mkosi: Update to latest

Let's make sure we're testing unprivileged builds properly. Usage
of SourceFileTransfer= and SourceFileTransferFinal= are removed as
they were dropped by mkosi. SourceFileTransfer=mount is now the
default in mkosi so behavior for the build script is unchanged. We
stop copying sources in the final image until mkosi adds support
for virtiofs.

diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 84f930abd17b7493e1e7746da19a1df5716ad4ef..9c5656d2734c0ed68a7530cf6878db2b290f98e6 100644 (file)
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -79,7 +79,7 @@ jobs:
 
     steps:
     - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-    - uses: systemd/mkosi@500f93a36cc3d5bf1d06848a0a8870bf1424625f
+    - uses: systemd/mkosi@4be912b0fa4931403fddf649aa242cd4406471c4
 
     - name: Configure
       run: |
@@ -87,6 +87,7 @@ jobs:
         [Distribution]
         Distribution=${{ matrix.distro }}
         Release=${{ matrix.release }}
+        SecureBoot=yes
 
         [Content]
         Environment=CI_BUILD=1
@@ -96,13 +97,13 @@ jobs:
         EOF
 
     - name: Generate secure boot key
-      run: sudo mkosi genkey
+      run: mkosi genkey
 
     - name: Build ${{ matrix.distro }}
-      run: sudo mkosi --idmap no --secure-boot
+      run: mkosi
 
     - name: Show ${{ matrix.distro }} image summary
-      run: sudo mkosi summary
+      run: mkosi summary
 
     - name: Boot ${{ matrix.distro }} systemd-nspawn
       run: sudo mkosi boot ${{ env.KERNEL_CMDLINE }} audit=0
@@ -111,7 +112,7 @@ jobs:
       run: sudo mkosi shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
 
     - name: Boot ${{ matrix.distro }} QEMU
-      run: sudo timeout -k 30 10m mkosi qemu
+      run: timeout -k 30 10m mkosi qemu
 
     - name: Check ${{ matrix.distro }} QEMU
       run: sudo mkosi shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"

diff --git a/mkosi.build b/mkosi.build
index b058b0352f7df2f9ba7f8a55a5c9b7dabee6c19b..fa78aa898247fe2f4215099bcfc4bb3efc93004e 100755 (executable)
--- a/mkosi.build
+++ b/mkosi.build
@@ -175,10 +175,6 @@ fi
 cd "$BUILDDIR"
 ninja "$@"
 if [ "$WITH_TESTS" = 1 ] ; then
-        for id in 1 2 3; do
-                getent group $id >/dev/null || echo "g testgroup$id $id -" | ./systemd-sysusers -
-        done
-
         if [ -n "$SANITIZERS" ]; then
                 export ASAN_OPTIONS="$ASAN_OPTIONS"
                 export UBSAN_OPTIONS="$UBSAN_OPTIONS"

diff --git a/mkosi.conf.d/10-systemd.conf b/mkosi.conf.d/10-systemd.conf
index a91378da971b7255b70e734a73462f65f5f4a971..57db7ecda900f17d4d98041608db15a099b044b9 100644 (file)
--- a/mkosi.conf.d/10-systemd.conf
+++ b/mkosi.conf.d/10-systemd.conf
@@ -11,8 +11,6 @@ OutputDirectory=mkosi.output
 [Content]
 BuildDirectory=mkosi.builddir
 Cache=mkosi.cache
-SourceFileTransfer=mount
-SourceFileTransferFinal=copy-git-others
 Packages=
         acl
         bash-completion

diff --git a/mkosi.prepare b/mkosi.prepare
index 9d377cf716c0b0050590e94ae45507b8cfea0929..3fcfe26c15b64eceb321547c20d31d68fd1df62f 100755 (executable)
--- a/mkosi.prepare
+++ b/mkosi.prepare
@@ -17,3 +17,11 @@ if [ "$(grep '^ID=' /etc/os-release)" = "ID=\"centos\"" ] && [ "$(grep '^VERSION
     alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1
     alternatives --set python3 /usr/bin/python3.9
 fi
+
+# Make sure the necessary test users are available in the build image. We do this here because the build
+# script does not run as root.
+if [ "$1" = "build" ]; then
+    for id in 1 2 3; do
+        getent group $id >/dev/null || echo "g testgroup$id $id -" | systemd-sysusers -
+    done
+fi