Accepting request 1140616 from Virtualization

OBS-URL: https://build.opensuse.org/request/show/1140616
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mkosi?expand=0&rev=11

mkosi-19.tar.gz

@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:69035c8463ee895a437366fc795a9563692a0dacc58e3ad22c3e7cec52fc2e87
-size 163864

mkosi-20.2.tar.gz

@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:bc0da17d135a31e7e5d356bd5fea769b8ba55acfbb54733505c30293e9e9491f
+size 198966

mkosi.changes

@@ -1,3 +1,163 @@
+-------------------------------------------------------------------
+Mon Jan 22 14:07:58 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 20.2:
+  * Fixed a bug in signing unsigned shim EFI binaries.
+  * We now build an early microcode initrd in the mkosi kernel-
+    install plugin.
+  * Added `PackageDirectories=` to allow providing extra packages
+    to be made available during the build.
+  * Fixed issue where `KernelModulesIncludeHost` was including
+    unnecessary modules
+  * Fixed `--mirror` specification for CentOS (and variants) and
+    Fedora.
+  * Previously a subdirectory within the mirror had to be
+    specified which prevented using CentOS and EPEL repositories
+    from the same mirror. Now only the URL has be specified.
+  * We now mount package manager cache directories when running
+    scripts on the host so that any packages installed in scripts
+    are properly cached.
+  * We don't download filelists on Fedora anymore
+  * Nested build sources don't cause errors anymore when trying
+    to install packages.
+  * We don't try to build the same tools tree more than once
+    anymore when building multiple images.
+  * We now create the `/etc/mtab` compatibility symlink in
+    mkosi's sandbox.
+  * We now always hash the root password ourselves instead of
+    leaving it to `systemd-firstboot`.
+  * `/srv` and `/mnt` are not mounted read-only anymore during
+    builds.
+  * Fixed a crash when running mkosi in a directory with fewer
+    than two parent directories.
+  * Implemented `RepositoryKeyCheck=` for apt-based
+    distributions.
+
+-------------------------------------------------------------------
+Mon Jan 22 09:58:59 UTC 2024 - Dirk Müller <dmueller@suse.com>
+
+- update to 20.1:
+  * `BuildSources=` are now mounted when we install packages so
+    local packages can be made available in the sandbox.
+  * Fixed check to see if we're running as root which makes sure
+    we don't do shared mounts when running as root.
+  * The extension release file is now actually written when
+    building system or configuration extensions.
+  * The nspawn settings are copied to the output directory again.
+  * Incremental caching is now skipped when `Overlay=` is enabled
+    as this combination isn't supported.
+  * The SELinux relabel check is more granular and now checks for
+    all required files instead of just whether there's a policy
+    configured.
+  * `qemu-system-xxx` binaries are now preferred over the generic
+    `qemu` and `qemu-kvm` binaries.
+  * Grub tools from the tools tree are now used to install grub
+    instead of grub tools from the image itself. The grub tools
+    were added to the default tools trees as well.
+  * The pacman keyring in tools trees is now only populated from
+    the Arch Linux keyring (and not the Debian/Ubuntu ones anymore).
+  * `gpg` is allowed to access `/run/pscsd/pscsd.comm` on the
+    host if it exists to allow interaction with smartcards.
+  * The current working directory is not mounted unconditionally
+    to `/work/src` anymore. Instead, the default value for
+    `BuildSources=` now mounts the current working directory
+    to `/work/src`. This means that the current working directory
+    is no longer implicitly included when `BuildSources=` is
+    explicitly configured.
+  * Assigning the empty string to a setting that takes a list of
+    values now overrides any configured default value as well.
+  * The github action does not build and install systemd from
+    source anymore. Instead, `ToolsTree=default` can be used to
+    make sure a recent version of systemd is used to do the image
+    build.
+  * Added `EnvironmentFiles=` to read environment variables from
+  * environment files.
+  * We drastically reduced how much of the host system we expose
+    to scripts. Aside from `/usr`, a few directories in `/etc`,
+    `/tmp`, `/var/tmp` and various directories configured in mkosi
+    settings, all host directories are hidden from scripts,
+    package managers and other tools executed by mkosi.
+  * Added `RuntimeScratch=` to automatically mount a directory
+    with extra scratch space into mkosi-spawned containers and
+    virtual machines.
+  * Package manager trees can now be used to configure every tool
+    invoked by mkosi while building an image that reads config
+    files from `/etc` or `/usr`.
+  * Added `SELinuxRelabel=` to specify whether to relabel selinux
+    files or not.
+  * Many fixes to tools trees were made and tools trees are now
+    covered by CI. Some combinations aren't possible yet but
+    we're actively working to make these possible.
+  * `mkosi qemu` now supports direct kernel boots of `s390x` and
+    `powerpc` images.
+  * Added `HostArchitecture=` match to match against the host
+  * architecture.
+  * We don't use the user's SSH public/private keypair anymore
+    for `mkosi ssh` but instead use a separate key pair which
+    can be generated by `mkosi genkey`. Users using `mkosi ssh`
+    will have to run `mkosi genkey` once to generate the necessary
+    files to keep `mkosi ssh` working.
+  * We don't automatically set `--offline=no` anymore when we
+    detect the `Subvolumes=` setting is used in a `systemd-repart`
+    partition definition file. Instead, use the new
+    `RepartOffline=` option to explicitly disable running
+    `systemd-repart` in offline mode.
+  * During the image build we now install UKIs/kernels/initrds to
+    `/boot` instead of `/efi`. While this will generally not be
+    noticeable, users with custom systemd-repart ESP partition
+    definitions will need to add `CopyFiles=/boot:/` along with
+    the usual `CopyFiles=/efi:/` to their ESP partition
+    definitions. By installing UKIs/kernels/initrds
+    to `/boot`, it becomes possible to use `/boot` to populate an
+    XBOOTLDR partition which wasn't possible before. Note that
+    this is also safe to do before `v20` so `CopyFiles=/boot:/`
+    can unconditionally be added to any ESP partition definition
+    files.
+  * Added `QemuFirmwareVariables=` to allow specifying a custom
+    OVMF variables file to use.
+  * Added `MinimumVersion=` to allow specifying the minimum
+    required mkosi version to build an image.
+  * Added support for Arch Linux's debug repositories.
+  * Merged the mkosi-initrd project into mkosi itself. mkosi-
+    initrd is now used to build the default initrd.
+  * Implemented mkosi-initrd for all supported distributions.
+  * Added `ShimBootloader=` to support installing shim to the
+    ESP.
+  * Added sysext, confext and portable output formats. These will
+    produce signed disk images that can be used as sysexts,
+    confexts and portable services respectively.
+  * Added `QemuVsockConnectionId=` to configure how to allocate
+    the vsock connection ID when `QemUVsock=` is enabled.
+  * Added documentation on how to build sysexts with mkosi.
+  * Global systemd user presets are now also configured.
+  * Implemented `WithDocs=` for `apt`.
+  * On supported package managers, locale data for other locales
+    is now stripped if the local is explicitly configured using
+    `Locale=`.
+  * All `rpm` plugins are now disabled when building images.
+  * Added `KernelModulesIncludeHost=` and
+    `KernelModulesInitrdIncludeHost=` to only include modules
+    loaded on the host system in the image/initrd respectively.
+  * Implemented `RemovePackages=` for Arch Linux.
+  * Added `useradd` and `groupadd` scripts to configure these
+    binaries to operate on the image during builds instead on
+    the host.
+  * Added microcode support. If installed into the image, an
+    early microcode initrd will automatically be built and
+    prepended to the initrd.
+  * A passwordless root account may now be created by specifying
+    `hashed:`.
+  * The `Autologin=` feature was extended with support for
+    `arm64`, `s390x` and `powerpc` architectures.
+  * Added `SecureBootAutoEnroll=` to control automatic enrollment
+    of secureboot keys separately from signing `systemd-boot`
+    and generated UKIs.
+  * `ImageVersion=` is no longer automatically appended to the
+    output files, instead this is automatically appended to
+    `Output=` if not specified and results in the `%o` specifier
+    being equivalent to `%i` or `%i_%v` depending on whether
+    `ImageVersion=` is specified.
+
 -------------------------------------------------------------------
 Mon Nov  20 09:21:06 UTC 2023 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
 - update to v19:
@@ -471,7 +631,7 @@ Fri Jan  3 09:36:40 UTC 2020 - Sven Marquardt <dev@mail.smarquardt.space>
 
 - update to version 5
  * no changelog available
- * merged upstream 
+ * merged upstream
 
 -------------------------------------------------------------------
 Mon Feb 12 19:22:30 UTC 2018 - sebix+novell.com@sebix.at

mkosi.spec

@@ -1,7 +1,7 @@
 #
 # spec file for package mkosi
 #
-# Copyright (c) 2023 SUSE LLC
+# Copyright (c) 2024 SUSE LLC
 #
 # All modifications and additions to the file contributed by third parties
 # remain the property of their copyright owners, unless otherwise agreed
@@ -19,7 +19,7 @@
 %define pythons python3
 
 Name:           mkosi
-Version:        19
+Version:        20.2
 Release:        0
 Summary:        Build Legacy-Free OS Images
 License:        LGPL-2.1-or-later