CXX="clang++-$COMPILER_VERSION"
AR="llvm-ar-$COMPILER_VERSION"
+ if systemd-analyze compare-versions "$COMPILER_VERSION" ge 17; then
+ CFLAGS="-fno-sanitize=function"
+ CXXFLAGS="-fno-sanitize=function"
+ else
+ CFLAGS=""
+ CXXFLAGS=""
+ fi
+
# Prefer the distro version if available
if ! apt-get -y install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/
CC="gcc-$COMPILER_VERSION"
CXX="g++-$COMPILER_VERSION"
AR="gcc-ar-$COMPILER_VERSION"
+ CFLAGS=""
+ CXXFLAGS=""
if ! apt-get -y install --dry-run "gcc-$COMPILER_VERSION" >/dev/null; then
# Latest gcc stack deb packages provided by
fi
# This is added by default, and it is often broken, but we don't need anything from it
-sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
-# PPA with some newer build dependencies (like zstd)
-sudo add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci
-sudo add-apt-repository -y --no-update --enable-source
+sudo rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources}
+# add-apt-repository --enable-source does not work on deb822 style sources.
+for f in /etc/apt/sources.list.d/*.sources; do
+ sudo sed -i "s/Types: deb/Types: deb deb-src/g" "$f"
+done
sudo apt-get -y update
sudo apt-get -y build-dep systemd
sudo apt-get -y install "${PACKAGES[@]}"
# always support all the features we need (like --optimization=). Since the build-dep
# command above installs the distro versions, let's install the pip ones just
# locally and add the local bin directory to the $PATH.
-pip3 install --user -r .github/workflows/requirements.txt --require-hashes
+pip3 install --user -r .github/workflows/requirements.txt --require-hashes --break-system-packages
export PATH="$HOME/.local/bin:$PATH"
$CC --version
info "Checking build with $args"
# shellcheck disable=SC2086
if ! AR="$AR" \
- CC="$CC" CC_LD="$LINKER" CFLAGS="-Werror" \
- CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="-Werror" \
+ CC="$CC" CC_LD="$LINKER" CFLAGS="$CFLAGS" \
+ CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="$CXXFLAGS" \
meson setup \
-Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \
-Dnobody-group=nogroup -Dcryptolib="${CRYPTOLIB:?}" -Ddebug=false \
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ toJSON(matrix.env) }}-${{ github.ref }}
cancel-in-progress: true
jobs:
PR:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
if: github.repository != 'systemd/systemd' || github.event.pull_request.user.login == 'dependabot[bot]'
concurrency:
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
- main
jobs:
Fuzzing:
- runs-on: ubuntu-latest
+ # FIXME: Figure out why 32-bit applications fail to run in docker on Ubuntu 24.04.
+ runs-on: ubuntu-22.04
if: github.repository == 'systemd/systemd'
concurrency:
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ matrix.architecture }}-${{ github.ref }}
analyze:
name: Analyze
if: github.repository != 'systemd/systemd-security'
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
if: github.repository == 'systemd/systemd'
env:
# Set in repo settings -> secrets -> actions
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' &&
github.repository == 'systemd/systemd'
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
permissions:
pull-requests: write
jobs:
lint:
if: github.event.repository.name != 'systemd-security'
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
permissions:
security-events: write
jobs:
gather-metadata:
if: github.repository == 'systemd/systemd'
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Repository checkout
jobs:
label-component:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
permissions:
issues: write
jobs:
triage:
if: github.repository == 'systemd/systemd'
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
permissions:
pull-requests: write
jobs:
build:
name: Lint Code Base
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
fetch-depth: 0
- name: Lint Code Base
- uses: super-linter/super-linter/slim@4e51915f4a812abf59fed160bb14595c0a38a9e7
+ uses: super-linter/super-linter/slim@88ea3923a7e1f89dd485d079f6eb5f5e8f937589
env:
DEFAULT_BRANCH: main
MULTI_STATUS: false
jobs:
release:
if: github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable'
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
permissions:
contents: write
jobs:
ci:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ matrix.distro }}-${{ matrix.release }}-${{ github.ref }}
cancel-in-progress: true
meson \
gperf \
libfdisk-dev \
+ libmount-dev \
libtss2-dev \
libblkid-dev \
libmicrohttpd-dev \
analysis:
name: Scorecards analysis
if: github.repository == 'systemd/systemd'
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
permissions:
id-token: write # Used to receive a badge.
SETUP)
info "Setup phase"
# This is added by default, and it is often broken, but we don't need anything from it
- rm -f /etc/apt/sources.list.d/microsoft-prod.list
- # PPA with some newer build dependencies
- add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci
- add-apt-repository -y --no-update --enable-source
+ rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources}
+ # add-apt-repository --enable-source does not work on deb822 style sources.
+ for f in /etc/apt/sources.list.d/*.sources; do
+ sed -i "s/Types: deb/Types: deb deb-src/g" "$f"
+ done
apt-get -y update
apt-get -y build-dep systemd
apt-get -y install "${ADDITIONAL_DEPS[@]}"
- pip3 install -r .github/workflows/requirements.txt --require-hashes
+ pip3 install -r .github/workflows/requirements.txt --require-hashes --break-system-packages
# Make sure the build dir is accessible even when drop privileges, otherwise the unprivileged
# part of test-execute gets skipped, since it can't run systemd-executor
if [[ "$phase" =~ ^RUN_CLANG ]]; then
export CC=clang
export CXX=clang++
+ export CFLAGS="-fno-sanitize=function"
+ export CXXFLAGS="-fno-sanitize=function"
if [[ "$phase" == RUN_CLANG ]]; then
# The docs build is slow and is not affected by compiler/flags, so do it just once
MESON_ARGS+=(-Dman=enabled)
if [[ "$phase" =~ ^RUN_CLANG_ASAN_UBSAN ]]; then
export CC=clang
export CXX=clang++
+ export CFLAGS="-fno-sanitize=function"
+ export CXXFLAGS="-fno-sanitize=function"
# Build fuzzer regression tests only with clang (for now),
# see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604
# -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ matrix.cryptolib }}-${{ github.ref }}
cancel-in-progress: true
@CacheDirectory=build/mkosi.cache
[Content]
-# The kernel versions in CentOS Stream 9 and Ubuntu 22.04 don't support orphan_file, but later
-# versions of mkfs.ext4 enabled it by default, so we disable it explicitly.
-Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
@SELinuxRelabel=no
BuildSourcesEphemeral=yes
[Content]
Environment=
+ # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of
+ # mkfs.ext4 enabled it by default, so we disable it explicitly.
+ Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file"
GIT_URL=https://git.centos.org/rpms/systemd.git
GIT_BRANCH=c9s-sig-hyperscale
GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7
# Remove to make TEST-73-LOCALE pass on Ubuntu.
rm -f /etc/default/keyboard
-# mkfs.ext4 on CentOS doesn't know the orphan_file feature so clear the mkfs options when we're building for
-# CentOS.
-if [[ "$DISTRIBUTION" == "centos" ]]; then
- SYSTEMD_REPART_MKFS_OPTIONS_EXT4=""
-fi
-
-export SYSTEMD_REPART_MKFS_OPTIONS_EXT4
-
-systemd-repart \
+# This is executed inside the chroot so no need to disable any features as the default features will match
+# the kernel's supported features.
+SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \
+ systemd-repart \
--empty=create \
--dry-run=no \
--size=auto \
projects / thirdparty / systemd.git / commitdiff
