From: Daan De Meyer Date: Mon, 22 Aug 2022 11:21:07 +0000 (+0200) Subject: mkosi: Ensure we build all features/components in mkosi X-Git-Tag: v252-rc1~366 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=37d35150cbb5db063aaa8e5878ec03258414b0e5;p=thirdparty%2Fsystemd.git mkosi: Ensure we build all features/components in mkosi Explicitly enable all features/components in the mkosi build to ensure they all get built and we get an error if they can't be built. We also rework the packages sections of all mkosi configs to reduce duplication and cover all the dependencies necessary to build/use all systemd features. Note that for the final image, since systemd is installed by default in base images, we rely on that to install the base library dependencies and we only list extra optional dependencies and tools that aren't already installed by default into the base image. We also drop the centos stream 8 mkosi build as dependencies on that distro are too out-of-date to be able to build all systemd features. Since centos stream 9 has been out for a while, let's focus on that and leave it to downstream to keep systemd building on centos stream 8. Finally, there's a few additions to the mkosi scripts to make sure services don't start by default on boot. --- diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index fa0a22a577c..c2c12f33931 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -44,8 +44,6 @@ jobs: release: rawhide - distro: opensuse release: tumbleweed - - distro: centos_epel - release: 8-stream - distro: centos_epel release: 9-stream diff --git a/mkosi.build b/mkosi.build index 210811e7685..76a813bf0a2 100755 --- a/mkosi.build +++ b/mkosi.build @@ -47,6 +47,15 @@ if [ "$(locale charmap 2>/dev/null)" != "UTF-8" ] ; then fi fi +# The bpftool script shipped by Ubuntu tries to find the actual program to run via querying `uname -r` and +# using the current kernel version. This obviously doesn't work in containers. As a workaround, we override +# the ubuntu script with a symlink to the first bpftool program we can find. +for bpftool in /usr/lib/linux-tools/*/bpftool; do + [ -x "$bpftool" ] || continue + ln -sf "$bpftool" /usr/sbin/bpftool + break +done + if [ ! -f "$BUILDDIR"/build.ninja ] ; then sysvinit_path=$(realpath /etc/init.d) @@ -66,7 +75,81 @@ if [ ! -f "$BUILDDIR"/build.ninja ] ; then -D version-tag="${VERSION_TAG}" \ -D mode=developer \ -D b_sanitize="${SANITIZERS:-none}" \ - -D install-tests=true + -D install-tests=true \ + -D tests=unsafe \ + -D slow-tests=true \ + -D utmp=true \ + -D hibernate=true \ + -D ldconfig=true \ + -D resolve=true \ + -D efi=true \ + -D tpm=true \ + -D environment-d=true \ + -D binfmt=true \ + -D repart=true \ + -D sysupdate=true \ + -D coredump=true \ + -D pstore=true \ + -D oomd=true \ + -D logind=true \ + -D hostnamed=true \ + -D localed=true \ + -D machined=true \ + -D portabled=true \ + -D sysext=true \ + -D userdb=true \ + -D homed=true \ + -D networkd=true \ + -D timedated=true \ + -D timesyncd=true \ + -D remote=true \ + -D nss-myhostname=true \ + -D nss-mymachines=true \ + -D nss-resolve=true \ + -D nss-systemd=true \ + -D firstboot=true \ + -D randomseed=true \ + -D backlight=true \ + -D vconsole=true \ + -D quotacheck=true \ + -D sysusers=true \ + -D tmpfiles=true \ + -D importd=true \ + -D hwdb=true \ + -D rfkill=true \ + -D xdg-autostart=true \ + -D translations=true \ + -D polkit=true \ + -D acl=true \ + -D audit=true \ + -D blkid=true \ + -D fdisk=true \ + -D kmod=true \ + -D pam=true \ + -D pwquality=true \ + -D microhttpd=true \ + -D libcryptsetup=true \ + -D libcurl=true \ + -D idn=true \ + -D libidn2=true \ + -D qrencode=true \ + -D gcrypt=true \ + -D gnutls=true \ + -D openssl=true \ + -D cryptolib=openssl \ + -D p11kit=true \ + -D libfido2=true \ + -D tpm2=true \ + -D elfutils=true \ + -D zstd=true \ + -D xkbcommon=true \ + -D pcre2=true \ + -D glib=true \ + -D dbus=true \ + -D gnu-efi=true \ + -D kernel-install=true \ + -D analyze=true \ + -D bpf-framework=true fi cd "$BUILDDIR" @@ -172,3 +255,7 @@ TTYVHangup=no CapabilityBoundingSet=~CAP_SYS_TTY_CONFIG EOF fi + +# Make sure services aren't enabled by default on Debian/Ubuntu. +mkdir -p "$DESTDIR/etc/systemd/system-preset" +echo "disable *" > "$DESTDIR/etc/systemd/system-preset/99-mkosi.preset" diff --git a/mkosi.default.d/10-systemd.conf b/mkosi.default.d/10-systemd.conf index 8efd1e97fa3..1c69dc46e0f 100644 --- a/mkosi.default.d/10-systemd.conf +++ b/mkosi.default.d/10-systemd.conf @@ -14,6 +14,46 @@ OutputDirectory=mkosi.output BuildDirectory=mkosi.builddir Cache=mkosi.cache SourceFileTransferFinal=copy-git-others +Packages= + acl + bash-completion + coreutils + diffutils + dnsmasq + findutils + gcc # For sanitizer libraries + gdb + grep + kbd + kexec-tools + kmod + less + nano + nftables + openssl + python3 + qrencode + sed + strace + tree + util-linux + valgrind + wireguard-tools + zsh + +BuildPackages= + clang + gcc + gettext + git + gnu-efi + gperf + llvm + meson + pkgconf + rpm + rsync + zstd [Host] QemuHeadless=yes diff --git a/mkosi.default.d/arch/10-mkosi.arch b/mkosi.default.d/arch/10-mkosi.arch index 12f46c71c70..bd54b08c541 100644 --- a/mkosi.default.d/arch/10-mkosi.arch +++ b/mkosi.default.d/arch/10-mkosi.arch @@ -9,65 +9,28 @@ Distribution=arch [Content] -BuildPackages= - acl - bzip2 - clang - cryptsetup - curl - dbus - diffutils - docbook-xsl - elfutils - gcc - git - gnu-efi-libs +Packages= + compsize + dhcp gnutls - gperf - inetutils - iptables - kmod + iproute libbpf - libcap - libgcrypt - libidn2 + libfido2 libmicrohttpd - libseccomp - libutil-linux + libpwquality libxkbcommon - libxslt - llvm - lz4 - meson - pam - pkgconfig - python - python-lxml - python-jinja - qrencode - rsync - xz - zstd - -Packages= - gdb - libbpf - libidn2 - nano - qrencode - strace - # For testing "systemd-analyze verify". man-db - # For testing systemd's bash completion scripts. - bash-completion - # For testing systemd's zsh completion scripts - # Run `autoload -Uz compinit; compinit` from a zsh shell in the booted image to enable completions. - zsh - # xxd is provided by the vim package + openbsd-netcat + polkit + quota-tools + tpm2-tss vim - # Required to run systemd-networkd-tests.py - python - iproute - dnsmasq - wireguard-tools - dhcp + +BuildPackages= + bpf + docbook-xsl + libxslt + linux-api-headers + perl + python-jinja + python-lxml diff --git a/mkosi.default.d/centos_epel/10-mkosi.centos_epel b/mkosi.default.d/centos_epel/10-mkosi.centos_epel index 5e726d4aef5..482b5935ce9 100644 --- a/mkosi.default.d/centos_epel/10-mkosi.centos_epel +++ b/mkosi.default.d/centos_epel/10-mkosi.centos_epel @@ -11,39 +11,54 @@ Format=gpt_xfs HostonlyInitrd=no [Content] -BuildPackages= - diffutils - docbook-style-xsl - findutils - gcc - gettext - git +Packages= + audit + cryptsetup + dhcp-server + glib2 glibc-minimal-langpack - gnu-efi + gnutls + iproute + iproute-tc + kernel-modules-extra + libbpf + libfido2 + libmicrohttpd + libxcrypt + libxkbcommon + netcat + p11-kit + pam + polkit + procps-ng + quota + tpm2-tss + vim-common + +BuildPackages= + bpftool + docbook-xsl gnu-efi-devel - gperf - lz4 - meson - ninja-build + libgcrypt-devel # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. + libxslt pam-devel - # CentOS Stream 8 libgcrypt-devel doesn't ship a pkg-config file. - libgcrypt-devel - pkgconfig + perl-interpreter pkgconfig(audit) pkgconfig(blkid) pkgconfig(bzip2) pkgconfig(dbus-1) pkgconfig(fdisk) + pkgconfig(glib-2.0) pkgconfig(gnutls) pkgconfig(libacl) + pkgconfig(libbpf) pkgconfig(libcap) pkgconfig(libcryptsetup) pkgconfig(libcurl) pkgconfig(libdw) + pkgconfig(libfido2) pkgconfig(libidn2) pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(liblzma) pkgconfig(libmicrohttpd) pkgconfig(libpcre2-8) pkgconfig(libqrencode) @@ -61,30 +76,3 @@ BuildPackages= pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) - rpm - tree - zstd - /usr/bin/xsltproc - -Packages= - gdb - nano - # procps-ng provides a set of useful utilities (ps, free, etc) - procps-ng - strace - tpm2-tss - less - netcat - e2fsprogs - # xxd is provided by the vim-common package - vim-common - libasan - libubsan - # Required to run systemd-networkd-tests.py - python3 - iproute - iproute-tc - dnsmasq - wireguard-tools - dhcp-server - kernel-modules-extra diff --git a/mkosi.default.d/debian/10-mkosi.debian b/mkosi.default.d/debian/10-mkosi.debian index 2488eeb557e..2b712d67785 100644 --- a/mkosi.default.d/debian/10-mkosi.debian +++ b/mkosi.default.d/debian/10-mkosi.debian @@ -8,17 +8,31 @@ Distribution=debian Release=testing [Content] +Packages= + cryptsetup-bin + iproute2 + isc-dhcp-server + libbpf0 + libfido2-1 + libglib2.0-0 + libgnutls30 + libidn2-0 + libmicrohttpd12 + libp11-kit0 + libpam0g + libpwquality1 + libqrencode4 + libtss2-dev # Use the -dev package to avoid churn in updating version numbers + netcat-openbsd + policykit-1 + procps + quota + xxd + BuildPackages= - acl - clang - docbook-xml + bpftool docbook-xsl - gcc g++ - gettext - git - gnu-efi - gperf libacl1-dev libaudit-dev libblkid-dev @@ -26,59 +40,28 @@ BuildPackages= libbz2-dev libcap-dev libcryptsetup-dev - libcurl4-gnutls-dev + libcurl4-openssl-dev libdbus-1-dev libdw-dev libfdisk-dev libfido2-dev libgcrypt20-dev + libglib2.0-dev libgnutls28-dev - libidn2-0-dev + libidn2-dev libiptc-dev libkmod-dev - liblz4-dev - liblz4-tool - liblzma-dev libmicrohttpd-dev libmount-dev + libp11-kit-dev libpam0g-dev + libpwquality-dev libqrencode-dev libseccomp-dev libsmartcols-dev libssl-dev - libtss2-dev libxkbcommon-dev libzstd-dev - llvm - meson - pkg-config - python3 - python3-lxml python3-jinja2 - tree - uuid-dev + python3-lxml xsltproc - xz-utils - zstd - -Packages= - gdb - libbpf0 - libfdisk1 - libfido2-1 - libidn2-0 - libqrencode4 - # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically - libtss2-dev - locales - nano - strace - xxd - # Provides libasan/libubsan - gcc - # Required to run systemd-networkd-tests.py - python3 - iproute2 - dnsmasq-base - wireguard-tools - isc-dhcp-server diff --git a/mkosi.default.d/fedora/10-mkosi.fedora b/mkosi.default.d/fedora/10-mkosi.fedora index c1d8a575575..95611177890 100644 --- a/mkosi.default.d/fedora/10-mkosi.fedora +++ b/mkosi.default.d/fedora/10-mkosi.fedora @@ -8,29 +8,42 @@ Distribution=fedora Release=36 [Content] -BuildPackages= - diffutils - docbook-style-xsl - findutils - gcc - gettext - git +Packages= + compsize + cryptsetup + dhcp-server + glib2 glibc-minimal-langpack - gnu-efi + gnutls + iproute + iproute-tc + kernel-modules-extra + libbpf + libfido2 + libmicrohttpd + libxcrypt + libxkbcommon + netcat + pam + polkit + procps-ng + quota + tpm2-tss + vim-common + +BuildPackages= + bpftool + docbook-xsl gnu-efi-devel - gperf - lz4 - meson - ninja-build pam-devel - pkgconfig + pkgconfig # pkgconf shim to provide /usr/bin/pkg-config pkgconfig(audit) pkgconfig(blkid) - pkgconfig(bzip2) pkgconfig(dbus-1) pkgconfig(fdisk) - pkgconfig(gnutls) + pkgconfig(glib-2.0) pkgconfig(libacl) + pkgconfig(libbpf) pkgconfig(libcap) pkgconfig(libcryptsetup) pkgconfig(libcurl) @@ -39,8 +52,6 @@ BuildPackages= pkgconfig(libgcrypt) pkgconfig(libidn2) pkgconfig(libkmod) - pkgconfig(liblz4) - pkgconfig(liblzma) pkgconfig(libmicrohttpd) pkgconfig(libpcre2-8) pkgconfig(libqrencode) @@ -58,33 +69,3 @@ BuildPackages= pkgconfig(xkbcommon) python3dist(jinja2) python3dist(lxml) - rpm - tree - zstd - /usr/bin/xsltproc - -Packages= - acl - gdb - nano - # procps-ng provides a set of useful utilities (ps, free, etc) - procps-ng - strace - tpm2-tss - less - netcat - e2fsprogs - compsize - # xxd is provided by the vim-common package - vim-common - # Sanitizers - libasan - libubsan - # Required to run systemd-networkd-tests.py - python - iproute - iproute-tc - dnsmasq - wireguard-tools - dhcp-server - kernel-modules-extra diff --git a/mkosi.default.d/opensuse/10-mkosi.opensuse b/mkosi.default.d/opensuse/10-mkosi.opensuse index 16fdecdedef..8dbb1dc50fc 100644 --- a/mkosi.default.d/opensuse/10-mkosi.opensuse +++ b/mkosi.default.d/opensuse/10-mkosi.opensuse @@ -8,72 +8,59 @@ Distribution=opensuse Release=tumbleweed [Content] +Packages= + dbus-1 + glibc-locale-base + libbpf0 + libcrypt1 + libcryptsetup12 + libdw1 + libelf1 + libfido2 + libgcrypt20 + libglib-2_0-0 + libkmod2 + liblz4-1 + libmount1 + libp11-kit0 + libqrencode4 + libseccomp2 + libxkbcommon0 + pam + tpm2-0-tss + vim + BuildPackages= + audit-devel + bpftool + dbus-1-devel docbook-xsl-stylesheets - fdupes - gcc - gnu-efi - gperf - intltool + glib2-devel + glibc-locale libacl-devel - libapparmor-devel libblkid-devel - libbz2-devel + libbpf-devel libcap-devel libcryptsetup-devel libcurl-devel + libdw-devel + libelf-devel + libfdisk-devel + libfido2-devel libgcrypt-devel libgnutls-devel libkmod-devel - liblz4-devel libmicrohttpd-devel libmount-devel + libpwquality-devel libseccomp-devel libselinux-devel + libxkbcommon-devel libxslt-tools - meson + openssl-devel pam-devel - pciutils-devel pcre-devel - python3 python3-Jinja2 python3-lxml qrencode-devel - shadow - system-user-nobody - systemd-sysvinit - zlib-devel -# to satisfy tests - acl - diffutils - glibc-locale - system-group-obsolete - system-user-bin - system-user-daemon - system-user-root - timezone - -Packages= - gdb - # brought in via meson->python3 - libp11-kit0 - # --bootable=no - dbus-1 - libapparmor1 - libcrypt1 - libcryptsetup12 - libgcrypt20 - libgnutls30 - libkmod2 - liblz4-1 - libmount1 - libqrencode4 - libseccomp2 - pam - nano - strace - util-linux - # xxd is provided by the vim package - vim - # Provides libasan/libubsan - gcc + tpm2-0-tss-devel diff --git a/mkosi.default.d/ubuntu/10-mkosi.ubuntu b/mkosi.default.d/ubuntu/10-mkosi.ubuntu index 2d73746f3f8..60e1bcfa667 100644 --- a/mkosi.default.d/ubuntu/10-mkosi.ubuntu +++ b/mkosi.default.d/ubuntu/10-mkosi.ubuntu @@ -9,75 +9,60 @@ Release=jammy Repositories=main,universe [Content] +Packages= + cryptsetup-bin + iproute2 + isc-dhcp-server + libbpf0 + libfdisk1 + libfido2-1 + libglib2.0-0 + libidn2-0 + libmicrohttpd12 + libp11-kit0 + libpwquality1 + libqrencode4 + libtss2-dev # Use the -dev package to avoid churn in updating version numbers + linux-tools-common + linux-tools-generic + netcat-openbsd + policykit-1 + procps + quota + xxd + BuildPackages= - acl - docbook-xml docbook-xsl - gcc - gettext - git - gnu-efi - gperf + g++ libacl1-dev libaudit-dev libblkid-dev + libbpf-dev libbz2-dev libcap-dev libcryptsetup-dev - libcurl4-gnutls-dev + libcurl4-openssl-dev libdbus-1-dev libdw-dev libfdisk-dev libfido2-dev libgcrypt20-dev + libglib2.0-dev libgnutls28-dev - libidn2-0-dev - libip4tc-dev - libip6tc-dev + libidn2-dev + libiptc-dev libkmod-dev - liblz4-dev - liblz4-tool - liblzma-dev libmicrohttpd-dev libmount-dev + libp11-kit-dev libpam0g-dev + libpwquality-dev libqrencode-dev libseccomp-dev libsmartcols-dev libssl-dev - libtss2-dev libxkbcommon-dev - libxtables-dev libzstd-dev - meson - pkg-config - python3 - python3-lxml python3-jinja2 - tree - tzdata - uuid-dev + python3-lxml xsltproc - xz-utils - zstd - -Packages= - gdb - libfido2-1 - libidn2-0 - libqrencode4 - # We pull in the -dev package here, since the binary ones appear to change names too often, and the -dev package pulls the right deps in automatically - libtss2-dev - libfdisk1 - locales - nano - strace - xxd - # Provides libasan/libubsan - gcc - # Required to run systemd-networkd-tests.py - python3 - iproute2 - dnsmasq-base - wireguard-tools - isc-dhcp-server diff --git a/mkosi.postinst b/mkosi.postinst index 1c24b4f51a5..fb59d311152 100755 --- a/mkosi.postinst +++ b/mkosi.postinst @@ -18,6 +18,9 @@ EOF # `systemd-hwdb update` takes > 50s when built with sanitizers so let's not run it by default. systemctl mask systemd-hwdb-update.service fi + + # Make sure dnsmasq.service doesn't start on boot on Debian/Ubuntu. + rm -f /etc/systemd/system/multi-user.target.wants/dnsmasq.service fi # Temporary workaround until https://github.com/openSUSE/suse-module-tools/commit/158643414ddb8d8208016a5f03a4484d58944d7a