mkosi/mkosi.changes

-------------------------------------------------------------------
Mon Nov  14 08:20:28 UTC 2023 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- update to v18:
  * $SCRIPT was renamed to $CHROOT_SCRIPT. $SCRIPT can still be used
    but is considered deprecated.
  * Added RuntimeTrees= setting to mount directories when booting images
    via mkosi boot, mkosi shell or mkosi qemu. The directories are
    mounted with a uid map that maps the user invoking mkosi to the root
    user so that all files in the directory appear as if owned by the root
    user in the container or virtual machine and any new files created in
    the directories are owned by the user invoking mkosi. To make this
    work in VMs, we use VirtioFS via virtiofsd. Note that this
    requires systemd v254 or newer to be installed in the image.
  * Added support for booting directory images with mkosi qemu via
    VirtioFS. When CONFIG_VIRTIOFS and CONFIG_VIRTIO_PCI are builtin
    modules, no initramfs is required to make this work.
  * Added Include= or --include to include extra configuration files
    or directories.
  * Added support for specifiers to access the current value of certain
    settings during configuration file parsing.
  * mkosi will now exit with an error when no configuration was
    provided.
  * Multiple scripts of the same type are now supported.
  * Custom distributions are now supported via the new custom
    distribution. When using custom as the distribution, the rootfs must
    be provided via base trees, skeleton trees or prepare scripts.
  * We now use local GPG keys for rpm based distributions if the
    distribution-gpg-keys package is installed on the host.
  * Added RuntimeSize= to grow the image to a specific size before
    booting it when using mkosi boot or mkosi qemu.
  * We now set MKOSI_UID and MKOSI_GID when running scripts which are
    set to the uid and gid of the user invoking mkosi respectively. These
    can be used to run commands as the user that invoked mkosi.
  * Added an Architecture= match
  * Initrds specified with Initrds= are now used for grub menuentries as
    well.
  * ImageId= and ImageVersion= are now written to os-release as
    IMAGE_ID and IMAGE_VERSION if provided.
  * We pass command line arguments passed to the build verb to the build
    script again.
  * We added support for the "RHEL Universal Base Image" distribution.

- update to v17.1:
  * Fixed bug where --autologin was broken when used in combination with
    a tools tree when using a packaged version of mkosi.

- update to v17:
  * Added ToolsTreePackages= to add extra packages to the default tools
    tree.
  * Added SystemdVersion= match to match on the host's systemd version
  * Added Format= match to match on the configured output format
  * Presets= can now be configured in global configuration files to select
    which presets to build
  * UKIs can now be booted using direct linux boot.
  * We don't try to make images UEFI bootable anymore on architectures
    that do not support UEFI
  * Fixed --help to show all options again
  * We now warn when settings are configured in the wrong section

- update to v16:
  * mkosi.version is now picked up from preset and dropin directories as
    well following the usual config precedence logic
  * Removed the "first assignment wins" logic from configuration parsing.
    Settings parsed later will now override earlier values
  * Removed the ! operator for lists. Instead, assign the empty string
    to the list to remove all previous values.
  * Added support for configuring custom default values for settings by
    prefixing their name in the configuration file with @.
  * Added QemuCdrom= to attach the image to the virtual machine as a
    CD-ROM instead of a block device.
  * Added SectorSize= to set the sector size of the disk images built by
    systemd-repart.
  * Added back grub support (BIOS/UEFI). Note that we don't install grub
    on UEFI yet but we do add the necessary configuration and partitions.
  * Added Bootloader= option to configure which EFI bootloader to
    install. Added uki option to install just the UKI without
    systemd-boot and grub to generate grub configuration to chainload
    into the built UKIs.
  * Added BiosBootloader= to configure whether grub for BIOS gets
    installed or not.
  * Added QemuFirmware= to select which qemu firmware to use (OVMF,
    Seabios or direct kernel boot).
  * Added QemuKernel= to specify the kernel that should be used with
    direct kernel boot.
  * /var/lib/dbus/machine-id is now removed if it was added by a package
    manager postinstall script.
  * The manifest is not generated by default anymore. Use
    ManifestFormat=json to make sure the manifest is generated.
  * Added SourceDateEpoch= to enable more reproducible image builds.
  * Added Seed= to set the seed passed to systemd-repart.
  * Updated the default Fedora release to Fedora 39.
  * If ToolsTree= is set to default, mkosi will now build a default
    tools tree containing all the necessary tools to build images. The
    distribution and release to use can be configured with
    ToolsTreeDistribution= and ToolsTreeRelease= or are determined
    automatically based on the image being built.
  * Added uki output format. This is similar to cpio, except the cpio
    is packaged up as a UKI with a kernel image and stub picked up from
    the rootfs.

- update to v15.1:
  * Migrated to systemd-repart. Many options are dropped in favor of specifying them directly
    in repart partition definition files:
      - Format=gpt_xxx options are replaced with a single "disk" options. Filesystem to use can now be specified with repart's Format= option
      - Format=plain_squashfs (Can be reproduced by a single repart squashfs
        root partition combined with SplitArtifacts=yes)
      - Verity= (Replaced by repart's Verity= options)
      - Encrypt= (Replaced by repart's Encrypt= option)
      - RootSize=, HomeSize=, VarSize=, TmpSize=, ESPSize=, SwapSize=, SrvSize=
        (Replaced by repart's size options)
      - UsrOnly= (replaced with CopyFiles=/:/usr in a usr partition definition)
      - OutputSplitRoot=, OutputSplitVerity=, (Replaced by repart's SplitName= option)
      - OutputSplitKernel= (UKI is now always written to its own output file)
      - GPTFirstLBA (Removed, no equivalent in repart)
      - ReadOnly= (Replaced by repart's ReadOnly= option per partition)
      - Minimize= (Replaced by repart's Minimize= option per partition)
      - CompressFs= (No equivalent in repart, can be replicated by replacing mkfs.
        in $PATH with a script that adds the necessary command line option)
      - MkSquashfs= (Can be replaced with a script in $PATH that invokes
        the correct binary)
  * We also remove the WithoutUnifiedKernelImages= switch as building unified
    kernel images is trivial and fast these days.
  * Support for --qemu-boot was dropped
  * Support for --use-host-repositories was dropped, use --repository-directory instead
  * RepositoryDirectory was removed, use PackageManagerTrees= or SkeletonTrees= instead.
  * --repositories is now only usable on Debian/RPM based distros and can only be used to enable additional
    repositories. Specifically, it cannot be used on Arch Linux anymore to add new repositories.
  * The _epel distributions were removed. Use --repositories=epel instead to enable
    the EPEL repository.
  * Removed -stream from CentOS release specifiers. Instead of specifying 8-stream,
    you know just specify 8.
  * Removed default kernel command line arguments rhgb, selinux=0 and audit=0.
  * Dropped --all and --all-directory as this functionality is better implemented by
    using a build system.
  * mkosi now builds images without needing root privileges.
  * Removed --no-chown, --idmap and --nspawn-keep-unit options as they were made obsolete by moving to
    rootless builds.
  * Removed --source-file-transfer, --source-file-transfer-final, --source-resolve-symlinks and
    --source-resolve-symlinks-final in favor of always mounting the source directory into the build image.
    --source-file-transfer-final might be reimplemented in the future using virtiofsd.
  * Dropped --include-dir option. Usage can be replaced by using --incremental and reading includes from
    the cached build image tree.
  * Removed --machine-id in favor of shipping images without a machine ID at all.
  * Removed --skip-final-phase as we only have a single phase now.
  * The post install script is only called for the final image now and not for the build image anymore. Use the
    prepare script instead.
  * --ssh-key, --ssh-agent, --ssh-port and --ssh-timeout options were dropped as the SSH support was
    reimplemented using VSock. mkosi ssh can only be used with images booted with mkosi qemu. Use
    machinectl to access images booted with mkosi boot. Use --extra-tree or --credential with the
    .ssh.authorized_keys.root credentials as alternatives for provisioning the public key inside the image.
  * Only configuration files matching *.conf are parsed in dropin directories now.
  * Removed --qemu-headless, we now start qemu in the terminal by default and configure the serial console at
    runtime. Use the new --qemu-gui option to start qemu in its graphical interface.
  * Removed --netdev. Can be replaced by manually installing systemd-networkd, putting a network file in the
    image and enabling systemd-networkd.
  * If mkosi.extra/ or mkosi.skeleton/ exist, they are now always used instead of only when no explicit
    extra/skeleton trees are defined.
  * mkosi doesn't install any default packages anymore aside from packages required by the distro or the base
    filesystem layout package if there are no required packages. In practice, this means systemd and other
    basic tools have to be installed explicitly from now on.
  * Removed --base-packages as it's not needed anymore since we don't install any packages by default anymore
    aside from the base filesystem layout package.
  * Removed --qcow2 option in favor of supporting only raw disk images as the disk image output format.
  * Removed --bmap option as it can be trivially added manually by utilizing a finalize script.
  * The never value for --with-network was spun of into its own custom option --cache-only.
  * --bootable now defaults to auto. When set to auto, mkosi will generate a bootable image only if all
    the necessary packages are installed. Documentation was added in docs/bootable.md on how a bootable image
    can be generated on mainstream distros.
  * The RPM db is no longer rebuilt in bdb format on CentOS Stream 8. To be able to install packages on a
    CentOS Stream 8 image with a RPM db in sqlite format, rewrite the db in bdb format using
    rpm --rebuilddb --define _db_backend bdb.
  * Repositories are now only written to /etc/apt/sources.list if apt is installed in the image.
  * Removed the dependency on debootstrap to build Ubuntu or Debian images.
  * Apt now uses the keyring from the host instead of the keyring from the image. This means
    debian-archive-keyring or ubuntu-archive-keyring are now required to be installed to build Debian or
    Ubuntu images respectively.
  * --base-image is split into --base-tree and --overlay.
  * Removed --cache-initrd, instead, use a prebuilt initrd with Initrds= to avoid rebuilding the initrd all
    the time.
  * Disk images are now resized to 8G when booted to give some disk space to play around with in the booted
    image.
  * Removed --install-directory= option. This was originally added for caching the installation results, but
    this doesn't work properly as it might result in leftover files in the install directory from a previous
    installation, so we have to empty the directory before reusing it, invalidating the caching, so the option
    was removed.
  * Build scripts are now executed on the host. See the SCRIPTS section
    in the manual for more information. Existing build scripts will need
    to be updated to make sure they keep working. Specifically, most paths
    in scripts will need to be prefixed with $BUILDROOT to have them
    operate on the image instead of on the host system. To ensure the host
    system cannot be modified when running a script, most host directories
    are mounted read-only when running a script to ensure a script cannot
    modify the host in any way. Alternatively to making the script run on
    the host, the script can also still be executed in the image itself by
    putting the following snippet at the top of the script:

    if [ "$container" != "mkosi" ]; then
        exec mkosi-chroot "$SCRIPT" "$@"
    fi
  * Removed --tar-strip-selinux-context= option. We now label all files
    properly if selinux is enabled and if users don't want the labels,
    they can simply exclude them when extracting the archive.
  * Gentoo is now marked as experimental and unsupported and there's no
    guarantee at all that it will work. Issues related to gentoo will
    generally not receive attention from core maintainers. All gentoo
    specific hacks outside of the gentoo implementation module have been
    removed.
  * A verb documentation has been added. Calling mkosi with this verb will show
    the documentation. This is useful when running mkosi during development to
    always have the documentation in the correct version available. By default it
    will try several ways to output the documentation, but a specific option can
    be chosen with the --doc-format option. Distro packagers are encouraged to
    add a file mkosi.1 into the mkosi/resources directory of the Python
    package, if it is missing, as well es install it in the appropriate search
    path for man pages. The man page can be generated from the markdown file
    mkosi/resources/mkosi.md e.g via pandoc -t man -s -o mkosi.1 mkosi.md.
  * The man page can be generated from the markdown file via
    tools/make-man-page.sh.
  * Fixed issue where not all packages and data files where included in
    the generated python package.
  * mkosi doesn't try to unshare the network namespace anymore when it
    doesn't have CAP_NET_ADMIN.
  * Fixed issue when the workspace was located in /tmp.
  * Don't try to run timedatectl or ssh-add when they're not installed.

-------------------------------------------------------------------
Sat Dec  3 22:08:17 UTC 2022 - Dirk Müller <dmueller@suse.com>

- update to v14:
  * mkosi now creates distro~release subdirectories inside the build, cache
    and output directories for each distro~release combination that is
    built. This allows building for multiple distros without throwing away
    the results of a previous distro build every time.
  * The preferred names for mkosi configuration files and directories are
    now mkosi.conf and mkosi.conf.d/ respectively. The old names
    (mkosi.default and mkosi.default.d) have been removed from the docs but
    are still supported for backwards compatibility.
  * plain_squashfs type images will now also be named with a .raw suffix.
  * tar type images will now respect the --compress option.
  * Pacman's SigLevel option was changed to use the same default value as
    used on Arch which is SigLevel = Required DatabaseOptional. If this
    results in keyring errors, you need to update the keyring by running
  * Support for CentOS 7 was dropped. If you still need to support CentOS 7,
    we recommend using any mkosi version up to 13.
  * Support for BIOS/grub was dropped. because EFI hardware is widely
    available and legacy BIOS systems do not support the feature set to
    fully verify a boot chain from firmware to userland and it has become
    bothersome to maintain for little use.
  * To generate BIOS images you can use any version of mkosi up to mkosi 13
    or the new --bios-size option. This can be used to add a BIOS boot
    partition of the specified size on which grub (or any other bootloader)
    can be installed with the help of mkosi's script support (depending on
    your needs most likely mkosi.postinst or mkosi.finalize). This method
    can also be used for other EFI bootloaders that mkosi intentionally does
    not support.
  * mkosi now unconditionally copies the kernel, initrd and kernel cmdline
    from the image that were previously only copied out for Qemu boot.
  * mkosi now runs apt and dpkg on the host. As such, we now require apt and
    dpkg to be installed on the host along with debootstrap in order to be
    able to build debian/ubuntu images.
  * Split dm-verity artifacts default names have been changed to match what
    systemd and other tools expect: image.root.raw, image.root.verity,
    image.root.roothash, image.root.roothash.p7s (same for usr variants).
  * mkosi will again default to the same OS release as the host system when
    the host system uses the same distribution as the image that's being
    built.
  * By default, mkosi will now change the owner of newly created directories
    to SUDO_UID or PKEXEC_UID if defined, unless --no-chown is used.
  * If systemd-nspawn v252 or newer is used, bind-mounted directories with
    systemd-nspawn will use the new rootidmap option so files and
    directories created from within the container will be owned by the
    actual directory owner on the host.

-------------------------------------------------------------------
Mon Sep 26 06:08:52 UTC 2022 - Sebastian Wagner <sebix+novell.com@sebix.at>

- update to version 13:
  - The `--network-veth` option has been renamed to `--netdev`. The old name made
    sense with virtual ethernet devices, but when booting images with qemu a
    TUN/TAP device is used instead.
  - The network config file installed by mkosi when the `--netdev` (previously
    `--network-veth`) option is used (formerly
    `/etc/systemd/network/80-mkosi-network-veth.network` in the image) now only
    matches network interfaces using the `virtio_net` driver. Please make sure
    you weren't relying on this file to configure any network interfaces other
    than the tun/tap virtio-net interface created by mkosi when booting the image
    in QEMU with the `--netdev` option. If you were relying on this config file
    to configure other interfaces, you'll have to re-create it with the correct
    match and a lower initial number in the filename to make sure
    `systemd-networkd` will keep configuring your interface, e.g. via the
    `mkosi.skeleton` or `mkosi.extra` trees or a `mkosi.postinst` script.
  - The `kernel-install` script for building unified kernel images has been
    removed. From v13 onwards, on systems using `kernel-install`, `mkosi` won't
    automatically build new unified kernel images when a kernel is updated or
    installed. To keep the old behavior, you can install the `kernel-install`
    script manually via a skeleton tree; a copy can be found
    [here](https://github.com/systemd/mkosi/blob/3798eb0c2ebcdf7dac207a559a3cb5a65cdb77b0/mkosi/resources/dracut_unified_kernel_install.sh).
  - New `QemuKvm` option configures whether to use KVM when running `mkosi qemu`.
  - `mkosi` will not default to the same OS release as the host system anymore
    when the host system uses the same distribution as the image that's being
    built. Instead, when no release is specified, mkosi will now always default
    to the default version embedded in mkosi itself.
  - `mkosi` will now use the `pacman` keyring from the host when building Arch
    images. This means that users will, on top of installing `archlinux-keyring`,
    also have to run `pacman-key --init` and `pacman-key --populate archlinux` on
    the host system to be able to build Arch images. Also, unless the package
    manager is configured to do it automatically, the host keyring will have to
    be updated after `archlinux-keyring` updates by running `pacman-key
    --populate archlinux` and `pacman-key --updatedb`.
  - Direct qemu linux boot is now supported with `BootProtocols=linux`. When
    enabled, the kernel image, initrd, and cmdline will be extracted from the
    image and passed to `qemu` by `mkosi qemu` to directly boot into the kernel
    image without a bootloader. This can be used to boot for example s390x images
    in `qemu`.
  - The initrd will now always be rebuilt after the extra trees and build
    artifacts have been installed into the image.
  - The github action has been migrated to Ubuntu Jammy. To migrate any jobs
    using the action, add `runs-on: ubuntu-22.04` to the job config.
  - All images are now configured by default with the `C.UTF-8` locale.
  - New `--repository-directory` option can be used to configure a directory with
    extra repository files to be used by the package manager when building an
    image. Note that this option is currently only supported for `pacman` and
    `dnf`-based distros.
  - Option `--skeleton-tree` is now supported on Debian-based distros.

-------------------------------------------------------------------
Fri Dec  3 14:55:35 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>

- Enable build on aarch64

-------------------------------------------------------------------
Fri Dec  3 06:59:38 UTC 2021 - Sebastian Wagner <sebix+novell.com@sebix.at>

- update to version 12:
  - Fix handling of baselayout in Gentoo installations.

-------------------------------------------------------------------
Thu Nov 25 20:29:17 UTC 2021 - Sebastian Wagner <sebix+novell.com@sebix.at>

- update to version 11:
  - Support for Rocky Linux, Alma Linux, and Gentoo has been added!
  - A new `ManifestFormat=` option can be used to generate "manifest" files that
    describe what packages were installed. With `json`, a JSON file that shows
    the names and versions of all installed packages will be created. With
    `changelog`, a longer human-readable file that shows package descriptions and
    changelogs will be generated. This latter format should be considered
    experimental and likely to change in later versions.
  - A new `RemovePackages=` option can be used to uninstall packages after the
    build and finalize scripts have been done. This is useful for the case where
    packages are required by the build scripts, or pulled in as dependencies
    for scriptlets of other packages, but are not necessary in the final image.
  - A new `BaseImage=` option can be used to build "system extensions" a.k.a.
    "sysexts" — partial images which are mounted on top of an existing system
    to provide additional files under `/usr/`. See the
    [systemd-sysext man page](https://www.freedesktop.org/software/systemd/man/systemd-sysext.html)
    for more information.
  - A new `CleanPackageMetadata=` option can be used to force or disable the
    removal of package manager files. When this option is not used, they are
    removed when the package manager is not installed in the final image.
  - A new `UseHostRepositories=` option instructs mkosi to use repository
    configuration from the host system, instead of the internal list.
  - A new `SshAgent=` option configures the path to the ssh agent.
  - A new `SshPort=` option overrides the port used for ssh.
  - The `Verity=` setting supports a new value `signed`. When set, verity data
    will be signed and the result inserted as an additional partition in the
    image. See https://systemd.io/DISCOVERABLE_PARTITIONS for details about
    signed disk images. This information is used by `systemd-nspawn`,
    `systemd-dissect`, `systemd-sysext`, `systemd-portabled` and `systemd`'s
    `RootImage=` setting (among others) to cryptographically validate the image
    file systems before use.
  - The `--build-environment=` option was renamed to `--environment=` and
    extended to cover *all* invoked scripts, not just the `mkosi.build`.
    The old name is still understood.
  - With `--with-network=never`, `dnf` is called with `--cacheonly`, so that the
    package lists are not refreshed. This gives a degree of reproducibility when
    doing repeated installs with the same package set (and also makes installs
    significantly faster).
  - The `--debug=` option gained a new value `disk` to show information about disk
    sized and partition allocations.
  - Some sections and settings have been renamed for clarity: [Packages] is now
    [Content], `Password=`, `PasswordIsHashed=`, and `Autologin=` are now in
    [Content]. The old names are still supported, but not documented.
  - When `--prepare-script=`/`--build-script=`/`--finalize-script=` is used with
    an empty argument, the corresponding script will not be called.
  - Python 3.7 is the minimal supported version.
  - Note to packagers: the Python `cryptography` module is needed for signing
    of verity data.

-------------------------------------------------------------------
Wed Oct 20 12:18:38 UTC 2021 - Enrico Belleri <idesmi@protonmail.com>

- Update to version 10

-------------------------------------------------------------------
Fri Jan  3 09:36:40 UTC 2020 - Sven Marquardt <dev@mail.smarquardt.space>

- update to version 5
 * no changelog available
 * merged upstream 

-------------------------------------------------------------------
Mon Feb 12 19:22:30 UTC 2018 - sebix+novell.com@sebix.at

- update to version 4
 * no changelog available
 * removed 109.patch, merged upstream

-------------------------------------------------------------------
Thu Jun 29 16:20:46 UTC 2017 - sebix+novell.com@sebix.at

- initial package
- Add 109.patch from pull request at upstream repository, workaround for boo#1049997 and missing support for https URLs in mkosi/zypper