stream 8.

Finally, there's a few additions to the mkosi scripts to make sure
services don't start by default on boot.

diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index fa0a22a577c11bb66ae6fe07af6aaad0cdb6a4ee..c2c12f33931a37a7230e57ba424fbec15401ce8c 100644 (file)
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -44,8 +44,6 @@ jobs:
             release: rawhide
           - distro: opensuse
             release: tumbleweed
-          - distro: centos_epel
-            release: 8-stream
           - distro: centos_epel
             release: 9-stream
 

diff --git a/mkosi.build b/mkosi.build
index 210811e7685773a0627e644e8cd9858db5ecb3df..76a813bf0a245be9ddc3c1250aa588c041e7fbae 100755 (executable)
--- a/mkosi.build
+++ b/mkosi.build
@@ -47,6 +47,15 @@ if [ "$(locale charmap 2>/dev/null)" != "UTF-8" ] ; then
         fi
 fi
 
+# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and
+# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override
+# the ubuntu script with a symlink to the first bpftool program we can find.
+for bpftool in /usr/lib/linux-tools/*/bpftool; do
+        [ -x "$bpftool" ] || continue
+        ln -sf "$bpftool" /usr/sbin/bpftool
+        break
+done
+
 if [ ! -f "$BUILDDIR"/build.ninja ] ; then
         sysvinit_path=$(realpath /etc/init.d)
 
@@ -66,7 +75,81 @@ if [ ! -f "$BUILDDIR"/build.ninja ] ; then
                 -D version-tag="${VERSION_TAG}" \
                 -D mode=developer \
                 -D b_sanitize="${SANITIZERS:-none}" \
-                -D install-tests=true
+                -D install-tests=true \
+                -D tests=unsafe \
+                -D slow-tests=true \
+                -D utmp=true \
+                -D hibernate=true \
+                -D ldconfig=true \
+                -D resolve=true \
+                -D efi=true \
+                -D tpm=true \
+                -D environment-d=true \
+                -D binfmt=true \
+                -D repart=true \
+                -D sysupdate=true \
+                -D coredump=true \
+                -D pstore=true \
+                -D oomd=true \
+                -D logind=true \
+                -D hostnamed=true \
+                -D localed=true \
+                -D machined=true \
+                -D portabled=true \
+                -D sysext=true \
+                -D userdb=true \
+                -D homed=true \
+                -D networkd=true \
+                -D timedated=true \
+                -D timesyncd=true \
+                -D remote=true \
+                -D nss-myhostname=true \
+                -D nss-mymachines=true \
+                -D nss-resolve=true \
+                -D nss-systemd=true \
+                -D firstboot=true \
+                -D randomseed=true \
+                -D backlight=true \
+                -D vconsole=true \
+                -D quotacheck=true \
+                -D sysusers=true \
+                -D tmpfiles=true \
+                -D importd=true \
+                -D hwdb=true \
+                -D rfkill=true \
+                -D xdg-autostart=true \
+                -D translations=true \
+                -D polkit=true \
+                -D acl=true \
+                -D audit=true \
+                -D blkid=true \
+                -D fdisk=true \
+                -D kmod=true  \
+                -D pam=true \
+                -D pwquality=true \
+                -D microhttpd=true \
+                -D libcryptsetup=true \
+                -D libcurl=true \
+                -D idn=true \
+                -D libidn2=true \
+                -D qrencode=true \
+                -D gcrypt=true \
+                -D gnutls=true \
+                -D openssl=true \
+                -D cryptolib=openssl \
+                -D p11kit=true \
+                -D libfido2=true \
+                -D tpm2=true \
+                -D elfutils=true \
+                -D zstd=true \
+                -D xkbcommon=true \
+                -D pcre2=true \
+                -D glib=true \
+                -D dbus=true \
+                -D gnu-efi=true \
+                -D kernel-install=true \
+                -D analyze=true \
+                -D bpf-framework=true
 fi
 
 cd "$BUILDDIR"
@@ -172,3 +255,7 @@ TTYVHangup=no
 CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG
 EOF
 fi
+
+# Make sure services aren't enabled by default on Debian/Ubuntu.
+mkdir -p "$DESTDIR/etc/systemd/system-preset"
+echo "disable *" > "$DESTDIR/etc/systemd/system-preset/99-mkosi.preset"

diff --git a/mkosi.default.d/10-systemd.conf b/mkosi.default.d/10-systemd.conf
index 8efd1e97fa3265c1599fb2b5936e531671089c75..1c69dc46e0f2befd3387fc72c8deeca548415f99 100644 (file)
--- a/mkosi.default.d/10-systemd.conf
+++ b/mkosi.default.d/10-systemd.conf
@@ -14,6 +14,46 @@ OutputDirectory=mkosi.output
 BuildDirectory=mkosi.builddir
 Cache=mkosi.cache
 SourceFileTransferFinal=copy-git-others
+Packages=
+        acl
+        bash-completion
+        coreutils
+        diffutils
+        dnsmasq
+        findutils
+        gcc # For sanitizer libraries
+        gdb
+        grep
+        kbd
+        kexec-tools
+        kmod
+        less
+        nano
+        nftables
+        openssl
+        python3
+        qrencode
+        sed
+        strace
+        tree
+        util-linux
+        valgrind
+        wireguard-tools
+        zsh
+
+BuildPackages=
+        clang
+        gcc
+        gettext
+        git
+        gnu-efi
+        gperf
+        llvm
+        meson
+        pkgconf
+        rpm
+        rsync
+        zstd
 
 [Host]
 QemuHeadless=yes

diff --git a/mkosi.default.d/arch/10-mkosi.arch b/mkosi.default.d/arch/10-mkosi.arch
index 12f46c71c70650cea49970328baeac6f8aec4e1e..bd54b08c541997ad88f5571bd76de6ae2ec8cd3b 100644 (file)
--- a/mkosi.default.d/arch/10-mkosi.arch
+++ b/mkosi.default.d/arch/10-mkosi.arch
@@ -9,65 +9,28 @@
 Distribution=arch
 
 [Content]
-BuildPackages=
-        acl
-        bzip2
-        clang
-        cryptsetup
-        curl
-        dbus
-        diffutils
-        docbook-xsl
-        elfutils
-        gcc
-        git
-        gnu-efi-libs
+Packages=
+        compsize
+        dhcp
         gnutls
-        gperf
-        inetutils
-        iptables
-        kmod
+        iproute
         libbpf
-        libcap
-        libgcrypt
-        libidn2
+        libfido2
         libmicrohttpd
-        libseccomp
-        libutil-linux
+        libpwquality
         libxkbcommon
-        libxslt
-        llvm
-        lz4
-        meson
-        pam
-        pkgconfig
-        python
-        python-lxml
-        python-jinja
-        qrencode
-        rsync
-        xz
-        zstd
-
-Packages=
-        gdb
-        libbpf
-        libidn2
-        nano
-        qrencode
-        strace
-        # For testing "systemd-analyze verify".
         man-db
-        # For testing systemd's bash completion scripts.
-        bash-completion
-        # For testing systemd's zsh completion scripts
-        # Run `autoload -Uz compinit; compinit` from a zsh shell in the booted image to enable completions.
-        zsh
-        # xxd is provided by the vim package
+        openbsd-netcat
+        polkit
+        quota-tools
+        tpm2-tss
         vim
-        # Required to run systemd-networkd-tests.py
-        python
-        iproute
-        dnsmasq
-        wireguard-tools
-        dhcp
+
+BuildPackages=
+        bpf
+        docbook-xsl
+        libxslt
+        linux-api-headers
+        perl
+        python-jinja
+        python-lxml

diff --git a/mkosi.default.d/centos_epel/10-mkosi.centos_epel b/mkosi.default.d/centos_epel/10-mkosi.centos_epel
index 5e726d4aef551458f902718288fbac83b38ebb9d..482b5935ce962551229794abb1b10b7e4e5979db 100644 (file)
--- a/mkosi.default.d/centos_epel/10-mkosi.centos_epel
+++ b/mkosi.default.d/centos_epel/10-mkosi.centos_epel
@@ -11,39 +11,54 @@ Format=gpt_xfs
 HostonlyInitrd=no
 
 [Content]
-BuildPackages=
-        diffutils
-        docbook-style-xsl
-        findutils
-        gcc
-        gettext
-        git
+Packages=
+        audit
+        cryptsetup
+        dhcp-server
+        glib2
         glibc-minimal-langpack
-        gnu-efi
+        gnutls
+        iproute
+        iproute-tc
+        kernel-modules-extra
+        libbpf
+        libfido2
+        libmicrohttpd
+        libxcrypt
+        libxkbcommon
+        netcat
+        p11-kit
+        pam
+        polkit
+        procps-ng
+        quota
+        tpm2-tss
+        vim-common
+
+BuildPackages=
+        bpftool
+        docbook-xsl
         gnu-efi-devel
-        gperf
-        lz4
-        meson
-        ninja-build
+        libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file.
+        libxslt
         pam-devel
-        # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file.
-        libgcrypt-devel
-        pkgconfig
+        perl-interpreter
         pkgconfig(audit)
         pkgconfig(blkid)
         pkgconfig(bzip2)
         pkgconfig(dbus-1)
         pkgconfig(fdisk)
+        pkgconfig(glib-2.0)
         pkgconfig(gnutls)
         pkgconfig(libacl)
+        pkgconfig(libbpf)
         pkgconfig(libcap)
         pkgconfig(libcryptsetup)
         pkgconfig(libcurl)
         pkgconfig(libdw)
+        pkgconfig(libfido2)
         pkgconfig(libidn2)
         pkgconfig(libkmod)
-        pkgconfig(liblz4)
-        pkgconfig(liblzma)
         pkgconfig(libmicrohttpd)
         pkgconfig(libpcre2-8)
         pkgconfig(libqrencode)
@@ -61,30 +76,3 @@ BuildPackages=
         pkgconfig(xkbcommon)
         python3dist(jinja2)
         python3dist(lxml)
-        rpm
-        tree
-        zstd
-        /usr/bin/xsltproc
-
-Packages=
-        gdb
-        nano
-        # procps-ng provides a set of useful utilities (ps, free, etc)
-        procps-ng
-        strace
-        tpm2-tss
-        less
-        netcat
-        e2fsprogs
-        # xxd is provided by the vim-common package
-        vim-common
-        libasan
-        libubsan
-        # Required to run systemd-networkd-tests.py
-        python3
-        iproute
-        iproute-tc
-        dnsmasq
-        wireguard-tools
-        dhcp-server
-        kernel-modules-extra

diff --git a/mkosi.default.d/debian/10-mkosi.debian b/mkosi.default.d/debian/10-mkosi.debian
index 2488eeb557ecbf54b7e216f07441d85e98d2a94b..2b712d677851f1e8e3ff67740c1171950f49717a 100644 (file)
--- a/mkosi.default.d/debian/10-mkosi.debian
+++ b/mkosi.default.d/debian/10-mkosi.debian
@@ -8,17 +8,31 @@ Distribution=debian
 Release=testing
 
 [Content]
+Packages=
+        cryptsetup-bin
+        iproute2
+        isc-dhcp-server
+        libbpf0
+        libfido2-1
+        libglib2.0-0
+        libgnutls30
+        libidn2-0
+        libmicrohttpd12
+        libp11-kit0
+        libpam0g
+        libpwquality1
+        libqrencode4
+        libtss2-dev # Use the -dev package to avoid churn in updating version numbers
+        netcat-openbsd
+        policykit-1
+        procps
+        quota
+        xxd
+
 BuildPackages=
-        acl
-        clang
-        docbook-xml
+        bpftool
         docbook-xsl
-        gcc
         g++
-        gettext
-        git
-        gnu-efi
-        gperf
         libacl1-dev
         libaudit-dev
         libblkid-dev
@@ -26,59 +40,28 @@ BuildPackages=
         libbz2-dev
         libcap-dev
         libcryptsetup-dev
-        libcurl4-gnutls-dev
+        libcurl4-openssl-dev
         libdbus-1-dev
         libdw-dev
         libfdisk-dev
         libfido2-dev
         libgcrypt20-dev
+        libglib2.0-dev
         libgnutls28-dev
-        libidn2-0-dev
+        libidn2-dev
         libiptc-dev
         libkmod-dev
-        liblz4-dev
-        liblz4-tool
-        liblzma-dev
         libmicrohttpd-dev
         libmount-dev
+        libp11-kit-dev
         libpam0g-dev
+        libpwquality-dev
         libqrencode-dev
         libseccomp-dev
         libsmartcols-dev
         libssl-dev
-        libtss2-dev
         libxkbcommon-dev
         libzstd-dev
-        llvm
-        meson
-        pkg-config
-        python3
-        python3-lxml
         python3-jinja2
-        tree
-        uuid-dev
+        python3-lxml
         xsltproc
-        xz-utils
-        zstd
-
-Packages=
-        gdb
-        libbpf0
-        libfdisk1
-        libfido2-1
-        libidn2-0
-        libqrencode4
-        # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically
-        libtss2-dev
-        locales
-        nano
-        strace
-        xxd
-        # Provides libasan/libubsan
-        gcc
-        # Required to run systemd-networkd-tests.py
-        python3
-        iproute2
-        dnsmasq-base
-        wireguard-tools
-        isc-dhcp-server

diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora
index c1d8a5755757cda4767354aa6ccb0f975ea374be..95611177890fd795e0e4c4f71b474e34e93affa8 100644 (file)
--- a/mkosi.default.d/fedora/10-mkosi.fedora
+++ b/mkosi.default.d/fedora/10-mkosi.fedora
@@ -8,29 +8,42 @@ Distribution=fedora
 Release=36
 
 [Content]
-BuildPackages=
-        diffutils
-        docbook-style-xsl
-        findutils
-        gcc
-        gettext
-        git
+Packages=
+        compsize
+        cryptsetup
+        dhcp-server
+        glib2
         glibc-minimal-langpack
-        gnu-efi
+        gnutls
+        iproute
+        iproute-tc
+        kernel-modules-extra
+        libbpf
+        libfido2
+        libmicrohttpd
+        libxcrypt
+        libxkbcommon
+        netcat
+        pam
+        polkit
+        procps-ng
+        quota
+        tpm2-tss
+        vim-common
+
+BuildPackages=
+        bpftool
+        docbook-xsl
         gnu-efi-devel
-        gperf
-        lz4
-        meson
-        ninja-build
         pam-devel
-        pkgconfig
+        pkgconfig # pkgconf shim to provide /usr/bin/pkg-config
         pkgconfig(audit)
         pkgconfig(blkid)
-        pkgconfig(bzip2)
         pkgconfig(dbus-1)
         pkgconfig(fdisk)
-        pkgconfig(gnutls)
+        pkgconfig(glib-2.0)
         pkgconfig(libacl)
+        pkgconfig(libbpf)
         pkgconfig(libcap)
         pkgconfig(libcryptsetup)
         pkgconfig(libcurl)
@@ -39,8 +52,6 @@ BuildPackages=
         pkgconfig(libgcrypt)
         pkgconfig(libidn2)
         pkgconfig(libkmod)
-        pkgconfig(liblz4)
-        pkgconfig(liblzma)
         pkgconfig(libmicrohttpd)
         pkgconfig(libpcre2-8)
         pkgconfig(libqrencode)
@@ -58,33 +69,3 @@ BuildPackages=
         pkgconfig(xkbcommon)
         python3dist(jinja2)
         python3dist(lxml)
-        rpm
-        tree
-        zstd
-        /usr/bin/xsltproc
-
-Packages=
-        acl
-        gdb
-        nano
-        # procps-ng provides a set of useful utilities (ps, free, etc)
-        procps-ng
-        strace
-        tpm2-tss
-        less
-        netcat
-        e2fsprogs
-        compsize
-        # xxd is provided by the vim-common package
-        vim-common
-        # Sanitizers
-        libasan
-        libubsan
-        # Required to run systemd-networkd-tests.py
-        python
-        iproute
-        iproute-tc
-        dnsmasq
-        wireguard-tools
-        dhcp-server
-        kernel-modules-extra

diff --git a/mkosi.default.d/opensuse/10-mkosi.opensuse b/mkosi.default.d/opensuse/10-mkosi.opensuse
index 16fdecdedef2eac933cdacf5550815f7eabb109e..8dbb1dc50fcc9da37b6c991cdfda841a2fe5939c 100644 (file)
--- a/mkosi.default.d/opensuse/10-mkosi.opensuse
+++ b/mkosi.default.d/opensuse/10-mkosi.opensuse
@@ -8,72 +8,59 @@ Distribution=opensuse
 Release=tumbleweed
 
 [Content]
+Packages=
+        dbus-1
+        glibc-locale-base
+        libbpf0
+        libcrypt1
+        libcryptsetup12
+        libdw1
+        libelf1
+        libfido2
+        libgcrypt20
+        libglib-2_0-0
+        libkmod2
+        liblz4-1
+        libmount1
+        libp11-kit0
+        libqrencode4
+        libseccomp2
+        libxkbcommon0
+        pam
+        tpm2-0-tss
+        vim
+
 BuildPackages=
+        audit-devel
+        bpftool
+        dbus-1-devel
         docbook-xsl-stylesheets
-        fdupes
-        gcc
-        gnu-efi
-        gperf
-        intltool
+        glib2-devel
+        glibc-locale
         libacl-devel
-        libapparmor-devel
         libblkid-devel
-        libbz2-devel
+        libbpf-devel
         libcap-devel
         libcryptsetup-devel
         libcurl-devel
+        libdw-devel
+        libelf-devel
+        libfdisk-devel
+        libfido2-devel
         libgcrypt-devel
         libgnutls-devel
         libkmod-devel
-        liblz4-devel
         libmicrohttpd-devel
         libmount-devel
+        libpwquality-devel
         libseccomp-devel
         libselinux-devel
+        libxkbcommon-devel
         libxslt-tools
-        meson
+        openssl-devel
         pam-devel
-        pciutils-devel
         pcre-devel
-        python3
         python3-Jinja2
         python3-lxml
         qrencode-devel
-        shadow
-        system-user-nobody
-        systemd-sysvinit
-        zlib-devel
-# to satisfy tests
-        acl
-        diffutils
-        glibc-locale
-        system-group-obsolete
-        system-user-bin
-        system-user-daemon
-        system-user-root
-        timezone
-
-Packages=
-        gdb
-        # brought in via meson->python3
-        libp11-kit0
-        # --bootable=no
-        dbus-1
-        libapparmor1
-        libcrypt1
-        libcryptsetup12
-        libgcrypt20
-        libgnutls30
-        libkmod2
-        liblz4-1
-        libmount1
-        libqrencode4
-        libseccomp2
-        pam
-        nano
-        strace
-        util-linux
-        # xxd is provided by the vim package
-        vim
-        # Provides libasan/libubsan
-        gcc
+        tpm2-0-tss-devel

diff --git a/mkosi.default.d/ubuntu/10-mkosi.ubuntu b/mkosi.default.d/ubuntu/10-mkosi.ubuntu
index 2d73746f3f87adb4433b81aced824ade452f3d1e..60e1bcfa6670e2eaf30ef41d36222bbc9123e8fa 100644 (file)
--- a/mkosi.default.d/ubuntu/10-mkosi.ubuntu
+++ b/mkosi.default.d/ubuntu/10-mkosi.ubuntu
@@ -9,75 +9,60 @@ Release=jammy
 Repositories=main,universe
 
 [Content]
+Packages=
+        cryptsetup-bin
+        iproute2
+        isc-dhcp-server
+        libbpf0
+        libfdisk1
+        libfido2-1
+        libglib2.0-0
+        libidn2-0
+        libmicrohttpd12
+        libp11-kit0
+        libpwquality1
+        libqrencode4
+        libtss2-dev # Use the -dev package to avoid churn in updating version numbers
+        linux-tools-common
+        linux-tools-generic
+        netcat-openbsd
+        policykit-1
+        procps
+        quota
+        xxd
+
 BuildPackages=
-        acl
-        docbook-xml
         docbook-xsl
-        gcc
-        gettext
-        git
-        gnu-efi
-        gperf
+        g++
         libacl1-dev
         libaudit-dev
         libblkid-dev
+        libbpf-dev
         libbz2-dev
         libcap-dev
         libcryptsetup-dev
-        libcurl4-gnutls-dev
+        libcurl4-openssl-dev
         libdbus-1-dev
         libdw-dev
         libfdisk-dev
         libfido2-dev
         libgcrypt20-dev
+        libglib2.0-dev
         libgnutls28-dev
-        libidn2-0-dev
-        libip4tc-dev
-        libip6tc-dev
+        libidn2-dev
+        libiptc-dev
         libkmod-dev
-        liblz4-dev
-        liblz4-tool
-        liblzma-dev
         libmicrohttpd-dev
         libmount-dev
+        libp11-kit-dev
         libpam0g-dev
+        libpwquality-dev
         libqrencode-dev
         libseccomp-dev
         libsmartcols-dev
         libssl-dev
-        libtss2-dev
         libxkbcommon-dev
-        libxtables-dev
         libzstd-dev
-        meson
-        pkg-config
-        python3
-        python3-lxml
         python3-jinja2
-        tree
-        tzdata
-        uuid-dev
+        python3-lxml
         xsltproc
-        xz-utils
-        zstd
-
-Packages=
-        gdb
-        libfido2-1
-        libidn2-0
-        libqrencode4
-        # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically
-        libtss2-dev
-        libfdisk1
-        locales
-        nano
-        strace
-        xxd
-        # Provides libasan/libubsan
-        gcc
-        # Required to run systemd-networkd-tests.py
-        python3
-        iproute2
-        dnsmasq-base
-        wireguard-tools
-        isc-dhcp-server

diff --git a/mkosi.postinst b/mkosi.postinst
index 1c24b4f51a57aa7cc7b7bd2cebd4e2e331d885ff..fb59d3111523c32df0734b77e762421e198bb2de 100755 (executable)
--- a/mkosi.postinst
+++ b/mkosi.postinst
@@ -18,6 +18,9 @@ EOF
         # `systemd-hwdb update` takes > 50s when built with sanitizers so let's not run it by default.
         systemctl mask systemd-hwdb-update.service
     fi
+
+    # Make sure dnsmasq.service doesn't start on boot on Debian/Ubuntu.
+    rm -f /etc/systemd/system/multi-user.target.wants/dnsmasq.service
 fi
 
 # Temporary workaround until https://github.com/openSUSE/suse-module-tools/commit/158643414ddb8d8208016a5f03a4484d58944d7a