Accepting request 1140555 from home:dirkmueller:Factory

- update to 20.1:
  * `BuildSources=` are now mounted when we install packages so
    local packages can be made available in the sandbox.
  * Fixed check to see if we're running as root which makes sure
    we don't do shared mounts when running as root.
  * The extension release file is now actually written when
    building system or configuration extensions.
  * The nspawn settings are copied to the output directory again.
  * Incremental caching is now skipped when `Overlay=` is enabled
    as this combination isn't supported.
  * The SELinux relabel check is more granular and now checks for
    all required files instead of just whether there's a policy
    configured.
  * `qemu-system-xxx` binaries are now preferred over the generic
    `qemu` and `qemu-kvm` binaries.
  * Grub tools from the tools tree are now used to install grub
    instead of grub tools from the image itself. The grub tools
    were added to the default tools trees as well.
  * The pacman keyring in tools trees is now only populated from
    the Arch Linux keyring (and not the Debian/Ubuntu ones anymore).
  * `gpg` is allowed to access `/run/pscsd/pscsd.comm` on the
    host if it exists to allow interaction with smartcards.
  * The current working directory is not mounted unconditionally
    to `/work/src` anymore. Instead, the default value for
    `BuildSources=` now mounts the current working directory
    to `/work/src`. This means that the current working directory
    is no longer implicitly included when `BuildSources=` is
    explicitly configured.
  * Assigning the empty string to a setting that takes a list of
    values now overrides any configured default value as well.

OBS-URL: https://build.opensuse.org/request/show/1140555
OBS-URL: https://build.opensuse.org/package/show/Virtualization/mkosi?expand=0&rev=21

mkosi-19.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:69035c8463ee895a437366fc795a9563692a0dacc58e3ad22c3e7cec52fc2e87
-size 163864

mkosi-20.1.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:7f5a2e6c589a35d4d70d03a960e009eb4612157487268b251da8c4671b8e0714
+size 195875

mkosi.changes

@@ -1,3 +1,128 @@
+-------------------------------------------------------------------
+Mon Jan 22 09:58:59 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 20.1:
+  * `BuildSources=` are now mounted when we install packages so
+    local packages can be made available in the sandbox.
+  * Fixed check to see if we're running as root which makes sure
+    we don't do shared mounts when running as root.
+  * The extension release file is now actually written when
+    building system or configuration extensions.
+  * The nspawn settings are copied to the output directory again.
+  * Incremental caching is now skipped when `Overlay=` is enabled
+    as this combination isn't supported.
+  * The SELinux relabel check is more granular and now checks for
+    all required files instead of just whether there's a policy
+    configured.
+  * `qemu-system-xxx` binaries are now preferred over the generic
+    `qemu` and `qemu-kvm` binaries.
+  * Grub tools from the tools tree are now used to install grub
+    instead of grub tools from the image itself. The grub tools
+    were added to the default tools trees as well.
+  * The pacman keyring in tools trees is now only populated from
+    the Arch Linux keyring (and not the Debian/Ubuntu ones anymore).
+  * `gpg` is allowed to access `/run/pscsd/pscsd.comm` on the
+    host if it exists to allow interaction with smartcards.
+  * The current working directory is not mounted unconditionally
+    to `/work/src` anymore. Instead, the default value for
+    `BuildSources=` now mounts the current working directory
+    to `/work/src`. This means that the current working directory
+    is no longer implicitly included when `BuildSources=` is
+    explicitly configured.
+  * Assigning the empty string to a setting that takes a list of
+    values now overrides any configured default value as well.
+  * The github action does not build and install systemd from
+    source anymore. Instead, `ToolsTree=default` can be used to
+    make sure a recent version of systemd is used to do the image
+    build.
+  * Added `EnvironmentFiles=` to read environment variables from
+  * environment files.
+  * We drastically reduced how much of the host system we expose
+    to scripts. Aside from `/usr`, a few directories in `/etc`,
+    `/tmp`, `/var/tmp` and various directories configured in mkosi
+    settings, all host directories are hidden from scripts,
+    package managers and other tools executed by mkosi.
+  * Added `RuntimeScratch=` to automatically mount a directory
+    with extra scratch space into mkosi-spawned containers and
+    virtual machines.
+  * Package manager trees can now be used to configure every tool
+    invoked by mkosi while building an image that reads config
+    files from `/etc` or `/usr`.
+  * Added `SELinuxRelabel=` to specify whether to relabel selinux
+    files or not.
+  * Many fixes to tools trees were made and tools trees are now
+    covered by CI. Some combinations aren't possible yet but
+    we're actively working to make these possible.
+  * `mkosi qemu` now supports direct kernel boots of `s390x` and
+    `powerpc` images.
+  * Added `HostArchitecture=` match to match against the host
+  * architecture.
+  * We don't use the user's SSH public/private keypair anymore
+    for `mkosi ssh` but instead use a separate key pair which
+    can be generated by `mkosi genkey`. Users using `mkosi ssh`
+    will have to run `mkosi genkey` once to generate the necessary
+    files to keep `mkosi ssh` working.
+  * We don't automatically set `--offline=no` anymore when we
+    detect the `Subvolumes=` setting is used in a `systemd-repart`
+    partition definition file. Instead, use the new
+    `RepartOffline=` option to explicitly disable running
+    `systemd-repart` in offline mode.
+  * During the image build we now install UKIs/kernels/initrds to
+    `/boot` instead of `/efi`. While this will generally not be
+    noticeable, users with custom systemd-repart ESP partition
+    definitions will need to add `CopyFiles=/boot:/` along with
+    the usual `CopyFiles=/efi:/` to their ESP partition
+    definitions. By installing UKIs/kernels/initrds
+    to `/boot`, it becomes possible to use `/boot` to populate an
+    XBOOTLDR partition which wasn't possible before. Note that
+    this is also safe to do before `v20` so `CopyFiles=/boot:/`
+    can unconditionally be added to any ESP partition definition
+    files.
+  * Added `QemuFirmwareVariables=` to allow specifying a custom
+    OVMF variables file to use.
+  * Added `MinimumVersion=` to allow specifying the minimum
+    required mkosi version to build an image.
+  * Added support for Arch Linux's debug repositories.
+  * Merged the mkosi-initrd project into mkosi itself. mkosi-
+    initrd is now used to build the default initrd.
+  * Implemented mkosi-initrd for all supported distributions.
+  * Added `ShimBootloader=` to support installing shim to the
+    ESP.
+  * Added sysext, confext and portable output formats. These will
+    produce signed disk images that can be used as sysexts,
+    confexts and portable services respectively.
+  * Added `QemuVsockConnectionId=` to configure how to allocate
+    the vsock connection ID when `QemUVsock=` is enabled.
+  * Added documentation on how to build sysexts with mkosi.
+  * Global systemd user presets are now also configured.
+  * Implemented `WithDocs=` for `apt`.
+  * On supported package managers, locale data for other locales
+    is now stripped if the local is explicitly configured using
+    `Locale=`.
+  * All `rpm` plugins are now disabled when building images.
+  * Added `KernelModulesIncludeHost=` and
+    `KernelModulesInitrdIncludeHost=` to only include modules
+    loaded on the host system in the image/initrd respectively.
+  * Implemented `RemovePackages=` for Arch Linux.
+  * Added `useradd` and `groupadd` scripts to configure these
+    binaries to operate on the image during builds instead on
+    the host.
+  * Added microcode support. If installed into the image, an
+    early microcode initrd will automatically be built and
+    prepended to the initrd.
+  * A passwordless root account may now be created by specifying
+    `hashed:`.
+  * The `Autologin=` feature was extended with support for
+    `arm64`, `s390x` and `powerpc` architectures.
+  * Added `SecureBootAutoEnroll=` to control automatic enrollment
+    of secureboot keys separately from signing `systemd-boot`
+    and generated UKIs.
+  * `ImageVersion=` is no longer automatically appended to the
+    output files, instead this is automatically appended to
+    `Output=` if not specified and results in the `%o` specifier
+    being equivalent to `%i` or `%i_%v` depending on whether
+    `ImageVersion=` is specified.
+
 -------------------------------------------------------------------
 Mon Nov  20 09:21:06 UTC 2023 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
 - update to v19:

mkosi.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package mkosi
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %define pythons python3
 
 Name:           mkosi
-Version:        19
+Version:        20.1
 Release:        0
 Summary:        Build Legacy-Free OS Images
 License:        LGPL-2.1-or-later