Commit graph

501 commits

Author SHA1 Message Date
Jan Janssen bc763971ef ci: Remove custom build step names
Putting build matrix details into a build step name is rather useless as
the jobs themselves already contain the needed information.
2023-09-06 10:40:51 +02:00
Daan De Meyer 35356d7f3f mkosi: Update to latest
Configuration now takes priority over CLI options so we have to
configure the defaults for settings that we want to allow overriding
from the CLI. We also explicitly set some other settings so that they
can't be overridden from the CLI anymore. For example the base and
initrd image should never be made bootable so we set Bootable=no
explicitly for both.
2023-09-05 15:28:23 +02:00
Daan De Meyer 16173ab1aa mkosi: Re-enable arch but disable keyring checking
No need to disable arch completely, let's just disable keyring checking
to get CI working again for now.
2023-09-04 13:53:16 +02:00
Luca Boccassi f7f842f888 mkosi: temporarily disable Arch
The mkosi Arch CI doesn't work as the keyring package is out
of date and cannot be built due to various build toolchain
issues. Disable the job as it always fails and confuses
submitters.
2023-09-03 14:40:24 +01:00
dependabot[bot] 475974eb5b build(deps): bump actions/checkout from 3.5.3 to 3.6.0
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.3 to 3.6.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](c85c95e3d7...f43a0e5ff2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-02 19:13:09 +00:00
dependabot[bot] c5de4ee02b build(deps): bump meson from 1.2.0 to 1.2.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.2.0 to 1.2.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.2.0...1.2.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-02 19:12:43 +00:00
dependabot[bot] 3bb5656ff1 build(deps): bump github/codeql-action from 2.21.2 to 2.21.5
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.21.2 to 2.21.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0ba4244466...00e563ead9)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-09-02 19:12:34 +00:00
Jan Janssen 7f9a0d6d74 meson: Drop skip-deps option
Now that we use meson feature options for our dependencies, we can just
rely on '--auto-features=disabled' to do the same. One benefit of this
is that specific features can still be force-enabled by overriding it
with the appropriate '-Dfeature=enabled' flag.

The two remaining uses for skip-deps can simply rely on their default
logic that sets the value to 'no' when the dependency is disabled.
2023-08-23 14:57:49 +02:00
Jan Janssen 1e73a64a7a meson: Convert more options to meson features
The semantics for libidn2 and pwquality have changed slightly: We will
pick a preferred one if both are enabled instead of making it an error.
2023-08-23 14:45:02 +02:00
Jan Janssen 40e9c4e45d meson: Convert options to meson features (require)
These options use requre() to conveniently express their dependency
requirements.
2023-08-23 14:45:02 +02:00
Jan Janssen 43abc59a27 meson: Use feature options
By using meson features we can replace the handcrafted dependency
auto-detection by just passing the value from get_option directly to the
required arg for dependency, find_library etc.
'auto' features make the dependency optional, 'enabled' requires it
while 'disabled' features will skip detection entirely.

Any skipped or not found dependency will just be a no-op when passed to
build steps and therefore we can also skip the creation of empty vars.

The use of skip_deps for these is dropped here as meson provides a way
to disable all optional features in one go by passing
'-Dauto_features=disabled'.
2023-08-23 14:45:02 +02:00
Daan De Meyer c3e83f09ea mkosi: Update to v15.1 release 2023-08-15 12:32:39 +02:00
Daan De Meyer 1f035c91bb mkosi: Update to latest
This update introduces the explicit Dependencies= setting, instead
of relying on implicit dependencies via alphanumerical ordering.

We also take the opportunity to rename the "final" preset to the
"system" preset, which seems like a better name.
2023-08-09 18:56:51 +02:00
Jan Macku 97eb826821 ci(lint): exclude .in files from ShellCheck lint
Exclude all `.in` files because they may contain unsupported syntax, and
they have to be preprocessed first. For example:

```sh
Error: SHELLCHECK_WARNING:
./src/rpm/systemd-update-helper.in:130:37: warning[SC1083]: This { is literal. Check expression (missing ;/\n?) or quote it.
```

Related to: https://github.com/systemd/systemd/pull/28521
2023-08-07 19:28:23 +02:00
Daan De Meyer f2f8ed193c mkosi: Update to latest 2023-08-04 16:48:58 +02:00
Daan De Meyer 0f4259bcf2 mkosi: Update to latest
We modify all our scripts to execute in the image instead of on the
hosts. In the future we can adapt them to run on the host.
2023-08-03 17:03:05 +02:00
dependabot[bot] f3d812baf7 build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from 5866c0ff3b36d350c943016e5a3b115f7a95d37f to c6dd95b6eae0386579071cbf44fd838ce28b7237.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](5866c0ff3b...c6dd95b6ea)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-01 20:27:17 +00:00
dependabot[bot] 1ce2075fde build(deps): bump actions/labeler from 4.2.0 to 4.3.0
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.2.0 to 4.3.0.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](0967ca812e...ac9175f8a1)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-01 14:18:15 +00:00
dependabot[bot] 8fa2da7ad1 build(deps): bump meson from 1.1.1 to 1.2.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.1.1 to 1.2.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.1.1...1.2.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-01 14:16:16 +00:00
dependabot[bot] d8c7d6d4fe build(deps): bump github/codeql-action from 2.20.1 to 2.21.2
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.20.1 to 2.21.2.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](f6e388ebf0...0ba4244466)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-08-01 10:14:58 +00:00
Zbigniew Jędrzejewski-Szmek 79ce5f940e labeller: add build-system label 2023-07-29 14:11:14 +02:00
Frantisek Sumsal c5afbac31b ci: explicitly install python3-lldb-$COMPILER_VERSION
To avoid apt complaining:

 + apt-get -y install clang-15 lldb-15 lld-15 clangd-15
Reading package lists...
Building dependency tree...
Reading state information...
Some packages could not be installed. This may mean that you have
requested an impossible situation or if you are using the unstable
distribution that some required packages have not yet been created
or been moved out of Incoming.
The following information may help to resolve the situation:

The following packages have unmet dependencies:
 python3-lldb-14 : Conflicts: python3-lldb-x.y
 python3-lldb-15 : Conflicts: python3-lldb-x.y
E: Error, pkgProblemResolver::Resolve generated breaks, this may be caused by held packages.
2023-07-27 13:45:00 +01:00
Luca Boccassi 4cf5b343c9 mkosi: add drop-in to make emergency.service shut down the system
When the mkosi CI fails to boot, it just sits there waiting at the emergency
console until the job times out. Add a drop-in for emergency.service in the
CI configuration so that instead it exists immediately.
2023-07-26 14:07:13 +01:00
Frantisek Sumsal c4b167f857 ci: drop super-linter's shellcheck
It's been a while since we introduced Differential ShellCheck and it
proved to be quite useful (and in some ways even better than the shellcheck
run by super-linter). So, to have only one linter scream at us for not
knowing how to write bash properly, let's drop the super-linter's one in
favor of Differential ShellCheck.

Follow-up for https://github.com/systemd/systemd/pull/24328#pullrequestreview-1074127504
2023-07-17 20:12:57 +01:00
Daan De Meyer 5b79e9d7a9 mkosi: Update to latest
mkosi now supports CentOS SIGs natively so we drop our own definition
of that and use the mkosi builtin one. We also enable hyperscale for
both CentOS 8 and CentOS 9 for consistency and add epel-next as well
which is a requirement for Hyperscale.
2023-07-14 14:47:45 +02:00
dependabot[bot] 1cdaba52a5 build(deps): bump github/codeql-action from 2.3.5 to 2.20.1
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.3.5 to 2.20.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](0225834cc5...f6e388ebf0)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 14:05:22 +00:00
dependabot[bot] 6cc0fd0044 build(deps): bump actions/labeler from 4.0.4 to 4.2.0
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.4 to 4.2.0.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](0776a67936...0967ca812e)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 10:37:11 +00:00
dependabot[bot] a2c9096790 build(deps): bump actions/checkout from 3.5.2 to 3.5.3
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.5.2 to 3.5.3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](8e5e7e5ab8...c85c95e3d7)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 10:36:23 +00:00
dependabot[bot] 479f9f3004 build(deps): bump ossf/scorecard-action from 2.1.3 to 2.2.0
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.3 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](80e868c13c...08b4669551)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-07-01 10:35:10 +00:00
Daan De Meyer 12ab9ae8c6 mkosi: Update to latest
mkosi now prebuilds the hwdb during image build which should hopefully
get rid of the CentOS 8 failures we're seeing in CI.
2023-06-26 14:14:40 +01:00
Daan De Meyer 94c357ca23 mkosi: Update to latest
We now run repart before starting systemd-nspawn to make sure that
the root partition is also generated when we boot the image in a
container instead of a VM.

To make sure we start from scratch for both the container boot and
the VM boot, we also enable Ephemeral to make sure all changes to
the image are ephemeral.
2023-06-19 10:30:39 +02:00
Evgeny Vereshchagin 83dda3d28b ci: drop the "find" kludge
meson no longer complains about install_tag
2023-06-16 10:43:06 +09:00
Joyce Brum 2b3211c836 Squashed commit of the following:
commit ef2fc83647f69c172c11e0dea318bf6ecf79a4aa
Author: Joyce <joycebrum@google.com>
Date:   Wed Jun 14 12:18:23 2023 -0300

    Update scorecards.yml

    Signed-off-by: Joyce <joycebrum@google.com>

commit c59c05c6ab156b20249e8056d8cbaafbe0c495f8
Merge: 7431a54568 f66d040d95
Author: Joyce <joycebrum@google.com>
Date:   Wed Jun 14 10:22:28 2023 -0300

    Merge branch 'main' into fix/disable-code-scanning-alerts

commit 7431a54568746a2fa4db1b23e1359984335df41e
Author: Joyce <joycebrum@google.com>
Date:   Tue Jun 13 18:15:21 2023 -0300

    Remove code scanning alerts scorecards.yml

    Signed-off-by: Joyce <joycebrum@google.com>

Signed-off-by: Joyce Brum <joycebrum@google.com>
2023-06-14 20:22:50 +01:00
Joyce 3f2ff79763
Fix scorecard version comment format (#28027)
* Update scorecards.yml version comments

Signed-off-by: Joyce <joycebrum@google.com>
2023-06-13 22:36:32 +01:00
Daan De Meyer 6aca147f82 mkosi: Remove explicit /testok check
vsock should work properly after the latest release of mkosi. But
to make sure it works, let's exit with 123 in case of success and
check for that in Github Actions.
2023-06-13 16:04:10 +02:00
Daan De Meyer abeecde242 mkosi: Update to latest
We update our configuration to replace the removed
RepositoryDirectories= option with the new PackageManagerTrees=
option.
2023-06-13 16:04:08 +02:00
Daan De Meyer 9f89c2d420 mkosi: Update to latest
mkosi's match syntax was changed so we update our config files to
use the new match syntax which mimicks the systemd condition syntax.
2023-06-07 15:59:03 +02:00
jonathanmetzman 56595a3730
ci: Report results from CIFuzz using SARIF
Upload results from CIFuzz using SARIF.
This will allow CIFuzz to report issues in the security tab.
This is a better UI than having to look through logs.
TODO(google/oss-fuzz#10452): Add proper descriptions of UBSAN bugs.
2023-06-05 07:37:34 +02:00
Daan De Meyer 8f9a307fec
Merge pull request #27849 from DaanDeMeyer/sign-pcr
mkosi: Sign expected PCRs
2023-06-02 16:16:41 +02:00
Daan De Meyer a47c48cbb2 mkosi: Only lower device timeout instead of all timeouts
We only really care about lowering the device timeout so we get to
a shell faster when the root device doesn't appear so let's only
lower that timeout instead of lowering all default timeouts.
2023-06-02 15:43:28 +02:00
Daan De Meyer 2af9d5dc0e mkosi: Update to latest 2023-06-02 13:32:53 +02:00
dependabot[bot] 7cd4f577e8 build(deps): bump github/codeql-action from 2.2.9 to 2.3.5
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.3.5.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](04df1262e6...0225834cc5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 21:57:36 +08:00
dependabot[bot] da92fd4612 build(deps): bump meson from 1.1.0 to 1.1.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.1.0 to 1.1.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.1.0...1.1.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 21:15:21 +09:00
dependabot[bot] 9a1ac3a019 build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 2.0.4 to 2.0.6.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](25a1e41826...71bcf99aef)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 12:22:14 +02:00
dependabot[bot] c9401e6c6d build(deps): bump actions/labeler from 4.0.3 to 4.0.4
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.3 to 4.0.4.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](ba790c862c...0776a67936)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 12:21:34 +02:00
dependabot[bot] 6138a85d10 build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 4.0.2 to 4.2.2.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](d24099b9f3...ac4483d8c6)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-06-01 12:20:55 +02:00
Daan De Meyer edabe6fc11
Merge pull request #27806 from DaanDeMeyer/fix-mkosi-check
mkosi: Use proper check to detect whether we're in a VM
2023-05-31 15:26:05 +02:00
Daan De Meyer df4835c897 mkosi: Check for failures by mounting again
We rely on vsock to communicate the exit status back to us from the
VM but vsock in Github Actions is broken so let's switch back to
mounting for now.
2023-05-31 14:22:58 +02:00
Daan De Meyer 86605eed9a mkosi: Enforce usage of vsock with qemu in CI 2023-05-31 14:19:25 +02:00
Daan De Meyer 401027075a mkosi: Update to latest 2023-05-31 14:19:25 +02:00
Frantisek Sumsal 4189d009ae ci: add gcc-13, drop gcc-12 2023-05-30 16:23:40 +02:00
Daan De Meyer a27f253276 mkosi: Bump default timeout to 180s
Hopefully fixes #27778 where waiting for the root device to appear
times out before systemd-repart has a chance to run and create it.
2023-05-25 12:09:13 +02:00
Daan De Meyer 47e5e12866 mkosi: Package a erofs usr partition with signed verity
Let's start moving towards a more involved partitioning setup to
test our stuff more when using mkosi.

The root partition is generated on boot with systemd-repart.

CentOS supports neither erofs nor btrfs so we use squashfs and xfs
instead.

We also enable SecureBoot= locally for additional coverage. This
and the use of verity means users need to run `mkosi genkey` once
to generate the keys necessary to do secure boot and verity.
2023-05-13 10:49:17 +02:00
Daan De Meyer 059c961135 mkosi: Update to latest 2023-05-12 11:38:02 +02:00
Daan De Meyer 93a948865c mkosi: Run in debug mode
Let's make sure we log more of what mkosi's doing so we can debug
issues better. Note this also makes mkosi set SYSTEMD_LOG_LEVEL=debug
when running programs so we'll get all the systemd debug logging as
well.
2023-05-11 12:18:50 +02:00
Daan De Meyer 4bfcb6ba27 mkosi: Don't run slow tests by default
Instead, allow enabling it via an environment variable and do so
in CI.
2023-05-11 12:16:47 +02:00
dependabot[bot] 43a221473c build(deps): bump actions/checkout from 3.3.0 to 3.5.2
Bumps [actions/checkout](https://github.com/actions/checkout) from 3.3.0 to 3.5.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](ac59398561...8e5e7e5ab8)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:34:08 +02:00
dependabot[bot] 93b2175a87 build(deps): bump meson from 1.0.1 to 1.1.0 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.0.1 to 1.1.0.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.0.1...1.1.0)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:33:21 +02:00
dependabot[bot] c07aa178b3 build(deps): bump actions/upload-artifact from 3.1.1 to 3.1.2
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 3.1.1 to 3.1.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v3.1.1...0b7f8abb1508181956e8e162db84b466c27e18ce)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:31:55 +02:00
dependabot[bot] 6a3ba07bfb build(deps): bump github/super-linter from 4.10.1 to 5.0.0
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.10.1 to 5.0.0.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](454ba4482c...45fc0d8828)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:31:22 +02:00
dependabot[bot] 882235d581 build(deps): bump actions/github-script from 6.4.0 to 6.4.1
Bumps [actions/github-script](https://github.com/actions/github-script) from 6.4.0 to 6.4.1.
- [Release notes](https://github.com/actions/github-script/releases)
- [Commits](98814c53be...d7906e4ad0)

---
updated-dependencies:
- dependency-name: actions/github-script
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-05-11 09:30:48 +02:00
Zbigniew Jędrzejewski-Szmek 98e2089f1b mkosi,ci: do not install perl 2023-05-09 08:11:10 +02:00
Daan De Meyer d052cc8893 mkosi: Switch to use mkosi presets with prebuilt initrds
Instead of building the initrds for the mkosi images with dracut,
let's switch to using mkosi presets to build the initrd with mkosi
as well.

This commit splits up our single image build into three separate
mkosi presets:

1. The "base" preset. This image contains systemd and all its runtime
dependencies. The sole purpose of this image is to serve as a base image
for the initrd and the final image. It's also responsible for building
systemd from source with the build script. The results are installed into
the base image. Note that we install the systemd and udev packages into this
image as well to prevent package managers from overriding the systemd we built
from source with the distro packaged systemd if it's pulled in as a dependency
by another package from the initrd or final profiles.
2. The "initrd" preset. This image provides the initrd. It's trivial and does
nothing more than packaging the base image up as a zstd compressed initramfs and
adds /init and /etc/initrd-release symlinks to the image.
3. The "final" preset. This image builds on top of the base image and adds
a kernel and extra packages that are useful for testing and debugging.

We also split out the optional kernel build into a separate set of config files
that are only included if a kernel to build is actually provided.

Note that this commit doesn't really change anything about how mkosi is used.
The commands remain the same, except that mkosi will now build all the presets
in order. "mkosi summary" will show the summary of all the presets. "mkosi qemu,
boot, shell" will always boot the final preset. With "-f", all presets will be
built and the final one is booted. "-i" makes a cache of each preset.

The only thing to keep in mind is that specifying config via the mkosi CLI will
apply to each of the presets. e.g. any extra packages added with "-p" will be
installed in both the initrd and the final image. To apply local configuration
to a single preset, create a file 00-local.conf in
mkosi.presets/<profile>/mkosi.conf.d and put all the preset specific configuration
in there.
2023-05-01 15:39:50 +02:00
Daan De Meyer d280bb7e43 mkosi: Update fedora to release 38 2023-04-25 11:25:36 +02:00
Daan De Meyer 13d9669980 mkosi: Update to latest
This pulls in a fix for Debian rpmdb locations, which results in a
substantial speedup for centos/fedora builds.
2023-04-24 20:08:51 +02:00
Daan De Meyer f997f91d7d mkosi: Update to latest
Let's use the new support for matching against any distribution in
a list of distributions to start sharing most things between the
ubuntu/debian configs and centos/fedora configs.
2023-04-24 10:56:55 +02:00
Daan De Meyer 6b7e774b5d mkosi: Update to latest 2023-04-19 10:13:06 +02:00
Daan De Meyer 5739271000 mkosi: Update to latest
mkosi now installs a "ignore *" default preset on Debian. We also
switch Debian to dbus-broker now that preset doesn't disable it
anymore.
2023-04-15 19:04:25 +08:00
Daan De Meyer fde55f3a32 mkosi: Update to latest
The Bootable= option was removed and mkosi installs less packages
by default now, so let's adapt our configs to those changes.
2023-04-13 13:49:30 +01:00
Jan Macku 19cdda7c3a ci: drop checkout from release workflow
It's not required as per comment - https://github.com/systemd/systemd/pull/27110#issuecomment-1499653913
2023-04-11 16:59:18 +02:00
Jan Macku 9718afd194 ci: don't run release wf on systemd-security 2023-04-11 16:59:18 +02:00
Дамјан Георгиевски 7b411cf842 ci: add permissions to make a release
follow-up to https://github.com/systemd/systemd/pull/27071
in order to create Github Releases, the job needs permissions to write
contents

also:
- pinned the `softprops/action-gh-release` action to a specific commit
- made it only active on the `systemd` organization repos (so not on
  forks)
2023-04-10 17:23:32 +08:00
Daan De Meyer 3267fc3885 mkosi: Update to latest
This contains the recently merged fixes to config parsing ordering
and overrides.
2023-04-07 21:56:22 +09:00
Daan De Meyer af6c5c7025 mkosi: Update to latest
This also migrates the configuration to the new format that was
just merged in mkosi. Specifically, we make use of the new [Match]
sections to only include specific config snippets per distro.
2023-04-07 08:13:42 +09:00
Luca Boccassi b7b48b389c ci: do one build with no tpm/p11kit/fido2
We have some missing coverage in the CI, all builds enable these features,
but there are often changes and they cover a lot of code. Do one build
without them to ensure we don't break builds.
2023-04-04 22:38:08 +01:00
dependabot[bot] ca0a1a3107 build(deps): bump github/codeql-action from 2.2.5 to 2.2.9
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.5 to 2.2.9.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](32dc499307...04df1262e6)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-01 19:11:42 +02:00
dependabot[bot] 6e57813113 build(deps): bump ossf/scorecard-action from 2.1.2 to 2.1.3
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.1.2 to 2.1.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](e38b1902ae...80e868c13c)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-01 18:08:20 +02:00
dependabot[bot] ca8444d471 build(deps): bump actions/labeler from 4.0.2 to 4.0.3
Bumps [actions/labeler](https://github.com/actions/labeler) from 4.0.2 to 4.0.3.
- [Release notes](https://github.com/actions/labeler/releases)
- [Commits](5c7539237e...ba790c862c)

---
updated-dependencies:
- dependency-name: actions/labeler
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-01 18:07:58 +02:00
dependabot[bot] 4a0c9b60b2 build(deps): bump github/super-linter from 4.9.7 to 4.10.1
Bumps [github/super-linter](https://github.com/github/super-linter) from 4.9.7 to 4.10.1.
- [Release notes](https://github.com/github/super-linter/releases)
- [Changelog](https://github.com/github/super-linter/blob/main/docs/release-process.md)
- [Commits](bb2d833b08...454ba4482c)

---
updated-dependencies:
- dependency-name: github/super-linter
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-04-01 18:07:43 +02:00
Дамјан Георгиевски 86c20937c2 add a github workflow action to make a release from tags
make a github release for every tag that starts with `v*`,
and a pre-release if the tag contains "-rc".

on the 'systemd/systemd' repo, the "Release" will be draft, so that the
release manager can fill up the notes manually.

on 'systemd/systemd-stable' the release will be created immediately.

info about the action used:
https://github.com/softprops/action-gh-release
2023-04-01 00:44:50 +01:00
Daan De Meyer 94c9855a18 mkosi: Update to latest
- Drop Netdev= as it was removed in mkosi
- Always install python-psutil in the final image (required for networkd tests)
- Always Install python-pytest in the final image (required for ukify tests)
- Use the narrow glob for all centos python packages
- Drop the networkd mkosi config files (the default image can be used instead)
- Use ".conf" as the mkosi config file suffix everywhere
- Copy src/ to /root/src in the final image and set gdb substitute path in
  .gdbinit to make gdb work properly
2023-03-29 13:27:19 +02:00
Daan De Meyer 0beb2a95a4 mkosi: Update to latest
- ACLs are not set on generated directories anymore by default, so
we enable them explictly now so that when running unprivileged mkosi,
the user running mkosi can remove all generated files and directories.
- We don't explicitly set QemuHeadless= anymore as the option was removed
and made the default.
- We set the loglevel= kernel cmdline argument explicitly now as mkosi
doesn't set it by default anymore.
2023-03-29 11:13:33 +01:00
David Tardon 8d0747abb7 labeler: add journal label also for sd-journal stuff 2023-03-22 13:18:55 +01:00
Jan Macku a33d7c4cc9 ci: limit permissions for differential-shellcheck 2023-03-22 06:56:34 +01:00
Jan Macku 50ba79710e ci: trigger differential-shellcheck workflow on push
Also update `differential-shellcheck` to latest version - https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases

Fixes: https://github.com/redhat-plumbers-in-action/differential-shellcheck/issues/215
2023-03-22 06:56:34 +01:00
Daan De Meyer 26f51ae430 mkosi: Default to debug log level for udev as well
Unlike CI, the debug output just goes to the journal, so there's no
harm in enabling it, even if it's noisy.
2023-03-21 11:01:34 +01:00
Frantisek Sumsal 7af15421e3 ci: drop clang-13, add clang-16 2023-03-20 13:58:58 +09:00
Daan De Meyer 58caedadbb mkosi: Enable some debugging options by default 2023-03-17 12:13:26 +09:00
Daan De Meyer 9f94d2741f mkosi: Use default timeout of 10s
Let's override the default timeout to something more reasonable for
mkosi builds.
2023-03-16 18:19:37 +01:00
Yu Watanabe b2b5a95227 github: update default and example in template 2023-03-15 20:31:34 +01:00
Cornelius Hoffmann 2ff7856e1e Update github issue template to include systemd-dissect 2023-03-15 16:52:32 +01:00
Daan De Meyer 9c34405241 mkosi: Update to latest 2023-03-11 13:55:41 +01:00
Jan Janssen e8509329d7 ci: Adjust for new EFI build 2023-03-10 11:41:08 +01:00
Jan Janssen dfca5587cf tree-wide: Drop gnu-efi
This drops all mentions of gnu-efi and its manual build machinery. A
future commit will bring bootloader builds back. A new bootloader meson
option is now used to control whether to build sd-boot and its userspace
tooling.
2023-03-10 11:41:03 +01:00
Luca Boccassi e079120505
Merge pull request #26706 from jengelh/master
doc: various orthographic fixes
2023-03-07 21:34:03 +00:00
Daan De Meyer 925bb83ea5 mkosi: Drop debug logging
The spurious "connection timed out" errors from nspawn should be
fixed now that we're running the latest version.
2023-03-07 15:25:19 +01:00
Daan De Meyer 8d29e401ce mkosi: Drop kernel command line masking in CI
These services should be disabled by default and not need explicit
masking anymore.
2023-03-07 15:25:19 +01:00
Daan De Meyer 523d71076d mkosi: Update to latest
So that we don't enable services by default anymore on Debian.
2023-03-07 15:25:02 +01:00
Jan Engelhardt 18fe76eba5 doc: correct wrong use "'s" contractions 2023-03-07 13:39:31 +01:00
Daan De Meyer 9cc018fa93 mkosi: Update to latest
Latest version builds nspawn from source which hopefully gets rid of
the spurious "Connection timed out" errors we've been seeing in CI.
2023-03-06 19:30:40 +01:00