From: Daan De Meyer Date: Sun, 24 Nov 2024 18:19:52 +0000 (+0100) Subject: mkosi: Use shared extra tree between initrd and main image X-Git-Tag: v257-rc3~34 X-Git-Url: http://git-history.diyao.me/?a=commitdiff_plain;h=bb486fe9dffb5e9d9a76575b033ab8116a21493b;p=systemd%2F.git mkosi: Use shared extra tree between initrd and main image Let's share more between initrd and main system and use a shared extra tree to achieve that. --- diff --git a/mkosi.conf b/mkosi.conf index f2389b7f01..94c8697ded 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -38,9 +38,8 @@ SignExpectedPcr=yes [Content] ExtraTrees= + mkosi.extra.common mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key - mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig diff --git a/mkosi.coredump-journal-storage.conf b/mkosi.coredump-journal-storage.conf deleted file mode 100644 index cde9785d28..0000000000 --- a/mkosi.coredump-journal-storage.conf +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Coredump] -Storage=journal diff --git a/mkosi.extra.common/etc/issue b/mkosi.extra.common/etc/issue new file mode 100644 index 0000000000..6aa6fc0ec0 --- /dev/null +++ b/mkosi.extra.common/etc/issue @@ -0,0 +1,2 @@ +\S (built from systemd tree) +Kernel \r on an \m (\l) diff --git a/mkosi.extra.common/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf b/mkosi.extra.common/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf new file mode 100644 index 0000000000..cde9785d28 --- /dev/null +++ b/mkosi.extra.common/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Coredump] +Storage=journal diff --git a/mkosi.extra.common/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.extra.common/usr/lib/systemd/journald.conf.d/ratelimit.conf new file mode 100644 index 0000000000..3baede462e --- /dev/null +++ b/mkosi.extra.common/usr/lib/systemd/journald.conf.d/ratelimit.conf @@ -0,0 +1,5 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +[Journal] +RateLimitIntervalSec=0 +RateLimitBurst=0 diff --git a/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions b/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions new file mode 100644 index 0000000000..639abb8f3f --- /dev/null +++ b/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions @@ -0,0 +1 @@ +leak:libselinux diff --git a/mkosi.extra.common/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.extra.common/usr/lib/systemd/system-preset/00-mkosi.preset new file mode 100644 index 0000000000..5a15e6bcbb --- /dev/null +++ b/mkosi.extra.common/usr/lib/systemd/system-preset/00-mkosi.preset @@ -0,0 +1,41 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# mkosi adds its own ssh units via the --ssh switch so disable the default ones. +disable ssh.service +disable sshd.service + +# These are started manually in integration tests so don't start them by default. +disable dnsmasq.service +disable isc-dhcp-server.service +disable isc-dhcp-server6.service + +# Pulled in via dracut-network by kexec-tools on Fedora. +disable NetworkManager* + +# Make sure dbus-broker is started by default on Debian/Ubuntu. +enable dbus-broker.service + +# systemd-networkd is disabled by default on Fedora so make sure it is enabled. +enable systemd-networkd.service +enable systemd-networkd-wait-online.service + +# systemd-resolved is disable by default on CentOS so make sure it is enabled. +enable systemd-resolved.service + +# We install dnf in some images but it's only going to be used rarely, +# so let's not have dnf create its cache. +disable dnf-makecache.* + +# We have journald to receive audit data so let's make sure we're not running auditd as well +disable auditd.service + +# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. +enable systemd-timesyncd.service + +# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. +disable iscsi.service +disable iscsid.socket +disable iscsiuio.socket + +# mkosi relabels the image itself so no need to do it on boot. +disable selinux-autorelabel-mark.service diff --git a/mkosi.extra.common/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.extra.common/usr/lib/systemd/system-preset/99-mkosi.preset new file mode 100644 index 0000000000..710ee7c6f9 --- /dev/null +++ b/mkosi.extra.common/usr/lib/systemd/system-preset/99-mkosi.preset @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +# Make sure that services are disabled by default (primarily for Debian/Ubuntu). +disable * diff --git a/mkosi.extra/etc/issue b/mkosi.extra/etc/issue deleted file mode 100644 index 6aa6fc0ec0..0000000000 --- a/mkosi.extra/etc/issue +++ /dev/null @@ -1,2 +0,0 @@ -\S (built from systemd tree) -Kernel \r on an \m (\l) diff --git a/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf b/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf deleted file mode 100644 index 3baede462e..0000000000 --- a/mkosi.extra/usr/lib/systemd/journald.conf.d/ratelimit.conf +++ /dev/null @@ -1,5 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -[Journal] -RateLimitIntervalSec=0 -RateLimitBurst=0 diff --git a/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset deleted file mode 100644 index 5a15e6bcbb..0000000000 --- a/mkosi.extra/usr/lib/systemd/system-preset/00-mkosi.preset +++ /dev/null @@ -1,41 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# mkosi adds its own ssh units via the --ssh switch so disable the default ones. -disable ssh.service -disable sshd.service - -# These are started manually in integration tests so don't start them by default. -disable dnsmasq.service -disable isc-dhcp-server.service -disable isc-dhcp-server6.service - -# Pulled in via dracut-network by kexec-tools on Fedora. -disable NetworkManager* - -# Make sure dbus-broker is started by default on Debian/Ubuntu. -enable dbus-broker.service - -# systemd-networkd is disabled by default on Fedora so make sure it is enabled. -enable systemd-networkd.service -enable systemd-networkd-wait-online.service - -# systemd-resolved is disable by default on CentOS so make sure it is enabled. -enable systemd-resolved.service - -# We install dnf in some images but it's only going to be used rarely, -# so let's not have dnf create its cache. -disable dnf-makecache.* - -# We have journald to receive audit data so let's make sure we're not running auditd as well -disable auditd.service - -# systemd-timesyncd is not enabled by default in the default systemd preset so enable it here instead. -enable systemd-timesyncd.service - -# Enabled by default on OpenSUSE and not conditioned out in containers, so let's disable these here instead. -disable iscsi.service -disable iscsid.socket -disable iscsiuio.socket - -# mkosi relabels the image itself so no need to do it on boot. -disable selinux-autorelabel-mark.service diff --git a/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset b/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset deleted file mode 100644 index 710ee7c6f9..0000000000 --- a/mkosi.extra/usr/lib/systemd/system-preset/99-mkosi.preset +++ /dev/null @@ -1,4 +0,0 @@ -# SPDX-License-Identifier: LGPL-2.1-or-later - -# Make sure that services are disabled by default (primarily for Debian/Ubuntu). -disable * diff --git a/mkosi.images/initrd/mkosi.conf b/mkosi.images/initrd/mkosi.conf index ca28c123af..b76b47ecda 100644 --- a/mkosi.images/initrd/mkosi.conf +++ b/mkosi.images/initrd/mkosi.conf @@ -6,9 +6,7 @@ Include= %D/mkosi.sanitizers [Content] -ExtraTrees= - %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions - %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf +ExtraTrees=%D/mkosi.extra.common Packages= findutils diff --git a/mkosi.leak-sanitizer-suppressions b/mkosi.leak-sanitizer-suppressions deleted file mode 100644 index 639abb8f3f..0000000000 --- a/mkosi.leak-sanitizer-suppressions +++ /dev/null @@ -1 +0,0 @@ -leak:libselinux