Accepting request 1194999 from Virtualization

OBS-URL: https://build.opensuse.org/request/show/1194999 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/mkosi?expand=0&rev=20
2024-08-21 21:26:07 +00:00 · 2024-08-21 21:26:07 +00:00 · e4945c66c3
commit e4945c66c3
parent 7940f96e9e 019f4d9e73
3 changed files with 68 additions and 12 deletions
--- a/mkosi-initrd-chroot.sh
+++ b/mkosi-initrd-chroot.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+
+__mkosi_initrd_chroot_call() {
+    mount --rbind / /.mkosi-root --mkdir
+    cd /.mkosi-root
+    mount --move . /
+    chroot . /usr/libexec/mkosi-initrd/mkosi-initrd $@
+    exit
+}
+export -f __mkosi_initrd_chroot_call
+
+unshare --mount /bin/bash -c '__mkosi_initrd_chroot_call $@' -- $@
--- a/mkosi.changes
+++ b/mkosi.changes
@ -1,3 +1,18 @@
+-------------------------------------------------------------------
+Tue Aug 20 11:26:10 UTC 2024 - Antonio Feijoo <antonio.feijoo@suse.com>
+
+- Create new subpackage mkosi-initrd-tukit.
+  * This package adds a special mkosi-initrd wrapper to support creating initrds
+    on transactional systems. I.e., with transactional-update, a transaction
+    runs on a chroot, but mkosi requires bubblewrap, which uses pivot_root, and
+    that is known to fail on a chroot environment.
+
+- Do not install 50-mkosi.install kernel-install script.
+  * Although kernel-install is provided in openSUSE, it is not run when a kernel
+    is installed or removed (this work is done by suse-module-tools). Also, even
+    calling it manually, it does not support the custom systemd-boot integration
+    in openSUSE.
+
 -------------------------------------------------------------------
 Thu Aug  1 13:29:36 UTC 2024 - Sebastian Wagner <sebix@sebix.at>

--- a/mkosi.spec
+++ b/mkosi.spec
@ -25,8 +25,9 @@ Summary:        Build bespoke OS Images
 License:        LGPL-2.1-or-later
 Group:          System/Management
 URL:            https://github.com/systemd/mkosi
-Source:         https://github.com/systemd/mkosi/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
+Source0:        https://github.com/systemd/mkosi/archive/v%{version}.tar.gz#/%{name}-%{version}.tar.gz
 Source1:        mkosi-initrd.conf
+Source2:        mkosi-initrd-chroot.sh
 BuildRequires:  %{python_module pip}
 BuildRequires:  %{python_module pytest}
 BuildRequires:  %{python_module wheel}
@ -67,12 +68,21 @@ See https://mkosi.systemd.io/ for documentation.
 Summary:        Build initrds locally using mkosi
 Requires:       %{name} = %{version}-%{release}
 Requires:       coreutils
+Requires:       (%{name}-initrd-tukit if read-only-root-fs)

 %description initrd
-This package provides the mkosi-initrd wrapper and a plugin for kernel-install
-to build initrds with mkosi locally. After the package is installed, the plugin
-can be enabled by writing 'initrd_generator=mkosi-initrd' to
-'/etc/kernel/install.conf'.
+This package provides the mkosi-initrd wrapper to build initrds with mkosi
+locally.
+
+%package initrd-tukit
+Summary:        Build initrds locally using mkosi with transactional updates
+Requires:       %{name} = %{version}-%{release}
+Requires:       read-only-root-fs
+
+%description initrd-tukit
+mkosi calls bwrap, and that does not work with transactional updates, so this
+package provides a special mkosi-initrd wrapper to support building initrds on
+transactional systems.

 %prep
 %autosetup -p1
@ -80,7 +90,6 @@ can be enabled by writing 'initrd_generator=mkosi-initrd' to
 %build
 tools/make-man-page.sh
 %pyproject_wheel
-sed -i '1s/^#!\/usr\/bin\/env /#!\/usr\/bin\//' kernel-install/50-mkosi.install

 %install
 %pyproject_install
@ -90,13 +99,15 @@ mkdir -p %{buildroot}%{_mandir}/man1
 cp %{buildroot}%{python3_sitelib}/mkosi/resources/mkosi.1* %{buildroot}%{_mandir}/man1/
 cp %{buildroot}%{python3_sitelib}/mkosi/initrd/resources/mkosi-initrd.1* %{buildroot}%{_mandir}/man1/

-# Install the kernel-install plugin
-install -Dt %{buildroot}%{_prefix}/lib/kernel/install.d/ \
-         kernel-install/50-mkosi.install
+# Install mkosi-initrd conf
 mkdir -p %{buildroot}%{_prefix}/lib/mkosi-initrd
 install -m 644 %{SOURCE1} %{buildroot}%{_prefix}/lib/mkosi-initrd/mkosi.conf
 mkdir -p %{buildroot}%{_sysconfdir}/mkosi-initrd

+# Install the tukit script
+mkdir -p %{buildroot}%{_prefix}/libexec/mkosi-initrd
+install -m 744 %{SOURCE2} %{buildroot}%{_prefix}/libexec/mkosi-initrd/mkosi-initrd-chroot.sh
+
 %post initrd
 if [ ! -e %{_sysconfdir}/mkosi-initrd/mkosi.conf ]; then
    cat >> %{_sysconfdir}/mkosi-initrd/mkosi.conf<<EOF
@ -109,6 +120,23 @@ if [ ! -e %{_sysconfdir}/mkosi-initrd/mkosi.conf ]; then
 EOF
 fi

+%posttrans initrd-tukit
+# mkosi runs in a sandbox, and for that purpose it relies on bubblewrap. The
+# problem is transactional-update chroots to a snapshot, and bubblewrap does not
+# work there because it requires pivot_root:
+# https://github.com/containers/bubblewrap/issues/135
+# The issue is quite old, there is even a PR trying to fall back to chroot if
+# pivot_root fails (https://github.com/containers/bubblewrap/pull/595), but
+# apparently bubblewrap upstream is not trying to fix this.
+# The workaround implemented in mkosi-initrd-chroot.sh was proposed by the main
+# mkosi upstream maintainer:
+# https://github.com/containers/bubblewrap/issues/592#issuecomment-2243087731
+mv %{_bindir}/mkosi-initrd %{_prefix}/libexec/mkosi-initrd
+ln -s %{_prefix}/libexec/mkosi-initrd/mkosi-initrd-chroot.sh %{_bindir}/mkosi-initrd
+
+%preun initrd-tukit
+rm -f %{_prefix}/libexec/mkosi-initrd/mkosi-initrd
+
 %check
 %pytest

@ -123,11 +151,12 @@ fi
 %files initrd
 %{_bindir}/mkosi-initrd
 %{_mandir}/man1/mkosi-initrd.1*
-%dir %{_prefix}/lib/kernel
-%dir %{_prefix}/lib/kernel/install.d
-%{_prefix}/lib/kernel/install.d/50-mkosi.install
 %dir %{_prefix}/lib/mkosi-initrd
 %{_prefix}/lib/mkosi-initrd/mkosi.conf
 %dir %{_sysconfdir}/mkosi-initrd

+%files initrd-tukit
+%dir %{_prefix}/libexec/mkosi-initrd
+%{_prefix}/libexec/mkosi-initrd/mkosi-initrd-chroot.sh
+
 %changelog