pool/mkosi
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Accepting request 1190476 from home:afeijoo:branches:Virtualization

Browse Source 
- Update to 24.3:
  * Check for $HOME environment variable as well
  * Look for $USER for the username before reading /etc/passwd
  * completion: fix bash completion script
  * Add some documentation on how to implement a new distribution
  * Add missing init.py to mkosi/initrd/resources
  * Handle dangling symlinks in rmtree() and run_clean()
  * Handle failure to detect the distribution in test_parse_config()
  * The default kernel command line of `console=ttyS0` (or equivalent for
    other architectures) has been removed. The required `console=`
    argument to have the kernel output to the serial console has to be
    added manually from `v24` onwards.
  * Support for installing local packages located in directories in
    `BuildSources=` was dropped. Instead, the packages can be made
    available for installation via `PackageManagerTrees=`.
  * Configuration parsing was reworked to remove the need for the `@`
    specifier and to streamline building multiple images with
    `mkosi.images/`. If you were building multiple images with
    `mkosi.images/`, you'll need to adapt your configuration to the
    rework. Read the **Building multiple images** section in the
    documentation for more information.
  * mkosi has gained the option to generate completion scripts for bash,
    fish and zsh. Packagers should generate the scripts during packaging
    and ship them in the appropriate places.
  * Added support for CentOS Stream 10.
  * mkosi now installs a separate `mkosi-initrd` script that can be used
    to build initramfs images intended for use on the local system.
    - Distribution configuration is installed in /usr/lib/mkosi-initrd.
    - Custom configuration can be added in /etc/mkosi-initrd.
    - See mkosi-initrd(1) for more information.
  * We do not automatically append `centos-stream` or `fedora` anymore to
    CentOS (and derivatives) and Fedora mirrors specified with `Mirror=`
    as not all mirrors store the repository metadata under these
    subdirectories. Users are now required to add these subdirectories
    themselves in `Mirror=`. If the EPEL repositories are enabled for
    CentOS Stream (and derivatives) and `Mirror=` is used, we look for the
    EPEL repositories in `../fedora` relative to the mirror specified in
    `Mirror=`.
  * We now support compressed tar archives wherever we already accept tar
    archives as input.
  * We now always rerun the build if `Format=none` and don't remove
    previous outputs in that case (unless `--force` is specified). This
    allows using `mkosi -t none` to rerun the build scripts without
    removing the previous image. This can then be combined with
    `RuntimeBuildSources=yes` to make the build script outputs available
    in a booted container or virtual machine so they can be installed
    without having to rebuild the image.
  * We now use `virtconsole` to provide the serial console when booting
    with `qemu`.
  * `root=PARTUUID` and `mount.usr=PARTUUID` on the kernel command line
    are now automatically extended with the actual PARTUUID of the
    corresponding partition.
  * All available OpenSUSE repositories are now supported and can be
    enabled with `Repositories=`.
  * Building OpenSUSE `aarch64` images is now supported
  * `mkosi dependencies` was beefed up to handle more scenarios properly
  * The default list of kernel modules that are always added to the
    initramfs was extended with various virtualization modules.
  * Added a `Repositories=` match.
  * Cached images are now invalidated if packages specified via
    `PackageDirectories=` change.
  * Added `VolatilePackageDirectories=` which can be used to provide local
    packages that do not invalidate cached images.
  * `mkosi.pkgmngr` is now used as the default path for
    `PackageManagerTrees=`.
  * The package directory that build scripts can use to make built
    packages available for installation (`$PACKAGEDIR`) is now shared
    between all image builds. This means that packages built in earlier
    images and stored in `$PACKAGEDIR` become available for installation
    in all subsequent image builds.
  * The default tools tree distribution is now chosen based on the host
    distribution instead of the target distribution.
  * mkosi can now be invoked from the initramfs.

OBS-URL: https://build.opensuse.org/request/show/1190476
OBS-URL: https://build.opensuse.org/package/show/Virtualization/mkosi?expand=0&rev=39
This commit is contained in:
Sebastian Wagner 2024-08-01 13:19:06 +00:00 committed by Git OBS Bridge
commit a9a98c5b9b
7 changed files with 1216 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
.gitattributes vendored Normal file
View File

@ -0,0 +1,23 @@
## Default LFS
*.7z filter=lfs diff=lfs merge=lfs -text
*.bsp filter=lfs diff=lfs merge=lfs -text
*.bz2 filter=lfs diff=lfs merge=lfs -text
*.gem filter=lfs diff=lfs merge=lfs -text
*.gz filter=lfs diff=lfs merge=lfs -text
*.jar filter=lfs diff=lfs merge=lfs -text
*.lz filter=lfs diff=lfs merge=lfs -text
*.lzma filter=lfs diff=lfs merge=lfs -text
*.obscpio filter=lfs diff=lfs merge=lfs -text
*.oxt filter=lfs diff=lfs merge=lfs -text
*.pdf filter=lfs diff=lfs merge=lfs -text
*.png filter=lfs diff=lfs merge=lfs -text
*.rpm filter=lfs diff=lfs merge=lfs -text
*.tbz filter=lfs diff=lfs merge=lfs -text
*.tbz2 filter=lfs diff=lfs merge=lfs -text
*.tgz filter=lfs diff=lfs merge=lfs -text
*.ttf filter=lfs diff=lfs merge=lfs -text
*.txz filter=lfs diff=lfs merge=lfs -text
*.whl filter=lfs diff=lfs merge=lfs -text
*.xz filter=lfs diff=lfs merge=lfs -text
*.zip filter=lfs diff=lfs merge=lfs -text
*.zst filter=lfs diff=lfs merge=lfs -text

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
.osc

3
mkosi-23.1.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:116bd3d848ce767a584ce288ad5a098a47d42067c9b95aa5a6662de33dc04eb9
size 337863

3
mkosi-24.3.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:27e4ee602089509c20d41e6deabae906368dcdc906e44460656272f546b8e2bd
size 349900

59
mkosi-initrd.conf Normal file
View File

@ -0,0 +1,59 @@
[Content]
RemoveFiles=
/etc/bash_completion.d
/etc/man.conf
/srv
/usr/local/man
/usr/share/bash-completion
/usr/share/bash/helpfiles
/usr/share/doc
/usr/share/fillup-templates
/usr/share/help
/usr/share/icons
/usr/share/info
/usr/share/licenses
/usr/share/locale
/usr/share/man
/usr/share/zsh
/usr/etc/services
/var/adm
# Keep only C.utf-8 locale
/usr/lib/locale/*_*/
/usr/lib/locale/??/
/usr/lib/locale/???/
# RPM
/etc/rpm
/usr/bin/gendiff
/usr/bin/rpm*
/usr/lib/rpm
/usr/lib/sysimage
/usr/lib/systemd/system/rpmconfigcheck.service
/usr/lib64/rpm-plugins
/usr/sbin/rpmconfigcheck
/usr/src/packages
# Zypper
/etc/zypp
/usr/bin/installation_sources
/usr/bin/yzpper
/usr/bin/zypper
/usr/etc/logrotate.d/zypp*
/usr/lib/zypper
/usr/sbin/zypp-refresh
/usr/share/zypper
/var/log/zypp
/var/log/zypper.log
# YaST2
/etc/YaST2
# suse-module-tools scripts (except unblacklist: bsc#1224320)
/usr/lib/module-init-tools/driver-check.sh
/usr/lib/module-init-tools/get_dracut_drivers
/usr/lib/module-init-tools/lsinitrd-quick
/usr/lib/module-init-tools/weak-modules2
# dracut modules installed by other packages
/usr/lib/dracut

995
mkosi.changes Normal file
View File

@ -0,0 +1,995 @@
-------------------------------------------------------------------
Tue Jul 30 12:16:44 UTC 2024 - Antonio Feijoo <antonio.feijoo@suse.com>
- Update to 24.3:
* Check for $HOME environment variable as well
* Look for $USER for the username before reading /etc/passwd
* completion: fix bash completion script
* Add some documentation on how to implement a new distribution
* Add missing init.py to mkosi/initrd/resources
* Handle dangling symlinks in rmtree() and run_clean()
* Handle failure to detect the distribution in test_parse_config()
* The default kernel command line of `console=ttyS0` (or equivalent for
other architectures) has been removed. The required `console=`
argument to have the kernel output to the serial console has to be
added manually from `v24` onwards.
* Support for installing local packages located in directories in
`BuildSources=` was dropped. Instead, the packages can be made
available for installation via `PackageManagerTrees=`.
* Configuration parsing was reworked to remove the need for the `@`
specifier and to streamline building multiple images with
`mkosi.images/`. If you were building multiple images with
`mkosi.images/`, you'll need to adapt your configuration to the
rework. Read the **Building multiple images** section in the
documentation for more information.
* mkosi has gained the option to generate completion scripts for bash,
fish and zsh. Packagers should generate the scripts during packaging
and ship them in the appropriate places.
* Added support for CentOS Stream 10.
* mkosi now installs a separate `mkosi-initrd` script that can be used
to build initramfs images intended for use on the local system.
- Distribution configuration is installed in /usr/lib/mkosi-initrd.
- Custom configuration can be added in /etc/mkosi-initrd.
- See mkosi-initrd(1) for more information.
* We do not automatically append `centos-stream` or `fedora` anymore to
CentOS (and derivatives) and Fedora mirrors specified with `Mirror=`
as not all mirrors store the repository metadata under these
subdirectories. Users are now required to add these subdirectories
themselves in `Mirror=`. If the EPEL repositories are enabled for
CentOS Stream (and derivatives) and `Mirror=` is used, we look for the
EPEL repositories in `../fedora` relative to the mirror specified in
`Mirror=`.
* We now support compressed tar archives wherever we already accept tar
archives as input.
* We now always rerun the build if `Format=none` and don't remove
previous outputs in that case (unless `--force` is specified). This
allows using `mkosi -t none` to rerun the build scripts without
removing the previous image. This can then be combined with
`RuntimeBuildSources=yes` to make the build script outputs available
in a booted container or virtual machine so they can be installed
without having to rebuild the image.
* We now use `virtconsole` to provide the serial console when booting
with `qemu`.
* `root=PARTUUID` and `mount.usr=PARTUUID` on the kernel command line
are now automatically extended with the actual PARTUUID of the
corresponding partition.
* All available OpenSUSE repositories are now supported and can be
enabled with `Repositories=`.
* Building OpenSUSE `aarch64` images is now supported
* `mkosi dependencies` was beefed up to handle more scenarios properly
* The default list of kernel modules that are always added to the
initramfs was extended with various virtualization modules.
* Added a `Repositories=` match.
* Cached images are now invalidated if packages specified via
`PackageDirectories=` change.
* Added `VolatilePackageDirectories=` which can be used to provide local
packages that do not invalidate cached images.
* `mkosi.pkgmngr` is now used as the default path for
`PackageManagerTrees=`.
* The package directory that build scripts can use to make built
packages available for installation (`$PACKAGEDIR`) is now shared
between all image builds. This means that packages built in earlier
images and stored in `$PACKAGEDIR` become available for installation
in all subsequent image builds.
* The default tools tree distribution is now chosen based on the host
distribution instead of the target distribution.
* mkosi can now be invoked from the initramfs.
-------------------------------------------------------------------
Thu Jun 13 09:23:17 UTC 2024 - Antonio Feijoo <antonio.feijoo@suse.com>
- Update package summary and description.
* BIOS support was removed in v14, but restored in v16.
- Remove dnf dependency.
* With openSUSE, zypper is a sufficient requirement for mkosi to work.
-------------------------------------------------------------------
Wed Jun 12 20:26:36 UTC 2024 - Sebastian Wagner <sebix@sebix.at>
- Removed obsolete patch opensuse-dont-install-distribution-release-by-default.patch
-------------------------------------------------------------------
Wed Jun 12 18:51:56 UTC 2024 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- Update to 23.1:
* Respin due to git tag mismatch
- Update to 23:
* Added CleanScripts= to allow running custom cleanup code whenever
mkosi cleans up the output directory. This allows cleaning up extra
outputs produced by e.g. a build script that mkosi doesn't know about.
* Added ConfigureScripts= to allow dynamically modifying the mkosi
configuration. Each configure script receives the current config as
JSON on stdin and should output the new config as JSON on stdout.
* When building a UKI, we don't measure for the TPM SHA1 PCR bank
anymore.
* All keys in the mkosi config JSON output are now in pascal case,
except for credentials and environments, where the keys encode names
of credentials and environment variables and are therefore case
sensitive.
* Added various settings to allow running mkosi behind a proxy.
* Various fixes to kernel module filtering that should result in fewer
modules being pulled into the default initrd when
KernelModulesExclude= or KernelModulesInitrdExclude= are used.
* Added ToolsTreeDistribution= match.
* Removed vmspawn verb and replaced it with VirtualMachineMonitor=.
* New specifiers for various directories were added. %D resolves to
the directory that mkosi was invoked in, %P to the current working
directory, and %C to the parent directory of the config file.
* Added ForwardJournal= to have systemd inside a container/VM forward
its journal to the specified file or directory.
Systemd scopes are now allocated for qemu, swtpm, virtiofsd and
systemd-journal-remote if available.
* The mkosi qemu virtual machine is now registered with
systemd-machined if available.
* Added new oci output format
* Runtime trees without a target are now mounted to /root/src instead
of a subdirectory of it (To have the same behaviour as
BuildSources=).
* Added RuntimeBuildSources= to mount build and source directories
when booting the image with mkosi nspawn or mkosi qemu.
Introduced --append to allow command line settings to be parsed
after parsing configuration files.
* distribution-release is not installed by default anymore on
OpenSUSE.
* Setting QemuSmp= to 0 will now make qemu use all available CPUs
* Free page reporting and discard request processing are now enabled by
default in VMs spawned by mkosi qemu.
* Added ToolsTreeCertificates= to allow configuring whether to use
certificates and keys from the tools tree (if one is used) or the
host.
* Added never for CacheOnly= to specify that repository metadata
should always be refreshed.
* Renamed the none option for CacheOnly= to auto.
* Added ProxyExclude= to configure hostnames for which requests should
not go through the configured proxy.
* The default tools tree is now reused on incremental builds.
* Added VolatilePackages= and InitrdVolatilePackages= to configure
packages that should be installed after executing build scripts and
which should not be cached when using Incremental=.
* PackageDirectories= now has an associated default path
mkosi.packages.
* reprepro is now used to generate local apt repositories.
* Support for BSD tar/cpio was dropped.
* When both ExtraSearchPaths= and ToolsTree= are used, mkosi will
now prefer running a binary found in ExtraSearchPaths= without the
tools tree over running the binary from the tools tree. If a binary is
not found in ExtraSearchPaths=, the tools tree is used instead.
* An artifact directory is now made available when running scripts which
can be used to pass around data between different scripts. mkosi will
also look for microcode and initrds in the artifact directory under
the io.mkosi.microcode and io.mkosi.initrd subdirectories.
* Added Environment= match setting to check for environment variables
defined with the Environment= setting.
* The basesystem package is now always installed in Fedora and
CentOS images instead of the filesystem package.
* The qemu, shell and boot verbs do not automatically build the
image anymore unless --force is specified.
* SplitArtifacts= is now supported for the portable, sysext and
confext outputs.
* The WithDocs= option was implemented for pacman-based distributions.
* The default Fedora release was bumped to 40.
* QemuSwtpm= can now be used with QemuFirmware= set to linux or
bios.
* Added UnitProperties= to allow configure properties on the scopes
generated by systemd-nspawn and systemd-run.
* mkosi now only builds a single default tools tree per build using the
settings from the last regular image that we'll build.
* Configure scripts are now only executed for verbs which imply an image
build and are executed with the tools tree instead of without it.
* $QEMU_ARCHITECTURE is now set for configure scripts to easily allow
scripts to figure out which qemu binary will be used to run qemu.
* A file ID can now be specified for QemuDrives=. This allows adding
multiple qemu drives that are backed by the same file.
* mkosi doesn't fail anymore if images already exist when running
mkosi build.
* Image names from mkosi.images/ are now preferred over the specified
image ID when determining the output filename to use for an image.
--include now has a shorthand option -I.
* The WITH_NETWORK environment variable is now passed to build and
finalize scripts.
* We now clamp mtimes to the specified source date epoch timestamp
instead of resetting all mtimes. This means that we won't touch any
mtimes that are already older than the given source date epoch
timestamp.
* Removed support for CentOS 8 Stream as it is now EOL.
* The coredumpctl and journalctl verbs now operrate on the path
specified in ForwardJournal= if one is set.
* Added UnifiedKernelImageFormat= format setting to allow configuring
the naming of unified kernel images generated by mkosi.
* The versionlock plugin is now enabled by default for dnf with a noop
configuration.
* Repositories= is now implemented for zypper.
* KernelModulesInclude= and KernelModulesInitrdInclude= now take the
special values host and default to include the host's loaded
modules and the default kernel modules defined in mkosi-initrd
respectively.
* KernelModulesIncludeHost= and KernelModulesInitrdIncludeHost= are
now deprecated.
* Added mkosi dependencies to output the list of packages required by
mkosi to build and boot images.
-------------------------------------------------------------------
Tue Jun 4 13:59:06 UTC 2024 - Franck Bui <fbui@suse.com>
- Drop requirement on systemd-experimental.
It's no longer necessary as systemd-repart is no more considered as an
experimental tool and is now shipped by udev. Also the hard requirement was a
bit too strong since systemd-repart is only required when building disk
images.
-------------------------------------------------------------------
Mon May 27 15:50:17 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
- Add opensuse-dont-install-distribution-release-by-default.patch
-------------------------------------------------------------------
Tue Mar 26 14:37:39 UTC 2024 - Richard Brown <rbrown@suse.com>
- Correct dependencies after discussions with upstream
* Requires: systemd-experimental for systemd-repart needed to build disk images
* Requires: bubblewrap as bbwrap is called during build
* Requires: zypper
* Recommends: squashfs, tar, and xz as they are all optional features
* Remove recommends for tools they no longer support
-------------------------------------------------------------------
Fri Mar 15 08:27:02 UTC 2024 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- Update to 22:
* We'll now try to delete btrfs subvolumes with btrfs subvolume delete
first before falling back to recursively deleting the directory.
* The invoking user is now always mapped to root when running sync
scripts. This fixes an issue where we would fail when a package
manager tree or skeleton tree contained a /usr directory as we would
not have permissions to run mount in the sandbox.
* We now use qemu's official firmware descriptions to find EDK2/OVMF
UEFI firmware. Addititionally, QemuFirmware=uefi now boots without
SecureBoot support, and QemuFirmware=uefi-secure-boot was introduced
to boot with SecureBoot support. By default we will still boot with
SecureBoot support if QemuFirmware=auto.
* Added support for QemuFirmwareVariables=custom and
QemuFirmwareVariables=microsoft to use OVMF/EDK2 variables with
either the user's custom keys enrolled or with the Microsoft keys
enrolled.
* Added UnifiedKernelImages= to control whether we generate unified
kernel images or not.
* Bootloader=grub will now generate a grub EFI image and install it.
If SecureBoot= is enabled and ShimBootloader= is not set to
signed, the grub EFI image will be signed for SecureBoot.
* ShimBootloader=signed will now also instruct mkosi to look for and
install already signed grub, systemd-boot, kernel and UKI binaries.
* We now build grub images with a fixed set of modules and don't copy
any grub modules to the ESP anymore.
* The configuration is now made available as a JSON file to all mkosi
scripts via the $MKOSI_CONFIG environment variable.
* $PROFILE is now set for all mkosi scripts containing the value of
Profile= if it is set.
-------------------------------------------------------------------
Mon Mar 11 14:34:03 UTC 2024 - Joshua Smith <jsmithfpv@gmail.com>
- Update to 21:
* We now handle unmerged-usr systems correctly
* Builtin configs (mkosi-initrd, mkosi-tools) can now be included
using Include= (e.g. Include=mkosi-initrd)
* The kernel-install plugin now uses the builtin mkosi-initrd
config so there's no need anymore to copy the full mkosi-initrd
config into /usr/lib/mkosi-initrd.
* We don't require a build anymore for the journalctl and
coredumpctl verbs.
* mkosi ssh works again when used with ToolsTree=default
* We now use .zst instead of .zstd for compressed split artifacts
produced by systemd-repart.
* systemd-repart uses a persistent temporary directory again for
assembling images instead of a tmpfs.
* Added MicrocodeHost= setting to only include the CPU specific
microcode for the current host system.
* The kernel-install plugin now only includes the CPU specific
microcode
* Introduced PackageCacheDirectory= to set the directory for
package manager caches. This setting defaults to a suitable
location in the system or user directory depending on how mkosi
is invoked.
* CacheDirectory= is only used for incremental cached images now.
* Repository metadata is now synced once at the start of each
image build and never during an image build. Each image
includes a snapshot of the repository metadata in the canonical
locations in /var so that incremental images and extension
images can reuse the same snapshot. When building an image
intended to be used with
* BaseTrees=, disable CleanPackageMetadata= to make sure the
repository metadata in /var is not cleaned up, otherwise any
extension images using this image as their base tree will not
be able to install additional packages.
* Implemented CacheOnly=metadata. Note that in the JSON output,
the value of CacheOnly= will now be a string instead of a
boolean.
* Added CompressLevel= to set the compression level to use.
* Dropped experimental Gentoo support.
* Added TriggerMatch= to specify multiple match sections of which
only one should be satisfied.
* Added jq, attr, acl, git, sed, grep and findutils to the
default tools tree.
* Added mkosi-install, mkosi-upgrade, mkosi-remove and
mkosi-reinstall scripts which allow writing scripts that are
independent of the package manager being used to build the
image.
* We now expand specifiers in Match section values
* Made GPG key handling for Fedora rawhide more robust
* If systemd-repart 256 or newer is available, mkosi will
instruct it to generate /etc/fstab and /etc/crypttab for the
image if any partition definitions contain the corresponding
settings (MountPoint= and EncryptedVolume=).
* bash is now started in the debug shell instead of sh.
* The default release for Ubuntu is now noble.
* Ubuntu is now used as the default tools tree distribution for
Ubuntu instead of Debian.
* Added mkosi vmspawn which boots the image with systemd-vmspawn.
* Note that systemd-vmspawn is experimental and its interface
may still change. As such mkosi vmspawn is also considered
experimental.
* Note that systemd-vmspawn version 256 or newer is required.
* Added SyncScripts= which can be used to update various build
sources before starting the image build.
* The DISTRIBUTION= and RELEASE= environment variables are now
set when running scripts.
* Added ToolsTreeRepositories= and ToolsTreePackageManagerTrees=.
* Added RuntimeNetwork= to configure the networking used when
booting the image.
* Added SecureBootKeySource= and VerityKeySource= to support
signing images with OpenSSL engines. Note that these settings
require various systemd tools to be version 256 or newer.
* We don't clean up package manager metadata anymore unless
explicitly requested with CleanPackageManagerMetadata=yes when
building directory and tar images.
-------------------------------------------------------------------
Mon Jan 22 14:07:58 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 20.2:
* Fixed a bug in signing unsigned shim EFI binaries.
* We now build an early microcode initrd in the mkosi kernel-
install plugin.
* Added `PackageDirectories=` to allow providing extra packages
to be made available during the build.
* Fixed issue where `KernelModulesIncludeHost` was including
unnecessary modules
* Fixed `--mirror` specification for CentOS (and variants) and
Fedora.
* Previously a subdirectory within the mirror had to be
specified which prevented using CentOS and EPEL repositories
from the same mirror. Now only the URL has be specified.
* We now mount package manager cache directories when running
scripts on the host so that any packages installed in scripts
are properly cached.
* We don't download filelists on Fedora anymore
* Nested build sources don't cause errors anymore when trying
to install packages.
* We don't try to build the same tools tree more than once
anymore when building multiple images.
* We now create the `/etc/mtab` compatibility symlink in
mkosi's sandbox.
* We now always hash the root password ourselves instead of
leaving it to `systemd-firstboot`.
* `/srv` and `/mnt` are not mounted read-only anymore during
builds.
* Fixed a crash when running mkosi in a directory with fewer
than two parent directories.
* Implemented `RepositoryKeyCheck=` for apt-based
distributions.
-------------------------------------------------------------------
Mon Jan 22 09:58:59 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 20.1:
* `BuildSources=` are now mounted when we install packages so
local packages can be made available in the sandbox.
* Fixed check to see if we're running as root which makes sure
we don't do shared mounts when running as root.
* The extension release file is now actually written when
building system or configuration extensions.
* The nspawn settings are copied to the output directory again.
* Incremental caching is now skipped when `Overlay=` is enabled
as this combination isn't supported.
* The SELinux relabel check is more granular and now checks for
all required files instead of just whether there's a policy
configured.
* `qemu-system-xxx` binaries are now preferred over the generic
`qemu` and `qemu-kvm` binaries.
* Grub tools from the tools tree are now used to install grub
instead of grub tools from the image itself. The grub tools
were added to the default tools trees as well.
* The pacman keyring in tools trees is now only populated from
the Arch Linux keyring (and not the Debian/Ubuntu ones anymore).
* `gpg` is allowed to access `/run/pscsd/pscsd.comm` on the
host if it exists to allow interaction with smartcards.
* The current working directory is not mounted unconditionally
to `/work/src` anymore. Instead, the default value for
`BuildSources=` now mounts the current working directory
to `/work/src`. This means that the current working directory
is no longer implicitly included when `BuildSources=` is
explicitly configured.
* Assigning the empty string to a setting that takes a list of
values now overrides any configured default value as well.
* The github action does not build and install systemd from
source anymore. Instead, `ToolsTree=default` can be used to
make sure a recent version of systemd is used to do the image
build.
* Added `EnvironmentFiles=` to read environment variables from
* environment files.
* We drastically reduced how much of the host system we expose
to scripts. Aside from `/usr`, a few directories in `/etc`,
`/tmp`, `/var/tmp` and various directories configured in mkosi
settings, all host directories are hidden from scripts,
package managers and other tools executed by mkosi.
* Added `RuntimeScratch=` to automatically mount a directory
with extra scratch space into mkosi-spawned containers and
virtual machines.
* Package manager trees can now be used to configure every tool
invoked by mkosi while building an image that reads config
files from `/etc` or `/usr`.
* Added `SELinuxRelabel=` to specify whether to relabel selinux
files or not.
* Many fixes to tools trees were made and tools trees are now
covered by CI. Some combinations aren't possible yet but
we're actively working to make these possible.
* `mkosi qemu` now supports direct kernel boots of `s390x` and
`powerpc` images.
* Added `HostArchitecture=` match to match against the host
* architecture.
* We don't use the user's SSH public/private keypair anymore
for `mkosi ssh` but instead use a separate key pair which
can be generated by `mkosi genkey`. Users using `mkosi ssh`
will have to run `mkosi genkey` once to generate the necessary
files to keep `mkosi ssh` working.
* We don't automatically set `--offline=no` anymore when we
detect the `Subvolumes=` setting is used in a `systemd-repart`
partition definition file. Instead, use the new
`RepartOffline=` option to explicitly disable running
`systemd-repart` in offline mode.
* During the image build we now install UKIs/kernels/initrds to
`/boot` instead of `/efi`. While this will generally not be
noticeable, users with custom systemd-repart ESP partition
definitions will need to add `CopyFiles=/boot:/` along with
the usual `CopyFiles=/efi:/` to their ESP partition
definitions. By installing UKIs/kernels/initrds
to `/boot`, it becomes possible to use `/boot` to populate an
XBOOTLDR partition which wasn't possible before. Note that
this is also safe to do before `v20` so `CopyFiles=/boot:/`
can unconditionally be added to any ESP partition definition
files.
* Added `QemuFirmwareVariables=` to allow specifying a custom
OVMF variables file to use.
* Added `MinimumVersion=` to allow specifying the minimum
required mkosi version to build an image.
* Added support for Arch Linux's debug repositories.
* Merged the mkosi-initrd project into mkosi itself. mkosi-
initrd is now used to build the default initrd.
* Implemented mkosi-initrd for all supported distributions.
* Added `ShimBootloader=` to support installing shim to the
ESP.
* Added sysext, confext and portable output formats. These will
produce signed disk images that can be used as sysexts,
confexts and portable services respectively.
* Added `QemuVsockConnectionId=` to configure how to allocate
the vsock connection ID when `QemUVsock=` is enabled.
* Added documentation on how to build sysexts with mkosi.
* Global systemd user presets are now also configured.
* Implemented `WithDocs=` for `apt`.
* On supported package managers, locale data for other locales
is now stripped if the local is explicitly configured using
`Locale=`.
* All `rpm` plugins are now disabled when building images.
* Added `KernelModulesIncludeHost=` and
`KernelModulesInitrdIncludeHost=` to only include modules
loaded on the host system in the image/initrd respectively.
* Implemented `RemovePackages=` for Arch Linux.
* Added `useradd` and `groupadd` scripts to configure these
binaries to operate on the image during builds instead on
the host.
* Added microcode support. If installed into the image, an
early microcode initrd will automatically be built and
prepended to the initrd.
* A passwordless root account may now be created by specifying
`hashed:`.
* The `Autologin=` feature was extended with support for
`arm64`, `s390x` and `powerpc` architectures.
* Added `SecureBootAutoEnroll=` to control automatic enrollment
of secureboot keys separately from signing `systemd-boot`
and generated UKIs.
* `ImageVersion=` is no longer automatically appended to the
output files, instead this is automatically appended to
`Output=` if not specified and results in the `%o` specifier
being equivalent to `%i` or `%i_%v` depending on whether
`ImageVersion=` is specified.
-------------------------------------------------------------------
Mon Nov 20 09:21:06 UTC 2023 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- update to v19:
* Support for RHEL was added!
* Added journalctl and coredumpctl verbs for running the respective tools on
built directory or disk images.
* Added a burn verb to write the output image to a block device.
* Added a new esp output format, which is large similar to the existing uki
output format but wraps it in a disk image with only an ESP.
* Presets were renamed to Images. mkosi.images/ is now used instead of
mkosi.presets/, the Presets= setting was renamed to Images= and the Presets
section was merged into the Config section. The old names can still be used
for backwards compatibility.
* Added profiles to support building variants of the same image in one
repository. Profiles can be defined in mkosi.profiles/ and one can be
selected using the new Profile= setting.
* mkosi will now parse mkosi.local.conf before any other config files if that
exists.
* Added a kernel-install plugin. This is only shipped in source tree and not
included in the Python module.
* Added a --json option to get the output of mkosi summary as JSON.
* Added shorthand -a for --autologin.
* Scripts with the .chroot extension are now executed in the image
automatically.
* Added rpm helper script to have rpm automatically operate on the image when
running scripts.
* Added mkosi-as-caller helper script that can be used in scripts to run
commands as the user invoking mkosi.
* mkosi-chroot will now start a shell if no arguments are specified.
* Added WithRecommends= to configure whether to install recommended packages
by default or not where this is supported. It is disabled by default.
* Added ToolsTreeMirror= setting for configuring the mirror to use for the
default tools tree.
* WithDocs= is now enabled by default.
* Added BuildSourcesEphemeral= to make source directories ephemeral when
running scripts. This means any changes made to source directories while
running scripts will be undone after the scripts have finished executing.
* Added QemuDrives= to have mkosi create extra qemu drives and pass them to
qemu when using the qemu verb.
* Added BuildSources= match to match against configured build source targets.
* PackageManagerTrees= was moved to the Distribution section.
* We now automatically configure the qemu firmware, kernel cmdline and initrd
based on what type of kernel is passed by the user via -kernel or
QemuKernel=.
* The mkosi repository itself now ships configuration to build basic bootable
images that can be used to test mkosi.
* Added support for enabling updates-testing repositories for Fedora.
* GPG keys for CentOS, Fedora, Alma and Rocky are now looked up locally first
before fetching them remotely.
* Signatures are not required for local packages on Arch anymore.
* Packages on opensuse are now always downloaded in advance before
installation when using zypper.
* The tar output is now reproducible.
* We now make sure git can be executed from mkosi scripts without running
into permission errors.
* We don't create subdirectories beneath the configured cache directory anymore.
* Workspace directories are now created outside of any source directories.
mkosi will either use XDG_CACHE_HOME, $HOME/.cache or /var/tmp depending on
the situation.
* Added environment variable MKOSI_DNF to override which dnf to use for
building images (dnf or dnf5).
* The rootfs can now be modified when running build scripts (with all changes
thrown away after the last build script has been executed).
* mkosi now fails if configuration specified via the CLI does not apply to
any image (because it is overridden).
* Added a new doc on building rpms from source with mkosi
(docs/building-rpms-from-source.md).
* /etc/resolv.conf will now only be mounted for scripts when they are run
with network access.
-------------------------------------------------------------------
Sat Nov 18 13:17:19 UTC 2023 - Sebastian Wagner <sebix@sebix.at>
- set singlepython version to python3 instead of python311 to allow build on Leap and not require changes on every Python change in Tumbleweed
-------------------------------------------------------------------
Mon Nov 14 08:20:28 UTC 2023 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- update to v18:
* $SCRIPT was renamed to $CHROOT_SCRIPT. $SCRIPT can still be used
but is considered deprecated.
* Added RuntimeTrees= setting to mount directories when booting images
via mkosi boot, mkosi shell or mkosi qemu. The directories are
mounted with a uid map that maps the user invoking mkosi to the root
user so that all files in the directory appear as if owned by the root
user in the container or virtual machine and any new files created in
the directories are owned by the user invoking mkosi. To make this
work in VMs, we use VirtioFS via virtiofsd. Note that this
requires systemd v254 or newer to be installed in the image.
* Added support for booting directory images with mkosi qemu via
VirtioFS. When CONFIG_VIRTIOFS and CONFIG_VIRTIO_PCI are builtin
modules, no initramfs is required to make this work.
* Added Include= or --include to include extra configuration files
or directories.
* Added support for specifiers to access the current value of certain
settings during configuration file parsing.
* mkosi will now exit with an error when no configuration was
provided.
* Multiple scripts of the same type are now supported.
* Custom distributions are now supported via the new custom
distribution. When using custom as the distribution, the rootfs must
be provided via base trees, skeleton trees or prepare scripts.
* We now use local GPG keys for rpm based distributions if the
distribution-gpg-keys package is installed on the host.
* Added RuntimeSize= to grow the image to a specific size before
booting it when using mkosi boot or mkosi qemu.
* We now set MKOSI_UID and MKOSI_GID when running scripts which are
set to the uid and gid of the user invoking mkosi respectively. These
can be used to run commands as the user that invoked mkosi.
* Added an Architecture= match
* Initrds specified with Initrds= are now used for grub menuentries as
well.
* ImageId= and ImageVersion= are now written to os-release as
IMAGE_ID and IMAGE_VERSION if provided.
* We pass command line arguments passed to the build verb to the build
script again.
* We added support for the "RHEL Universal Base Image" distribution.
- update to v17.1:
* Fixed bug where --autologin was broken when used in combination with
a tools tree when using a packaged version of mkosi.
- update to v17:
* Added ToolsTreePackages= to add extra packages to the default tools
tree.
* Added SystemdVersion= match to match on the host's systemd version
* Added Format= match to match on the configured output format
* Presets= can now be configured in global configuration files to select
which presets to build
* UKIs can now be booted using direct linux boot.
* We don't try to make images UEFI bootable anymore on architectures
that do not support UEFI
* Fixed --help to show all options again
* We now warn when settings are configured in the wrong section
- update to v16:
* mkosi.version is now picked up from preset and dropin directories as
well following the usual config precedence logic
* Removed the "first assignment wins" logic from configuration parsing.
Settings parsed later will now override earlier values
* Removed the ! operator for lists. Instead, assign the empty string
to the list to remove all previous values.
* Added support for configuring custom default values for settings by
prefixing their name in the configuration file with @.
* Added QemuCdrom= to attach the image to the virtual machine as a
CD-ROM instead of a block device.
* Added SectorSize= to set the sector size of the disk images built by
systemd-repart.
* Added back grub support (BIOS/UEFI). Note that we don't install grub
on UEFI yet but we do add the necessary configuration and partitions.
* Added Bootloader= option to configure which EFI bootloader to
install. Added uki option to install just the UKI without
systemd-boot and grub to generate grub configuration to chainload
into the built UKIs.
* Added BiosBootloader= to configure whether grub for BIOS gets
installed or not.
* Added QemuFirmware= to select which qemu firmware to use (OVMF,
Seabios or direct kernel boot).
* Added QemuKernel= to specify the kernel that should be used with
direct kernel boot.
* /var/lib/dbus/machine-id is now removed if it was added by a package
manager postinstall script.
* The manifest is not generated by default anymore. Use
ManifestFormat=json to make sure the manifest is generated.
* Added SourceDateEpoch= to enable more reproducible image builds.
* Added Seed= to set the seed passed to systemd-repart.
* Updated the default Fedora release to Fedora 39.
* If ToolsTree= is set to default, mkosi will now build a default
tools tree containing all the necessary tools to build images. The
distribution and release to use can be configured with
ToolsTreeDistribution= and ToolsTreeRelease= or are determined
automatically based on the image being built.
* Added uki output format. This is similar to cpio, except the cpio
is packaged up as a UKI with a kernel image and stub picked up from
the rootfs.
- update to v15.1:
* Migrated to systemd-repart. Many options are dropped in favor of specifying them directly
in repart partition definition files:
- Format=gpt_xxx options are replaced with a single "disk" options. Filesystem to use can now be specified with repart's Format= option
- Format=plain_squashfs (Can be reproduced by a single repart squashfs
root partition combined with SplitArtifacts=yes)
- Verity= (Replaced by repart's Verity= options)
- Encrypt= (Replaced by repart's Encrypt= option)
- RootSize=, HomeSize=, VarSize=, TmpSize=, ESPSize=, SwapSize=, SrvSize=
(Replaced by repart's size options)
- UsrOnly= (replaced with CopyFiles=/:/usr in a usr partition definition)
- OutputSplitRoot=, OutputSplitVerity=, (Replaced by repart's SplitName= option)
- OutputSplitKernel= (UKI is now always written to its own output file)
- GPTFirstLBA (Removed, no equivalent in repart)
- ReadOnly= (Replaced by repart's ReadOnly= option per partition)
- Minimize= (Replaced by repart's Minimize= option per partition)
- CompressFs= (No equivalent in repart, can be replicated by replacing mkfs.
in $PATH with a script that adds the necessary command line option)
- MkSquashfs= (Can be replaced with a script in $PATH that invokes
the correct binary)
* We also remove the WithoutUnifiedKernelImages= switch as building unified
kernel images is trivial and fast these days.
* Support for --qemu-boot was dropped
* Support for --use-host-repositories was dropped, use --repository-directory instead
* RepositoryDirectory was removed, use PackageManagerTrees= or SkeletonTrees= instead.
* --repositories is now only usable on Debian/RPM based distros and can only be used to enable additional
repositories. Specifically, it cannot be used on Arch Linux anymore to add new repositories.
* The _epel distributions were removed. Use --repositories=epel instead to enable
the EPEL repository.
* Removed -stream from CentOS release specifiers. Instead of specifying 8-stream,
you know just specify 8.
* Removed default kernel command line arguments rhgb, selinux=0 and audit=0.
* Dropped --all and --all-directory as this functionality is better implemented by
using a build system.
* mkosi now builds images without needing root privileges.
* Removed --no-chown, --idmap and --nspawn-keep-unit options as they were made obsolete by moving to
rootless builds.
* Removed --source-file-transfer, --source-file-transfer-final, --source-resolve-symlinks and
--source-resolve-symlinks-final in favor of always mounting the source directory into the build image.
--source-file-transfer-final might be reimplemented in the future using virtiofsd.
* Dropped --include-dir option. Usage can be replaced by using --incremental and reading includes from
the cached build image tree.
* Removed --machine-id in favor of shipping images without a machine ID at all.
* Removed --skip-final-phase as we only have a single phase now.
* The post install script is only called for the final image now and not for the build image anymore. Use the
prepare script instead.
* --ssh-key, --ssh-agent, --ssh-port and --ssh-timeout options were dropped as the SSH support was
reimplemented using VSock. mkosi ssh can only be used with images booted with mkosi qemu. Use
machinectl to access images booted with mkosi boot. Use --extra-tree or --credential with the
.ssh.authorized_keys.root credentials as alternatives for provisioning the public key inside the image.
* Only configuration files matching *.conf are parsed in dropin directories now.
* Removed --qemu-headless, we now start qemu in the terminal by default and configure the serial console at
runtime. Use the new --qemu-gui option to start qemu in its graphical interface.
* Removed --netdev. Can be replaced by manually installing systemd-networkd, putting a network file in the
image and enabling systemd-networkd.
* If mkosi.extra/ or mkosi.skeleton/ exist, they are now always used instead of only when no explicit
extra/skeleton trees are defined.
* mkosi doesn't install any default packages anymore aside from packages required by the distro or the base
filesystem layout package if there are no required packages. In practice, this means systemd and other
basic tools have to be installed explicitly from now on.
* Removed --base-packages as it's not needed anymore since we don't install any packages by default anymore
aside from the base filesystem layout package.
* Removed --qcow2 option in favor of supporting only raw disk images as the disk image output format.
* Removed --bmap option as it can be trivially added manually by utilizing a finalize script.
* The never value for --with-network was spun of into its own custom option --cache-only.
* --bootable now defaults to auto. When set to auto, mkosi will generate a bootable image only if all
the necessary packages are installed. Documentation was added in docs/bootable.md on how a bootable image
can be generated on mainstream distros.
* The RPM db is no longer rebuilt in bdb format on CentOS Stream 8. To be able to install packages on a
CentOS Stream 8 image with a RPM db in sqlite format, rewrite the db in bdb format using
rpm --rebuilddb --define _db_backend bdb.
* Repositories are now only written to /etc/apt/sources.list if apt is installed in the image.
* Removed the dependency on debootstrap to build Ubuntu or Debian images.
* Apt now uses the keyring from the host instead of the keyring from the image. This means
debian-archive-keyring or ubuntu-archive-keyring are now required to be installed to build Debian or
Ubuntu images respectively.
* --base-image is split into --base-tree and --overlay.
* Removed --cache-initrd, instead, use a prebuilt initrd with Initrds= to avoid rebuilding the initrd all
the time.
* Disk images are now resized to 8G when booted to give some disk space to play around with in the booted
image.
* Removed --install-directory= option. This was originally added for caching the installation results, but
this doesn't work properly as it might result in leftover files in the install directory from a previous
installation, so we have to empty the directory before reusing it, invalidating the caching, so the option
was removed.
* Build scripts are now executed on the host. See the SCRIPTS section
in the manual for more information. Existing build scripts will need
to be updated to make sure they keep working. Specifically, most paths
in scripts will need to be prefixed with $BUILDROOT to have them
operate on the image instead of on the host system. To ensure the host
system cannot be modified when running a script, most host directories
are mounted read-only when running a script to ensure a script cannot
modify the host in any way. Alternatively to making the script run on
the host, the script can also still be executed in the image itself by
putting the following snippet at the top of the script:
if [ "$container" != "mkosi" ]; then
exec mkosi-chroot "$SCRIPT" "$@"
fi
* Removed --tar-strip-selinux-context= option. We now label all files
properly if selinux is enabled and if users don't want the labels,
they can simply exclude them when extracting the archive.
* Gentoo is now marked as experimental and unsupported and there's no
guarantee at all that it will work. Issues related to gentoo will
generally not receive attention from core maintainers. All gentoo
specific hacks outside of the gentoo implementation module have been
removed.
* A verb documentation has been added. Calling mkosi with this verb will show
the documentation. This is useful when running mkosi during development to
always have the documentation in the correct version available. By default it
will try several ways to output the documentation, but a specific option can
be chosen with the --doc-format option. Distro packagers are encouraged to
add a file mkosi.1 into the mkosi/resources directory of the Python
package, if it is missing, as well es install it in the appropriate search
path for man pages. The man page can be generated from the markdown file
mkosi/resources/mkosi.md e.g via pandoc -t man -s -o mkosi.1 mkosi.md.
* The man page can be generated from the markdown file via
tools/make-man-page.sh.
* Fixed issue where not all packages and data files where included in
the generated python package.
* mkosi doesn't try to unshare the network namespace anymore when it
doesn't have CAP_NET_ADMIN.
* Fixed issue when the workspace was located in /tmp.
* Don't try to run timedatectl or ssh-add when they're not installed.
-------------------------------------------------------------------
Sat Dec 3 22:08:17 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to v14:
* mkosi now creates distro~release subdirectories inside the build, cache
and output directories for each distro~release combination that is
built. This allows building for multiple distros without throwing away
the results of a previous distro build every time.
* The preferred names for mkosi configuration files and directories are
now mkosi.conf and mkosi.conf.d/ respectively. The old names
(mkosi.default and mkosi.default.d) have been removed from the docs but
are still supported for backwards compatibility.
* plain_squashfs type images will now also be named with a .raw suffix.
* tar type images will now respect the --compress option.
* Pacman's SigLevel option was changed to use the same default value as
used on Arch which is SigLevel = Required DatabaseOptional. If this
results in keyring errors, you need to update the keyring by running
* Support for CentOS 7 was dropped. If you still need to support CentOS 7,
we recommend using any mkosi version up to 13.
* Support for BIOS/grub was dropped. because EFI hardware is widely
available and legacy BIOS systems do not support the feature set to
fully verify a boot chain from firmware to userland and it has become
bothersome to maintain for little use.
* To generate BIOS images you can use any version of mkosi up to mkosi 13
or the new --bios-size option. This can be used to add a BIOS boot
partition of the specified size on which grub (or any other bootloader)
can be installed with the help of mkosi's script support (depending on
your needs most likely mkosi.postinst or mkosi.finalize). This method
can also be used for other EFI bootloaders that mkosi intentionally does
not support.
* mkosi now unconditionally copies the kernel, initrd and kernel cmdline
from the image that were previously only copied out for Qemu boot.
* mkosi now runs apt and dpkg on the host. As such, we now require apt and
dpkg to be installed on the host along with debootstrap in order to be
able to build debian/ubuntu images.
* Split dm-verity artifacts default names have been changed to match what
systemd and other tools expect: image.root.raw, image.root.verity,
image.root.roothash, image.root.roothash.p7s (same for usr variants).
* mkosi will again default to the same OS release as the host system when
the host system uses the same distribution as the image that's being
built.
* By default, mkosi will now change the owner of newly created directories
to SUDO_UID or PKEXEC_UID if defined, unless --no-chown is used.
* If systemd-nspawn v252 or newer is used, bind-mounted directories with
systemd-nspawn will use the new rootidmap option so files and
directories created from within the container will be owned by the
actual directory owner on the host.
-------------------------------------------------------------------
Mon Sep 26 06:08:52 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>
- update to version 13:
- The `--network-veth` option has been renamed to `--netdev`. The old name made
sense with virtual ethernet devices, but when booting images with qemu a
TUN/TAP device is used instead.
- The network config file installed by mkosi when the `--netdev` (previously
`--network-veth`) option is used (formerly
`/etc/systemd/network/80-mkosi-network-veth.network` in the image) now only
matches network interfaces using the `virtio_net` driver. Please make sure
you weren't relying on this file to configure any network interfaces other
than the tun/tap virtio-net interface created by mkosi when booting the image
in QEMU with the `--netdev` option. If you were relying on this config file
to configure other interfaces, you'll have to re-create it with the correct
match and a lower initial number in the filename to make sure
`systemd-networkd` will keep configuring your interface, e.g. via the
`mkosi.skeleton` or `mkosi.extra` trees or a `mkosi.postinst` script.
- The `kernel-install` script for building unified kernel images has been
removed. From v13 onwards, on systems using `kernel-install`, `mkosi` won't
automatically build new unified kernel images when a kernel is updated or
installed. To keep the old behavior, you can install the `kernel-install`
script manually via a skeleton tree; a copy can be found
[here](https://github.com/systemd/mkosi/blob/3798eb0c2ebcdf7dac207a559a3cb5a65cdb77b0/mkosi/resources/dracut_unified_kernel_install.sh).
- New `QemuKvm` option configures whether to use KVM when running `mkosi qemu`.
- `mkosi` will not default to the same OS release as the host system anymore
when the host system uses the same distribution as the image that's being
built. Instead, when no release is specified, mkosi will now always default
to the default version embedded in mkosi itself.
- `mkosi` will now use the `pacman` keyring from the host when building Arch
images. This means that users will, on top of installing `archlinux-keyring`,
also have to run `pacman-key --init` and `pacman-key --populate archlinux` on
the host system to be able to build Arch images. Also, unless the package
manager is configured to do it automatically, the host keyring will have to
be updated after `archlinux-keyring` updates by running `pacman-key
--populate archlinux` and `pacman-key --updatedb`.
- Direct qemu linux boot is now supported with `BootProtocols=linux`. When
enabled, the kernel image, initrd, and cmdline will be extracted from the
image and passed to `qemu` by `mkosi qemu` to directly boot into the kernel
image without a bootloader. This can be used to boot for example s390x images
in `qemu`.
- The initrd will now always be rebuilt after the extra trees and build
artifacts have been installed into the image.
- The github action has been migrated to Ubuntu Jammy. To migrate any jobs
using the action, add `runs-on: ubuntu-22.04` to the job config.
- All images are now configured by default with the `C.UTF-8` locale.
- New `--repository-directory` option can be used to configure a directory with
extra repository files to be used by the package manager when building an
image. Note that this option is currently only supported for `pacman` and
`dnf`-based distros.
- Option `--skeleton-tree` is now supported on Debian-based distros.
-------------------------------------------------------------------
Fri Dec 3 14:55:35 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Enable build on aarch64
-------------------------------------------------------------------
Fri Dec 3 06:59:38 UTC 2021 - Sebastian Wagner <sebix+novell.com@sebix.at>
- update to version 12:
- Fix handling of baselayout in Gentoo installations.
-------------------------------------------------------------------
Thu Nov 25 20:29:17 UTC 2021 - Sebastian Wagner <sebix+novell.com@sebix.at>
- update to version 11:
- Support for Rocky Linux, Alma Linux, and Gentoo has been added!
- A new `ManifestFormat=` option can be used to generate "manifest" files that
describe what packages were installed. With `json`, a JSON file that shows
the names and versions of all installed packages will be created. With
`changelog`, a longer human-readable file that shows package descriptions and
changelogs will be generated. This latter format should be considered
experimental and likely to change in later versions.
- A new `RemovePackages=` option can be used to uninstall packages after the
build and finalize scripts have been done. This is useful for the case where
packages are required by the build scripts, or pulled in as dependencies
for scriptlets of other packages, but are not necessary in the final image.
- A new `BaseImage=` option can be used to build "system extensions" a.k.a.
"sysexts" — partial images which are mounted on top of an existing system
to provide additional files under `/usr/`. See the
[systemd-sysext man page](https://www.freedesktop.org/software/systemd/man/systemd-sysext.html)
for more information.
- A new `CleanPackageMetadata=` option can be used to force or disable the
removal of package manager files. When this option is not used, they are
removed when the package manager is not installed in the final image.
- A new `UseHostRepositories=` option instructs mkosi to use repository
configuration from the host system, instead of the internal list.
- A new `SshAgent=` option configures the path to the ssh agent.
- A new `SshPort=` option overrides the port used for ssh.
- The `Verity=` setting supports a new value `signed`. When set, verity data
will be signed and the result inserted as an additional partition in the
image. See https://systemd.io/DISCOVERABLE_PARTITIONS for details about
signed disk images. This information is used by `systemd-nspawn`,
`systemd-dissect`, `systemd-sysext`, `systemd-portabled` and `systemd`'s
`RootImage=` setting (among others) to cryptographically validate the image
file systems before use.
- The `--build-environment=` option was renamed to `--environment=` and
extended to cover *all* invoked scripts, not just the `mkosi.build`.
The old name is still understood.
- With `--with-network=never`, `dnf` is called with `--cacheonly`, so that the
package lists are not refreshed. This gives a degree of reproducibility when
doing repeated installs with the same package set (and also makes installs
significantly faster).
- The `--debug=` option gained a new value `disk` to show information about disk
sized and partition allocations.
- Some sections and settings have been renamed for clarity: [Packages] is now
[Content], `Password=`, `PasswordIsHashed=`, and `Autologin=` are now in
[Content]. The old names are still supported, but not documented.
- When `--prepare-script=`/`--build-script=`/`--finalize-script=` is used with
an empty argument, the corresponding script will not be called.
- Python 3.7 is the minimal supported version.
- Note to packagers: the Python `cryptography` module is needed for signing
of verity data.
-------------------------------------------------------------------
Wed Oct 20 12:18:38 UTC 2021 - Enrico Belleri <idesmi@protonmail.com>
- Update to version 10
-------------------------------------------------------------------
Fri Jan 3 09:36:40 UTC 2020 - Sven Marquardt <dev@mail.smarquardt.space>
- update to version 5
* no changelog available
* merged upstream
-------------------------------------------------------------------
Mon Feb 12 19:22:30 UTC 2018 - sebix+novell.com@sebix.at
- update to version 4
* no changelog available
* removed 109.patch, merged upstream
-------------------------------------------------------------------
Thu Jun 29 16:20:46 UTC 2017 - sebix+novell.com@sebix.at
- initial package
- Add 109.patch from pull request at upstream repository, workaround for boo#1049997 and missing support for https URLs in mkosi/zypper

132
mkosi.spec Normal file
View File

@ -0,0 +1,132 @@
#
# spec file for package mkosi
#
# Copyright (c) 2024 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.
# Please submit bugfixes or comments via https://bugs.opensuse.org/
#
%define pythons python3
Name: mkosi
Version: 24.3
Release: 0
Summary: Build bespoke OS Images
License: LGPL-2.1-or-later
Group: System/Management
URL: https://github.com/systemd/mkosi
Source: https://github.com/systemd/mkosi/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
Source1: mkosi-initrd.conf
BuildRequires: %{python_module pip}
BuildRequires: %{python_module pytest}
BuildRequires: %{python_module wheel}
BuildRequires: %{pythons}
BuildRequires: fdupes
BuildRequires: pandoc
BuildRequires: python-rpm-macros
Requires: bubblewrap
Requires: python3 >= 3.9
Requires: zypper
Recommends: btrfsprogs
Recommends: cpio
Recommends: dosfstools
Recommends: dpkg
Recommends: edk2-ovmf
Recommends: gnupg
Recommends: squashfs
Recommends: tar
Recommends: xz
Recommends: zstd
BuildArch: noarch
ExclusiveArch: x86_64 aarch64
%description
A fancy wrapper around "dnf --installroot", "apt", "pacman", and "zypper" that
generates disk images with a number of bells and whistles.
Generated images are tailored to the purpose: GPT partitions,
systemd-boot or grub2, images for containers, VMs, initrd, and extensions.
mkosi can boot an image via QEMU or systemd-nspawn, or simply start a shell in
chroot, burn the image to a device, connect to a running VM via ssh, extract
logs and coredumps, and also serve an image over HTTP.
See https://mkosi.systemd.io/ for documentation.
%package initrd
Summary: Build initrds locally using mkosi
Requires: %{name} = %{version}-%{release}
Requires: coreutils
%description initrd
This package provides the mkosi-initrd wrapper and a plugin for kernel-install
to build initrds with mkosi locally. After the package is installed, the plugin
can be enabled by writing 'initrd_generator=mkosi-initrd' to
'/etc/kernel/install.conf'.
%prep
%autosetup -p1
%build
tools/make-man-page.sh
%pyproject_wheel
%install
%pyproject_install
%python_expand %fdupes %{buildroot}/%{$python_sitelib}/mkosi
mkdir -p %{buildroot}%{_mandir}/man1
cp %{buildroot}%{python3_sitelib}/mkosi/resources/mkosi.1* %{buildroot}%{_mandir}/man1/
cp %{buildroot}%{python3_sitelib}/mkosi/initrd/resources/mkosi-initrd.1* %{buildroot}%{_mandir}/man1/
# Install the kernel-install plugin
install -Dt %{buildroot}%{_prefix}/lib/kernel/install.d/ \
kernel-install/50-mkosi.install
mkdir -p %{buildroot}%{_prefix}/lib/mkosi-initrd
install -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/mkosi-initrd/mkosi.conf
mkdir -p %{buildroot}%{_sysconfdir}/mkosi-initrd
%post initrd
if [ ! -e %{_sysconfdir}/mkosi-initrd/mkosi.conf ]; then
cat >> %{_sysconfdir}/mkosi-initrd/mkosi.conf<<EOF
# Write here your own configuration.
# See man mkosi(1) for details.
[Content]
#ExtraTrees=
#KernelModulesInclude=
#KernelModulesExclude=
EOF
fi
%check
%pytest
%files
%doc mkosi.md README.md
%license LICENSE
%{_bindir}/mkosi
%{_mandir}/man1/mkosi.1*
%{python3_sitelib}/mkosi
%{python3_sitelib}/mkosi-%{version}.dist-info
%files initrd
%{_bindir}/mkosi-initrd
%{_mandir}/man1/mkosi-initrd.1*
%dir %{_prefix}/lib/kernel
%dir %{_prefix}/lib/kernel/install.d
%{_prefix}/lib/kernel/install.d/50-mkosi.install
%dir %{_prefix}/lib/mkosi-initrd
%{_prefix}/lib/mkosi-initrd/mkosi.conf
%dir %{_sysconfdir}/mkosi-initrd
%changelog