[Content]
ExtraTrees=
+ mkosi.extra.common
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
- mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
- mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Coredump]
-Storage=journal
--- /dev/null
+\S (built from systemd tree)
+Kernel \r on an \m (\l)
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Coredump]
+Storage=journal
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Journal]
+RateLimitIntervalSec=0
+RateLimitBurst=0
--- /dev/null
+leak:libselinux
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# mkosi adds its own ssh units via the --ssh switch so disable the default ones.
+disable ssh.service
+disable sshd.service
+
+# These are started manually in integration tests so don't start them by default.
+disable dnsmasq.service
+disable isc-dhcp-server.service
+disable isc-dhcp-server6.service
+
+# Pulled in via dracut-network by kexec-tools on Fedora.
+disable NetworkManager*
+
+# Make sure dbus-broker is started by default on Debian/Ubuntu.
+enable dbus-broker.service
+
+# systemd-networkd is disabled by default on Fedora so make sure it is enabled.
+enable systemd-networkd.service
+enable systemd-networkd-wait-online.service
+
+# systemd-resolved is disable by default on CentOS so make sure it is enabled.
+enable systemd-resolved.service
+
+# We install dnf in some images but it's only going to be used rarely,
+# so let's not have dnf create its cache.
+disable dnf-makecache.*
+
+# We have journald to receive audit data so let's make sure we're not running auditd as well
+disable auditd.service
+
+# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead.
+enable systemd-timesyncd.service
+
+# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead.
+disable iscsi.service
+disable iscsid.socket
+disable iscsiuio.socket
+
+# mkosi relabels the image itself so no need to do it on boot.
+disable selinux-autorelabel-mark.service
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# Make sure that services are disabled by default (primarily for Debian/Ubuntu).
+disable *
+++ /dev/null
-\S (built from systemd tree)
-Kernel \r on an \m (\l)
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Journal]
-RateLimitIntervalSec=0
-RateLimitBurst=0
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# mkosi adds its own ssh units via the --ssh switch so disable the default ones.
-disable ssh.service
-disable sshd.service
-
-# These are started manually in integration tests so don't start them by default.
-disable dnsmasq.service
-disable isc-dhcp-server.service
-disable isc-dhcp-server6.service
-
-# Pulled in via dracut-network by kexec-tools on Fedora.
-disable NetworkManager*
-
-# Make sure dbus-broker is started by default on Debian/Ubuntu.
-enable dbus-broker.service
-
-# systemd-networkd is disabled by default on Fedora so make sure it is enabled.
-enable systemd-networkd.service
-enable systemd-networkd-wait-online.service
-
-# systemd-resolved is disable by default on CentOS so make sure it is enabled.
-enable systemd-resolved.service
-
-# We install dnf in some images but it's only going to be used rarely,
-# so let's not have dnf create its cache.
-disable dnf-makecache.*
-
-# We have journald to receive audit data so let's make sure we're not running auditd as well
-disable auditd.service
-
-# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead.
-enable systemd-timesyncd.service
-
-# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead.
-disable iscsi.service
-disable iscsid.socket
-disable iscsiuio.socket
-
-# mkosi relabels the image itself so no need to do it on boot.
-disable selinux-autorelabel-mark.service
+++ /dev/null
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# Make sure that services are disabled by default (primarily for Debian/Ubuntu).
-disable *
%D/mkosi.sanitizers
[Content]
-ExtraTrees=
- %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
- %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
+ExtraTrees=%D/mkosi.extra.common
Packages=
findutils
+++ /dev/null
-leak:libselinux
projects / systemd / .git / commitdiff