File mkosi.changes of Package mkosi
-------------------------------------------------------------------
Fri Apr 04 07:15:38 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+329.g429fa342:
* Set MKOSI_DEBUG instead of DEBUG
* mkosi-initrd: refactor add_raid_config -> raid_config
* mkosi-initrd: fix vconsole configuration for Ubuntu
* Don't chdir() to mkosi/ subdirectory
* mkosi-initrd: copy local vconsole configuration
* Use mkosi/ subdirectory if no configuration exists in cwd
* build(deps): bump github/codeql-action from 3.28.10 to 3.28.13
* Don't allow configuring distribution, release and mirror in tools tree config
* Fixes for config_default_repository_key_check()
* Fix typo
* Allow configuring environment variables in tools tree config
* mkosi-obs: Only disable History= for main image
* Make sure we chdir() to builtin config path before parsing
* initrd: Copy Arch Linux keyring from host when running as root
* pacman: Don't mount keyring dir if it's empty
* Fix test_tools on unknown distributions
* Make sure /etc/ and /var/ always exist in sandbox
* Allow adding extra tools tree configuration via mkosi.tools.conf
* Switch tools tree parsing to ParseContext
* ci: Show summary
* Disable orphan_file automatically if not supported
* config: Use dicts everywhere in favor of argparse.Namespace()
* Fix default values for key/certificate source parsers
* Do not make directory, none and oci images bootable by default
* Disable selinux relabeling by default for directory images
* mkosi-tools: Stop disabling ManifestFormat=
* mkosi-tools: Stop removing BuildSources=
* resources: Fix up resources without parse_config()
* config: Various cleanups for the directory attribute
* config: Introduce ParseContext.finalize()
* Make CompressLevel= an inherited setting
* Introduce 'main' setting scope
* Store tools and initrd profiles as a list of strings
* Rename paths, recursive_paths to path_suffixes, recursive_path_suffixes
* Make passed environment variables an inherited setting
* Remove unneeded default factory depends from ToolsTreeDistribution
* Do not pass --incremental=no explicitly to default tools tree
* Move default tools tree parsing to parse_config()
* mkosi: pass DEBUG enviroment variable to scripts
* man: sort table with environment variables received by scripts
* Allow combining --force and --rerun-build-scripts
* mkosi-initrd: fix misleading "mkosi not found" error message
* pacman: Always bind mount /var/lib/pacman/local from sandbox
* sandbox: Allow taking bind source paths relative to the sandbox root
* mkosi-initrd: Add amd_atl to default modules
-------------------------------------------------------------------
Thu Mar 27 14:46:01 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+277.ga2c958c3:
* config: explicitly type make_simple_config_parser to work with dataclasses
* config: Cache lookups of fields
* mkosi-initrd: add key files for crypttab entries
* Formatting correction.
* mkosi clean will now require --force in order to remove the tools tree.
* centos: Add hyperscale-packages-kernel repository
* qemu: Set device_id for scsi-hd and scsi-cd devices
* Make Profiles= an inherited setting
* Skip a few steps when we're building a default tools tree
* Don't cache the package manager used in the tools tree cache manifest
* Implement ToolsTreeSyncScripts=
* Add mkosi init to install a tmpfiles dropin for the cache dir
* Drop logic for using /root/.cache
-------------------------------------------------------------------
Tue Mar 25 16:08:57 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+261.g838fd78e:
* man/mkosi-initrd: document "pkcs11" profile
* Make sure tools tree recorded in history doesn't change when in sandbox
* Store default tools tree outside of output directory
* initrd: Move p11-kit to pksc11 profile
* tools: Add "devel" profile
* tools: Add 3 more packages to misc profile
* Always cache the default tools tree
* user: Replace INVOKING_USER.name() with getpass.getuser()
* run: Bind mount entire /home into relaxed sandbox
* user: Make INVOKING_USER.cache_dir() return the user cache directory
* user: Replace INVOKING_USER.home() with Path.home()
* Make sync script sandbox more relaxed
* user: Make INVOKING_USER.runtime_dir() return the user runtime dir
* Fix grub.cfg install path on almalinux
* docs: Mention mkosi -t none in rpm doc
* Implement linux-noinitrd firmware
* kmod: Include all kernel modules if no include patterns were specified
* kmod: Fix regex compilation in filter_firmware()
* kmod: Fix exclusion via glob in filter_firmware()
* kmod: Only log includes/excludes if there are any
* Formatting nit
* mkosi/config: show deprecated *Exlude options only if set
* initrd: Install gzip in all initrds, not just the Arch one
* Have filter_kernel_modules() return a list of module names
* Fix KernelModulesExclude= settings
* Simplify package manager code a little
* qemu: Remove unused argument from finalize_drive()
* Drop mkosi-as-caller
* Drop git safe.directory="*" environment variables
* Drop expand_specifier()
* man: remove "=" in boolean option
* mkosi/kmod: add typing info to make mypy happy
* ci/codespell: add ignore-words-list
* man: soft-deprecate Firmware{Include,Exclude}
* Rework firmware-list settings to use globs instead of regexps
* man: soft-deprecate KernelModules{Initrd,}{Include,Exclude}
* Switch over to the new glob syntax
* Rework module-list settings to use globs instead of regexps
* mkosi,addon: print the mkosi cmdline with --debug
-------------------------------------------------------------------
Mon Mar 17 15:02:04 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+215.g76377d38:
* mkosi-initrd: protect existing initrd image against errors
* Make user provided command line take preference over roothash=
* Replace conf tag with ini in markdown
* Use Path more in initrd.py and addon.py
* fedora: Change default release to rawhide
* initrd: add -k as shorthand for --kernel-version
* initrd: split out argument parser creation to helper function
* mkosi/dependencies: make invocations shorter
* Try to find volatile overlay upperdir directory that's not on overlayfs
* tree: Make security.selinux detection more robust
* Check for CAP_SYS_ADMIN instead of root
* Add option to persist runtime drives
* Rework --run-build-scripts
* Don't run configure scripts if we're reusing the history
* Drop unnecessary condition
-------------------------------------------------------------------
Thu Mar 06 14:14:15 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+197.g396bc68d:
* Use target path as mount tags
* Revert 9f4d174daac954aaa9e18ee9bb58c6d7a946ec9d
* Move package installation and removal to PackageManager interface
* apt: Add higher priority for mkosi local repository
* debian: Install policy-rcd-declarative by default
* Sort packages during parsing
* Fix grammar
* centos: Handle major/minor releases in derivatives properly
* initrd: Pass process environment to mkosi as well
* Improve error message slightly
* Add "raid" initrd profile
* Parse both mkosi.local.conf and mkosi.local/
* Add --pretty=no to suppress output from systemd-repart when updating
-------------------------------------------------------------------
Mon Mar 03 09:56:22 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+182.ge050237e:
* Don't mount input read-only if it's the same as output in sign_efi_binary()
* Fix Drives= documentation
* Revert "Bypass tmpfiles, sysusers and presets as well when running package ma…"
* build(deps): bump redhat-plumbers-in-action/differential-shellcheck
* build(deps): bump github/codeql-action from 3.28.8 to 3.28.10
* Bypass tmpfiles, sysusers and presets as well when running package managers
* Rename "storage" initrd profile to "lvm"
* mkosi-initrd: add --profile option
* Skip createrepo() for apt if there are no debs
* man: remove "=" in boolean options
-------------------------------------------------------------------
Fri Feb 28 08:13:47 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+171.g5f10d1f1:
* Ensure environment GNUGPHOME is an absolute path
* Add InitrdProfiles= with initial storage profile
* qemu: Switch to -blockdev instead of -drive where possible
* Implement build overlay mounting with mkosi-sandbox
* Introduce Context.rootoptions()
* Introduce --run-build-scripts (-R) to always run build scripts
* tree: Ignore symlinks when checking for subvolumes in rmtree()
* installer: Do not modify buildroot in setup() methods
* Remove outputs as well if we don't have a cached image
* Introduce Config.is_incremental()
* Rename remove_output_dir to remove_outputs in run_clean()
* Drop rmtree(context.root) in "none" return path as well
* Don't call finalize_staging() for "none" output format
* Save all images to history JSON
* mkosi-obs: rearrange settings into a subfile that is only for Profile=main
* mkosi-obs: support multiple mkosi.postoutput invocations
* mkosi-obs: rearrange second stage so that only unsigned hashes are staged for third
* mkosi-obs: drop leftover debug env
* mkosi-obs: fix compression detection
* mkosi-obs: carry over all raw and efi files, not just those that match IMAGE_ID
* Enable Hyperscale rpm COW plugin
* rpm: Enable plugins again
* Add Image= match
* Move /work directory cleanup out of remove_files()
* mkosi-obs: add support for UEFI SecureBoot self enrollment
* mkosi-obs: sign bootloaders in ESPs
* mkosi-obs: add support for .raw.img
* mkosi-obs: create directories in ESP before calling mcopy
* mkosi-obs: also check that ESP offset is not an empty string
* Fix parse_drive()
* docs: Update building-rpms-from-source.md
* Specify --suppress-sync when running package managers
* sandbox: Add --suppress-sync option to suppress sync() syscalls
* mkosi-obs: use new sd-keyutil verb to attach dm-verity signature
-------------------------------------------------------------------
Fri Feb 21 12:30:37 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+131.gbae79ab1:
* Reduce the number of filesystems we remount noexec/nosuid/nodev when root
* Add --debug-sandbox option to mkosi-initrd and mkosi-addon
* Use Config.finalize_environment() in Installer.finalize_environment()
* initrd: add modules for fido2 and amd laptop
* Copy /etc/group into the sandbox tree instead of passwd
* README: Reference EXAMPLES and mkosi documentation
* Bump Fedora initrd size
* mkosi-obs: fix searching for multiple files to sign
* mkosi-obs: fix creating subfolder structure for signature cpio
* Clean up default tools tree package lists
* mkosi-tools: Split off misc, package-manager and runtime profiles
* Sort dependencies before writing them to stdout
* config: Fix enum parsing in enum_list_transformer()
* config: Don't load history if --directory "" is passed
* config: Fix variable typo in parse_new_includes()
* config: Pass resources to nested parse_config() call
* Add intel VMD to kernel modules
* Search for underscores in `systemd-stub`
* run: Wait for child process in try block in spawn()
* Drop boot counting support
* ukify: check for 257.999 instead of 258~devel
* mkosi-obs: compress output by default
* mkosi-obs: when building DDI + UKI, update ESP after signing
* Add SplitArtifacts=os-release
* Add Splash= to set the boot splash for unified kernel images
* tree: Fix maybe_make_nocow()
* sandbox: Fix chattr()
* sysupdate: Don't use temporary directory for on demand split partitions
* tree: Implement file attributes logic with ioctls instead of tools
* Reduce the number of executed processes during mkosi vm a little
* sysupdate: Split partitions on demand if not done in the image build
* qemu: Move nocow check into copy_tree()
* Make sure we always delete workspace / "root" as a subvolume
* Create split pcrs file also when going through install_uki
* README: add note about new packages built on OBS
* mkosi-obs: override settings to allow building on OBS
* Rebuild OBS package on push to main
* Make Linux= support delayed specifiers
* Add BuildKey= and CacheKey= settings
* Fix tools keyring/metadata cache cleanup
* Set config.image for the main image to 'main'
* docs: Fix formatting
* Inline load_args()
* Move load_environment() into finalize_environment() method of Config
* Use default_factory for Checksum= default value
* Move two more checks from load_config() to check_inputs()
* Drop 5.11 check
* initrd: Add crc module
* Add back compat for OBS until a new version is deployed
* docs: Various fixes
* Stop using nargs="?" for options
* Add zypper to the tools image on Arch Linux
* Fix documented configuration names for --vsock and --vsock-cid
* qemu: Fix Initrds= fallback
* man: Document zypper being added to Arch Repos
* Force ssh to use bash to run the ProxyCommand
* Add OutputExtension=
* Allow building esp images without a UKI
* Require delimiting extra options for invoked commands with '--'
* kmod: run proper cmdline in modinfo
-------------------------------------------------------------------
Wed Feb 12 07:07:58 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+62.gffd41b10:
* Strip --suspend from --debug-shell sandbox
* run: Remove unused user/group arguments from run()
* run: Simplify spawn()
* mkosi-sandbox: Implement --pack-fds
* mkosi-obs: split and sign dm-verity roothashes
* Add SplitArtifacts=roothash
* partition: do not return TBD as roothash
* man: document SplitArtifacts=pcrs
-------------------------------------------------------------------
Tue Feb 11 14:24:39 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 25.3+52.ge0a09fe2:
* man: Remove erroneous FD parameter
* Make various tools more quiet
* Make VM registration work unprivileged
* sandbox: Replace --exec-fd with --suspend
* serve: Add StorageTargetMode= feature
* Drop foreground process logic
* mkosi: support nvme-over-tcp in the initrd + thunderbolt-net
* Add ToolsTreePrepareScripts=
* Show better error when script fails with exit code 127
* vmspawn: Pass extra qemu arguments
* Start systemd-storagetm in mkosi serve as well if available
* Add mkosi-obs conf and scripts for multi-stage signing
* Add support for SplitArtifacts=pcrs
* Use ukify --pcr-certificate= if available
* Add support for SplitArtifacts=tar
* Add FirmwareInclude= and FirmwareExclude= options
* doc: Add a note about dependencies for systemd-boot
* Check MinimumVersion= during config parsing
* Rework verity setting handling
* docs: add CODING_STYLE.md
* user: drop unneeded stringification
* treewide: exchange str for os.fspath were appropriate
* Check if systemd is actually running before using run0
* tree: Don't copy xattrs to overlayfs if security.selinux is one
* tree: Don't try to snapshot subvolume if destination isn't btrfs
* rpm: Fix root locations for GPG searching
* fedora: Do GPG key symlink resolution in find_rpm_gpgkey()
* fedora: Don't fail if we can't find N+1 key
* fedora: Try to load N+1 key from distribution-gpg-keys as well
* Add SignExpectedPcr= setting for UKI profiles
* mkosi-initrd: add option to build generic initrds
* mkosi-tools: Add qemu packages for --console=gui to Fedora
* man: document mkosi-addon in builtin configs
* Add "defer" setting for Verity
* Support unsigned verity backed extension/portable images
* Documentation fix
* arch: Bump initrd size
* Drop two unneeded calls to umask()
* completion: complete paths after verb for zsh
* completion: complete paths after verb for bash
* Drop debug message about not including firmware
* mkosi-initrd: Add extra kernel modules
* completion: complete paths after verb for fish
* build(deps): bump redhat-plumbers-in-action/differential-shellcheck
* build(deps): bump github/codeql-action from 3.28.0 to 3.28.8
* Bump version to 26~devel
* Release 25.3
* Update docs for universal secure boot/verity/pcr creds/sources
* Skip files outside of known paths for extension outputs
* Use directory in user's home as output directory if possible
* Fix condition when removing duplicate files from the overlay
* Calculate PE section size correctly
* config: add mkosi-addon
* Don't call have_cache() in reuse_cache()
* Make sure previous cache entries are gone in save_cache()
* Replace check_uid with a "tools" image check in have_cache()
* Treat terminal as dumb if either stdout or stderr is not a tty
* Make secure boot keys/crts/source config universal
* Fix verity signature check in case keys are configured
* mkosi-sandbox: Improve formatting of error messages
* Move want_uki() check out of build_uki_profiles()
* mkosi-initrd: handle PermissionError when reading /etc/crypttab
* mkosi-tools: Drop fish and zsh
* mkosi-tools: Stop installing dnf on Azure,OpenSUSE,Fedora
* zypper: pass --releasever option
* Log command line for abnormal signals
* opensuse: fix package name: btrfs-progs -> btrfsprogs
* mkosi-initrd: Add two more modules
* test_config: Reduce the number of tests
* Check if list matches are empty if empty string is matched against
* The dpkg architecture name for loongarch64 is loong64
* Use shutil.copy() to copy ovmf variables
* Use become_root_cmd() when running systemd-repart in run_shell() as well
* Bump version to 26~devel
* Release 25.2
* Use all threads when relabelling files with setfiles
* Only parse profiles from subimages and includes if those are dirs
* Make sure all config paths are absolute
* Bump version to 26~devel
* Release 25.1
* Fix accessing "name" field in busctl json output
* Use resource_path() to access files in our own module
* Remove unused variable
* Bump initrd sizes
* Do not check uid in have_cache() for default tools tree
* Add fallback to sudo if run0 is not available
* sandbox: Show better error on ENOSYS
* man: document kernel baseline for mkosi
* Create zipapp for mkosi sandbox like we do in generate-zipapp.sh
* news: fix typo detected by Lintian
* Remove depmod check in check_tools()
* Bump version to 26~devel
* Release 25
* Replace all 257~devel versions with 257
* Update NEWS
* docs: Remove outdated paragraph
* Add mkosi.pkgcache
* Remove unneeded assert
* Add option to save the BuildSourcesEphemeral overlay.
* mkosi-tools: Fix docs
* mkosi-tools: Install virt-firmware on Debian/Kali/Ubuntu/OpenSUSE
* mkosi-tools: Install pkcs11-provider on CentOS Stream 10
* mkosi-tools: Move linux-perf package definition into shared logic
* Update NEWS
* Simplify crypto-policies copying
* Add support for FirmwareVariables=microsoft-mok
-------------------------------------------------------------------
Thu Jan 23 07:40:45 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+746.g899dfbd4:
* tests: don't fail directory CI if lvm2-monitor.service fails
* Don't insist on pre-signed EFI binaries when ShimBootloader == signed
* Fix copying of crypto policies from tools tree
* Simplify finalize_firmware_variables() a little
* Remove unused argument from finalize_firmware_variables()
* ci: Use mkosi sandbox to run the integration tests
* tests: Setup logging properly
* tests: Always pass process environment to mkosi
* tests: Do not register test containers/vms with systemd-machined
* tests: Remove privilege dropping for image builds
* Move uid check back to have_cache()
* ci: Centralize package installation in unit-tests job
* ci: Move grub2 for opensuse to mkosi tools tree packages
* ci: Add centos tools tree CI
* ci: Re-enable Arch with ubuntu tools build
* tests: Skip booting from directory in user namespace with single user
* action: Only install package managers and debian-keyring
* centos: Install erofs-utils in tools tree
* mkosi-tools: Install systemd-ukify on Azure, CentOS and Fedora
* mkosi-tools: Fix architecture condition
* Make mkosi available inside mkosi sandbox via zipapp
* Remove mkosi.types to avoid conflict with standard library types.py
* Special case tools image in keyring_cache() and metadata_cache()
* Move keyring_cache() and metadata_cache() next to cache_tree_paths()
* Make Register= a feature
* Rework crypto-policies again
* appease spellchecker
* Use Initrds= for qemu direct kernel boot as a fallback
* docs: Make more clear that the SHA256SUMS is prefixed with the output
* Parse mkosi.profiles in included configuration
* Add support for pre-signed Bootloader variants without shim
* Drop out of date paragraph about not installing grub for EFI
* mkosi-initrd: Simplify
* mkosi-initrd: Add extra logging to kernel-install plugin
* mkosi-addon: Skip if provided kernel image is not a UKI
* Reduce duplication between mkosi-initrd and mkosi-addon
* Simplify KernelInstallContext.parse() a little
* qemu: Look for /usr/libexec/qemu-kvm as well
* Skip firmware descriptions without nvram-template
-------------------------------------------------------------------
Tue Jan 21 07:21:18 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+703.gca224737:
* man: Move plugin sections under the kernel-install section
* man: Generate mkosi-addon man page as well
* Add mkosi-addon and kernel-install plugin
* Use $HOME in current_home_dir() regardless of whether we're in it or not
* Enforce that images with Overlay=yes only add files
* Revert "action: Fix up $PATH as a workaround"
* Use os.walk() to remove empty directories
* mypy: enable scripts_are_modules
* Run modinfo from the tools tree when building a standalone extension image
* Pass in Context to functions in kmod.py
* Improve formatting of filter_kernel_modules()
* addon: Don't add initrd section if buildroot is empty
* Don't remove root directory when removing empty directories
* ci: Make kernel-install script checks more generic
* Make sure addon initrds are compressed as well
* Inverse output format check for run_shell()
* Make use of use_outer_compression() more
* Remove empty directories from extension images
* Don't check for populated OS root if Format == none
* Allow adding kernel modules in extension images
* Add kernel command line to addon
* Rename initrd-addon to addon
* Add ToolsTreeRelease= match
* Update NEWS
* centos: epel-next does not exist anymore since CentOS Stream 10
* centos: Bump default image to CentOS Stream 10 as well
* action: Fix up $PATH as a workaround
* Add package manager back to the cache manifest
* Rebuild default tools tree before cleaning up other images
* Improve cache manifest mismatch logging message
* fedora: Use a lower repository metadata expire time for rawhide
* Bump Arch initrd size again ...
* centos: Enable EPEL for c10s tools tree as well
* Look for the CentOS Stream official GPG in /etc/pki/rpm-gpg as well
* Only use a fallback in find_rpm_gpgkey() if one is defined
* Improve find_rpm_gpgkey() declaration formatting
* Fix type of second overload of find_rpm_gpgkey()
* action: Stop populating pacman keyring
* Add a keyring cache and use it for Arch Linux
* sandbox: Use dict to store bind mounts instead of set
* Introduce support for overriding system's DeviceTree
* Add support for machined registration using varlink
* Add missing parentheses to make sure we don't throw away scope for virtiofsd
* sandbox: Don't allow nested mkosi sandbox invocations
* sandbox: Drop tools tree in run_verb() instead of when parsing config
* sandbox: Make terminal background color cyan if on tty
* Use MKOSI_HOST_DISTRIBUTION in config_default_tools_tree_distribution()
* centos: Bump default release to 10
-------------------------------------------------------------------
Wed Jan 15 07:32:04 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+647.gc1ae257e:
* Make sure we use the same host distribution/release in sandbox
* Only add keylayouts to grub image on x86
* Update NEWS
* Make grub EFI logic architecture independent
* sandbox: Slight optimization
* Bind mount /dev/fuse in sandbox
* Only use extra search paths when running in sandbox
* apt: avoid ?exact-name for systemd packages
* ci: Don't run on push to main
* Drop support for Focal
* tests: Install lsof instead of dnsmasq
* Only mount /usr/share/factory if mount point exists in tools tree
* Fix passing repositories and sandbox trees to default initrd/tools
* Bump Arch initrd size
* ci: Disable Azure
* Specify --install-source=image when installing systemd-boot
* Add perf to tools tree
* mkosi-initrd: Add two more CPU modules
* doc: add missing continue if pandoc is not available
* Apply new ruff 0.9 formatting
* Use hosts preferred dnf version in mkosi-initrd
* action: Show CPU and memory
* Make dnf version checks consistent
* man: Reformulate triggering match sections a bit
* man: Implement various stye fixes
* mkosi-initrd: Remove /var/cache and /var/log from the initrd
* apt: drop usr-is-merged from essential list
* mkosi-vm: Drop duplicate systemd-boot
* Drop which from mkosi-vm
* Fix section
* Include linked firmware files
* Be less explicit about module matching sub directories
* Implement pretty_name() for custom distribution
* Copy /etc/hosts into sandbox as well if it exists
* Beef up DNS resolution a little
* Add missing sandbox for rmtree()
* Bump debian initrd size
* Add --console=interactive|read-only support for qemu vmm
* Don't try to remove cache entries of custom distro default initrd
* Keep more entries from $PATH in the sandbox
* Update comment
* Install btrfs-progs in CentOS Stream EPEL tools tree
* man: fix remaining mention of mkosi.pkgmngr
* Make CentOS Stream 10 + EPEL tools tree work
* Tools fixes
-------------------------------------------------------------------
Fri Jan 03 08:44:04 UTC 2025 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+595.g360161f1:
* Rename vsock config settings
* Make CDROM an upper case option
* build(deps): bump github/codeql-action from 3.27.5 to 3.28.0
* Parse profiles in subimages as well
* Rename various [Runtime] options and rename mkosi qemu to mkosi vm
* Add option to control whether to register with machined
* Drop support for pesign secure boot signtool
* Always check tools for build at the same place
* burn: Fail if no arguments are provided
* Wait until sandbox exec()'s specified command before continuing
* Move adding "--" to spawn()
* Move preexec() out of spawn()
* mkosi-initrd: Match both intel_vsec.ko and intel-vsec.ko
* mkosi-initrd: Add virtio_dma_buf kernel module
* Don't spawn a shell in sandbox if no command is provided
-------------------------------------------------------------------
Fri Dec 20 14:10:16 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+577.gba07d530:
* Pass -cpu host when using KVM
* Run ssh and ssh-keygen as fake root
* Use sandbox in finalize_credentials()
* sandbox: Make sure we use pacman keyring and crypto policies from tools tree
* Don't use ExtraSearchPaths= when building default tools tree
* Lower log level of messages about cache entries not existing
* Use "tools" as the cache key for the default tools tree
* Run binaries from ExtraSearchPaths= within tools tree
* Make --debug-workspace work even if mkosi doesn't fail
-------------------------------------------------------------------
Fri Dec 20 08:14:20 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+567.g7d453663:
* Drop PEAddons=
* Recommend symlinking to ~/.local/bin
* Rename [Host] section to [Runtime] section
* Move more settings from [Host] to [Build]
* Improve summary output a bit
* Add initrd-addon output format
* Improve formatting
* Refactor extension image helper methods
-------------------------------------------------------------------
Mon Dec 16 08:24:36 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+557.gb39de402:
* man: Improve style of KernelModulesInitrd
* Fix `SplitArtifacts=` to not split extra artifacts
* pacman: Make sure repositories from dropins take priority
* sandbox: Show better error on missing mountpoints
* tests: Build with --incremental=strict
* Remove package manager from cache manifest
* ci: Don't build tools tree as root
* Build incremental by default
-------------------------------------------------------------------
Fri Dec 13 10:10:05 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+547.gb6be07a7:
* Use host model cpu
* Rework crypto-policies handling slightly
* Don't do proxy mounts in relaxed sandbox
* docs: Add note about SandboxTrees= to SkeletonTrees=
* sandbox: Spit out some info when initial unshare gets EPERM
* mkosi-initrd: remove dpkg in newer ubuntu/debian releases
* mkosi-initrd: also take input from /etc/kernel/cmdline
* fedora: Bump default release to 41
* arch: Bump initrd size
* Only validate keys and certificates that are configured
* man: cover both systemd-dissect and portablectl in FAQ
* man: add an FAQ entry about PORTABLE_PREFIXES=
* Define virt as default QEMU machine for riscv64
* Bump github/codeql-action from 3.27.0 to 3.27.5
* debian: use pretty name in error message
* use Distribution.is_apt_distribution in detect_distribution
* Only run systemd-keyutil if secure boot key and cert exist
* sandbox: Bind mount on top of symlink if possible
* action: Fix symlink creation
* doc: make ToolsTreeDistribution default match easier to understand
* Improve error message formatting a bit
* Only remove initrd cache entries
* Add strict incremental check for default initrd
* action: Install to $HOME/.local/bin as well
* Skip tools checks for build step if output format is none
* Fix unified kernel image profiles check
* Fix Partition split_path calculation
* Improve maybe_compress() formatting
* Don't resolve deps if we're reusing previous config
* Revert "Remove tools argument from finaiize_default_initrd()"
-------------------------------------------------------------------
Wed Nov 27 08:33:39 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+515.g14e70bf5:
* Make sure ukify is recent enough to build UKI profiles
* Remove tools argument from finaiize_default_initrd()
* Rework default initrd cleanup
* Fix metadata removal
* Remove --force from default initrd command line
-------------------------------------------------------------------
Mon Nov 25 07:25:10 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+509.gfbf8f887:
* mkosi-initrd: Install btrfs-progs
* Fix typo
* nspawn: Fix uidmap for build directory
* Drop ForwardJournal= integration for coredumpctl and journalctl verbs
* Use tools tree again for ssh, coredumpctl and journalctl
* Fix CodeQL warning
* mkosi-tools: Only install pkcs11-provider where available
* Document where kernels go
* Clarify shell vs boot in man page
* mkosi-initrd: Disable split artifacts
* Include machine name in virtiofsd unit name
* Make ConfigSetting generic
* sysupdate: Make it work in combination with a tools tree
* mkosi-initrd: Include extra modules
* Keep track of collection resets from CLI arguments (fixes #3208)
* Improve formatting of needs_build() a little
* ci: make the output of the formatting job actionable
* Rename "systemd" signtool to "systemd-sbsign" signtool
* Pass sandbox to workdir() in one more function
* kmod: do not append glob to search for firmware if it is already there
-------------------------------------------------------------------
Tue Nov 19 13:09:39 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+488.gcbd7d159:
* Propagate --tools-tree-certificates to initrd build
* kernel-install: do not try to remove split artifacts
* kernel-install: plumb stdin/stdout
* kernel-install: do not remove uki from staging area
* kernel-install: name uki output with .efi suffix
* kernel-install: pass --kernel-image to mkosi-initrd if set
* mkosi-initrd: add --kernel-image parameter
* Require that default tools tree exists when mkosi -t none is invoked
* Also fail early if default tools tree is out of date without --force
* Remove distribution from tools tree cache name
* Drop dead code
* Rename some opts to be more consistent
* Add createrepo_c to Arch Linux tools tree
* archive: pass sandbox to workdir()
* Mark 50-mkosi.install as executable
* Add packages required for --qemu-gui to Arch tools tree
* qemu: Use advanced form of specifying display
* Install pkcs11-provider and opensc in tools tree
* Only allow certificate files when not using systemd-sbsign
* Fix condition to also check the certificate source type
* Don't require sbsigntools for secure boot auto enroll unless required
* Add ToolsTreePackageDirectories=
* Use passwd symlinks instead of bind mounts
* sandbox: Make --symlink work on top of existing files and symlinks
* sandbox; Only readlink() if the target is a symlink
* Check against 257~devel instead of 257
* Add sound device when QemuGui=true
* Add --debug-sandbox
* Detect home directories outside of /home properly
* Check for apt keyring in tools tree
* sandbox: Only create parent directories if dst does not exist yet
* sandbox: Akways use O_EXCL with O_CREAT
* Make Check-Valid-Until=false a default flag for apt-get
* Check that systemd-sbsign is available before using it.
* Fix new mypy error
* Make sure user provided cmdline is always last
* Check that BuildSources= inputs are directories
* fixup: GitHub Action: Install all required mkosi dependencies
* Fix man page reference to --tools-tree-packages
* Expose subimage name as envvar in scripts
* Add %I specifier for subimages
* Refactor resolve_deps and reorder after configure
* GitHub Action: Install all required mkosi dependencies
* Add support for systemd-sbsign and --certificate-source
* Don't put /usr/bin and /usr/sbin in front of extra search paths in $PATH
-------------------------------------------------------------------
Mon Nov 04 09:29:57 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+437.gaf207164:
* Add support for openssl providers as key sources
* Make sure we only parse [Include] and [Host] from builtin configs as well
* Remove sandbox verb from needs_build()
* Add support for bootctl secure boot auto enrollment
* Sort package list
* Add libseccomp to default tools tree
* Pass configured environment to ukify
* Set up a private session keyring for engine pin caching
* Set zero owner UUID for secure boot signature databases
* Add some extra tools tree packages to the default image
* Add sandbox verb
* Drop tools tree from cache manifest
* Always mount in /usr/share/factory from the host in relaxed sandbox
* Don't mount sandbox.py to /sandbox.py in relaxed sandbox
* Add PATH entries beneath the user's home to PATH in relaxed sandbox
* Ignore crypto mount if it only contains empty directories
* Don't remove default tools tree when mkosi -ff is used
* Make default tools tree output name distribution independent
* Make asyncio imports lazy
* Bump github/codeql-action from 3.26.10 to 3.27.0
* Bump actions/checkout from 4.2.0 to 4.2.2
* Remove BuildDirectory= from PrepareScripts=
* Fix qemu gui output on aarch64
* Map current user to root in subuid user namespace
* Show a proper error message if /etc/subuid or /etc/subgid doesn't exist.
* Pass through stdin to various signing tools if an engine is used
* Bind /run when an engine might be used instead of only /run/pcscd
* Parse local drop-in configuration files
* Never clean output directory when Format=none
* qemu: move removable_flag into device_type
* Use scsi-hd when QemuRemovable is enabled
-------------------------------------------------------------------
Tue Oct 29 13:37:06 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+401.g292d3d05:
* Check if firmware subdirectory still exists before trying to remove it
* Remove access to the output directory in build scripts
* Only run clean scripts when we clean up the output directory
-------------------------------------------------------------------
Tue Oct 29 09:46:31 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+397.g21d6298f:
* opensuse: remove sysuser-shadow from initrd
* Unset $CONFIG in prepare scripts
* Make sure verbs run in the current working directory
* Delete empty firmware subdirectories
* Use firmwared variable in one more place
-------------------------------------------------------------------
Mon Oct 28 14:24:33 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+391.gf509490a:
* Allow specifying OpenPGP implementation to use for signing
* opensuse: remove which from initrd
* mkosi-initrd: honor x-initrd.attach options in crypttab
* kernel-install: fix move of cpio output file
* man/mkosi-initrd: fix description of --output option
* Set qemu drive caching options for qemu drives as well
* mkosi-initrd: Include virtio_blk module
* Use virtio-blk-pci unless scsi-hd is really needed
* Make qemu drives and scratch device NOCOW as well
* Don't unconditionally enable epel for mkosi-initrd
* Implement default values for the simple config parser
* Make SplitArtifacts= take a list of values
* Refactor copy_{uki,vmlinuz,initrd}
* opensuse: prevent zypper from pulling busybox in the initrd
* Move copy_nspawn_settings
* Fix conf with settings in Content instead of Build
* Fix mkosi-initrd conf for CentOS EPEL
* Sync man and help output
-------------------------------------------------------------------
Mon Oct 14 07:46:25 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+371.g2195d95e:
* Fix repart definition for ESP builds
* Add erofs and fat utils to initrd
* Add erofs and fat utils to initrd
* Add a new QemuRemovable option to allow attaching the image to qemu as removable
* Add erofs and fat utils to initrd
* Clarify explanation of `Verity=` option
* Update description of `ToolsTreeDistribution=`
* Fix sections of various settings
* Log config file path where available on config file parse errors
* Check if tools tree exists before statting it in cache_manifest()
* Copy SYSEXT_LEVEL from os-release to extension-release as well
* Add Verity= feature
* Run various cleanup operations without the base trees mounted
* docs: Mention Format=none in sysext doc
* config: Make recursive_paths configurable with globs
* Make tools tree available in tests
* Put .profile section values in quotes if not alphanumeric
* Be specific about noqa tags
* Define our own config for PE addons and UKI profiles
* docs: fix broken man page link on the website
* Make find_binary()'s root argument optional
* Use fmt: skip instead of noqa in two places
* Remove DownloadUser from provided pacman.conf
* tree-wide: Use workdir() everywhere
* Make sure various directory exist when we shortcut sandbox_cmd()
* Make sure swtpm is run in a scope, not swtpm_setup
* Relax read-only mounts even more
* Allow signing expected PCRs independently of using secure boot
* Install tpm2.0-tools in opensuse tools tree
* Install python3-cryptography in opensuse tools tree
* Rename Profile= match to Profiles=
* Use openSUSE everywhere
* Print distribution pretty name on installation
* Move various settings to the [Build] section
* Introduce UnifiedKernelImageProfiles=
* Simplify run_ukify() and related functions a little
* mkosi-initrd: only set restrictive umask to create output dir if user is root
-------------------------------------------------------------------
Thu Oct 03 14:22:48 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+326.g6b0dfe58:
* mkosi-initrd: build using a temporary directory
* Drop %p profile specifier
* Profile= => Profiles= in two more places
* tests: Drop tools tree related options
* Enable repository key fetch for non-default ubuntu tools trees as well
* Allow detect_distribution() to read from root directory
* tests: Tune Fedora initrd size a little
* Rework tools tree cache manifest serialization
* tools: Don't use apt pattern for ubuntu-keyring
* tests: pass args correctly
* tests: Fix summary
* Don't store default kernel command line and credentials in Config
* Bump github/codeql-action from 3.26.6 to 3.26.10
* Bump actions/checkout from 4.1.7 to 4.2.0
* dnf: Drop yum fallback
* Don't pass in tools tree to default initrd in run_clean()
* Run diff without sandbox
* Evaluate tools_tree earlier
* Don't remount directory read-only if output directory is located in it
* docs: Add missing documentation for the completion verb
* docs: Document that the documentation verb takes arguments
* Fix broken man page links
* docs: Document how to include initrd in root verity doc
* docs: Add man page shortcuts
* docs: Make man page chapter configurable and encode it in the resource file name
* docs: Make news available to documentation verb
* opensuse: Force rpm ndb backend
* Set up rpm before dnf/zypper
* Don't create mountpoint in /var in sandbox
* Fix wrongly-quoted string.
* Make diff debug output in have_cache universal
* Reorder PeAddons= and fix summary name
* Clean cache directory in run_clean()
* Fix addons directory mode
* Add support for building PE addons
* Extract `ukify` call to separate function
* Don't use overlayfs for /etc and /opt in sandbox
* Update NEWS
* doc: Document script directories.
* Add support for mkosi.clean.d and drop mkosi.configure.d
* Add mkosi.*.d for automatic script discovery
* Add mkosi-vm default config
* Include /opt in sysext images
* Don't explicitly bind mount in keyrings from host into sandbox
* Add missing comma
* Fix signing with engine
* Also look for /usr/lib/systemd/systemd-measure when looking for measure
-------------------------------------------------------------------
Mon Sep 23 06:28:24 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+271.g803f5f8a:
* Add Incremental=strict
* Run build script without stdout to stderr redirection
* Show proper error if parsing history fails
* Fix invalid format specifiers
* Don't log if output already exists when using Format=none
* docs: Fix partition order for root verity docs
* Separate the PROFILES variables with spaces instead of commas
* Allow configuring more than one profile
* Read config from mkosi.local/ as well if it exists
* Parse profiles after mkosi.conf.d
* Use run0 instead of refusing to run commands that need root unprivileged
* dir-locals: set python-indent-def-block-scale to 1
* Reduce indentation in finalize_qemu_firmware
* Add comments demarking config sections
* Force multiline formatting in more places
* editorconfig: configure line length more widely
* ci: add ruff format check
* Reformat to 109 columns
* Format with ruff
-------------------------------------------------------------------
Fri Sep 20 17:39:22 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+248.gf2383b65:
* mkosi-initrd: set output mode 600 by default
* Add OutputMode= option
* Replace --tmpfs with --dir for tmpfs directories
* Move /etc/static symlink handling to finalize_crypto_mounts()
* Add back /etc/mtab symlink
* docs: Add doc on disk images with verity protected root partition
* Don't pick up definitions from the host when running burn
* Set repart definitions directory to / if we want to ignore system definitions
* cli: add back mkosi-initrd and mkosi-tools to mkosi.resources
-------------------------------------------------------------------
Wed Sep 18 14:15:48 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- specfile: update licenses in %files
-------------------------------------------------------------------
Wed Sep 18 14:08:27 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+236.g6c358ae:
* Run reuse in CI to detect license issues right away
* Add reuse integration for ensuring license compliance
* Run codespell in CI to detect spelling issues
* Fix typos identified by codespell
* Add codespell configuration
* Set pinentry mode to loopback for gpg
* Handle top level symlinks in relaxed sandbox
* Make entire /run available to gpg command
* Use workdir() for calculate_signature()
* Pass filename to oserror() in a few more cases
* Fix typo
* Remove incorrect use of workdir()
* Drop support for ; comments
* Fix more typos.
* Fix typo
* Make sure we only use workdir() for keys if they're a path on disk
* Make relaxed sandbox even more relaxed
* Mention roothash= and usrhash= in the kernel command line doc
* Log error when qemu itself fails
* Add back MachineId= setting
* Various improvements for Seed=
* Fix relative path calculation in filter_kernel_modules()
-------------------------------------------------------------------
Mon Sep 16 13:28:31 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+209.g2996d5e:
* Use workdir() in make_image()
* Make sure /var/tmp is not an overlayfs unless required
* Move /var/log creation from sandbox tree to sandbox_cmd()
* Drop dbus-broker and dbus-broker-units from Arch tools tree
* Cache repository metadata snapshot again
-------------------------------------------------------------------
Mon Sep 16 09:55:00 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Update to version 24.3+203.g8614e9d:
* Add some checks to check_inputs() for secure boot key and certificate
* Make code to deal with overlayfs "work" directory more robust
* Enable history for the default image
* mkosi.conf: Move CacheDirectory= to the [Build] section
* Use workdir for start_virtiofsd()
* Remove references of bubblewrap in docs/tools configuration
* Revert "tests: Show debug messages on console"
* Add more detail to NEWS
-------------------------------------------------------------------
Mon Sep 9 14:32:43 UTC 2024 - Valentin Lefebvre <valentin.lefebvre@suse.com>
- Revert last changes
* Remove new subpackage mkosi-initrd-tukit
* Do install 50-mkosi.install kernel-install script
- Create _service file to build mkosi from git main
-------------------------------------------------------------------
Tue Aug 20 11:26:10 UTC 2024 - Antonio Feijoo <antonio.feijoo@suse.com>
- Create new subpackage mkosi-initrd-tukit.
* This package adds a special mkosi-initrd wrapper to support creating initrds
on transactional systems. I.e., with transactional-update, a transaction
runs on a chroot, but mkosi requires bubblewrap, which uses pivot_root, and
that is known to fail on a chroot environment.
- Do not install 50-mkosi.install kernel-install script.
* Although kernel-install is provided in openSUSE, it is not run when a kernel
is installed or removed (this work is done by suse-module-tools). Also, even
calling it manually, it does not support the custom systemd-boot integration
in openSUSE.
-------------------------------------------------------------------
Thu Aug 1 13:29:36 UTC 2024 - Sebastian Wagner <sebix@sebix.at>
- remove env-shebang from /usr/lib/kernel/install.d/50-mkosi.install
-------------------------------------------------------------------
Tue Jul 30 12:16:44 UTC 2024 - Antonio Feijoo <antonio.feijoo@suse.com>
- Create new subpackage mkosi-initrd
- Add file %{_prefix}/lib/mkosi-initrd/mkosi.conf
-------------------------------------------------------------------
Sun Jul 28 21:38:24 UTC 2024 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- Update to 24.3:
* Check for $HOME environment variable as well.
- Update to 24.2:
* Look for $USER for the username before reading /etc/passwd
- Update to 24.1:
* completion: fix bash completion script
* Add some documentation on how to implement a new distribution
* Add missing init.py to mkosi/initrd/resources
* Handle dangling symlinks in rmtree() and run_clean()
* Handle failure to detect the distribution in test_parse_config()
- Update to 24:
* The default kernel command line of console=ttyS0 (or equivalent for
other architectures) has been removed. The required console=
argument to have the kernel output to the serial console has to be
added manually from v24 onwards.
* Support for installing local packages located in directories in
BuildSources= was dropped. Instead, the packages can be made
available for installation via PackageManagerTrees=.
* Configuration parsing was reworked to remove the need for the @
specifier and to streamline building multiple images with
mkosi.images/. If you were building multiple images with
mkosi.images/, you'll need to adapt your configuration to the
rework. Read the Building multiple images section in the
documentation for more information.
* mkosi has gained the option to generate completion scripts for bash,
fish and zsh. Packagers should generate the scripts during packaging
and ship them in the appropriate places.
* Added support for CentOS Stream 10.
* mkosi now installs a separate mkosi-initrd script that can be used
to build initramfs images intended for use on the local system.
* We do not automatically append centos-stream or fedora anymore to
CentOS (and derivatives) and Fedora mirrors specified with Mirror=
as not all mirrors store the repository metadata under these
subdirectories. Users are now required to add these subdirectories
themselves in Mirror=. If the EPEL repositories are enabled for
CentOS Stream (and derivatives) and Mirror= is used, we look for the
EPEL repositories in ../fedora relative to the mirror specified in
Mirror=.
* We now support compressed tar archives wherever we already accept tar
archives as input.
* We now always rerun the build if Format=none and don't remove
previous outputs in that case (unless --force is specified). This
allows using mkosi -t none to rerun the build scripts without
removing the previous image. This can then be combined with
RuntimeBuildSources=yes to make the build script outputs available
in a booted container or virtual machine so they can be installed
without having to rebuild the image.
* We now use virtconsole to provide the serial console when booting
with qemu.
* root=PARTUUID and mount.usr=PARTUUID on the kernel command line
are now automatically extended with the actual PARTUUID of the
corresponding partition.
* All available OpenSUSE repositories are now supported and can be
enabled with Repositories=.
* Building OpenSUSE aarch64 images is now supported
* mkosi dependencies was beefed up to handle more scenarios properly
* The default list of kernel modules that are always added to the
initramfs was extended with various virtualization modules.
* Added a Repositories= match.
* Cached images are now invalidated if packages specified via
PackageDirectories= change.
* Added VolatilePackageDirectories= which can be used to provide local
packages that do not invalidate cached images.
* mkosi.pkgmngr is now used as the default path for
PackageManagerTrees=.
* The package directory that build scripts can use to make built
packages available for installation ($PACKAGEDIR) is now shared
between all image builds. This means that packages built in earlier
images and stored in $PACKAGEDIR become available for installation
in all subsequent image builds.
* The default tools tree distribution is now chosen based on the host
distribution instead of the target distribution.
* mkosi can now be invoked from the initramfs.
-------------------------------------------------------------------
Thu Jun 13 09:23:17 UTC 2024 - Antonio Feijoo <antonio.feijoo@suse.com>
- Update package summary and description.
* BIOS support was removed in v14, but restored in v16.
- Remove dnf dependency.
* With openSUSE, zypper is a sufficient requirement for mkosi to work.
-------------------------------------------------------------------
Wed Jun 12 20:26:36 UTC 2024 - Sebastian Wagner <sebix@sebix.at>
- Removed obsolete patch opensuse-dont-install-distribution-release-by-default.patch
-------------------------------------------------------------------
Wed Jun 12 18:51:56 UTC 2024 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- Update to 23.1:
* Respin due to git tag mismatch
- Update to 23:
* Added CleanScripts= to allow running custom cleanup code whenever
mkosi cleans up the output directory. This allows cleaning up extra
outputs produced by e.g. a build script that mkosi doesn't know about.
* Added ConfigureScripts= to allow dynamically modifying the mkosi
configuration. Each configure script receives the current config as
JSON on stdin and should output the new config as JSON on stdout.
* When building a UKI, we don't measure for the TPM SHA1 PCR bank
anymore.
* All keys in the mkosi config JSON output are now in pascal case,
except for credentials and environments, where the keys encode names
of credentials and environment variables and are therefore case
sensitive.
* Added various settings to allow running mkosi behind a proxy.
* Various fixes to kernel module filtering that should result in fewer
modules being pulled into the default initrd when
KernelModulesExclude= or KernelModulesInitrdExclude= are used.
* Added ToolsTreeDistribution= match.
* Removed vmspawn verb and replaced it with VirtualMachineMonitor=.
* New specifiers for various directories were added. %D resolves to
the directory that mkosi was invoked in, %P to the current working
directory, and %C to the parent directory of the config file.
* Added ForwardJournal= to have systemd inside a container/VM forward
its journal to the specified file or directory.
Systemd scopes are now allocated for qemu, swtpm, virtiofsd and
systemd-journal-remote if available.
* The mkosi qemu virtual machine is now registered with
systemd-machined if available.
* Added new oci output format
* Runtime trees without a target are now mounted to /root/src instead
of a subdirectory of it (To have the same behaviour as
BuildSources=).
* Added RuntimeBuildSources= to mount build and source directories
when booting the image with mkosi nspawn or mkosi qemu.
Introduced --append to allow command line settings to be parsed
after parsing configuration files.
* distribution-release is not installed by default anymore on
OpenSUSE.
* Setting QemuSmp= to 0 will now make qemu use all available CPUs
* Free page reporting and discard request processing are now enabled by
default in VMs spawned by mkosi qemu.
* Added ToolsTreeCertificates= to allow configuring whether to use
certificates and keys from the tools tree (if one is used) or the
host.
* Added never for CacheOnly= to specify that repository metadata
should always be refreshed.
* Renamed the none option for CacheOnly= to auto.
* Added ProxyExclude= to configure hostnames for which requests should
not go through the configured proxy.
* The default tools tree is now reused on incremental builds.
* Added VolatilePackages= and InitrdVolatilePackages= to configure
packages that should be installed after executing build scripts and
which should not be cached when using Incremental=.
* PackageDirectories= now has an associated default path
mkosi.packages.
* reprepro is now used to generate local apt repositories.
* Support for BSD tar/cpio was dropped.
* When both ExtraSearchPaths= and ToolsTree= are used, mkosi will
now prefer running a binary found in ExtraSearchPaths= without the
tools tree over running the binary from the tools tree. If a binary is
not found in ExtraSearchPaths=, the tools tree is used instead.
* An artifact directory is now made available when running scripts which
can be used to pass around data between different scripts. mkosi will
also look for microcode and initrds in the artifact directory under
the io.mkosi.microcode and io.mkosi.initrd subdirectories.
* Added Environment= match setting to check for environment variables
defined with the Environment= setting.
* The basesystem package is now always installed in Fedora and
CentOS images instead of the filesystem package.
* The qemu, shell and boot verbs do not automatically build the
image anymore unless --force is specified.
* SplitArtifacts= is now supported for the portable, sysext and
confext outputs.
* The WithDocs= option was implemented for pacman-based distributions.
* The default Fedora release was bumped to 40.
* QemuSwtpm= can now be used with QemuFirmware= set to linux or
bios.
* Added UnitProperties= to allow configure properties on the scopes
generated by systemd-nspawn and systemd-run.
* mkosi now only builds a single default tools tree per build using the
settings from the last regular image that we'll build.
* Configure scripts are now only executed for verbs which imply an image
build and are executed with the tools tree instead of without it.
* $QEMU_ARCHITECTURE is now set for configure scripts to easily allow
scripts to figure out which qemu binary will be used to run qemu.
* A file ID can now be specified for QemuDrives=. This allows adding
multiple qemu drives that are backed by the same file.
* mkosi doesn't fail anymore if images already exist when running
mkosi build.
* Image names from mkosi.images/ are now preferred over the specified
image ID when determining the output filename to use for an image.
--include now has a shorthand option -I.
* The WITH_NETWORK environment variable is now passed to build and
finalize scripts.
* We now clamp mtimes to the specified source date epoch timestamp
instead of resetting all mtimes. This means that we won't touch any
mtimes that are already older than the given source date epoch
timestamp.
* Removed support for CentOS 8 Stream as it is now EOL.
* The coredumpctl and journalctl verbs now operrate on the path
specified in ForwardJournal= if one is set.
* Added UnifiedKernelImageFormat= format setting to allow configuring
the naming of unified kernel images generated by mkosi.
* The versionlock plugin is now enabled by default for dnf with a noop
configuration.
* Repositories= is now implemented for zypper.
* KernelModulesInclude= and KernelModulesInitrdInclude= now take the
special values host and default to include the host's loaded
modules and the default kernel modules defined in mkosi-initrd
respectively.
* KernelModulesIncludeHost= and KernelModulesInitrdIncludeHost= are
now deprecated.
* Added mkosi dependencies to output the list of packages required by
mkosi to build and boot images.
-------------------------------------------------------------------
Tue Jun 4 13:59:06 UTC 2024 - Franck Bui <fbui@suse.com>
- Drop requirement on systemd-experimental.
It's no longer necessary as systemd-repart is no more considered as an
experimental tool and is now shipped by udev. Also the hard requirement was a
bit too strong since systemd-repart is only required when building disk
images.
-------------------------------------------------------------------
Mon May 27 15:50:17 UTC 2024 - Alberto Planas Dominguez <aplanas@suse.com>
- Add opensuse-dont-install-distribution-release-by-default.patch
-------------------------------------------------------------------
Tue Mar 26 14:37:39 UTC 2024 - Richard Brown <rbrown@suse.com>
- Correct dependencies after discussions with upstream
* Requires: systemd-experimental for systemd-repart needed to build disk images
* Requires: bubblewrap as bbwrap is called during build
* Requires: zypper
* Recommends: squashfs, tar, and xz as they are all optional features
* Remove recommends for tools they no longer support
-------------------------------------------------------------------
Fri Mar 15 08:27:02 UTC 2024 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- Update to 22:
* We'll now try to delete btrfs subvolumes with btrfs subvolume delete
first before falling back to recursively deleting the directory.
* The invoking user is now always mapped to root when running sync
scripts. This fixes an issue where we would fail when a package
manager tree or skeleton tree contained a /usr directory as we would
not have permissions to run mount in the sandbox.
* We now use qemu's official firmware descriptions to find EDK2/OVMF
UEFI firmware. Addititionally, QemuFirmware=uefi now boots without
SecureBoot support, and QemuFirmware=uefi-secure-boot was introduced
to boot with SecureBoot support. By default we will still boot with
SecureBoot support if QemuFirmware=auto.
* Added support for QemuFirmwareVariables=custom and
QemuFirmwareVariables=microsoft to use OVMF/EDK2 variables with
either the user's custom keys enrolled or with the Microsoft keys
enrolled.
* Added UnifiedKernelImages= to control whether we generate unified
kernel images or not.
* Bootloader=grub will now generate a grub EFI image and install it.
If SecureBoot= is enabled and ShimBootloader= is not set to
signed, the grub EFI image will be signed for SecureBoot.
* ShimBootloader=signed will now also instruct mkosi to look for and
install already signed grub, systemd-boot, kernel and UKI binaries.
* We now build grub images with a fixed set of modules and don't copy
any grub modules to the ESP anymore.
* The configuration is now made available as a JSON file to all mkosi
scripts via the $MKOSI_CONFIG environment variable.
* $PROFILE is now set for all mkosi scripts containing the value of
Profile= if it is set.
-------------------------------------------------------------------
Mon Mar 11 14:34:03 UTC 2024 - Joshua Smith <jsmithfpv@gmail.com>
- Update to 21:
* We now handle unmerged-usr systems correctly
* Builtin configs (mkosi-initrd, mkosi-tools) can now be included
using Include= (e.g. Include=mkosi-initrd)
* The kernel-install plugin now uses the builtin mkosi-initrd
config so there's no need anymore to copy the full mkosi-initrd
config into /usr/lib/mkosi-initrd.
* We don't require a build anymore for the journalctl and
coredumpctl verbs.
* mkosi ssh works again when used with ToolsTree=default
* We now use .zst instead of .zstd for compressed split artifacts
produced by systemd-repart.
* systemd-repart uses a persistent temporary directory again for
assembling images instead of a tmpfs.
* Added MicrocodeHost= setting to only include the CPU specific
microcode for the current host system.
* The kernel-install plugin now only includes the CPU specific
microcode
* Introduced PackageCacheDirectory= to set the directory for
package manager caches. This setting defaults to a suitable
location in the system or user directory depending on how mkosi
is invoked.
* CacheDirectory= is only used for incremental cached images now.
* Repository metadata is now synced once at the start of each
image build and never during an image build. Each image
includes a snapshot of the repository metadata in the canonical
locations in /var so that incremental images and extension
images can reuse the same snapshot. When building an image
intended to be used with
* BaseTrees=, disable CleanPackageMetadata= to make sure the
repository metadata in /var is not cleaned up, otherwise any
extension images using this image as their base tree will not
be able to install additional packages.
* Implemented CacheOnly=metadata. Note that in the JSON output,
the value of CacheOnly= will now be a string instead of a
boolean.
* Added CompressLevel= to set the compression level to use.
* Dropped experimental Gentoo support.
* Added TriggerMatch= to specify multiple match sections of which
only one should be satisfied.
* Added jq, attr, acl, git, sed, grep and findutils to the
default tools tree.
* Added mkosi-install, mkosi-upgrade, mkosi-remove and
mkosi-reinstall scripts which allow writing scripts that are
independent of the package manager being used to build the
image.
* We now expand specifiers in Match section values
* Made GPG key handling for Fedora rawhide more robust
* If systemd-repart 256 or newer is available, mkosi will
instruct it to generate /etc/fstab and /etc/crypttab for the
image if any partition definitions contain the corresponding
settings (MountPoint= and EncryptedVolume=).
* bash is now started in the debug shell instead of sh.
* The default release for Ubuntu is now noble.
* Ubuntu is now used as the default tools tree distribution for
Ubuntu instead of Debian.
* Added mkosi vmspawn which boots the image with systemd-vmspawn.
* Note that systemd-vmspawn is experimental and its interface
may still change. As such mkosi vmspawn is also considered
experimental.
* Note that systemd-vmspawn version 256 or newer is required.
* Added SyncScripts= which can be used to update various build
sources before starting the image build.
* The DISTRIBUTION= and RELEASE= environment variables are now
set when running scripts.
* Added ToolsTreeRepositories= and ToolsTreePackageManagerTrees=.
* Added RuntimeNetwork= to configure the networking used when
booting the image.
* Added SecureBootKeySource= and VerityKeySource= to support
signing images with OpenSSL engines. Note that these settings
require various systemd tools to be version 256 or newer.
* We don't clean up package manager metadata anymore unless
explicitly requested with CleanPackageManagerMetadata=yes when
building directory and tar images.
-------------------------------------------------------------------
Mon Jan 22 14:07:58 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 20.2:
* Fixed a bug in signing unsigned shim EFI binaries.
* We now build an early microcode initrd in the mkosi kernel-
install plugin.
* Added `PackageDirectories=` to allow providing extra packages
to be made available during the build.
* Fixed issue where `KernelModulesIncludeHost` was including
unnecessary modules
* Fixed `--mirror` specification for CentOS (and variants) and
Fedora.
* Previously a subdirectory within the mirror had to be
specified which prevented using CentOS and EPEL repositories
from the same mirror. Now only the URL has be specified.
* We now mount package manager cache directories when running
scripts on the host so that any packages installed in scripts
are properly cached.
* We don't download filelists on Fedora anymore
* Nested build sources don't cause errors anymore when trying
to install packages.
* We don't try to build the same tools tree more than once
anymore when building multiple images.
* We now create the `/etc/mtab` compatibility symlink in
mkosi's sandbox.
* We now always hash the root password ourselves instead of
leaving it to `systemd-firstboot`.
* `/srv` and `/mnt` are not mounted read-only anymore during
builds.
* Fixed a crash when running mkosi in a directory with fewer
than two parent directories.
* Implemented `RepositoryKeyCheck=` for apt-based
distributions.
-------------------------------------------------------------------
Mon Jan 22 09:58:59 UTC 2024 - Dirk Müller <dmueller@suse.com>
- update to 20.1:
* `BuildSources=` are now mounted when we install packages so
local packages can be made available in the sandbox.
* Fixed check to see if we're running as root which makes sure
we don't do shared mounts when running as root.
* The extension release file is now actually written when
building system or configuration extensions.
* The nspawn settings are copied to the output directory again.
* Incremental caching is now skipped when `Overlay=` is enabled
as this combination isn't supported.
* The SELinux relabel check is more granular and now checks for
all required files instead of just whether there's a policy
configured.
* `qemu-system-xxx` binaries are now preferred over the generic
`qemu` and `qemu-kvm` binaries.
* Grub tools from the tools tree are now used to install grub
instead of grub tools from the image itself. The grub tools
were added to the default tools trees as well.
* The pacman keyring in tools trees is now only populated from
the Arch Linux keyring (and not the Debian/Ubuntu ones anymore).
* `gpg` is allowed to access `/run/pscsd/pscsd.comm` on the
host if it exists to allow interaction with smartcards.
* The current working directory is not mounted unconditionally
to `/work/src` anymore. Instead, the default value for
`BuildSources=` now mounts the current working directory
to `/work/src`. This means that the current working directory
is no longer implicitly included when `BuildSources=` is
explicitly configured.
* Assigning the empty string to a setting that takes a list of
values now overrides any configured default value as well.
* The github action does not build and install systemd from
source anymore. Instead, `ToolsTree=default` can be used to
make sure a recent version of systemd is used to do the image
build.
* Added `EnvironmentFiles=` to read environment variables from
* environment files.
* We drastically reduced how much of the host system we expose
to scripts. Aside from `/usr`, a few directories in `/etc`,
`/tmp`, `/var/tmp` and various directories configured in mkosi
settings, all host directories are hidden from scripts,
package managers and other tools executed by mkosi.
* Added `RuntimeScratch=` to automatically mount a directory
with extra scratch space into mkosi-spawned containers and
virtual machines.
* Package manager trees can now be used to configure every tool
invoked by mkosi while building an image that reads config
files from `/etc` or `/usr`.
* Added `SELinuxRelabel=` to specify whether to relabel selinux
files or not.
* Many fixes to tools trees were made and tools trees are now
covered by CI. Some combinations aren't possible yet but
we're actively working to make these possible.
* `mkosi qemu` now supports direct kernel boots of `s390x` and
`powerpc` images.
* Added `HostArchitecture=` match to match against the host
* architecture.
* We don't use the user's SSH public/private keypair anymore
for `mkosi ssh` but instead use a separate key pair which
can be generated by `mkosi genkey`. Users using `mkosi ssh`
will have to run `mkosi genkey` once to generate the necessary
files to keep `mkosi ssh` working.
* We don't automatically set `--offline=no` anymore when we
detect the `Subvolumes=` setting is used in a `systemd-repart`
partition definition file. Instead, use the new
`RepartOffline=` option to explicitly disable running
`systemd-repart` in offline mode.
* During the image build we now install UKIs/kernels/initrds to
`/boot` instead of `/efi`. While this will generally not be
noticeable, users with custom systemd-repart ESP partition
definitions will need to add `CopyFiles=/boot:/` along with
the usual `CopyFiles=/efi:/` to their ESP partition
definitions. By installing UKIs/kernels/initrds
to `/boot`, it becomes possible to use `/boot` to populate an
XBOOTLDR partition which wasn't possible before. Note that
this is also safe to do before `v20` so `CopyFiles=/boot:/`
can unconditionally be added to any ESP partition definition
files.
* Added `QemuFirmwareVariables=` to allow specifying a custom
OVMF variables file to use.
* Added `MinimumVersion=` to allow specifying the minimum
required mkosi version to build an image.
* Added support for Arch Linux's debug repositories.
* Merged the mkosi-initrd project into mkosi itself. mkosi-
initrd is now used to build the default initrd.
* Implemented mkosi-initrd for all supported distributions.
* Added `ShimBootloader=` to support installing shim to the
ESP.
* Added sysext, confext and portable output formats. These will
produce signed disk images that can be used as sysexts,
confexts and portable services respectively.
* Added `QemuVsockConnectionId=` to configure how to allocate
the vsock connection ID when `QemUVsock=` is enabled.
* Added documentation on how to build sysexts with mkosi.
* Global systemd user presets are now also configured.
* Implemented `WithDocs=` for `apt`.
* On supported package managers, locale data for other locales
is now stripped if the local is explicitly configured using
`Locale=`.
* All `rpm` plugins are now disabled when building images.
* Added `KernelModulesIncludeHost=` and
`KernelModulesInitrdIncludeHost=` to only include modules
loaded on the host system in the image/initrd respectively.
* Implemented `RemovePackages=` for Arch Linux.
* Added `useradd` and `groupadd` scripts to configure these
binaries to operate on the image during builds instead on
the host.
* Added microcode support. If installed into the image, an
early microcode initrd will automatically be built and
prepended to the initrd.
* A passwordless root account may now be created by specifying
`hashed:`.
* The `Autologin=` feature was extended with support for
`arm64`, `s390x` and `powerpc` architectures.
* Added `SecureBootAutoEnroll=` to control automatic enrollment
of secureboot keys separately from signing `systemd-boot`
and generated UKIs.
* `ImageVersion=` is no longer automatically appended to the
output files, instead this is automatically appended to
`Output=` if not specified and results in the `%o` specifier
being equivalent to `%i` or `%i_%v` depending on whether
`ImageVersion=` is specified.
-------------------------------------------------------------------
Mon Nov 20 09:21:06 UTC 2023 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- update to v19:
* Support for RHEL was added!
* Added journalctl and coredumpctl verbs for running the respective tools on
built directory or disk images.
* Added a burn verb to write the output image to a block device.
* Added a new esp output format, which is large similar to the existing uki
output format but wraps it in a disk image with only an ESP.
* Presets were renamed to Images. mkosi.images/ is now used instead of
mkosi.presets/, the Presets= setting was renamed to Images= and the Presets
section was merged into the Config section. The old names can still be used
for backwards compatibility.
* Added profiles to support building variants of the same image in one
repository. Profiles can be defined in mkosi.profiles/ and one can be
selected using the new Profile= setting.
* mkosi will now parse mkosi.local.conf before any other config files if that
exists.
* Added a kernel-install plugin. This is only shipped in source tree and not
included in the Python module.
* Added a --json option to get the output of mkosi summary as JSON.
* Added shorthand -a for --autologin.
* Scripts with the .chroot extension are now executed in the image
automatically.
* Added rpm helper script to have rpm automatically operate on the image when
running scripts.
* Added mkosi-as-caller helper script that can be used in scripts to run
commands as the user invoking mkosi.
* mkosi-chroot will now start a shell if no arguments are specified.
* Added WithRecommends= to configure whether to install recommended packages
by default or not where this is supported. It is disabled by default.
* Added ToolsTreeMirror= setting for configuring the mirror to use for the
default tools tree.
* WithDocs= is now enabled by default.
* Added BuildSourcesEphemeral= to make source directories ephemeral when
running scripts. This means any changes made to source directories while
running scripts will be undone after the scripts have finished executing.
* Added QemuDrives= to have mkosi create extra qemu drives and pass them to
qemu when using the qemu verb.
* Added BuildSources= match to match against configured build source targets.
* PackageManagerTrees= was moved to the Distribution section.
* We now automatically configure the qemu firmware, kernel cmdline and initrd
based on what type of kernel is passed by the user via -kernel or
QemuKernel=.
* The mkosi repository itself now ships configuration to build basic bootable
images that can be used to test mkosi.
* Added support for enabling updates-testing repositories for Fedora.
* GPG keys for CentOS, Fedora, Alma and Rocky are now looked up locally first
before fetching them remotely.
* Signatures are not required for local packages on Arch anymore.
* Packages on opensuse are now always downloaded in advance before
installation when using zypper.
* The tar output is now reproducible.
* We now make sure git can be executed from mkosi scripts without running
into permission errors.
* We don't create subdirectories beneath the configured cache directory anymore.
* Workspace directories are now created outside of any source directories.
mkosi will either use XDG_CACHE_HOME, $HOME/.cache or /var/tmp depending on
the situation.
* Added environment variable MKOSI_DNF to override which dnf to use for
building images (dnf or dnf5).
* The rootfs can now be modified when running build scripts (with all changes
thrown away after the last build script has been executed).
* mkosi now fails if configuration specified via the CLI does not apply to
any image (because it is overridden).
* Added a new doc on building rpms from source with mkosi
(docs/building-rpms-from-source.md).
* /etc/resolv.conf will now only be mounted for scripts when they are run
with network access.
-------------------------------------------------------------------
Sat Nov 18 13:17:19 UTC 2023 - Sebastian Wagner <sebix@sebix.at>
- set singlepython version to python3 instead of python311 to allow build on Leap and not require changes on every Python change in Tumbleweed
-------------------------------------------------------------------
Mon Nov 14 08:20:28 UTC 2023 - Fredrik Lönnegren <fredrik.lonnegren@suse.com>
- update to v18:
* $SCRIPT was renamed to $CHROOT_SCRIPT. $SCRIPT can still be used
but is considered deprecated.
* Added RuntimeTrees= setting to mount directories when booting images
via mkosi boot, mkosi shell or mkosi qemu. The directories are
mounted with a uid map that maps the user invoking mkosi to the root
user so that all files in the directory appear as if owned by the root
user in the container or virtual machine and any new files created in
the directories are owned by the user invoking mkosi. To make this
work in VMs, we use VirtioFS via virtiofsd. Note that this
requires systemd v254 or newer to be installed in the image.
* Added support for booting directory images with mkosi qemu via
VirtioFS. When CONFIG_VIRTIOFS and CONFIG_VIRTIO_PCI are builtin
modules, no initramfs is required to make this work.
* Added Include= or --include to include extra configuration files
or directories.
* Added support for specifiers to access the current value of certain
settings during configuration file parsing.
* mkosi will now exit with an error when no configuration was
provided.
* Multiple scripts of the same type are now supported.
* Custom distributions are now supported via the new custom
distribution. When using custom as the distribution, the rootfs must
be provided via base trees, skeleton trees or prepare scripts.
* We now use local GPG keys for rpm based distributions if the
distribution-gpg-keys package is installed on the host.
* Added RuntimeSize= to grow the image to a specific size before
booting it when using mkosi boot or mkosi qemu.
* We now set MKOSI_UID and MKOSI_GID when running scripts which are
set to the uid and gid of the user invoking mkosi respectively. These
can be used to run commands as the user that invoked mkosi.
* Added an Architecture= match
* Initrds specified with Initrds= are now used for grub menuentries as
well.
* ImageId= and ImageVersion= are now written to os-release as
IMAGE_ID and IMAGE_VERSION if provided.
* We pass command line arguments passed to the build verb to the build
script again.
* We added support for the "RHEL Universal Base Image" distribution.
- update to v17.1:
* Fixed bug where --autologin was broken when used in combination with
a tools tree when using a packaged version of mkosi.
- update to v17:
* Added ToolsTreePackages= to add extra packages to the default tools
tree.
* Added SystemdVersion= match to match on the host's systemd version
* Added Format= match to match on the configured output format
* Presets= can now be configured in global configuration files to select
which presets to build
* UKIs can now be booted using direct linux boot.
* We don't try to make images UEFI bootable anymore on architectures
that do not support UEFI
* Fixed --help to show all options again
* We now warn when settings are configured in the wrong section
- update to v16:
* mkosi.version is now picked up from preset and dropin directories as
well following the usual config precedence logic
* Removed the "first assignment wins" logic from configuration parsing.
Settings parsed later will now override earlier values
* Removed the ! operator for lists. Instead, assign the empty string
to the list to remove all previous values.
* Added support for configuring custom default values for settings by
prefixing their name in the configuration file with @.
* Added QemuCdrom= to attach the image to the virtual machine as a
CD-ROM instead of a block device.
* Added SectorSize= to set the sector size of the disk images built by
systemd-repart.
* Added back grub support (BIOS/UEFI). Note that we don't install grub
on UEFI yet but we do add the necessary configuration and partitions.
* Added Bootloader= option to configure which EFI bootloader to
install. Added uki option to install just the UKI without
systemd-boot and grub to generate grub configuration to chainload
into the built UKIs.
* Added BiosBootloader= to configure whether grub for BIOS gets
installed or not.
* Added QemuFirmware= to select which qemu firmware to use (OVMF,
Seabios or direct kernel boot).
* Added QemuKernel= to specify the kernel that should be used with
direct kernel boot.
* /var/lib/dbus/machine-id is now removed if it was added by a package
manager postinstall script.
* The manifest is not generated by default anymore. Use
ManifestFormat=json to make sure the manifest is generated.
* Added SourceDateEpoch= to enable more reproducible image builds.
* Added Seed= to set the seed passed to systemd-repart.
* Updated the default Fedora release to Fedora 39.
* If ToolsTree= is set to default, mkosi will now build a default
tools tree containing all the necessary tools to build images. The
distribution and release to use can be configured with
ToolsTreeDistribution= and ToolsTreeRelease= or are determined
automatically based on the image being built.
* Added uki output format. This is similar to cpio, except the cpio
is packaged up as a UKI with a kernel image and stub picked up from
the rootfs.
- update to v15.1:
* Migrated to systemd-repart. Many options are dropped in favor of specifying them directly
in repart partition definition files:
- Format=gpt_xxx options are replaced with a single "disk" options. Filesystem to use can now be specified with repart's Format= option
- Format=plain_squashfs (Can be reproduced by a single repart squashfs
root partition combined with SplitArtifacts=yes)
- Verity= (Replaced by repart's Verity= options)
- Encrypt= (Replaced by repart's Encrypt= option)
- RootSize=, HomeSize=, VarSize=, TmpSize=, ESPSize=, SwapSize=, SrvSize=
(Replaced by repart's size options)
- UsrOnly= (replaced with CopyFiles=/:/usr in a usr partition definition)
- OutputSplitRoot=, OutputSplitVerity=, (Replaced by repart's SplitName= option)
- OutputSplitKernel= (UKI is now always written to its own output file)
- GPTFirstLBA (Removed, no equivalent in repart)
- ReadOnly= (Replaced by repart's ReadOnly= option per partition)
- Minimize= (Replaced by repart's Minimize= option per partition)
- CompressFs= (No equivalent in repart, can be replicated by replacing mkfs.
in $PATH with a script that adds the necessary command line option)
- MkSquashfs= (Can be replaced with a script in $PATH that invokes
the correct binary)
* We also remove the WithoutUnifiedKernelImages= switch as building unified
kernel images is trivial and fast these days.
* Support for --qemu-boot was dropped
* Support for --use-host-repositories was dropped, use --repository-directory instead
* RepositoryDirectory was removed, use PackageManagerTrees= or SkeletonTrees= instead.
* --repositories is now only usable on Debian/RPM based distros and can only be used to enable additional
repositories. Specifically, it cannot be used on Arch Linux anymore to add new repositories.
* The _epel distributions were removed. Use --repositories=epel instead to enable
the EPEL repository.
* Removed -stream from CentOS release specifiers. Instead of specifying 8-stream,
you know just specify 8.
* Removed default kernel command line arguments rhgb, selinux=0 and audit=0.
* Dropped --all and --all-directory as this functionality is better implemented by
using a build system.
* mkosi now builds images without needing root privileges.
* Removed --no-chown, --idmap and --nspawn-keep-unit options as they were made obsolete by moving to
rootless builds.
* Removed --source-file-transfer, --source-file-transfer-final, --source-resolve-symlinks and
--source-resolve-symlinks-final in favor of always mounting the source directory into the build image.
--source-file-transfer-final might be reimplemented in the future using virtiofsd.
* Dropped --include-dir option. Usage can be replaced by using --incremental and reading includes from
the cached build image tree.
* Removed --machine-id in favor of shipping images without a machine ID at all.
* Removed --skip-final-phase as we only have a single phase now.
* The post install script is only called for the final image now and not for the build image anymore. Use the
prepare script instead.
* --ssh-key, --ssh-agent, --ssh-port and --ssh-timeout options were dropped as the SSH support was
reimplemented using VSock. mkosi ssh can only be used with images booted with mkosi qemu. Use
machinectl to access images booted with mkosi boot. Use --extra-tree or --credential with the
.ssh.authorized_keys.root credentials as alternatives for provisioning the public key inside the image.
* Only configuration files matching *.conf are parsed in dropin directories now.
* Removed --qemu-headless, we now start qemu in the terminal by default and configure the serial console at
runtime. Use the new --qemu-gui option to start qemu in its graphical interface.
* Removed --netdev. Can be replaced by manually installing systemd-networkd, putting a network file in the
image and enabling systemd-networkd.
* If mkosi.extra/ or mkosi.skeleton/ exist, they are now always used instead of only when no explicit
extra/skeleton trees are defined.
* mkosi doesn't install any default packages anymore aside from packages required by the distro or the base
filesystem layout package if there are no required packages. In practice, this means systemd and other
basic tools have to be installed explicitly from now on.
* Removed --base-packages as it's not needed anymore since we don't install any packages by default anymore
aside from the base filesystem layout package.
* Removed --qcow2 option in favor of supporting only raw disk images as the disk image output format.
* Removed --bmap option as it can be trivially added manually by utilizing a finalize script.
* The never value for --with-network was spun of into its own custom option --cache-only.
* --bootable now defaults to auto. When set to auto, mkosi will generate a bootable image only if all
the necessary packages are installed. Documentation was added in docs/bootable.md on how a bootable image
can be generated on mainstream distros.
* The RPM db is no longer rebuilt in bdb format on CentOS Stream 8. To be able to install packages on a
CentOS Stream 8 image with a RPM db in sqlite format, rewrite the db in bdb format using
rpm --rebuilddb --define _db_backend bdb.
* Repositories are now only written to /etc/apt/sources.list if apt is installed in the image.
* Removed the dependency on debootstrap to build Ubuntu or Debian images.
* Apt now uses the keyring from the host instead of the keyring from the image. This means
debian-archive-keyring or ubuntu-archive-keyring are now required to be installed to build Debian or
Ubuntu images respectively.
* --base-image is split into --base-tree and --overlay.
* Removed --cache-initrd, instead, use a prebuilt initrd with Initrds= to avoid rebuilding the initrd all
the time.
* Disk images are now resized to 8G when booted to give some disk space to play around with in the booted
image.
* Removed --install-directory= option. This was originally added for caching the installation results, but
this doesn't work properly as it might result in leftover files in the install directory from a previous
installation, so we have to empty the directory before reusing it, invalidating the caching, so the option
was removed.
* Build scripts are now executed on the host. See the SCRIPTS section
in the manual for more information. Existing build scripts will need
to be updated to make sure they keep working. Specifically, most paths
in scripts will need to be prefixed with $BUILDROOT to have them
operate on the image instead of on the host system. To ensure the host
system cannot be modified when running a script, most host directories
are mounted read-only when running a script to ensure a script cannot
modify the host in any way. Alternatively to making the script run on
the host, the script can also still be executed in the image itself by
putting the following snippet at the top of the script:
if [ "$container" != "mkosi" ]; then
exec mkosi-chroot "$SCRIPT" "$@"
fi
* Removed --tar-strip-selinux-context= option. We now label all files
properly if selinux is enabled and if users don't want the labels,
they can simply exclude them when extracting the archive.
* Gentoo is now marked as experimental and unsupported and there's no
guarantee at all that it will work. Issues related to gentoo will
generally not receive attention from core maintainers. All gentoo
specific hacks outside of the gentoo implementation module have been
removed.
* A verb documentation has been added. Calling mkosi with this verb will show
the documentation. This is useful when running mkosi during development to
always have the documentation in the correct version available. By default it
will try several ways to output the documentation, but a specific option can
be chosen with the --doc-format option. Distro packagers are encouraged to
add a file mkosi.1 into the mkosi/resources directory of the Python
package, if it is missing, as well es install it in the appropriate search
path for man pages. The man page can be generated from the markdown file
mkosi/resources/mkosi.md e.g via pandoc -t man -s -o mkosi.1 mkosi.md.
* The man page can be generated from the markdown file via
tools/make-man-page.sh.
* Fixed issue where not all packages and data files where included in
the generated python package.
* mkosi doesn't try to unshare the network namespace anymore when it
doesn't have CAP_NET_ADMIN.
* Fixed issue when the workspace was located in /tmp.
* Don't try to run timedatectl or ssh-add when they're not installed.
-------------------------------------------------------------------
Sat Dec 3 22:08:17 UTC 2022 - Dirk Müller <dmueller@suse.com>
- update to v14:
* mkosi now creates distro~release subdirectories inside the build, cache
and output directories for each distro~release combination that is
built. This allows building for multiple distros without throwing away
the results of a previous distro build every time.
* The preferred names for mkosi configuration files and directories are
now mkosi.conf and mkosi.conf.d/ respectively. The old names
(mkosi.default and mkosi.default.d) have been removed from the docs but
are still supported for backwards compatibility.
* plain_squashfs type images will now also be named with a .raw suffix.
* tar type images will now respect the --compress option.
* Pacman's SigLevel option was changed to use the same default value as
used on Arch which is SigLevel = Required DatabaseOptional. If this
results in keyring errors, you need to update the keyring by running
* Support for CentOS 7 was dropped. If you still need to support CentOS 7,
we recommend using any mkosi version up to 13.
* Support for BIOS/grub was dropped. because EFI hardware is widely
available and legacy BIOS systems do not support the feature set to
fully verify a boot chain from firmware to userland and it has become
bothersome to maintain for little use.
* To generate BIOS images you can use any version of mkosi up to mkosi 13
or the new --bios-size option. This can be used to add a BIOS boot
partition of the specified size on which grub (or any other bootloader)
can be installed with the help of mkosi's script support (depending on
your needs most likely mkosi.postinst or mkosi.finalize). This method
can also be used for other EFI bootloaders that mkosi intentionally does
not support.
* mkosi now unconditionally copies the kernel, initrd and kernel cmdline
from the image that were previously only copied out for Qemu boot.
* mkosi now runs apt and dpkg on the host. As such, we now require apt and
dpkg to be installed on the host along with debootstrap in order to be
able to build debian/ubuntu images.
* Split dm-verity artifacts default names have been changed to match what
systemd and other tools expect: image.root.raw, image.root.verity,
image.root.roothash, image.root.roothash.p7s (same for usr variants).
* mkosi will again default to the same OS release as the host system when
the host system uses the same distribution as the image that's being
built.
* By default, mkosi will now change the owner of newly created directories
to SUDO_UID or PKEXEC_UID if defined, unless --no-chown is used.
* If systemd-nspawn v252 or newer is used, bind-mounted directories with
systemd-nspawn will use the new rootidmap option so files and
directories created from within the container will be owned by the
actual directory owner on the host.
-------------------------------------------------------------------
Mon Sep 26 06:08:52 UTC 2022 - Sebastian Wagner <sebix@sebix.at>
- update to version 13:
- The `--network-veth` option has been renamed to `--netdev`. The old name made
sense with virtual ethernet devices, but when booting images with qemu a
TUN/TAP device is used instead.
- The network config file installed by mkosi when the `--netdev` (previously
`--network-veth`) option is used (formerly
`/etc/systemd/network/80-mkosi-network-veth.network` in the image) now only
matches network interfaces using the `virtio_net` driver. Please make sure
you weren't relying on this file to configure any network interfaces other
than the tun/tap virtio-net interface created by mkosi when booting the image
in QEMU with the `--netdev` option. If you were relying on this config file
to configure other interfaces, you'll have to re-create it with the correct
match and a lower initial number in the filename to make sure
`systemd-networkd` will keep configuring your interface, e.g. via the
`mkosi.skeleton` or `mkosi.extra` trees or a `mkosi.postinst` script.
- The `kernel-install` script for building unified kernel images has been
removed. From v13 onwards, on systems using `kernel-install`, `mkosi` won't
automatically build new unified kernel images when a kernel is updated or
installed. To keep the old behavior, you can install the `kernel-install`
script manually via a skeleton tree; a copy can be found
[here](https://github.com/systemd/mkosi/blob/3798eb0c2ebcdf7dac207a559a3cb5a65cdb77b0/mkosi/resources/dracut_unified_kernel_install.sh).
- New `QemuKvm` option configures whether to use KVM when running `mkosi qemu`.
- `mkosi` will not default to the same OS release as the host system anymore
when the host system uses the same distribution as the image that's being
built. Instead, when no release is specified, mkosi will now always default
to the default version embedded in mkosi itself.
- `mkosi` will now use the `pacman` keyring from the host when building Arch
images. This means that users will, on top of installing `archlinux-keyring`,
also have to run `pacman-key --init` and `pacman-key --populate archlinux` on
the host system to be able to build Arch images. Also, unless the package
manager is configured to do it automatically, the host keyring will have to
be updated after `archlinux-keyring` updates by running `pacman-key
--populate archlinux` and `pacman-key --updatedb`.
- Direct qemu linux boot is now supported with `BootProtocols=linux`. When
enabled, the kernel image, initrd, and cmdline will be extracted from the
image and passed to `qemu` by `mkosi qemu` to directly boot into the kernel
image without a bootloader. This can be used to boot for example s390x images
in `qemu`.
- The initrd will now always be rebuilt after the extra trees and build
artifacts have been installed into the image.
- The github action has been migrated to Ubuntu Jammy. To migrate any jobs
using the action, add `runs-on: ubuntu-22.04` to the job config.
- All images are now configured by default with the `C.UTF-8` locale.
- New `--repository-directory` option can be used to configure a directory with
extra repository files to be used by the package manager when building an
image. Note that this option is currently only supported for `pacman` and
`dnf`-based distros.
- Option `--skeleton-tree` is now supported on Debian-based distros.
-------------------------------------------------------------------
Fri Dec 3 14:55:35 UTC 2021 - Guillaume GARDET <guillaume.gardet@opensuse.org>
- Enable build on aarch64
-------------------------------------------------------------------
Fri Dec 3 06:59:38 UTC 2021 - Sebastian Wagner <sebix@sebix.at>
- update to version 12:
- Fix handling of baselayout in Gentoo installations.
-------------------------------------------------------------------
Thu Nov 25 20:29:17 UTC 2021 - Sebastian Wagner <sebix@sebix.at>
- update to version 11:
- Support for Rocky Linux, Alma Linux, and Gentoo has been added!
- A new `ManifestFormat=` option can be used to generate "manifest" files that
describe what packages were installed. With `json`, a JSON file that shows
the names and versions of all installed packages will be created. With
`changelog`, a longer human-readable file that shows package descriptions and
changelogs will be generated. This latter format should be considered
experimental and likely to change in later versions.
- A new `RemovePackages=` option can be used to uninstall packages after the
build and finalize scripts have been done. This is useful for the case where
packages are required by the build scripts, or pulled in as dependencies
for scriptlets of other packages, but are not necessary in the final image.
- A new `BaseImage=` option can be used to build "system extensions" a.k.a.
"sysexts" — partial images which are mounted on top of an existing system
to provide additional files under `/usr/`. See the
[systemd-sysext man page](https://www.freedesktop.org/software/systemd/man/systemd-sysext.html)
for more information.
- A new `CleanPackageMetadata=` option can be used to force or disable the
removal of package manager files. When this option is not used, they are
removed when the package manager is not installed in the final image.
- A new `UseHostRepositories=` option instructs mkosi to use repository
configuration from the host system, instead of the internal list.
- A new `SshAgent=` option configures the path to the ssh agent.
- A new `SshPort=` option overrides the port used for ssh.
- The `Verity=` setting supports a new value `signed`. When set, verity data
will be signed and the result inserted as an additional partition in the
image. See https://systemd.io/DISCOVERABLE_PARTITIONS for details about
signed disk images. This information is used by `systemd-nspawn`,
`systemd-dissect`, `systemd-sysext`, `systemd-portabled` and `systemd`'s
`RootImage=` setting (among others) to cryptographically validate the image
file systems before use.
- The `--build-environment=` option was renamed to `--environment=` and
extended to cover *all* invoked scripts, not just the `mkosi.build`.
The old name is still understood.
- With `--with-network=never`, `dnf` is called with `--cacheonly`, so that the
package lists are not refreshed. This gives a degree of reproducibility when
doing repeated installs with the same package set (and also makes installs
significantly faster).
- The `--debug=` option gained a new value `disk` to show information about disk
sized and partition allocations.
- Some sections and settings have been renamed for clarity: [Packages] is now
[Content], `Password=`, `PasswordIsHashed=`, and `Autologin=` are now in
[Content]. The old names are still supported, but not documented.
- When `--prepare-script=`/`--build-script=`/`--finalize-script=` is used with
an empty argument, the corresponding script will not be called.
- Python 3.7 is the minimal supported version.
- Note to packagers: the Python `cryptography` module is needed for signing
of verity data.
-------------------------------------------------------------------
Wed Oct 20 12:18:38 UTC 2021 - Enrico Belleri <idesmi@protonmail.com>
- Update to version 10
-------------------------------------------------------------------
Fri Jan 3 09:36:40 UTC 2020 - Sven Marquardt <dev@mail.smarquardt.space>
- update to version 5
* no changelog available
* merged upstream
-------------------------------------------------------------------
Mon Feb 12 19:22:30 UTC 2018 - sebix@sebix.at
- update to version 4
* no changelog available
* removed 109.patch, merged upstream
-------------------------------------------------------------------
Thu Jun 29 16:20:46 UTC 2017 - sebix@sebix.at
- initial package
- Add 109.patch from pull request at upstream repository, workaround for boo#1049997 and missing support for https URLs in mkosi/zypper
