mkosi

pool/mkosi

SHA256

Fork 1

1c269bb117 Accepting request 1242148 from Virtualization factory Ana Guerrero 2025-02-03 20:43:52 +00:00
e8b5660a9a - Update to 25.3: * Use become_root_cmd() when running systemd-repart in run_shell() as well * Use shutil.copy() to copy ovmf variables * The dpkg architecture name for loongarch64 is loong64 * mkosi-initrd: Add two more modules * Check if list matches are empty if empty string is matched against * opensuse: fix package name: btrfs-progs -> btrfsprogs * Log command line for abnormal signals * zypper: set $releasever variable * Tools tree improvements * mkosi-initrd: handle PermissionError when reading /etc/crypttab * Move want_uki() check out of build_uki_profiles() * mkosi-sandbox: Improve formatting of error messages * Fix verity signature check in case keys are configured * Treat terminal as dumb if either stdout or stderr is not a tty * Various cache fixes * config: add mkosi-addon * Calculate PE section size correctly * Use directory in user's home as output directory if possible * Fix condition when removing duplicate files from the overlay * Make secure boot keys/crts/source config universal - Update to 25.2: * Only parse profiles from subimages and includes if those are dirs * Use all threads when relabelling files with setfiles - Update to 25.1: * Remove depmod check in check_tools() * news: fix typo detected by Lintian * Create zipapp for mkosi sandbox like we do in generate-zipapp.sh * man: document kernel baseline for mkosi * sandbox: Show better error on ENOSYS devel Sebastian Wagner 2025-02-01 20:13:20 +00:00
7894fe7f9a Accepting request 1240114 from Virtualization Dominique Leuenberger 2025-01-24 12:41:19 +00:00
f738251106 - Drop the mkosi-initrd-tukit subpackage. * Since v25 implements its own sandboxing tool and does not use bubblewrap, this is not required anymore. - Update to 25: * Instead of using bubblewrap, sandboxing is now done with a new tool mkosi-sandbox. This tool has a public API and can be used independently of mkosi. * Image builds are now done in a user namespace with a single user when running unprivileged instead of using newuidmap/newgidmap. When running unprivileged, all files and directories in the image will be owned by the invoking user (and by root inside any produced archives). Any attempt to chown files to other users in scripts will fail unless the new environment variable $MKOSI_CHROOT_SUPPRESS_CHOWN is set to a true value. * mkosi does not drop privileges anymore to the invoking user when running as root for various steps. * A new cat-config verb will show all configuration files that were included for each configured image. * Added support for Azure Linux * Added support for Kali Linux * If mkosi.version is executable, we now execute it and read the version from stdout. * Added --wipe-build-dir to wipe the build directory before rebuilding the image. * Introduced RepositoryKeyFetch= to control whether to fetch distribution GPG keys remotely. This setting is **disabled** by default for security reasons except when building rpm based or Arch Linux images on Ubuntu. * We now handle SIGHUP gracefully * Universal settings that take a collection of values cannot be appended to anymore in subimages. Usage of package manager trees in subimages will have to be moved to the top level image. Similarly, repositories will have to be enabled in the top level image. * Repository metadata is not copied into images anymore. * Repository metadata from base trees is not used anymore. * Package manager trees are now named sandbox trees. * Package manager trees (sandbox trees) do not use the skeleton trees as their default anymore if unset. * Note to packagers: The manual pages have been moved to resources/man and now include man pages for mkosi-initrd and mkosi-sandbox as well. * InitrdInclude= was removed. If you're using InitrdInclude=, please build your initrd via a subimage in mkosi.images containing Include=mkosi-initrd and any customizations you wish to add and use the Initrds= setting to use it as the initrd for the main image instead of the default initrd. * Added History= to have mkosi save the config used to build the image and reuse it when verbs such as qemu, boot, … are invoked without -f. * Introduced new [Build] section and moved various settings to it. * Moved Include= to [Include] section * Added sysupdate verb as a wrapper around systemd-sysupdate which invokes it with definitions from mkosi.sysupdate. * Added RuntimeHome= to mount the current home directory to /root when running a command that boots the image * More directories aside from /etc and /usr are now picked up from sandbox trees (formerly known as package manager trees). * Profile configuration from mkosi.profiles is now parsed after mkosi.conf.d instead of before it. To set defaults for use in mkosi.conf.d based on the configured profile, use an early dropin in mkosi.conf.d that matches on the configured profile instead. * Profile= is renamed to Profiles= and takes a comma separated list of profiles now. Scripts now receive $PROFILES with a space-separated list of profiles instead of $PROFILE. The %p specifier for profiles is removed. * Multiple sync, prepare, build, postinst, finalize, postoutput and clean scripts are now picked up from mkosi.$SCRIPT.d. * run0 is now automatically used to escalate privileges for commands that need it, like the burn verb. * /usr/share/keyrings and /usr/share/distribution-gpg-keys are no longer automatically picked up from the tools tree when ToolsTreeCertificates= is set, since they aren't certificates, use a sandbox tree instead. This allows one to override SignedBy= keys for APT repositories. * The agetty.autologin and login.noauth credentials are no longer set unconditionally. * Access to the output directory in build scripts was removed. To put artifacts from the build directory into the output directory, copy them from the build directory to the output directory in a post-installation script which does have access to the build directory and the output directory. * BuildDirectory= is no longer available in PrepareScripts=. If you need to acquire some files for the build process place them somewhere sensible within $BUILDROOT so that they can be cached when building incrementally. * When using a tools tree and a relaxed sandbox is used to run a command (qemu, nspawn, ...), we now keep all entries from $PATH outside of /usr intact. Note that this may cause issues if a $PATH entry contains binaries linked against libraries in /usr from the host. * Introduced a new specifier %I which resolves to the name of the current subimage when used in a config under mkosi.images/. This differs to %o as it is always the name of the config file without extension (or the name of the directory). * If /dev/fuse is found in the host context, it is made available in the sandbox context too. * Added a sandbox verb to run a command within a relaxed mkosi sandbox (the same sandbox that mkosi vm, mkosi boot, ... run in). * OpenSSL providers are now supported as key sources for the various key settings if a recent enough systemd version (257 or newer) is used. * Added support for loading X.509 certificates from OpenSSL providers if a recent enough systemd version (257 or newer) is used. * Added ToolsTreePackageDirectories= * Added --kernel-image= to mkosi-initrd to specify the kernel image to use when building a UKI. * Setting a collection based setting to the empty string via the CLI and then appending to the same setting will now override the settings coming from configuration files, whereas previously the CLI values would be appended to the values from configuration files. * The mkosi-initrd default config now includes various extra kernel modules by default. * The coredumpctl and journalctl verbs will now always operate on the image, even if ForwardJournal= is configured. * Bumped default Fedora release to 41. * Added addon output format to build UKI addons. * Renamed [Host] section to [Runtime] section. * Renamed various settings from [Host]. * Binaries coming from ExtraSearchPaths= are now executed with the tools tree mounted if one is configured (unlike before where the tools tree was not mounted). This means that any binaries coming from ExtraSearchPaths= have to be linked against libraries from the tools tree (or have to be statically linked). Alternatively, the tools tree distribution and release have to match the host. * Binaries from ExtraSearchPaths= are not used anymore when building the default tools tree. * Dropped support for pesign as a secure boot signing tool. * Added support for systemd-sbsign as a secure boot signing tool. * Added --register= to control whether to register containers and VMs with systemd-machined or not. * mkosi.profiles is now parsed in subimages as well. * mkosi-initrd now uses dnf5 on systems where it is the default. * Added various packages to the default tools tree. * Dropped support for Ubuntu Focal. * Added Devicetree= setting for configuring bootloader device trees * Added systemd-machined registration using varlink for mkosi qemu vms, which includes the vsock CID so that ssh vsock/<cid> or ssh machine/<name> will work on systems running systemd-machined 257 or newer. * Bumped CentOS Stream default release to 10. * mkosi now manages the pacman keyring itself so /etc/pacman.d/gnupg from the host is not used anymore and mkosi will run pacman-key --init and pacman-key --populate itself. * Added ToolsTreeRelease= match * mkosi now enforces that images built with Overlay=yes only add files on top of the base tree(s) and don't overwrite any existing files or directories. * Added a mkosi-addon tool and accompanying kernel-install plugin that allows building PE addons to extend a vendor provided unified kernel image. * Added systemd-boot-signed, uki-signed and grub-signed variants for the Bootloader= option which instruct mkosi to only install pre-signed EFI binaries. * mkosi.profiles is now parsed in configuration included with Include=. * Any initrds configured with Initrds= are now used as fallback when booting with qemu direct kernel boot (--firmware=linux) if no split initrd was produced by the image build. * mkosi now makes a greater effort to ensure the crypto-policies are configured to allow GPG keys from older distributions. * We don't pick up pre-signed bootloader binaries anymore when ShimBootloader=signed is configured. To force usage of pre-signed EFI binaries, use the new systemd-boot-signed, uki-signed and grub-signed variants for the Bootloader= option. * Added a new constant microsoft-mok for the FirmwareVariables= option. If specified, a firmware variables file with the Microsoft keys enrolled will be extended to include a MokList entry that trusts the certificate configured with SecureBootCertificate= and passed to qemu. * We now use mkosi.pkgcache as the package cache directory if the directory exists. * BuildSourcesEphemeral= learned a new variant buildcache in which case the overlay will be cached in the build directory configured with BuildDirectory=. Sebastian Wagner 2025-01-24 09:33:55 +00:00
6cda111433 Accepting request 1219915 from Virtualization Dominique Leuenberger 2024-11-01 20:04:24 +00:00
a8207898f3 We need mkosi on all architectures to build the initrd or sysext images, we cannot limit this features to two architectures. So better to not build man pages on architectures without pandoc than no mkosi at all. Sebastian Wagner 2024-10-31 16:50:19 +00:00
e4945c66c3 Accepting request 1194999 from Virtualization Ana Guerrero 2024-08-21 21:26:07 +00:00
019f4d9e73 - Create new subpackage mkosi-initrd-tukit. * This package adds a special mkosi-initrd wrapper to support creating initrds on transactional systems. I.e., with transactional-update, a transaction runs on a chroot, but mkosi requires bubblewrap, which uses pivot_root, and that is known to fail on a chroot environment. - Do not install 50-mkosi.install kernel-install script. * Although kernel-install is provided in openSUSE, it is not run when a kernel is installed or removed (this work is done by suse-module-tools). Also, even calling it manually, it does not support the custom systemd-boot integration in openSUSE. Sebastian Wagner 2024-08-21 06:34:30 +00:00
7940f96e9e Accepting request 1190984 from Virtualization Dominique Leuenberger 2024-08-01 20:05:59 +00:00
ca8be1476d - remove env-shebang from /usr/lib/kernel/install.d/50-mkosi.install - Create new subpackage mkosi-initrd - Add file %{_prefix}/lib/mkosi-initrd/mkosi.conf Sebastian Wagner 2024-08-01 13:30:31 +00:00
79af1b9cc8 Accepting request 1190521 from home:flonnegren:branches:Virtualization Sebastian Wagner 2024-08-01 13:20:42 +00:00
a9a98c5b9b Accepting request 1190476 from home:afeijoo:branches:Virtualization Sebastian Wagner 2024-08-01 13:19:06 +00:00
1392418cdd Accepting request 1181901 from Virtualization Ana Guerrero 2024-06-20 14:48:45 +00:00
45731ec593 Accepting request 1180397 from home:afeijoo:branches:Virtualization Sebastian Wagner 2024-06-13 13:56:32 +00:00
f2714bbf60 Accepting request 1180269 from Virtualization Ana Guerrero 2024-06-13 13:39:58 +00:00
0bc4bdef65 - Removed obsolete patch opensuse-dont-install-distribution-release-by-default.patch Sebastian Wagner 2024-06-12 20:28:04 +00:00
1a98bb2670 Update to v23.1 Sebastian Wagner 2024-06-12 20:26:01 +00:00
b235445233 Accepting request 1178506 from Virtualization Ana Guerrero 2024-06-05 15:39:52 +00:00
4abf1c3196 Accepting request 1178505 from home:fbui:branches:Virtualization Sebastian Wagner 2024-06-04 14:05:03 +00:00
3b0db0b276 Accepting request 1177944 from Virtualization Ana Guerrero 2024-06-03 15:41:36 +00:00
73ca3569e8 Accepting request 1177171 from home:aplanas:branches:Virtualization Sebastian Wagner 2024-05-31 13:25:17 +00:00
8b74b2ca3b Accepting request 1162366 from Virtualization Ana Guerrero 2024-03-27 19:42:27 +00:00
3dd7b41a52 Accepting request 1162297 from home:RBrownSUSE:branches:Virtualization Sebastian Wagner 2024-03-26 21:08:55 +00:00
a67f00377e Accepting request 1158169 from Virtualization Ana Guerrero 2024-03-15 19:31:16 +00:00
5bf478bb4b Accepting request 1158165 from home:flonnegren:branches:Virtualization Sebastian Wagner 2024-03-15 08:58:32 +00:00
f75bc32025 Accepting request 1156965 from Virtualization Ana Guerrero 2024-03-13 21:17:22 +00:00
a1cb76e145 Accepting request 1156961 from home:smolsheep:upgrades Sebastian Wagner 2024-03-11 15:04:18 +00:00
5e5b2e127b Accepting request 1140616 from Virtualization Ana Guerrero 2024-01-22 19:38:22 +00:00
843f3c4363 Accepting request 1140611 from home:dirkmueller:Factory Sebastian Wagner 2024-01-22 14:36:01 +00:00
4c6a047711 Accepting request 1140555 from home:dirkmueller:Factory Sebastian Wagner 2024-01-22 10:21:14 +00:00
ce73c664ef Accepting request 1127787 from Virtualization Ana Guerrero 2023-11-21 20:32:05 +00:00
d6fc0d972d Accepting request 1127786 from home:flonnegren:branches:Virtualization Sebastian Wagner 2023-11-20 21:18:07 +00:00
2e8d9b2b5b Accepting request 1127433 from Virtualization Ana Guerrero 2023-11-19 19:15:33 +00:00
7f95769ee9 - set singlepython version to python3 instead of python311 to allow build on Leap and not require changes on every Python change in Tumbleweed Sebastian Wagner 2023-11-18 13:17:59 +00:00
1f0f01d564 Accepting request 1125848 from home:flonnegren:branches:openSUSE:Factory Sebastian Wagner 2023-11-17 20:29:31 +00:00
8363c03e84 Accepting request 1041151 from Virtualization Dominique Leuenberger 2022-12-07 16:35:52 +00:00
704f5e84ab Accepting request 1039896 from home:dirkmueller:Factory Sebastian Wagner 2022-12-07 15:06:23 +00:00
707dd3b8b6 Accepting request 1007625 from Virtualization Dominique Leuenberger 2022-10-03 11:46:46 +00:00
c527c510eb - update to version 13: - The --network-veth option has been renamed to --netdev. The old name made sense with virtual ethernet devices, but when booting images with qemu a TUN/TAP device is used instead. - The network config file installed by mkosi when the --netdev (previously --network-veth) option is used (formerly /etc/systemd/network/80-mkosi-network-veth.network in the image) now only matches network interfaces using the virtio_net driver. Please make sure you weren't relying on this file to configure any network interfaces other than the tun/tap virtio-net interface created by mkosi when booting the image in QEMU with the --netdev option. If you were relying on this config file to configure other interfaces, you'll have to re-create it with the correct match and a lower initial number in the filename to make sure systemd-networkd will keep configuring your interface, e.g. via the mkosi.skeleton or mkosi.extra trees or a mkosi.postinst script. - The kernel-install script for building unified kernel images has been removed. From v13 onwards, on systems using kernel-install, mkosi won't automatically build new unified kernel images when a kernel is updated or installed. To keep the old behavior, you can install the kernel-install script manually via a skeleton tree; a copy can be found [here](3798eb0c2e/mkosi/resources/dracut_unified_kernel_install.sh). - New QemuKvm option configures whether to use KVM when running mkosi qemu. - mkosi will not default to the same OS release as the host system anymore when the host system uses the same distribution as the image that's being built. Instead, when no release is specified, mkosi will now always default to the default version embedded in mkosi itself. - mkosi will now use the pacman keyring from the host when building Arch images. This means that users will, on top of installing archlinux-keyring, also have to run pacman-key --init and pacman-key --populate archlinux on the host system to be able to build Arch images. Also, unless the package Sebastian Wagner 2022-09-26 06:11:31 +00:00
68fd52efb1 Accepting request 935542 from Virtualization Dominique Leuenberger 2021-12-03 19:35:49 +00:00
a32a54050b Accepting request 935495 from home:Guillaume_G:branches:Virtualization Sebastian Wagner 2021-12-03 16:44:15 +00:00
592674b1a7 - update to version 12: - Fix handling of baselayout in Gentoo installations. Sebastian Wagner 2021-12-03 07:00:22 +00:00
340d5eb8cd Accepting request 935285 from Virtualization Dominique Leuenberger 2021-12-02 21:30:31 +00:00
5fb05484dd - update to version 11: - Support for Rocky Linux, Alma Linux, and Gentoo has been added! - A new ManifestFormat= option can be used to generate "manifest" files that describe what packages were installed. With json, a JSON file that shows the names and versions of all installed packages will be created. With changelog, a longer human-readable file that shows package descriptions and changelogs will be generated. This latter format should be considered experimental and likely to change in later versions. - A new RemovePackages= option can be used to uninstall packages after the build and finalize scripts have been done. This is useful for the case where packages are required by the build scripts, or pulled in as dependencies for scriptlets of other packages, but are not necessary in the final image. - A new BaseImage= option can be used to build "system extensions" a.k.a. "sysexts" — partial images which are mounted on top of an existing system to provide additional files under /usr/. See the [systemd-sysext man page](https://www.freedesktop.org/software/systemd/man/systemd-sysext.html) for more information. - A new CleanPackageMetadata= option can be used to force or disable the removal of package manager files. When this option is not used, they are removed when the package manager is not installed in the final image. - A new UseHostRepositories= option instructs mkosi to use repository configuration from the host system, instead of the internal list. - A new SshAgent= option configures the path to the ssh agent. - A new SshPort= option overrides the port used for ssh. - The Verity= setting supports a new value signed. When set, verity data will be signed and the result inserted as an additional partition in the image. See https://systemd.io/DISCOVERABLE_PARTITIONS for details about signed disk images. This information is used by systemd-nspawn, systemd-dissect, systemd-sysext, systemd-portabled and systemd's RootImage= setting (among others) to cryptographically validate the image Sebastian Wagner 2021-11-25 20:30:13 +00:00
516b3e3ded Accepting request 926626 from Virtualization Dominique Leuenberger 2021-10-21 21:55:23 +00:00
5eecbfde20 Accepting request 926624 from home:iDesmI Sebastian Wagner 2021-10-20 20:14:53 +00:00
2510ef5c7e Accepting request 760841 from Virtualization Dominique Leuenberger 2020-01-05 14:21:36 +00:00
c74de34b66 Accepting request 760612 from home:MaSven:branches:Virtualization Sebastian Wagner 2020-01-04 21:28:25 +00:00
fcf20d575c Accepting request 578207 from Virtualization Dominique Leuenberger 2018-02-20 16:55:46 +00:00
3132c6cded fix arch Sebastian Wagner 2018-02-12 19:59:27 +00:00
c524532867 - update to version 4 * no changelog available * removed 109.patch, merged upstream Sebastian Wagner 2018-02-12 19:36:31 +00:00
645d2c0920 Accepting request 521542 from Virtualization Dominique Leuenberger 2017-09-07 20:15:55 +00:00
3a1e191642 Accepting request 520101 from home:sebix Cédric Bosdonnat 2017-09-04 15:53:51 +00:00

Commit Graph Select branches Hide Pull Requests devel factory Mono Color

Commit Graph

Select branches

Hide Pull Requests

devel

factory