From 019f4d9e7394d7fa5a7a91034223b931dc264f4815f8891cf6c21b13152f049f Mon Sep 17 00:00:00 2001 From: Sebastian Wagner Date: Wed, 21 Aug 2024 06:34:30 +0000 Subject: [PATCH] - Create new subpackage mkosi-initrd-tukit. * This package adds a special mkosi-initrd wrapper to support creating initrds on transactional systems. I.e., with transactional-update, a transaction runs on a chroot, but mkosi requires bubblewrap, which uses pivot_root, and that is known to fail on a chroot environment. - Do not install 50-mkosi.install kernel-install script. * Although kernel-install is provided in openSUSE, it is not run when a kernel is installed or removed (this work is done by suse-module-tools). Also, even calling it manually, it does not support the custom systemd-boot integration in openSUSE. OBS-URL: https://build.opensuse.org/package/show/Virtualization/mkosi?expand=0&rev=43 --- .gitattributes | 23 + .gitignore | 1 + mkosi-23.1.tar.gz | 3 + mkosi-24.3.tar.gz | 3 + mkosi-initrd-chroot.sh | 12 + mkosi-initrd.conf | 59 +++ mkosi.changes | 1024 ++++++++++++++++++++++++++++++++++++++++ mkosi.spec | 162 +++++++ 8 files changed, 1287 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 mkosi-23.1.tar.gz create mode 100644 mkosi-24.3.tar.gz create mode 100644 mkosi-initrd-chroot.sh create mode 100644 mkosi-initrd.conf create mode 100644 mkosi.changes create mode 100644 mkosi.spec diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/mkosi-23.1.tar.gz b/mkosi-23.1.tar.gz new file mode 100644 index 0000000..a176ca7 --- /dev/null +++ b/mkosi-23.1.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:116bd3d848ce767a584ce288ad5a098a47d42067c9b95aa5a6662de33dc04eb9 +size 337863 diff --git a/mkosi-24.3.tar.gz b/mkosi-24.3.tar.gz new file mode 100644 index 0000000..d1a27ee --- /dev/null +++ b/mkosi-24.3.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:27e4ee602089509c20d41e6deabae906368dcdc906e44460656272f546b8e2bd +size 349900 diff --git a/mkosi-initrd-chroot.sh b/mkosi-initrd-chroot.sh new file mode 100644 index 0000000..8dc6357 --- /dev/null +++ b/mkosi-initrd-chroot.sh @@ -0,0 +1,12 @@ +#!/bin/bash + +__mkosi_initrd_chroot_call() { + mount --rbind / /.mkosi-root --mkdir + cd /.mkosi-root + mount --move . / + chroot . /usr/libexec/mkosi-initrd/mkosi-initrd $@ + exit +} +export -f __mkosi_initrd_chroot_call + +unshare --mount /bin/bash -c '__mkosi_initrd_chroot_call $@' -- $@ diff --git a/mkosi-initrd.conf b/mkosi-initrd.conf new file mode 100644 index 0000000..5ba717e --- /dev/null +++ b/mkosi-initrd.conf @@ -0,0 +1,59 @@ +[Content] +RemoveFiles= + /etc/bash_completion.d + /etc/man.conf + /srv + /usr/local/man + /usr/share/bash-completion + /usr/share/bash/helpfiles + /usr/share/doc + /usr/share/fillup-templates + /usr/share/help + /usr/share/icons + /usr/share/info + /usr/share/licenses + /usr/share/locale + /usr/share/man + /usr/share/zsh + /usr/etc/services + /var/adm + + # Keep only C.utf-8 locale + /usr/lib/locale/*_*/ + /usr/lib/locale/??/ + /usr/lib/locale/???/ + + # RPM + /etc/rpm + /usr/bin/gendiff + /usr/bin/rpm* + /usr/lib/rpm + /usr/lib/sysimage + /usr/lib/systemd/system/rpmconfigcheck.service + /usr/lib64/rpm-plugins + /usr/sbin/rpmconfigcheck + /usr/src/packages + + # Zypper + /etc/zypp + /usr/bin/installation_sources + /usr/bin/yzpper + /usr/bin/zypper + /usr/etc/logrotate.d/zypp* + /usr/lib/zypper + /usr/sbin/zypp-refresh + /usr/share/zypper + /var/log/zypp + /var/log/zypper.log + + # YaST2 + /etc/YaST2 + + # suse-module-tools scripts (except unblacklist: bsc#1224320) + /usr/lib/module-init-tools/driver-check.sh + /usr/lib/module-init-tools/get_dracut_drivers + /usr/lib/module-init-tools/lsinitrd-quick + /usr/lib/module-init-tools/weak-modules2 + + # dracut modules installed by other packages + /usr/lib/dracut diff --git a/mkosi.changes b/mkosi.changes new file mode 100644 index 0000000..eaaec3f --- /dev/null +++ b/mkosi.changes @@ -0,0 +1,1024 @@ +------------------------------------------------------------------- +Tue Aug 20 11:26:10 UTC 2024 - Antonio Feijoo + +- Create new subpackage mkosi-initrd-tukit. + * This package adds a special mkosi-initrd wrapper to support creating initrds + on transactional systems. I.e., with transactional-update, a transaction + runs on a chroot, but mkosi requires bubblewrap, which uses pivot_root, and + that is known to fail on a chroot environment. + +- Do not install 50-mkosi.install kernel-install script. + * Although kernel-install is provided in openSUSE, it is not run when a kernel + is installed or removed (this work is done by suse-module-tools). Also, even + calling it manually, it does not support the custom systemd-boot integration + in openSUSE. + +------------------------------------------------------------------- +Thu Aug 1 13:29:36 UTC 2024 - Sebastian Wagner + +- remove env-shebang from /usr/lib/kernel/install.d/50-mkosi.install + +------------------------------------------------------------------- +Tue Jul 30 12:16:44 UTC 2024 - Antonio Feijoo + +- Create new subpackage mkosi-initrd +- Add file %{_prefix}/lib/mkosi-initrd/mkosi.conf + +------------------------------------------------------------------- +Sun Jul 28 21:38:24 UTC 2024 - Fredrik Lönnegren + +- Update to 24.3: + * Check for $HOME environment variable as well. + +- Update to 24.2: + * Look for $USER for the username before reading /etc/passwd + +- Update to 24.1: + * completion: fix bash completion script + * Add some documentation on how to implement a new distribution + * Add missing init.py to mkosi/initrd/resources + * Handle dangling symlinks in rmtree() and run_clean() + * Handle failure to detect the distribution in test_parse_config() + +- Update to 24: + * The default kernel command line of console=ttyS0 (or equivalent for + other architectures) has been removed. The required console= + argument to have the kernel output to the serial console has to be + added manually from v24 onwards. + * Support for installing local packages located in directories in + BuildSources= was dropped. Instead, the packages can be made + available for installation via PackageManagerTrees=. + * Configuration parsing was reworked to remove the need for the @ + specifier and to streamline building multiple images with + mkosi.images/. If you were building multiple images with + mkosi.images/, you'll need to adapt your configuration to the + rework. Read the Building multiple images section in the + documentation for more information. + * mkosi has gained the option to generate completion scripts for bash, + fish and zsh. Packagers should generate the scripts during packaging + and ship them in the appropriate places. + * Added support for CentOS Stream 10. + * mkosi now installs a separate mkosi-initrd script that can be used + to build initramfs images intended for use on the local system. + * We do not automatically append centos-stream or fedora anymore to + CentOS (and derivatives) and Fedora mirrors specified with Mirror= + as not all mirrors store the repository metadata under these + subdirectories. Users are now required to add these subdirectories + themselves in Mirror=. If the EPEL repositories are enabled for + CentOS Stream (and derivatives) and Mirror= is used, we look for the + EPEL repositories in ../fedora relative to the mirror specified in + Mirror=. + * We now support compressed tar archives wherever we already accept tar + archives as input. + * We now always rerun the build if Format=none and don't remove + previous outputs in that case (unless --force is specified). This + allows using mkosi -t none to rerun the build scripts without + removing the previous image. This can then be combined with + RuntimeBuildSources=yes to make the build script outputs available + in a booted container or virtual machine so they can be installed + without having to rebuild the image. + * We now use virtconsole to provide the serial console when booting + with qemu. + * root=PARTUUID and mount.usr=PARTUUID on the kernel command line + are now automatically extended with the actual PARTUUID of the + corresponding partition. + * All available OpenSUSE repositories are now supported and can be + enabled with Repositories=. + * Building OpenSUSE aarch64 images is now supported + * mkosi dependencies was beefed up to handle more scenarios properly + * The default list of kernel modules that are always added to the + initramfs was extended with various virtualization modules. + * Added a Repositories= match. + * Cached images are now invalidated if packages specified via + PackageDirectories= change. + * Added VolatilePackageDirectories= which can be used to provide local + packages that do not invalidate cached images. + * mkosi.pkgmngr is now used as the default path for + PackageManagerTrees=. + * The package directory that build scripts can use to make built + packages available for installation ($PACKAGEDIR) is now shared + between all image builds. This means that packages built in earlier + images and stored in $PACKAGEDIR become available for installation + in all subsequent image builds. + * The default tools tree distribution is now chosen based on the host + distribution instead of the target distribution. + * mkosi can now be invoked from the initramfs. + +------------------------------------------------------------------- +Thu Jun 13 09:23:17 UTC 2024 - Antonio Feijoo + +- Update package summary and description. + * BIOS support was removed in v14, but restored in v16. + +- Remove dnf dependency. + * With openSUSE, zypper is a sufficient requirement for mkosi to work. + +------------------------------------------------------------------- +Wed Jun 12 20:26:36 UTC 2024 - Sebastian Wagner + +- Removed obsolete patch opensuse-dont-install-distribution-release-by-default.patch + +------------------------------------------------------------------- +Wed Jun 12 18:51:56 UTC 2024 - Fredrik Lönnegren + +- Update to 23.1: + * Respin due to git tag mismatch + +- Update to 23: + * Added CleanScripts= to allow running custom cleanup code whenever + mkosi cleans up the output directory. This allows cleaning up extra + outputs produced by e.g. a build script that mkosi doesn't know about. + * Added ConfigureScripts= to allow dynamically modifying the mkosi + configuration. Each configure script receives the current config as + JSON on stdin and should output the new config as JSON on stdout. + * When building a UKI, we don't measure for the TPM SHA1 PCR bank + anymore. + * All keys in the mkosi config JSON output are now in pascal case, + except for credentials and environments, where the keys encode names + of credentials and environment variables and are therefore case + sensitive. + * Added various settings to allow running mkosi behind a proxy. + * Various fixes to kernel module filtering that should result in fewer + modules being pulled into the default initrd when + KernelModulesExclude= or KernelModulesInitrdExclude= are used. + * Added ToolsTreeDistribution= match. + * Removed vmspawn verb and replaced it with VirtualMachineMonitor=. + * New specifiers for various directories were added. %D resolves to + the directory that mkosi was invoked in, %P to the current working + directory, and %C to the parent directory of the config file. + * Added ForwardJournal= to have systemd inside a container/VM forward + its journal to the specified file or directory. + Systemd scopes are now allocated for qemu, swtpm, virtiofsd and + systemd-journal-remote if available. + * The mkosi qemu virtual machine is now registered with + systemd-machined if available. + * Added new oci output format + * Runtime trees without a target are now mounted to /root/src instead + of a subdirectory of it (To have the same behaviour as + BuildSources=). + * Added RuntimeBuildSources= to mount build and source directories + when booting the image with mkosi nspawn or mkosi qemu. + Introduced --append to allow command line settings to be parsed + after parsing configuration files. + * distribution-release is not installed by default anymore on + OpenSUSE. + * Setting QemuSmp= to 0 will now make qemu use all available CPUs + * Free page reporting and discard request processing are now enabled by + default in VMs spawned by mkosi qemu. + * Added ToolsTreeCertificates= to allow configuring whether to use + certificates and keys from the tools tree (if one is used) or the + host. + * Added never for CacheOnly= to specify that repository metadata + should always be refreshed. + * Renamed the none option for CacheOnly= to auto. + * Added ProxyExclude= to configure hostnames for which requests should + not go through the configured proxy. + * The default tools tree is now reused on incremental builds. + * Added VolatilePackages= and InitrdVolatilePackages= to configure + packages that should be installed after executing build scripts and + which should not be cached when using Incremental=. + * PackageDirectories= now has an associated default path + mkosi.packages. + * reprepro is now used to generate local apt repositories. + * Support for BSD tar/cpio was dropped. + * When both ExtraSearchPaths= and ToolsTree= are used, mkosi will + now prefer running a binary found in ExtraSearchPaths= without the + tools tree over running the binary from the tools tree. If a binary is + not found in ExtraSearchPaths=, the tools tree is used instead. + * An artifact directory is now made available when running scripts which + can be used to pass around data between different scripts. mkosi will + also look for microcode and initrds in the artifact directory under + the io.mkosi.microcode and io.mkosi.initrd subdirectories. + * Added Environment= match setting to check for environment variables + defined with the Environment= setting. + * The basesystem package is now always installed in Fedora and + CentOS images instead of the filesystem package. + * The qemu, shell and boot verbs do not automatically build the + image anymore unless --force is specified. + * SplitArtifacts= is now supported for the portable, sysext and + confext outputs. + * The WithDocs= option was implemented for pacman-based distributions. + * The default Fedora release was bumped to 40. + * QemuSwtpm= can now be used with QemuFirmware= set to linux or + bios. + * Added UnitProperties= to allow configure properties on the scopes + generated by systemd-nspawn and systemd-run. + * mkosi now only builds a single default tools tree per build using the + settings from the last regular image that we'll build. + * Configure scripts are now only executed for verbs which imply an image + build and are executed with the tools tree instead of without it. + * $QEMU_ARCHITECTURE is now set for configure scripts to easily allow + scripts to figure out which qemu binary will be used to run qemu. + * A file ID can now be specified for QemuDrives=. This allows adding + multiple qemu drives that are backed by the same file. + * mkosi doesn't fail anymore if images already exist when running + mkosi build. + * Image names from mkosi.images/ are now preferred over the specified + image ID when determining the output filename to use for an image. + --include now has a shorthand option -I. + * The WITH_NETWORK environment variable is now passed to build and + finalize scripts. + * We now clamp mtimes to the specified source date epoch timestamp + instead of resetting all mtimes. This means that we won't touch any + mtimes that are already older than the given source date epoch + timestamp. + * Removed support for CentOS 8 Stream as it is now EOL. + * The coredumpctl and journalctl verbs now operrate on the path + specified in ForwardJournal= if one is set. + * Added UnifiedKernelImageFormat= format setting to allow configuring + the naming of unified kernel images generated by mkosi. + * The versionlock plugin is now enabled by default for dnf with a noop + configuration. + * Repositories= is now implemented for zypper. + * KernelModulesInclude= and KernelModulesInitrdInclude= now take the + special values host and default to include the host's loaded + modules and the default kernel modules defined in mkosi-initrd + respectively. + * KernelModulesIncludeHost= and KernelModulesInitrdIncludeHost= are + now deprecated. + * Added mkosi dependencies to output the list of packages required by + mkosi to build and boot images. + +------------------------------------------------------------------- +Tue Jun 4 13:59:06 UTC 2024 - Franck Bui + +- Drop requirement on systemd-experimental. + + It's no longer necessary as systemd-repart is no more considered as an + experimental tool and is now shipped by udev. Also the hard requirement was a + bit too strong since systemd-repart is only required when building disk + images. + +------------------------------------------------------------------- +Mon May 27 15:50:17 UTC 2024 - Alberto Planas Dominguez + +- Add opensuse-dont-install-distribution-release-by-default.patch + +------------------------------------------------------------------- +Tue Mar 26 14:37:39 UTC 2024 - Richard Brown + +- Correct dependencies after discussions with upstream + * Requires: systemd-experimental for systemd-repart needed to build disk images + * Requires: bubblewrap as bbwrap is called during build + * Requires: zypper + * Recommends: squashfs, tar, and xz as they are all optional features + * Remove recommends for tools they no longer support + +------------------------------------------------------------------- +Fri Mar 15 08:27:02 UTC 2024 - Fredrik Lönnegren + +- Update to 22: + * We'll now try to delete btrfs subvolumes with btrfs subvolume delete + first before falling back to recursively deleting the directory. + * The invoking user is now always mapped to root when running sync + scripts. This fixes an issue where we would fail when a package + manager tree or skeleton tree contained a /usr directory as we would + not have permissions to run mount in the sandbox. + * We now use qemu's official firmware descriptions to find EDK2/OVMF + UEFI firmware. Addititionally, QemuFirmware=uefi now boots without + SecureBoot support, and QemuFirmware=uefi-secure-boot was introduced + to boot with SecureBoot support. By default we will still boot with + SecureBoot support if QemuFirmware=auto. + * Added support for QemuFirmwareVariables=custom and + QemuFirmwareVariables=microsoft to use OVMF/EDK2 variables with + either the user's custom keys enrolled or with the Microsoft keys + enrolled. + * Added UnifiedKernelImages= to control whether we generate unified + kernel images or not. + * Bootloader=grub will now generate a grub EFI image and install it. + If SecureBoot= is enabled and ShimBootloader= is not set to + signed, the grub EFI image will be signed for SecureBoot. + * ShimBootloader=signed will now also instruct mkosi to look for and + install already signed grub, systemd-boot, kernel and UKI binaries. + * We now build grub images with a fixed set of modules and don't copy + any grub modules to the ESP anymore. + * The configuration is now made available as a JSON file to all mkosi + scripts via the $MKOSI_CONFIG environment variable. + * $PROFILE is now set for all mkosi scripts containing the value of + Profile= if it is set. + +------------------------------------------------------------------- +Mon Mar 11 14:34:03 UTC 2024 - Joshua Smith + +- Update to 21: + * We now handle unmerged-usr systems correctly + * Builtin configs (mkosi-initrd, mkosi-tools) can now be included + using Include= (e.g. Include=mkosi-initrd) + * The kernel-install plugin now uses the builtin mkosi-initrd + config so there's no need anymore to copy the full mkosi-initrd + config into /usr/lib/mkosi-initrd. + * We don't require a build anymore for the journalctl and + coredumpctl verbs. + * mkosi ssh works again when used with ToolsTree=default + * We now use .zst instead of .zstd for compressed split artifacts + produced by systemd-repart. + * systemd-repart uses a persistent temporary directory again for + assembling images instead of a tmpfs. + * Added MicrocodeHost= setting to only include the CPU specific + microcode for the current host system. + * The kernel-install plugin now only includes the CPU specific + microcode + * Introduced PackageCacheDirectory= to set the directory for + package manager caches. This setting defaults to a suitable + location in the system or user directory depending on how mkosi + is invoked. + * CacheDirectory= is only used for incremental cached images now. + * Repository metadata is now synced once at the start of each + image build and never during an image build. Each image + includes a snapshot of the repository metadata in the canonical + locations in /var so that incremental images and extension + images can reuse the same snapshot. When building an image + intended to be used with + * BaseTrees=, disable CleanPackageMetadata= to make sure the + repository metadata in /var is not cleaned up, otherwise any + extension images using this image as their base tree will not + be able to install additional packages. + * Implemented CacheOnly=metadata. Note that in the JSON output, + the value of CacheOnly= will now be a string instead of a + boolean. + * Added CompressLevel= to set the compression level to use. + * Dropped experimental Gentoo support. + * Added TriggerMatch= to specify multiple match sections of which + only one should be satisfied. + * Added jq, attr, acl, git, sed, grep and findutils to the + default tools tree. + * Added mkosi-install, mkosi-upgrade, mkosi-remove and + mkosi-reinstall scripts which allow writing scripts that are + independent of the package manager being used to build the + image. + * We now expand specifiers in Match section values + * Made GPG key handling for Fedora rawhide more robust + * If systemd-repart 256 or newer is available, mkosi will + instruct it to generate /etc/fstab and /etc/crypttab for the + image if any partition definitions contain the corresponding + settings (MountPoint= and EncryptedVolume=). + * bash is now started in the debug shell instead of sh. + * The default release for Ubuntu is now noble. + * Ubuntu is now used as the default tools tree distribution for + Ubuntu instead of Debian. + * Added mkosi vmspawn which boots the image with systemd-vmspawn. + * Note that systemd-vmspawn is experimental and its interface + may still change. As such mkosi vmspawn is also considered + experimental. + * Note that systemd-vmspawn version 256 or newer is required. + * Added SyncScripts= which can be used to update various build + sources before starting the image build. + * The DISTRIBUTION= and RELEASE= environment variables are now + set when running scripts. + * Added ToolsTreeRepositories= and ToolsTreePackageManagerTrees=. + * Added RuntimeNetwork= to configure the networking used when + booting the image. + * Added SecureBootKeySource= and VerityKeySource= to support + signing images with OpenSSL engines. Note that these settings + require various systemd tools to be version 256 or newer. + * We don't clean up package manager metadata anymore unless + explicitly requested with CleanPackageManagerMetadata=yes when + building directory and tar images. + +------------------------------------------------------------------- +Mon Jan 22 14:07:58 UTC 2024 - Dirk Müller + +- update to 20.2: + * Fixed a bug in signing unsigned shim EFI binaries. + * We now build an early microcode initrd in the mkosi kernel- + install plugin. + * Added `PackageDirectories=` to allow providing extra packages + to be made available during the build. + * Fixed issue where `KernelModulesIncludeHost` was including + unnecessary modules + * Fixed `--mirror` specification for CentOS (and variants) and + Fedora. + * Previously a subdirectory within the mirror had to be + specified which prevented using CentOS and EPEL repositories + from the same mirror. Now only the URL has be specified. + * We now mount package manager cache directories when running + scripts on the host so that any packages installed in scripts + are properly cached. + * We don't download filelists on Fedora anymore + * Nested build sources don't cause errors anymore when trying + to install packages. + * We don't try to build the same tools tree more than once + anymore when building multiple images. + * We now create the `/etc/mtab` compatibility symlink in + mkosi's sandbox. + * We now always hash the root password ourselves instead of + leaving it to `systemd-firstboot`. + * `/srv` and `/mnt` are not mounted read-only anymore during + builds. + * Fixed a crash when running mkosi in a directory with fewer + than two parent directories. + * Implemented `RepositoryKeyCheck=` for apt-based + distributions. + +------------------------------------------------------------------- +Mon Jan 22 09:58:59 UTC 2024 - Dirk Müller + +- update to 20.1: + * `BuildSources=` are now mounted when we install packages so + local packages can be made available in the sandbox. + * Fixed check to see if we're running as root which makes sure + we don't do shared mounts when running as root. + * The extension release file is now actually written when + building system or configuration extensions. + * The nspawn settings are copied to the output directory again. + * Incremental caching is now skipped when `Overlay=` is enabled + as this combination isn't supported. + * The SELinux relabel check is more granular and now checks for + all required files instead of just whether there's a policy + configured. + * `qemu-system-xxx` binaries are now preferred over the generic + `qemu` and `qemu-kvm` binaries. + * Grub tools from the tools tree are now used to install grub + instead of grub tools from the image itself. The grub tools + were added to the default tools trees as well. + * The pacman keyring in tools trees is now only populated from + the Arch Linux keyring (and not the Debian/Ubuntu ones anymore). + * `gpg` is allowed to access `/run/pscsd/pscsd.comm` on the + host if it exists to allow interaction with smartcards. + * The current working directory is not mounted unconditionally + to `/work/src` anymore. Instead, the default value for + `BuildSources=` now mounts the current working directory + to `/work/src`. This means that the current working directory + is no longer implicitly included when `BuildSources=` is + explicitly configured. + * Assigning the empty string to a setting that takes a list of + values now overrides any configured default value as well. + * The github action does not build and install systemd from + source anymore. Instead, `ToolsTree=default` can be used to + make sure a recent version of systemd is used to do the image + build. + * Added `EnvironmentFiles=` to read environment variables from + * environment files. + * We drastically reduced how much of the host system we expose + to scripts. Aside from `/usr`, a few directories in `/etc`, + `/tmp`, `/var/tmp` and various directories configured in mkosi + settings, all host directories are hidden from scripts, + package managers and other tools executed by mkosi. + * Added `RuntimeScratch=` to automatically mount a directory + with extra scratch space into mkosi-spawned containers and + virtual machines. + * Package manager trees can now be used to configure every tool + invoked by mkosi while building an image that reads config + files from `/etc` or `/usr`. + * Added `SELinuxRelabel=` to specify whether to relabel selinux + files or not. + * Many fixes to tools trees were made and tools trees are now + covered by CI. Some combinations aren't possible yet but + we're actively working to make these possible. + * `mkosi qemu` now supports direct kernel boots of `s390x` and + `powerpc` images. + * Added `HostArchitecture=` match to match against the host + * architecture. + * We don't use the user's SSH public/private keypair anymore + for `mkosi ssh` but instead use a separate key pair which + can be generated by `mkosi genkey`. Users using `mkosi ssh` + will have to run `mkosi genkey` once to generate the necessary + files to keep `mkosi ssh` working. + * We don't automatically set `--offline=no` anymore when we + detect the `Subvolumes=` setting is used in a `systemd-repart` + partition definition file. Instead, use the new + `RepartOffline=` option to explicitly disable running + `systemd-repart` in offline mode. + * During the image build we now install UKIs/kernels/initrds to + `/boot` instead of `/efi`. While this will generally not be + noticeable, users with custom systemd-repart ESP partition + definitions will need to add `CopyFiles=/boot:/` along with + the usual `CopyFiles=/efi:/` to their ESP partition + definitions. By installing UKIs/kernels/initrds + to `/boot`, it becomes possible to use `/boot` to populate an + XBOOTLDR partition which wasn't possible before. Note that + this is also safe to do before `v20` so `CopyFiles=/boot:/` + can unconditionally be added to any ESP partition definition + files. + * Added `QemuFirmwareVariables=` to allow specifying a custom + OVMF variables file to use. + * Added `MinimumVersion=` to allow specifying the minimum + required mkosi version to build an image. + * Added support for Arch Linux's debug repositories. + * Merged the mkosi-initrd project into mkosi itself. mkosi- + initrd is now used to build the default initrd. + * Implemented mkosi-initrd for all supported distributions. + * Added `ShimBootloader=` to support installing shim to the + ESP. + * Added sysext, confext and portable output formats. These will + produce signed disk images that can be used as sysexts, + confexts and portable services respectively. + * Added `QemuVsockConnectionId=` to configure how to allocate + the vsock connection ID when `QemUVsock=` is enabled. + * Added documentation on how to build sysexts with mkosi. + * Global systemd user presets are now also configured. + * Implemented `WithDocs=` for `apt`. + * On supported package managers, locale data for other locales + is now stripped if the local is explicitly configured using + `Locale=`. + * All `rpm` plugins are now disabled when building images. + * Added `KernelModulesIncludeHost=` and + `KernelModulesInitrdIncludeHost=` to only include modules + loaded on the host system in the image/initrd respectively. + * Implemented `RemovePackages=` for Arch Linux. + * Added `useradd` and `groupadd` scripts to configure these + binaries to operate on the image during builds instead on + the host. + * Added microcode support. If installed into the image, an + early microcode initrd will automatically be built and + prepended to the initrd. + * A passwordless root account may now be created by specifying + `hashed:`. + * The `Autologin=` feature was extended with support for + `arm64`, `s390x` and `powerpc` architectures. + * Added `SecureBootAutoEnroll=` to control automatic enrollment + of secureboot keys separately from signing `systemd-boot` + and generated UKIs. + * `ImageVersion=` is no longer automatically appended to the + output files, instead this is automatically appended to + `Output=` if not specified and results in the `%o` specifier + being equivalent to `%i` or `%i_%v` depending on whether + `ImageVersion=` is specified. + +------------------------------------------------------------------- +Mon Nov 20 09:21:06 UTC 2023 - Fredrik Lönnegren +- update to v19: + * Support for RHEL was added! + * Added journalctl and coredumpctl verbs for running the respective tools on + built directory or disk images. + * Added a burn verb to write the output image to a block device. + * Added a new esp output format, which is large similar to the existing uki + output format but wraps it in a disk image with only an ESP. + * Presets were renamed to Images. mkosi.images/ is now used instead of + mkosi.presets/, the Presets= setting was renamed to Images= and the Presets + section was merged into the Config section. The old names can still be used + for backwards compatibility. + * Added profiles to support building variants of the same image in one + repository. Profiles can be defined in mkosi.profiles/ and one can be + selected using the new Profile= setting. + * mkosi will now parse mkosi.local.conf before any other config files if that + exists. + * Added a kernel-install plugin. This is only shipped in source tree and not + included in the Python module. + * Added a --json option to get the output of mkosi summary as JSON. + * Added shorthand -a for --autologin. + * Scripts with the .chroot extension are now executed in the image + automatically. + * Added rpm helper script to have rpm automatically operate on the image when + running scripts. + * Added mkosi-as-caller helper script that can be used in scripts to run + commands as the user invoking mkosi. + * mkosi-chroot will now start a shell if no arguments are specified. + * Added WithRecommends= to configure whether to install recommended packages + by default or not where this is supported. It is disabled by default. + * Added ToolsTreeMirror= setting for configuring the mirror to use for the + default tools tree. + * WithDocs= is now enabled by default. + * Added BuildSourcesEphemeral= to make source directories ephemeral when + running scripts. This means any changes made to source directories while + running scripts will be undone after the scripts have finished executing. + * Added QemuDrives= to have mkosi create extra qemu drives and pass them to + qemu when using the qemu verb. + * Added BuildSources= match to match against configured build source targets. + * PackageManagerTrees= was moved to the Distribution section. + * We now automatically configure the qemu firmware, kernel cmdline and initrd + based on what type of kernel is passed by the user via -kernel or + QemuKernel=. + * The mkosi repository itself now ships configuration to build basic bootable + images that can be used to test mkosi. + * Added support for enabling updates-testing repositories for Fedora. + * GPG keys for CentOS, Fedora, Alma and Rocky are now looked up locally first + before fetching them remotely. + * Signatures are not required for local packages on Arch anymore. + * Packages on opensuse are now always downloaded in advance before + installation when using zypper. + * The tar output is now reproducible. + * We now make sure git can be executed from mkosi scripts without running + into permission errors. + * We don't create subdirectories beneath the configured cache directory anymore. + * Workspace directories are now created outside of any source directories. + mkosi will either use XDG_CACHE_HOME, $HOME/.cache or /var/tmp depending on + the situation. + * Added environment variable MKOSI_DNF to override which dnf to use for + building images (dnf or dnf5). + * The rootfs can now be modified when running build scripts (with all changes + thrown away after the last build script has been executed). + * mkosi now fails if configuration specified via the CLI does not apply to + any image (because it is overridden). + * Added a new doc on building rpms from source with mkosi + (docs/building-rpms-from-source.md). + * /etc/resolv.conf will now only be mounted for scripts when they are run + with network access. + +------------------------------------------------------------------- +Sat Nov 18 13:17:19 UTC 2023 - Sebastian Wagner + +- set singlepython version to python3 instead of python311 to allow build on Leap and not require changes on every Python change in Tumbleweed + +------------------------------------------------------------------- +Mon Nov 14 08:20:28 UTC 2023 - Fredrik Lönnegren +- update to v18: + * $SCRIPT was renamed to $CHROOT_SCRIPT. $SCRIPT can still be used + but is considered deprecated. + * Added RuntimeTrees= setting to mount directories when booting images + via mkosi boot, mkosi shell or mkosi qemu. The directories are + mounted with a uid map that maps the user invoking mkosi to the root + user so that all files in the directory appear as if owned by the root + user in the container or virtual machine and any new files created in + the directories are owned by the user invoking mkosi. To make this + work in VMs, we use VirtioFS via virtiofsd. Note that this + requires systemd v254 or newer to be installed in the image. + * Added support for booting directory images with mkosi qemu via + VirtioFS. When CONFIG_VIRTIOFS and CONFIG_VIRTIO_PCI are builtin + modules, no initramfs is required to make this work. + * Added Include= or --include to include extra configuration files + or directories. + * Added support for specifiers to access the current value of certain + settings during configuration file parsing. + * mkosi will now exit with an error when no configuration was + provided. + * Multiple scripts of the same type are now supported. + * Custom distributions are now supported via the new custom + distribution. When using custom as the distribution, the rootfs must + be provided via base trees, skeleton trees or prepare scripts. + * We now use local GPG keys for rpm based distributions if the + distribution-gpg-keys package is installed on the host. + * Added RuntimeSize= to grow the image to a specific size before + booting it when using mkosi boot or mkosi qemu. + * We now set MKOSI_UID and MKOSI_GID when running scripts which are + set to the uid and gid of the user invoking mkosi respectively. These + can be used to run commands as the user that invoked mkosi. + * Added an Architecture= match + * Initrds specified with Initrds= are now used for grub menuentries as + well. + * ImageId= and ImageVersion= are now written to os-release as + IMAGE_ID and IMAGE_VERSION if provided. + * We pass command line arguments passed to the build verb to the build + script again. + * We added support for the "RHEL Universal Base Image" distribution. + +- update to v17.1: + * Fixed bug where --autologin was broken when used in combination with + a tools tree when using a packaged version of mkosi. + +- update to v17: + * Added ToolsTreePackages= to add extra packages to the default tools + tree. + * Added SystemdVersion= match to match on the host's systemd version + * Added Format= match to match on the configured output format + * Presets= can now be configured in global configuration files to select + which presets to build + * UKIs can now be booted using direct linux boot. + * We don't try to make images UEFI bootable anymore on architectures + that do not support UEFI + * Fixed --help to show all options again + * We now warn when settings are configured in the wrong section + +- update to v16: + * mkosi.version is now picked up from preset and dropin directories as + well following the usual config precedence logic + * Removed the "first assignment wins" logic from configuration parsing. + Settings parsed later will now override earlier values + * Removed the ! operator for lists. Instead, assign the empty string + to the list to remove all previous values. + * Added support for configuring custom default values for settings by + prefixing their name in the configuration file with @. + * Added QemuCdrom= to attach the image to the virtual machine as a + CD-ROM instead of a block device. + * Added SectorSize= to set the sector size of the disk images built by + systemd-repart. + * Added back grub support (BIOS/UEFI). Note that we don't install grub + on UEFI yet but we do add the necessary configuration and partitions. + * Added Bootloader= option to configure which EFI bootloader to + install. Added uki option to install just the UKI without + systemd-boot and grub to generate grub configuration to chainload + into the built UKIs. + * Added BiosBootloader= to configure whether grub for BIOS gets + installed or not. + * Added QemuFirmware= to select which qemu firmware to use (OVMF, + Seabios or direct kernel boot). + * Added QemuKernel= to specify the kernel that should be used with + direct kernel boot. + * /var/lib/dbus/machine-id is now removed if it was added by a package + manager postinstall script. + * The manifest is not generated by default anymore. Use + ManifestFormat=json to make sure the manifest is generated. + * Added SourceDateEpoch= to enable more reproducible image builds. + * Added Seed= to set the seed passed to systemd-repart. + * Updated the default Fedora release to Fedora 39. + * If ToolsTree= is set to default, mkosi will now build a default + tools tree containing all the necessary tools to build images. The + distribution and release to use can be configured with + ToolsTreeDistribution= and ToolsTreeRelease= or are determined + automatically based on the image being built. + * Added uki output format. This is similar to cpio, except the cpio + is packaged up as a UKI with a kernel image and stub picked up from + the rootfs. + +- update to v15.1: + * Migrated to systemd-repart. Many options are dropped in favor of specifying them directly + in repart partition definition files: + - Format=gpt_xxx options are replaced with a single "disk" options. Filesystem to use can now be specified with repart's Format= option + - Format=plain_squashfs (Can be reproduced by a single repart squashfs + root partition combined with SplitArtifacts=yes) + - Verity= (Replaced by repart's Verity= options) + - Encrypt= (Replaced by repart's Encrypt= option) + - RootSize=, HomeSize=, VarSize=, TmpSize=, ESPSize=, SwapSize=, SrvSize= + (Replaced by repart's size options) + - UsrOnly= (replaced with CopyFiles=/:/usr in a usr partition definition) + - OutputSplitRoot=, OutputSplitVerity=, (Replaced by repart's SplitName= option) + - OutputSplitKernel= (UKI is now always written to its own output file) + - GPTFirstLBA (Removed, no equivalent in repart) + - ReadOnly= (Replaced by repart's ReadOnly= option per partition) + - Minimize= (Replaced by repart's Minimize= option per partition) + - CompressFs= (No equivalent in repart, can be replicated by replacing mkfs. + in $PATH with a script that adds the necessary command line option) + - MkSquashfs= (Can be replaced with a script in $PATH that invokes + the correct binary) + * We also remove the WithoutUnifiedKernelImages= switch as building unified + kernel images is trivial and fast these days. + * Support for --qemu-boot was dropped + * Support for --use-host-repositories was dropped, use --repository-directory instead + * RepositoryDirectory was removed, use PackageManagerTrees= or SkeletonTrees= instead. + * --repositories is now only usable on Debian/RPM based distros and can only be used to enable additional + repositories. Specifically, it cannot be used on Arch Linux anymore to add new repositories. + * The _epel distributions were removed. Use --repositories=epel instead to enable + the EPEL repository. + * Removed -stream from CentOS release specifiers. Instead of specifying 8-stream, + you know just specify 8. + * Removed default kernel command line arguments rhgb, selinux=0 and audit=0. + * Dropped --all and --all-directory as this functionality is better implemented by + using a build system. + * mkosi now builds images without needing root privileges. + * Removed --no-chown, --idmap and --nspawn-keep-unit options as they were made obsolete by moving to + rootless builds. + * Removed --source-file-transfer, --source-file-transfer-final, --source-resolve-symlinks and + --source-resolve-symlinks-final in favor of always mounting the source directory into the build image. + --source-file-transfer-final might be reimplemented in the future using virtiofsd. + * Dropped --include-dir option. Usage can be replaced by using --incremental and reading includes from + the cached build image tree. + * Removed --machine-id in favor of shipping images without a machine ID at all. + * Removed --skip-final-phase as we only have a single phase now. + * The post install script is only called for the final image now and not for the build image anymore. Use the + prepare script instead. + * --ssh-key, --ssh-agent, --ssh-port and --ssh-timeout options were dropped as the SSH support was + reimplemented using VSock. mkosi ssh can only be used with images booted with mkosi qemu. Use + machinectl to access images booted with mkosi boot. Use --extra-tree or --credential with the + .ssh.authorized_keys.root credentials as alternatives for provisioning the public key inside the image. + * Only configuration files matching *.conf are parsed in dropin directories now. + * Removed --qemu-headless, we now start qemu in the terminal by default and configure the serial console at + runtime. Use the new --qemu-gui option to start qemu in its graphical interface. + * Removed --netdev. Can be replaced by manually installing systemd-networkd, putting a network file in the + image and enabling systemd-networkd. + * If mkosi.extra/ or mkosi.skeleton/ exist, they are now always used instead of only when no explicit + extra/skeleton trees are defined. + * mkosi doesn't install any default packages anymore aside from packages required by the distro or the base + filesystem layout package if there are no required packages. In practice, this means systemd and other + basic tools have to be installed explicitly from now on. + * Removed --base-packages as it's not needed anymore since we don't install any packages by default anymore + aside from the base filesystem layout package. + * Removed --qcow2 option in favor of supporting only raw disk images as the disk image output format. + * Removed --bmap option as it can be trivially added manually by utilizing a finalize script. + * The never value for --with-network was spun of into its own custom option --cache-only. + * --bootable now defaults to auto. When set to auto, mkosi will generate a bootable image only if all + the necessary packages are installed. Documentation was added in docs/bootable.md on how a bootable image + can be generated on mainstream distros. + * The RPM db is no longer rebuilt in bdb format on CentOS Stream 8. To be able to install packages on a + CentOS Stream 8 image with a RPM db in sqlite format, rewrite the db in bdb format using + rpm --rebuilddb --define _db_backend bdb. + * Repositories are now only written to /etc/apt/sources.list if apt is installed in the image. + * Removed the dependency on debootstrap to build Ubuntu or Debian images. + * Apt now uses the keyring from the host instead of the keyring from the image. This means + debian-archive-keyring or ubuntu-archive-keyring are now required to be installed to build Debian or + Ubuntu images respectively. + * --base-image is split into --base-tree and --overlay. + * Removed --cache-initrd, instead, use a prebuilt initrd with Initrds= to avoid rebuilding the initrd all + the time. + * Disk images are now resized to 8G when booted to give some disk space to play around with in the booted + image. + * Removed --install-directory= option. This was originally added for caching the installation results, but + this doesn't work properly as it might result in leftover files in the install directory from a previous + installation, so we have to empty the directory before reusing it, invalidating the caching, so the option + was removed. + * Build scripts are now executed on the host. See the SCRIPTS section + in the manual for more information. Existing build scripts will need + to be updated to make sure they keep working. Specifically, most paths + in scripts will need to be prefixed with $BUILDROOT to have them + operate on the image instead of on the host system. To ensure the host + system cannot be modified when running a script, most host directories + are mounted read-only when running a script to ensure a script cannot + modify the host in any way. Alternatively to making the script run on + the host, the script can also still be executed in the image itself by + putting the following snippet at the top of the script: + + if [ "$container" != "mkosi" ]; then + exec mkosi-chroot "$SCRIPT" "$@" + fi + * Removed --tar-strip-selinux-context= option. We now label all files + properly if selinux is enabled and if users don't want the labels, + they can simply exclude them when extracting the archive. + * Gentoo is now marked as experimental and unsupported and there's no + guarantee at all that it will work. Issues related to gentoo will + generally not receive attention from core maintainers. All gentoo + specific hacks outside of the gentoo implementation module have been + removed. + * A verb documentation has been added. Calling mkosi with this verb will show + the documentation. This is useful when running mkosi during development to + always have the documentation in the correct version available. By default it + will try several ways to output the documentation, but a specific option can + be chosen with the --doc-format option. Distro packagers are encouraged to + add a file mkosi.1 into the mkosi/resources directory of the Python + package, if it is missing, as well es install it in the appropriate search + path for man pages. The man page can be generated from the markdown file + mkosi/resources/mkosi.md e.g via pandoc -t man -s -o mkosi.1 mkosi.md. + * The man page can be generated from the markdown file via + tools/make-man-page.sh. + * Fixed issue where not all packages and data files where included in + the generated python package. + * mkosi doesn't try to unshare the network namespace anymore when it + doesn't have CAP_NET_ADMIN. + * Fixed issue when the workspace was located in /tmp. + * Don't try to run timedatectl or ssh-add when they're not installed. + +------------------------------------------------------------------- +Sat Dec 3 22:08:17 UTC 2022 - Dirk Müller + +- update to v14: + * mkosi now creates distro~release subdirectories inside the build, cache + and output directories for each distro~release combination that is + built. This allows building for multiple distros without throwing away + the results of a previous distro build every time. + * The preferred names for mkosi configuration files and directories are + now mkosi.conf and mkosi.conf.d/ respectively. The old names + (mkosi.default and mkosi.default.d) have been removed from the docs but + are still supported for backwards compatibility. + * plain_squashfs type images will now also be named with a .raw suffix. + * tar type images will now respect the --compress option. + * Pacman's SigLevel option was changed to use the same default value as + used on Arch which is SigLevel = Required DatabaseOptional. If this + results in keyring errors, you need to update the keyring by running + * Support for CentOS 7 was dropped. If you still need to support CentOS 7, + we recommend using any mkosi version up to 13. + * Support for BIOS/grub was dropped. because EFI hardware is widely + available and legacy BIOS systems do not support the feature set to + fully verify a boot chain from firmware to userland and it has become + bothersome to maintain for little use. + * To generate BIOS images you can use any version of mkosi up to mkosi 13 + or the new --bios-size option. This can be used to add a BIOS boot + partition of the specified size on which grub (or any other bootloader) + can be installed with the help of mkosi's script support (depending on + your needs most likely mkosi.postinst or mkosi.finalize). This method + can also be used for other EFI bootloaders that mkosi intentionally does + not support. + * mkosi now unconditionally copies the kernel, initrd and kernel cmdline + from the image that were previously only copied out for Qemu boot. + * mkosi now runs apt and dpkg on the host. As such, we now require apt and + dpkg to be installed on the host along with debootstrap in order to be + able to build debian/ubuntu images. + * Split dm-verity artifacts default names have been changed to match what + systemd and other tools expect: image.root.raw, image.root.verity, + image.root.roothash, image.root.roothash.p7s (same for usr variants). + * mkosi will again default to the same OS release as the host system when + the host system uses the same distribution as the image that's being + built. + * By default, mkosi will now change the owner of newly created directories + to SUDO_UID or PKEXEC_UID if defined, unless --no-chown is used. + * If systemd-nspawn v252 or newer is used, bind-mounted directories with + systemd-nspawn will use the new rootidmap option so files and + directories created from within the container will be owned by the + actual directory owner on the host. + +------------------------------------------------------------------- +Mon Sep 26 06:08:52 UTC 2022 - Sebastian Wagner + +- update to version 13: + - The `--network-veth` option has been renamed to `--netdev`. The old name made + sense with virtual ethernet devices, but when booting images with qemu a + TUN/TAP device is used instead. + - The network config file installed by mkosi when the `--netdev` (previously + `--network-veth`) option is used (formerly + `/etc/systemd/network/80-mkosi-network-veth.network` in the image) now only + matches network interfaces using the `virtio_net` driver. Please make sure + you weren't relying on this file to configure any network interfaces other + than the tun/tap virtio-net interface created by mkosi when booting the image + in QEMU with the `--netdev` option. If you were relying on this config file + to configure other interfaces, you'll have to re-create it with the correct + match and a lower initial number in the filename to make sure + `systemd-networkd` will keep configuring your interface, e.g. via the + `mkosi.skeleton` or `mkosi.extra` trees or a `mkosi.postinst` script. + - The `kernel-install` script for building unified kernel images has been + removed. From v13 onwards, on systems using `kernel-install`, `mkosi` won't + automatically build new unified kernel images when a kernel is updated or + installed. To keep the old behavior, you can install the `kernel-install` + script manually via a skeleton tree; a copy can be found + [here](https://github.com/systemd/mkosi/blob/3798eb0c2ebcdf7dac207a559a3cb5a65cdb77b0/mkosi/resources/dracut_unified_kernel_install.sh). + - New `QemuKvm` option configures whether to use KVM when running `mkosi qemu`. + - `mkosi` will not default to the same OS release as the host system anymore + when the host system uses the same distribution as the image that's being + built. Instead, when no release is specified, mkosi will now always default + to the default version embedded in mkosi itself. + - `mkosi` will now use the `pacman` keyring from the host when building Arch + images. This means that users will, on top of installing `archlinux-keyring`, + also have to run `pacman-key --init` and `pacman-key --populate archlinux` on + the host system to be able to build Arch images. Also, unless the package + manager is configured to do it automatically, the host keyring will have to + be updated after `archlinux-keyring` updates by running `pacman-key + --populate archlinux` and `pacman-key --updatedb`. + - Direct qemu linux boot is now supported with `BootProtocols=linux`. When + enabled, the kernel image, initrd, and cmdline will be extracted from the + image and passed to `qemu` by `mkosi qemu` to directly boot into the kernel + image without a bootloader. This can be used to boot for example s390x images + in `qemu`. + - The initrd will now always be rebuilt after the extra trees and build + artifacts have been installed into the image. + - The github action has been migrated to Ubuntu Jammy. To migrate any jobs + using the action, add `runs-on: ubuntu-22.04` to the job config. + - All images are now configured by default with the `C.UTF-8` locale. + - New `--repository-directory` option can be used to configure a directory with + extra repository files to be used by the package manager when building an + image. Note that this option is currently only supported for `pacman` and + `dnf`-based distros. + - Option `--skeleton-tree` is now supported on Debian-based distros. + +------------------------------------------------------------------- +Fri Dec 3 14:55:35 UTC 2021 - Guillaume GARDET + +- Enable build on aarch64 + +------------------------------------------------------------------- +Fri Dec 3 06:59:38 UTC 2021 - Sebastian Wagner + +- update to version 12: + - Fix handling of baselayout in Gentoo installations. + +------------------------------------------------------------------- +Thu Nov 25 20:29:17 UTC 2021 - Sebastian Wagner + +- update to version 11: + - Support for Rocky Linux, Alma Linux, and Gentoo has been added! + - A new `ManifestFormat=` option can be used to generate "manifest" files that + describe what packages were installed. With `json`, a JSON file that shows + the names and versions of all installed packages will be created. With + `changelog`, a longer human-readable file that shows package descriptions and + changelogs will be generated. This latter format should be considered + experimental and likely to change in later versions. + - A new `RemovePackages=` option can be used to uninstall packages after the + build and finalize scripts have been done. This is useful for the case where + packages are required by the build scripts, or pulled in as dependencies + for scriptlets of other packages, but are not necessary in the final image. + - A new `BaseImage=` option can be used to build "system extensions" a.k.a. + "sysexts" — partial images which are mounted on top of an existing system + to provide additional files under `/usr/`. See the + [systemd-sysext man page](https://www.freedesktop.org/software/systemd/man/systemd-sysext.html) + for more information. + - A new `CleanPackageMetadata=` option can be used to force or disable the + removal of package manager files. When this option is not used, they are + removed when the package manager is not installed in the final image. + - A new `UseHostRepositories=` option instructs mkosi to use repository + configuration from the host system, instead of the internal list. + - A new `SshAgent=` option configures the path to the ssh agent. + - A new `SshPort=` option overrides the port used for ssh. + - The `Verity=` setting supports a new value `signed`. When set, verity data + will be signed and the result inserted as an additional partition in the + image. See https://systemd.io/DISCOVERABLE_PARTITIONS for details about + signed disk images. This information is used by `systemd-nspawn`, + `systemd-dissect`, `systemd-sysext`, `systemd-portabled` and `systemd`'s + `RootImage=` setting (among others) to cryptographically validate the image + file systems before use. + - The `--build-environment=` option was renamed to `--environment=` and + extended to cover *all* invoked scripts, not just the `mkosi.build`. + The old name is still understood. + - With `--with-network=never`, `dnf` is called with `--cacheonly`, so that the + package lists are not refreshed. This gives a degree of reproducibility when + doing repeated installs with the same package set (and also makes installs + significantly faster). + - The `--debug=` option gained a new value `disk` to show information about disk + sized and partition allocations. + - Some sections and settings have been renamed for clarity: [Packages] is now + [Content], `Password=`, `PasswordIsHashed=`, and `Autologin=` are now in + [Content]. The old names are still supported, but not documented. + - When `--prepare-script=`/`--build-script=`/`--finalize-script=` is used with + an empty argument, the corresponding script will not be called. + - Python 3.7 is the minimal supported version. + - Note to packagers: the Python `cryptography` module is needed for signing + of verity data. + +------------------------------------------------------------------- +Wed Oct 20 12:18:38 UTC 2021 - Enrico Belleri + +- Update to version 10 + +------------------------------------------------------------------- +Fri Jan 3 09:36:40 UTC 2020 - Sven Marquardt + +- update to version 5 + * no changelog available + * merged upstream + +------------------------------------------------------------------- +Mon Feb 12 19:22:30 UTC 2018 - sebix@sebix.at + +- update to version 4 + * no changelog available + * removed 109.patch, merged upstream + +------------------------------------------------------------------- +Thu Jun 29 16:20:46 UTC 2017 - sebix@sebix.at + +- initial package +- Add 109.patch from pull request at upstream repository, workaround for boo#1049997 and missing support for https URLs in mkosi/zypper diff --git a/mkosi.spec b/mkosi.spec new file mode 100644 index 0000000..8aa12bd --- /dev/null +++ b/mkosi.spec @@ -0,0 +1,162 @@ +# +# spec file for package mkosi +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define pythons python3 + +Name: mkosi +Version: 24.3 +Release: 0 +Summary: Build bespoke OS Images +License: LGPL-2.1-or-later +Group: System/Management +URL: https://github.com/systemd/mkosi +Source0: https://github.com/systemd/mkosi/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz +Source1: mkosi-initrd.conf +Source2: mkosi-initrd-chroot.sh +BuildRequires: %{python_module pip} +BuildRequires: %{python_module pytest} +BuildRequires: %{python_module wheel} +BuildRequires: %{pythons} +BuildRequires: fdupes +BuildRequires: pandoc +BuildRequires: python-rpm-macros +Requires: bubblewrap +Requires: python3 >= 3.9 +Requires: zypper +Recommends: btrfsprogs +Recommends: cpio +Recommends: dosfstools +Recommends: dpkg +Recommends: edk2-ovmf +Recommends: gnupg +Recommends: squashfs +Recommends: tar +Recommends: xz +Recommends: zstd +BuildArch: noarch +ExclusiveArch: x86_64 aarch64 + +%description +A fancy wrapper around "dnf --installroot", "apt", "pacman", and "zypper" that +generates disk images with a number of bells and whistles. + +Generated images are tailored to the purpose: GPT partitions, +systemd-boot or grub2, images for containers, VMs, initrd, and extensions. + +mkosi can boot an image via QEMU or systemd-nspawn, or simply start a shell in +chroot, burn the image to a device, connect to a running VM via ssh, extract +logs and coredumps, and also serve an image over HTTP. + +See https://mkosi.systemd.io/ for documentation. + +%package initrd +Summary: Build initrds locally using mkosi +Requires: %{name} = %{version}-%{release} +Requires: coreutils +Requires: (%{name}-initrd-tukit if read-only-root-fs) + +%description initrd +This package provides the mkosi-initrd wrapper to build initrds with mkosi +locally. + +%package initrd-tukit +Summary: Build initrds locally using mkosi with transactional updates +Requires: %{name} = %{version}-%{release} +Requires: read-only-root-fs + +%description initrd-tukit +mkosi calls bwrap, and that does not work with transactional updates, so this +package provides a special mkosi-initrd wrapper to support building initrds on +transactional systems. + +%prep +%autosetup -p1 + +%build +tools/make-man-page.sh +%pyproject_wheel + +%install +%pyproject_install +%python_expand %fdupes %{buildroot}/%{$python_sitelib}/mkosi + +mkdir -p %{buildroot}%{_mandir}/man1 +cp %{buildroot}%{python3_sitelib}/mkosi/resources/mkosi.1* %{buildroot}%{_mandir}/man1/ +cp %{buildroot}%{python3_sitelib}/mkosi/initrd/resources/mkosi-initrd.1* %{buildroot}%{_mandir}/man1/ + +# Install mkosi-initrd conf +mkdir -p %{buildroot}%{_prefix}/lib/mkosi-initrd +install -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/mkosi-initrd/mkosi.conf +mkdir -p %{buildroot}%{_sysconfdir}/mkosi-initrd + +# Install the tukit script +mkdir -p %{buildroot}%{_prefix}/libexec/mkosi-initrd +install -m 744 %{SOURCE2} %{buildroot}%{_prefix}/libexec/mkosi-initrd/mkosi-initrd-chroot.sh + +%post initrd +if [ ! -e %{_sysconfdir}/mkosi-initrd/mkosi.conf ]; then + cat >> %{_sysconfdir}/mkosi-initrd/mkosi.conf<