2021-01-03 23:05:06 +08:00
|
|
|
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
|
|
|
|
2023-11-29 01:38:22 +08:00
|
|
|
[Config]
|
2024-09-20 22:14:08 +08:00
|
|
|
MinimumVersion=25~devel
|
2024-07-12 21:33:49 +08:00
|
|
|
Dependencies=
|
|
|
|
|
exitrd
|
2024-07-16 18:07:38 +08:00
|
|
|
initrd
|
2024-07-12 21:33:49 +08:00
|
|
|
minimal-base
|
|
|
|
|
minimal-0
|
|
|
|
|
minimal-1
|
|
|
|
|
|
|
|
|
|
PassEnvironment=
|
|
|
|
|
NO_BUILD
|
|
|
|
|
NO_SYNC
|
|
|
|
|
WIPE
|
|
|
|
|
SANITIZERS
|
|
|
|
|
CFLAGS
|
|
|
|
|
LDFLAGS
|
|
|
|
|
LLVM
|
|
|
|
|
MESON_VERBOSE
|
|
|
|
|
MESON_OPTIONS
|
|
|
|
|
SYSEXT
|
|
|
|
|
WITH_DEBUG
|
2024-10-02 17:27:09 +08:00
|
|
|
ASAN_OPTIONS
|
2023-09-09 16:20:01 +08:00
|
|
|
|
2021-01-03 23:05:06 +08:00
|
|
|
[Output]
|
2024-07-08 18:59:52 +08:00
|
|
|
RepartDirectories=mkosi.repart
|
|
|
|
|
OutputDirectory=build/mkosi.output
|
2024-10-04 20:22:35 +08:00
|
|
|
|
|
|
|
|
[Build]
|
2024-07-08 18:59:52 +08:00
|
|
|
BuildDirectory=build/mkosi.builddir
|
|
|
|
|
CacheDirectory=build/mkosi.cache
|
2024-10-04 20:22:35 +08:00
|
|
|
BuildSourcesEphemeral=yes
|
|
|
|
|
Incremental=yes
|
2023-07-14 20:52:58 +08:00
|
|
|
|
2024-10-04 20:22:27 +08:00
|
|
|
[Validation]
|
2024-10-04 22:46:16 +08:00
|
|
|
SignExpectedPcr=yes
|
2024-10-04 20:22:27 +08:00
|
|
|
|
2023-07-14 20:52:58 +08:00
|
|
|
[Content]
|
2024-07-08 18:59:52 +08:00
|
|
|
ExtraTrees=
|
|
|
|
|
mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
|
|
|
|
|
mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
|
|
|
|
|
mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
|
2024-07-12 21:33:49 +08:00
|
|
|
%O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
|
|
|
|
|
%O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
|
|
|
|
|
%O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
|
|
|
|
|
%O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
|
|
|
|
|
%O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
|
|
|
|
|
%O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
|
|
|
|
|
%O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
|
|
|
|
|
%O/exitrd:/exitrd
|
2024-07-08 18:59:52 +08:00
|
|
|
|
2024-07-16 18:07:38 +08:00
|
|
|
Initrds=%O/initrd
|
|
|
|
|
|
2024-07-09 18:26:11 +08:00
|
|
|
# Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time
|
|
|
|
|
# and results in lots of errors when building images as a regular user.
|
|
|
|
|
SELinuxRelabel=no
|
|
|
|
|
|
2024-05-31 23:26:01 +08:00
|
|
|
# Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
|
|
|
|
|
# various scenarios. Consider adding support for a credential instead if possible and using that.
|
2024-07-18 18:47:51 +08:00
|
|
|
KernelCommandLine=
|
|
|
|
|
systemd.crash_shell
|
|
|
|
|
systemd.log_level=debug,console:info
|
|
|
|
|
systemd.log_ratelimit_kmsg=0
|
|
|
|
|
# Disable the kernel's ratelimiting on userspace logging to kmsg.
|
|
|
|
|
printk.devkmsg=on
|
|
|
|
|
# Make sure /sysroot is mounted rw in the initrd.
|
|
|
|
|
rw
|
|
|
|
|
# Lower the default device timeout so we get a shell earlier if the root device does
|
|
|
|
|
# not appear for some reason.
|
2024-07-23 20:16:23 +08:00
|
|
|
systemd.default_device_timeout_sec=90
|
2024-07-18 18:47:51 +08:00
|
|
|
# Make sure no LSMs are enabled by default.
|
|
|
|
|
selinux=0
|
|
|
|
|
systemd.early_core_pattern=/core
|
|
|
|
|
systemd.firstboot=no
|
|
|
|
|
raid=noautodetect
|
|
|
|
|
oops=panic
|
|
|
|
|
panic=-1
|
|
|
|
|
softlockup_panic=1
|
|
|
|
|
panic_on_warn=1
|
|
|
|
|
# These don't ship proper units with [Install] directives so we have to mask them instead.
|
|
|
|
|
systemd.mask=isc-dhcp-server.service
|
|
|
|
|
systemd.mask=mdmonitor.service
|
|
|
|
|
psi=1
|
2024-04-19 19:25:31 +08:00
|
|
|
|
2024-06-06 00:22:22 +08:00
|
|
|
KernelModulesInitrdExclude=.*
|
|
|
|
|
KernelModulesInitrdInclude=default
|
|
|
|
|
|
2024-07-08 18:59:52 +08:00
|
|
|
Packages=
|
|
|
|
|
acl
|
|
|
|
|
attr
|
|
|
|
|
bash-completion
|
2024-07-15 04:56:43 +08:00
|
|
|
binutils
|
2024-07-08 18:59:52 +08:00
|
|
|
coreutils
|
|
|
|
|
curl
|
|
|
|
|
diffutils
|
|
|
|
|
dnsmasq
|
|
|
|
|
dosfstools
|
|
|
|
|
e2fsprogs
|
|
|
|
|
findutils
|
|
|
|
|
gdb
|
|
|
|
|
grep
|
|
|
|
|
gzip
|
|
|
|
|
jq
|
|
|
|
|
kbd
|
|
|
|
|
kexec-tools
|
|
|
|
|
kmod
|
|
|
|
|
less
|
2024-08-09 03:48:34 +08:00
|
|
|
llvm
|
2024-07-08 18:59:52 +08:00
|
|
|
lvm2
|
|
|
|
|
man
|
|
|
|
|
mdadm
|
|
|
|
|
mtools
|
|
|
|
|
nano
|
|
|
|
|
nftables
|
|
|
|
|
nvme-cli
|
|
|
|
|
opensc
|
|
|
|
|
openssl
|
|
|
|
|
p11-kit
|
|
|
|
|
pciutils
|
|
|
|
|
python3
|
|
|
|
|
radvd
|
|
|
|
|
rsync
|
|
|
|
|
sed
|
|
|
|
|
socat
|
|
|
|
|
strace
|
|
|
|
|
tar
|
|
|
|
|
tmux
|
|
|
|
|
tree
|
|
|
|
|
util-linux
|
|
|
|
|
valgrind
|
|
|
|
|
which
|
|
|
|
|
wireguard-tools
|
|
|
|
|
xfsprogs
|
|
|
|
|
zsh
|
|
|
|
|
zstd
|
|
|
|
|
|
2021-01-03 23:05:06 +08:00
|
|
|
[Host]
|
2024-07-31 23:38:12 +08:00
|
|
|
Credentials=
|
|
|
|
|
journal.storage=persistent
|
|
|
|
|
tty.serial.hvc0.agetty.autologin=root
|
|
|
|
|
tty.serial.hvc0.login.noauth=yes
|
|
|
|
|
tty.console.agetty.autologin=root
|
|
|
|
|
tty.console.login.noauth=yes
|
2024-07-08 18:59:52 +08:00
|
|
|
RuntimeBuildSources=yes
|
|
|
|
|
RuntimeScratch=no
|
|
|
|
|
QemuSmp=2
|
|
|
|
|
QemuSwtpm=yes
|
|
|
|
|
QemuVsock=yes
|
|
|
|
|
QemuKvm=yes
|
