We want the exitrd image to be built with the latest systemd as well.
As the exitrd image is built as part of mkosi.images, and all subimages
are built before the main image, this implies the packages must be built
as a subimage in mkosi.images/ as well. So we introduce the build image and
move all logic related to building distribution packages there.
This also has the nice side effect of slimming down the main image as the
build dependencies are not installed into the main image anymore. It also
makes sure the packages are built in a "clean" chroot without any of the
other packages which we install in the main image available.
[Config]
MinimumVersion=23~devel
InitrdInclude=mkosi.initrd/
+Dependencies=
+ exitrd
+ minimal-base
+ minimal-0
+ minimal-1
+
+PassEnvironment=
+ NO_BUILD
+ NO_SYNC
+ WIPE
+ SANITIZERS
+ CFLAGS
+ LDFLAGS
+ LLVM
+ MESON_VERBOSE
+ MESON_OPTIONS
+ SYSEXT
+ WITH_DEBUG
[Output]
RepartDirectories=mkosi.repart
BuildSourcesEphemeral=yes
Autologin=yes
-PostInstallationScripts=mkosi.sanitizers.chroot
ExtraTrees=
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
+ %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
+ %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
+ %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
+ %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
+ %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
+ %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
+ %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
+ %O/exitrd:/exitrd
Environment=
SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F
KernelModulesInitrdExclude=.*
KernelModulesInitrdInclude=default
-ExtraTrees=
- %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
- %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
- %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
- %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
- %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
- %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
- %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
- %O/exitrd:/exitrd
-
InitrdPackages=
btrfs-progs
findutils
bash-completion
bpftrace
btrfs-progs
- clang
coreutils
curl
diffutils
kmod
knot
less
- lld
- llvm
lvm2
man
mdadm
sed
socat
strace
- systemd
tar
tmux
tree
Distribution=arch
[Content]
-Environment=
- GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
- GIT_BRANCH=main
- GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c
-
VolatilePackages=
systemd
systemd-libs
Packages=
bind
bpf
- compiler-rt
compsize
cryptsetup
dbus-broker
dbus-broker-units
- debugedit
dhcp
f2fs-tools
- fakeroot
git
gnutls
- gnutls
iproute
iputils
linux
openssl
pacman
perf
- pkgconf
polkit
procps-ng
psmisc
stress-ng
tgt
tpm2-tools
- tpm2-tss
vim
InitrdPackages=
- compiler-rt
tpm2-tools
InitrdVolatilePackages=
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if [ "$1" = "build" ] || ((NO_BUILD)); then
+if [[ "$1" == "build" ]]; then
exit 0
fi
-# shellcheck source=/dev/null
-. "$BUILDROOT/usr/lib/os-release"
+DEPS=""
-if [ ! -f "pkg/$ID/PKGBUILD" ]; then
- echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
- exit 1
-fi
-
-# We get depends and optdepends from .SRCINFO as getting them from the PKGBUILD is rather complex.
-sed --expression 's/^[ \t]*//' "pkg/$ID/.SRCINFO" |
- grep --regexp '^depends =' --regexp '^optdepends =' |
- sed --expression 's/^depends = //' --expression 's/^optdepends = //' --expression 's/:.*//' --expression 's/=.*//' |
- xargs --delimiter '\n' mkosi-install
+while read -r PACKAGE; do
+ DEPS="$DEPS $(
+ pacman --sync --info "$PACKAGE" |
+ sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
+ sed --quiet 's/^Depends On *: //p' # Filter out everything except "Depends On:" line and fetch dependencies from it.
+ )"
-# We get makedepends from the PKGBUILD as .SRCINFO can't encode conditional dependencies depending on
-# whether some environment variable is set or not.
-# shellcheck source=/dev/null
-_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD"
+ DEPS="$DEPS $(
+ pacman --sync --info "$PACKAGE" |
+ sed '1,/^$/d' | # Only keep result from first repository (delete everything after first blank line).
+ sed --quiet '/Optional Deps/,/Conflicts With/{/Conflicts With/!p}' | # Get every line from "Optional Deps" (inclusive) until "Conflicts With" (exclusive).
+ sed 's/Optional Deps *: //' | # Drop "Optional Deps :" from first line.
+ sed 's/ *\(.*\):.*/\1/' | # Drop descriptions (everything after first colon for all lines).
+ tr '\n' ' ' # Transform newlines to whitespace.
+ )"
+done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
-# shellcheck disable=SC2154
-mkosi-install "${makedepends[@]}"
+echo "$DEPS" |
+ xargs | # Remove extra whitespace.
+ tr ' ' '\n' |
+ grep --invert-match --regexp systemd --regexp None | # systemd packages will be installed later on.
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
systemd-container
systemd-devel
systemd-journal-remote
+ systemd-libs
systemd-networkd
systemd-networkd-defaults
systemd-oomd-defaults
Packages=
bind-utils
bpftool
- compiler-rt
cryptsetup
device-mapper-event
device-mapper-multipath
git-core
glibc-langpack-de
glibc-langpack-en
- gnutls
gnutls-utils
integritysetup
iproute
iputils
iscsi-initiator-utils
kernel-core
- libasan
libcap-ng-utils
- libubsan
man-db
nmap-ncat
openssh-clients
python3-pexpect
quota
rpm
- rpm-build
- rpmautospec
sbsigntools
softhsm
squashfs-tools
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if [ "$1" = "build" ] || ((NO_BUILD)); then
+if [[ "$1" == "build" ]]; then
exit 0
fi
-# shellcheck source=/dev/null
-. "$BUILDROOT/usr/lib/os-release"
+mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
-if [ ! -f "pkg/$ID/systemd.spec" ]; then
- echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2
- exit 1
-fi
-
-for DEPS in --requires --buildrequires; do
- mkosi-chroot \
- rpmspec \
- --with upstream \
- --query \
- "$DEPS" \
- --define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
- "pkg/$ID/systemd.spec" |
- grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby |
- sort --unique |
- tee /tmp/buildrequires |
- xargs --delimiter '\n' mkosi-install
-done
-
-# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the
-# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy.
-# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore.
-sed '/Source0/d' --in-place "pkg/$ID/systemd.spec"
-
-until mkosi-chroot \
- rpmbuild \
- -br \
- --build-in-place \
- --with upstream \
- --define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
- --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
- "pkg/$ID/systemd.spec"
-do
- EXIT_STATUS=$?
- if [ $EXIT_STATUS -ne 11 ]; then
- exit $EXIT_STATUS
- fi
-
- mkosi-chroot \
- rpm \
- --query \
- --package \
- --requires \
- /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
- grep --invert-match '^rpmlib(' |
- sort --unique >/tmp/dynamic-buildrequires
-
- sort /tmp/buildrequires /tmp/dynamic-buildrequires |
- uniq --unique |
- tee --append /tmp/buildrequires |
- xargs --delimiter '\n' mkosi-install
+for DEPS in --requires --recommends --suggests; do
+ # We need --latest-limit=1 to only consider the newest version of the packages.
+ # --latest-limit=1 is per <name>.<arch> so we have to pass --arch= explicitly to make sure i686 packages
+ # are not considerd on x86-64.
+ dnf repoquery --arch="$DISTRIBUTION_ARCHITECTURE" --latest-limit=1 --quiet "$DEPS" "${PACKAGES[@]}" |
+ grep --invert-match --regexp systemd --regexp udev --regexp /bin/sh --regexp grubby --regexp sdubby --regexp libcurl-minimal |
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
done
# mkfs.ext4 enabled it by default, so we disable it explicitly.
SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
- GIT_URL=https://git.centos.org/rpms/systemd.git
- GIT_BRANCH=c9s-sig-hyperscale
- GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7
-
Packages=
kernel-modules # For squashfs
- rpmautospec-rpm-macros
PackageManagerTrees=mkosi-pinning.pref:/etc/apt/preferences.d/mkosi-pinning.pref
[Content]
-Environment=
- GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
- GIT_SUBDIR=debian
- GIT_BRANCH=debian/master
- GIT_COMMIT=abf24e775c67cf054f474526dd5d9d952a00228b
-
VolatilePackages=
libnss-myhostname
libnss-mymachines
libnss-systemd
libpam-systemd
libsystemd-dev
+ libsystemd-shared
+ libsystemd0
libudev-dev
systemd
systemd-container
udev
Packages=
- ^libasan[0-9]+$
- ^libtss2-esys-[0-9.]+-0$
- ^libtss2-mu-[0-9.]+-0$
- ^libubsan[0-9]+$
apt
bind9-dnsutils
cryptsetup-bin
dbus-broker
dbus-user-session
dmsetup
- dpkg-dev
f2fs-tools
fdisk
git-core
iputils-ping
isc-dhcp-server
libcap-ng-utils
- libclang-rt-dev
- libtss2-rc0
- libtss2-tcti-device0
locales
man-db
multipath-tools
xxd
InitrdPackages=
- libclang-rt-dev
tpm2-tools
InitrdVolatilePackages=
+++ /dev/null
-#!/bin/bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-set -e
-
-# By default Suggests are not installed (and often Recommends are disabled too), which means we will miss
-# the dlopen optional dependencies, but the tests need them, so parse them from the package metadata and
-# install them. This is not an issue when building locally, as the build and runtime images are the same,
-# so they would get installed as build dependencies anyway.
-
-if [ "$1" = "build" ] || ! ((NO_BUILD)); then
- exit 0
-fi
-
-# Query the Recommends and Suggests of all systemd packages, by matching on the version
-systemd_version="$(dpkg-query --showformat '${Version}' --show systemd)"
-mapfile -t systemd_packages < <( dpkg --list | grep '^ii' | grep "$systemd_version" | awk '{print $2}' | tr '\n' ' ' )
-extra_packages=()
-# shellcheck disable=SC2068
-for package in ${systemd_packages[@]}; do
- # We are looking for dlopens, so filter for libraries
- mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Suggests}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib")
- mapfile -t -O "${#extra_packages[@]}" extra_packages < <(dpkg-query --showformat '${Recommends}' --show "$package" | sed -e "s/, /\n/g" -e "s/|.*//" | grep "lib")
-done
-
-if [ "${#extra_packages[@]}" -eq 0 ]; then
- exit 0
-fi
-
-apt install "${extra_packages[@]}"
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if [ "$1" = "build" ] || ((NO_BUILD)); then
+if [[ "$1" == "build" ]]; then
exit 0
fi
-# shellcheck source=/dev/null
-. "$BUILDROOT/usr/lib/os-release"
+mapfile -t PACKAGES < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
-if [ ! -d "pkg/$ID/debian" ]; then
- echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
- exit 1
-fi
-
-cd "pkg/$ID"
-DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep .
+apt-cache depends "${PACKAGES[@]}" |
+ grep --invert-match --regexp "<" --regexp "|" --regexp systemd | # Remove e.g. <python3:any> and |dbus-broker like results
+ grep --extended-regexp "Depends|Suggests|Recommends" |
+ sed --quiet 's/.*: //p' | # Get every line with ": " in it and strip it at the same time.
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
Release=rawhide
[Content]
-Environment=
- GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
- GIT_BRANCH=rawhide
- GIT_COMMIT=a3524fc837f5e7b68f86b3e0a9d470a94a04c4c8
-
Packages=
compsize
dnf5
PackageManagerTrees=macros.db_backend:/etc/rpm/macros.db_backend
[Content]
-Environment=
- GIT_URL=https://code.opensuse.org/package/systemd
- GIT_BRANCH=master
- GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5
-
VolatilePackages=
+ libsystemd0
+ libudev1
systemd
systemd-boot
systemd-container
docbook-xsl-stylesheets
f2fs-tools
gawk
- gcc-c++
git-core
glibc-locale-base
gnutls
grep
- group(bin)
- group(daemon)
- group(games)
- group(nobody)
- group(root)
gzip
iputils
kernel-default
kmod
- libasan8
- libkmod2
- libubsan1
multipath-tools
ncat
open-iscsi
python3-pexpect
python3-psutil
quota
- rpm-build
rsync
sbsigntools
sed
tgt
timezone
tpm2.0-tools
- user(bin)
- user(daemon)
- user(games)
- user(nobody)
- user(root)
veritysetup
vim
xz
zypper
InitrdPackages=
- clang
kmod
- libkmod2
tpm2.0-tools
InitrdVolatilePackages=
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if [ "$1" = "build" ] || ((NO_BUILD)); then
+if [[ "$1" == "build" ]]; then
exit 0
fi
-# shellcheck source=/dev/null
-. "$BUILDROOT/usr/lib/os-release"
-ID="${ID%-*}"
-
-if [ ! -f "pkg/$ID/systemd.spec" ]; then
- echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
- exit 1
-fi
-
-# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
-sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec"
-
-for DEPS in --requires --buildrequires; do
- mkosi-chroot \
- rpmspec \
- --with upstream \
- --query \
- "$DEPS" \
- --define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
- "pkg/$ID/systemd.spec" |
- grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
- sort --unique |
- tee /tmp/buildrequires |
- xargs --delimiter '\n' mkosi-install
-done
-
-until mkosi-chroot \
- rpmbuild \
- -bd \
- --build-in-place \
- --with upstream \
- --define "_topdir /var/tmp" \
- --define "_sourcedir pkg/$ID" \
- --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
- "pkg/$ID/systemd.spec"
-do
- EXIT_STATUS=$?
- if [ $EXIT_STATUS -ne 11 ]; then
- exit $EXIT_STATUS
- fi
-
- mkosi-chroot \
- rpm \
- --query \
- --package \
- --requires \
- /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
- grep --invert-match '^rpmlib(' |
- sort --unique >/tmp/dynamic-buildrequires
-
- sort /tmp/buildrequires /tmp/dynamic-buildrequires |
- uniq --unique |
- tee --append /tmp/buildrequires |
- xargs --delimiter '\n' mkosi-install
-done
+DEPS=""
+
+while read -r PACKAGE; do
+ # zypper's output is not machine readable so we make do with sed instead.
+ DEPS="$DEPS\n$(
+ zypper info --requires --recommends --suggests "$PACKAGE" |
+ sed '/Requires/,$!d' | # Remove everything before Requires line
+ sed --quiet 's/^ //p' # All indented lines have dependencies
+ )"
+done < <(jq --raw-output .VolatilePackages[] <"$MKOSI_CONFIG")
+
+echo -e "$DEPS" |
+ grep --invert-match --regexp systemd --regexp udev --regexp qemu |
+ sort --unique |
+ xargs --delimiter '\n' --no-run-if-empty mkosi-install
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Add a dependency on the build image unless NO_BUILD=1.
+
+[Match]
+Environment=!NO_BUILD=1
+
+[Config]
+Dependencies=build
# SPDX-License-Identifier: LGPL-2.1-or-later
-# If we're only rerunning the build script, remove all subimage dependencies to speed up builds.
+# If we're only rerunning the build script, remove all subimage dependencies except the build image to speed
+# up builds.
[Match]
Format=none
[Config]
Dependencies=
+Dependencies=build
[Match]
Environment=SANITIZERS
+Environment=!SANITIZERS=
[Content]
# Set verify_asan_link_order=0 to prevent ASAN warnings when building the image and make sure the real ASAN
systemd.setenv=UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1
LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
systemd.setenv=LSAN_OPTIONS=suppressions=/usr/lib/systemd/leak-sanitizer-suppressions
+
+[Config]
+Include=%D/mkosi.sanitizers
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Content]
+Packages=
+ clang
+ erofs-utils
+ lld
+ llvm
+
+[Output]
+Format=none
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if ((NO_BUILD)); then
- exit 0
-fi
-
# shellcheck source=/dev/null
. /usr/lib/os-release
-if [ ! -f "pkg/$ID/PKGBUILD" ]; then
+if [[ ! -f "pkg/$ID/PKGBUILD" ]]; then
echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
exit 1
fi
# Linting the PKGBUILD takes multiple seconds every build so avoid that by nuking all the linting functions.
rm /usr/share/makepkg/lint_pkgbuild/*
-if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=arch
+
+[Content]
+Environment=
+ GIT_URL=https://gitlab.archlinux.org/archlinux/packaging/packages/systemd.git
+ GIT_BRANCH=main
+ GIT_COMMIT=d74b24c7c6077740c35a876445febe6d26bf013c
+
+Packages=
+ base
+ base-devel
+ diffutils
+ git
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+# shellcheck source=/dev/null
+. "$BUILDROOT/usr/lib/os-release"
+
+if [[ ! -f "pkg/$ID/PKGBUILD" ]]; then
+ echo "PKGBUILD not found at pkg/$ID/PKGBUILD, run mkosi once with -ff to make sure the PKGBUILD is cloned" >&2
+ exit 1
+fi
+
+# shellcheck source=/dev/null
+_systemd_UPSTREAM=1 . "pkg/$ID/PKGBUILD"
+
+# shellcheck disable=SC2154
+mkosi-install "${makedepends[@]}"
. mkosi.functions
-if ((NO_BUILD)); then
- exit 0
-fi
-
# shellcheck source=/dev/null
. /usr/lib/os-release
-if [ ! -f "pkg/$ID/systemd.spec" ]; then
+if [[ ! -f "pkg/$ID/systemd.spec" ]]; then
echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
-if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
fi
-if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.19.91"; then
+if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.19.91'))}")" == "-1" ]]; then
# Fix the %install override so debuginfo packages are generated even when --build-in-place is used.
# See https://github.com/rpm-software-management/rpm/issues/3042.
tee --append /usr/lib/rpm/redhat/macros <<'EOF'
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|centos
+Distribution=|fedora
+
+[Content]
+Packages=
+ compiler-rt
+ git-core
+ libasan
+ libubsan
+ rpm-build
+ rpmautospec
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+# shellcheck source=/dev/null
+. "$BUILDROOT/usr/lib/os-release"
+
+if [[ ! -f "pkg/$ID/systemd.spec" ]]; then
+ echo "spec not found at pkg/$ID/systemd.spec, run mkosi with -ff to make sure the spec is cloned" >&2
+ exit 1
+fi
+
+mkosi-chroot \
+ rpmspec \
+ --with upstream \
+ --query \
+ --buildrequires \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$ID" \
+ "pkg/$ID/systemd.spec" |
+ grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev --regexp grubby --regexp sdubby |
+ sort --unique |
+ tee /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
+
+# rpmbuild -br tries to build a source package which means all source files have to exist which isn't the
+# case when using --build-in-place so we get rid of the source file that doesn't exist to make it happy.
+# TODO: Use -bd instead of -br and get rid of this once we don't need to build on CentOS Stream 9 anymore.
+sed '/Source0/d' --in-place "pkg/$ID/systemd.spec"
+
+until mkosi-chroot \
+ rpmbuild \
+ -br \
+ --build-in-place \
+ --with upstream \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$ID" \
+ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+ "pkg/$ID/systemd.spec"
+do
+ EXIT_STATUS=$?
+ if [[ $EXIT_STATUS -ne 11 ]]; then
+ exit $EXIT_STATUS
+ fi
+
+ mkosi-chroot \
+ rpm \
+ --query \
+ --package \
+ --requires \
+ /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
+ grep --invert-match '^rpmlib(' |
+ sort --unique >/tmp/dynamic-buildrequires
+
+ sort /tmp/buildrequires /tmp/dynamic-buildrequires |
+ uniq --unique |
+ tee --append /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
+done
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=centos
+
+[Content]
+Packages=
+ rsync # TODO: Drop when CentOS Stream 9 CI is removed.
+ rpmautospec-rpm-macros
+
+Environment=
+ GIT_URL=https://git.centos.org/rpms/systemd.git
+ GIT_BRANCH=c9s-sig-hyperscale
+ GIT_COMMIT=46480aaa9e0ea63a85b6ca676554ce2aae10ce36
# SPDX-License-Identifier: LGPL-2.1-or-later
set -e
-if ((NO_BUILD)); then
- exit 0
-fi
-
# shellcheck source=/dev/null
. /usr/lib/os-release
-if [ ! -d "pkg/$ID/debian" ]; then
+if [[ ! -d "pkg/$ID/debian" ]]; then
echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
exit 1
fi
DEB_HOST_GNU_TYPE="$(dpkg-architecture --query DEB_HOST_GNU_TYPE)"
mount --mkdir --bind "$BUILDDIR" "$SRCDIR/obj-$DEB_HOST_GNU_TYPE"
-if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
# by meson install.
(cd debian/tmp/ && find . ! -type d ! -path "*dh-exec*" -printf '%P\n') >/tmp/installed-files
- if [ -f debian/not-installed ]; then
+ if [[ -f debian/not-installed ]]; then
grep --invert-match "^#" debian/not-installed >>/tmp/installed-files
fi
# not in the packaged file.
comm -23 /tmp/installed-files /tmp/packaged-files > /tmp/unpackaged-files
# If there are no unpackaged files something else went wrong.
- if [ ! -s /tmp/unpackaged-files ]; then
+ if [[ ! -s /tmp/unpackaged-files ]]; then
exit 1
fi
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=|debian
+Distribution=|ubuntu
+
+[Content]
+Environment=
+ GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
+ GIT_SUBDIR=debian
+ GIT_BRANCH=debian/master
+ GIT_COMMIT=abf24e775c67cf054f474526dd5d9d952a00228b
+
+Packages=
+ apt
+ git-core
+ libclang-rt-dev
+ dpkg-dev
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+# shellcheck source=/dev/null
+. "$BUILDROOT/usr/lib/os-release"
+
+if [[ ! -d "pkg/$ID/debian" ]]; then
+ echo "deb rules not found at pkg/$ID/debian, run mkosi once with -ff to make sure the rules are cloned" >&2
+ exit 1
+fi
+
+cd "pkg/$ID"
+DEB_BUILD_PROFILES="pkg.systemd.upstream" apt-get build-dep .
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=fedora
+
+[Content]
+Environment=
+ GIT_URL=https://src.fedoraproject.org/rpms/systemd.git
+ GIT_BRANCH=rawhide
+ GIT_COMMIT=a3524fc837f5e7b68f86b3e0a9d470a94a04c4c8
. mkosi.functions
-if ((NO_BUILD)); then
- exit 0
-fi
-
# shellcheck source=/dev/null
. /usr/lib/os-release
ID="${ID%-*}"
-if [ ! -f "pkg/$ID/systemd.spec" ]; then
+if [[ ! -f "pkg/$ID/systemd.spec" ]]; then
echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
exit 1
fi
-if [ -d .git/ ] && [ -z "$(git status --porcelain)" ]; then
+if [[ -d .git/ ]] && [[ -z "$(git status --porcelain)" ]]; then
TS="$(git show --no-patch --format=%ct HEAD)"
else
TS="${SOURCE_DATE_EPOCH:-$(date +%s)}"
# extension.
find "pkg/$ID" -name "files.*" -exec sed --in-place 's/\.gz$//' {} \;
-if systemd-analyze compare-versions "$(rpm --version | cut -d ' ' -f3)" lt "4.20"; then
+if [[ "$(rpm --eval "%{lua:print(rpm.vercmp('$(rpm --version | cut -d ' ' -f3)', '4.20'))}")" == "-1" ]]; then
# Fix the %install override so debuginfo packages are generated.
tee --append /usr/lib/rpm/suse/macros <<'EOF'
%install %{debug_package}\
}
if ! build; then
- if [ ! -s /tmp/unpackaged-files ]; then
+ if [[ ! -s /tmp/unpackaged-files ]]; then
exit 1
fi
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=opensuse
+
+[Content]
+Environment=
+ GIT_URL=https://code.opensuse.org/package/systemd
+ GIT_BRANCH=master
+ GIT_COMMIT=6812406e52a474568744c267e7bade1496bb26a5
+
+Packages=
+ gcc-c++
+ git-core
+ patterns-base-minimal_base
+ rpm-build
--- /dev/null
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -e
+
+if [[ "$1" == "build" ]]; then
+ exit 0
+fi
+
+# shellcheck source=/dev/null
+. "$BUILDROOT/usr/lib/os-release"
+ID="${ID%-*}"
+
+if [[ ! -f "pkg/$ID/systemd.spec" ]]; then
+ echo "spec not found at pkg/$ID/systemd.spec, run mkosi once with -ff to make sure the spec is cloned" >&2
+ exit 1
+fi
+
+# TODO: Drop when the spec is fixed (either the patch is adapted or not applied when building for upstream).
+sed --in-place '/0009-pid1-handle-console-specificities-weirdness-for-s390.patch/d' "pkg/$ID/systemd.spec"
+
+mkosi-chroot \
+ rpmspec \
+ --with upstream \
+ --query \
+ --buildrequires \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$ID" \
+ "pkg/$ID/systemd.spec" |
+ grep --invert-match --regexp systemd --regexp /bin/sh --regexp "rpmlib(" --regexp udev |
+ sort --unique |
+ tee /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
+
+until mkosi-chroot \
+ rpmbuild \
+ -bd \
+ --build-in-place \
+ --with upstream \
+ --define "_topdir /var/tmp" \
+ --define "_sourcedir pkg/$ID" \
+ --define "_build_name_fmt %%{NAME}-%%{VERSION}-%%{RELEASE}.%%{ARCH}.rpm" \
+ "pkg/$ID/systemd.spec"
+do
+ EXIT_STATUS=$?
+ if [[ $EXIT_STATUS -ne 11 ]]; then
+ exit $EXIT_STATUS
+ fi
+
+ mkosi-chroot \
+ rpm \
+ --query \
+ --package \
+ --requires \
+ /var/tmp/SRPMS/systemd-*.buildreqs.nosrc.rpm |
+ grep --invert-match '^rpmlib(' |
+ sort --unique >/tmp/dynamic-buildrequires
+
+ sort /tmp/buildrequires /tmp/dynamic-buildrequires |
+ uniq --unique |
+ tee --append /tmp/buildrequires |
+ xargs --delimiter '\n' mkosi-install
+done
exit 0
fi
+ if ! git -C "$PKG_SUBDIR" show-ref --quiet "origin/$GIT_BRANCH"; then
+ git -C "$PKG_SUBDIR" remote set-url origin "$GIT_URL"
+ git -C "$PKG_SUBDIR" fetch origin "$GIT_BRANCH"
+ fi
+
# If work is being done on the packaging rules in a separate branch, don't touch the checkout.
if ! git -C "$PKG_SUBDIR" merge-base --is-ancestor HEAD "origin/$GIT_BRANCH"; then
EXIT_STATUS=$?
Packages=
bash
+
+[Config]
+Include=%D/mkosi.sanitizers
Distribution=arch
[Content]
-Packages=
+VolatilePackages=
systemd
RemoveFiles=
Distribution=|fedora
[Content]
-Packages=
+VolatilePackages=
systemd-standalone-shutdown
Distribution=debian
[Content]
-Packages=
+VolatilePackages=
systemd-standalone-shutdown
[Content]
Packages=
+ patterns-base-minimal_base
+
+VolatilePackages=
systemd
Distribution=ubuntu
[Content]
-Packages=
+VolatilePackages=
systemd
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Add a dependency on the build image unless NO_BUILD=1.
+
+[Match]
+Environment=!NO_BUILD=1
+
+[Config]
+Dependencies=build
coreutils
grep
util-linux
+
+[Config]
+Include=%D/mkosi.sanitizers
iproute
nmap
+VolatilePackages=
+ systemd-libs
+
RemoveFiles=
# Arch Linux doesn't split their gcc-libs package so we manually remove
# unneeded stuff here to make sure it doesn't end up in the image.
iproute
iproute-tc
nmap-ncat
+
+VolatilePackages=
+ systemd-libs
iproute2
mount
ncat
+
+VolatilePackages=
+ libsystemd0
+ libudev1
iproute2
ncat
patterns-base-minimal_base
+
+VolatilePackages=
+ libsystemd0
+ libudev1
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Add a dependency on the build image unless NO_BUILD=1.
+
+[Match]
+Environment=!NO_BUILD=1
+
+[Config]
+Dependencies=build
# SPDX-License-Identifier: LGPL-2.1-or-later
[Content]
-PostInstallationScripts=../mkosi.sanitizers.chroot
ExtraTrees=
../mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
../mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
+
+[Config]
+Include=../mkosi.sanitizers
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Environment=SANITIZERS
+Environment=!SANITIZERS=
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Match]
+Distribution=arch
+Environment=LLVM=1
+
+[Content]
+Packages=
+ compiler-rt
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# TODO: Drop when https://bugzilla.suse.com/show_bug.cgi?id=1225784 is fixed.
+
+[Match]
+Distribution=|debian
+Distribution=|ubuntu
+Environment=LLVM=1
+
+[Content]
+Packages=
+ libclang-rt-dev
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# TODO: Drop when https://bugzilla.suse.com/show_bug.cgi?id=1225784 is fixed.
+
+[Match]
+Distribution=opensuse
+Environment=LLVM=1
+
+[Content]
+Packages=
+ clang
set -e
set -o nounset
-if [[ -z "${SANITIZERS:-}" ]]; then
+LIBSYSTEMD="$(mkosi-chroot ldconfig -p | grep libsystemd.so.0 | sed 's/[^/]*\//\//')"
+
+if [[ ! -f "$BUILDROOT/$LIBSYSTEMD" ]]; then
exit 0
fi
# Sanitizers log to stderr by default. However, journald's stderr is connected to /dev/null, so we lose
# all the sanitizer logs. To rectify that, let's connect journald's stdout to kmsg so that the sanitizer
# failures end up in the journal.
-mkdir -p /etc/systemd/system/systemd-journald.service.d
-cat >/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF
+if [[ -f "$BUILDROOT"/usr/lib/systemd/system/systemd-journald.service ]]; then
+ mkdir -p "$BUILDROOT"/etc/systemd/system/systemd-journald.service.d
+ cat >"$BUILDROOT"/etc/systemd/system/systemd-journald.service.d/10-stdout-tty.conf <<EOF
[Service]
StandardOutput=kmsg
EOF
+fi
# ASAN and syscall filters aren't compatible with each other.
-find /usr /etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} +
+find "$BUILDROOT"/usr "$BUILDROOT"/etc -name '*.service' -type f -exec sed -i 's/^\(MemoryDeny\|SystemCall\)/# \1/' {} +
# 'systemd-hwdb update' takes > 50s when built with sanitizers so let's not run it by default.
-systemctl mask systemd-hwdb-update.service
+systemctl --root="$BUILDROOT" mask systemd-hwdb-update.service
-ASAN_RT_PATH="$(grep libasan.so < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)"
+ASAN_RT_PATH="$(grep libasan.so < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)"
if [[ -z "$ASAN_RT_PATH" ]]; then
- ASAN_RT_PATH="$(grep libclang_rt.asan < <(ldd /usr/lib/systemd/systemd) | cut -d ' ' -f 3)"
+ ASAN_RT_PATH="$(grep libclang_rt.asan < <(mkosi-chroot ldd "$LIBSYSTEMD") | cut -d ' ' -f 3)"
# As clang's ASan DSO is usually in a non-standard path, let's check if the RUNPATH is set accordingly.
- if ldd /usr/lib/systemd/systemd | grep -q "libclang_rt.asan.*not found"; then
+ if mkosi-chroot ldd "$LIBSYSTEMD" | grep -q "libclang_rt.asan.*not found"; then
echo >&2 "clang's ASan DSO libclang_rt.asan is not present in the runtime library path"
exit 1
fi
)
for bin in "${wrap[@]}"; do
- if ! command -v "$bin" >/dev/null; then
+ if ! mkosi-chroot command -v "$bin" >/dev/null; then
continue
fi
enable_lsan=0
fi
- target="$(command -v "$bin")"
+ target="$(mkosi-chroot command -v "$bin")"
- mv "$target" "$target.orig"
+ mv "$BUILDROOT/$target" "$BUILDROOT/$target.orig"
- cat >"$target" <<EOF
+ cat >"$BUILDROOT/$target" <<EOF
#!/bin/bash
# Preload the ASan runtime DSO, otherwise ASAn will complain
export LD_PRELOAD="$ASAN_RT_PATH"
# Set argv[0] to the original binary name without the ".orig" suffix
exec -a "\$0" -- "${target}.orig" "\$@"
EOF
- chmod +x "$target"
+ chmod +x "$BUILDROOT/$target"
done
-cat >/usr/lib/systemd/systemd-asan-env <<EOF
+cat >"$BUILDROOT"/usr/lib/systemd/systemd-asan-env <<EOF
LD_PRELOAD=$ASAN_RT_PATH
LSAN_OPTIONS=detect_leaks=0
EOF
text = subprocess.check_output(cmd, text=True)
data = json.loads(text)
- return data['Images'][-1]
+ images = {image["Image"]: image for image in data["Images"]}
+ return images["build"]
def commit_file(distro: str, file: Path, commit: str, changes: str):
message = '\n'.join((
print(f"+ {shlex.join(cmd)}")
changes = subprocess.check_output(cmd, text=True).strip()
- conf_dir = Path('mkosi.conf.d')
+ conf_dir = Path('mkosi.images/build/mkosi.conf.d')
files = conf_dir.glob('*/*.conf')
for file in files:
s = file.read_text()
projects / thirdparty / systemd.git / commitdiff
