mkosi: Adapt configuration to take into account configuration rework

In https://github.com/systemd/mkosi/pull/2847, the '@' specifier is
removed, CLI arguments take priority over configuration files again
and the "main" image is defined at the top level instead of in
mkosi.images/. Additionally, not every setting from the top level
configuration is inherited by the images in mkosi.images/ anymore,
only settings which make sense to be inherited are inherited.

This commit gets rid of all the usages of '@', moves the "main" image
configuration from mkosi.images/system to the top level and gets rid
of various hacks we had in place to deal with quirks of the old
configuration parsing logic.

We also remove usages of Images= and --append as these options are
removed by the mentioned PR.

.github/workflows/mkosi.yml

@@ -92,7 +92,7 @@ jobs:
 
     steps:
     - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332
-    - uses: systemd/mkosi@9f280901d5ba81ce63072e0892649c27d41dd169
+    - uses: systemd/mkosi@e5706bd0761107bda96763191950c4198e0ccb27
 
     # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space
     # immediately, we remove the files in the background. However, we first move them to a different location

docs/HACKING.md

@@ -52,7 +52,7 @@ image all the time when iterating on a patch, add the following to
 
 ```conf
 [Host]
-@RuntimeBuildSources=yes
+RuntimeBuildSources=yes
 ```
 
 After enabling this setting, the source and build directories will be mounted to

mkosi.conf

@@ -1,17 +1,28 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
 [Config]
-@Images=system
 MinimumVersion=23~devel
+InitrdInclude=mkosi.initrd/
 
 [Output]
-@OutputDirectory=build/mkosi.output
-@BuildDirectory=build/mkosi.builddir
-@CacheDirectory=build/mkosi.cache
+RepartDirectories=mkosi.repart
+OutputDirectory=build/mkosi.output
+BuildDirectory=build/mkosi.builddir
+CacheDirectory=build/mkosi.cache
 
 [Content]
-@SELinuxRelabel=no
+SELinuxRelabel=no
 BuildSourcesEphemeral=yes
+Autologin=yes
+
+PostInstallationScripts=mkosi.sanitizers.chroot
+ExtraTrees=
+        mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
+        mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
+        mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
+
+Environment=
+        SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F
 
 # Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in
 # various scenarios. Consider adding support for a credential instead if possible and using that.
@@ -43,13 +54,85 @@ KernelCommandLine=systemd.crash_shell
 KernelModulesInitrdExclude=.*
 KernelModulesInitrdInclude=default
 
+ExtraTrees=
+        %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
+        %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
+        %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
+        %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
+        %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
+        %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
+        %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
+        %O/exitrd:/exitrd
+
+InitrdPackages=
+        btrfs-progs
+        findutils
+        grep
+        sed
+
+Packages=
+        acl
+        attr
+        bash-completion
+        bpftrace
+        btrfs-progs
+        clang
+        coreutils
+        curl
+        diffutils
+        dnsmasq
+        dosfstools
+        e2fsprogs
+        findutils
+        gdb
+        grep
+        gzip
+        jq
+        kbd
+        kexec-tools
+        kmod
+        knot
+        less
+        lld
+        llvm
+        lvm2
+        man
+        mdadm
+        mtools
+        nano
+        nftables
+        nvme-cli
+        opensc
+        openssl
+        p11-kit
+        pciutils
+        python3
+        qrencode
+        radvd
+        rsync
+        sed
+        socat
+        strace
+        systemd
+        tar
+        tmux
+        tree
+        udev
+        util-linux
+        valgrind
+        which
+        wireguard-tools
+        xfsprogs
+        zsh
+        zstd
+
 [Host]
 Credentials=journal.storage=persistent
-@Incremental=yes
-@RuntimeBuildSources=yes
-@RuntimeScratch=no
-@QemuSmp=2
-@QemuSwtpm=yes
-@QemuVsock=yes
-@QemuKvm=yes
+Incremental=yes
+RuntimeBuildSources=yes
+RuntimeScratch=no
+QemuSmp=2
+QemuSwtpm=yes
+QemuVsock=yes
+QemuKvm=yes
 ToolsTreePackages=virtiofsd

mkosi.conf.d/10-centos.conf

@@ -1,11 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=centos
-
-[Distribution]
-@Release=9
-Repositories=epel
-             epel-next
-             hyperscale-packages-main
-             hyperscale-packages-experimental

mkosi.conf.d/10-centos/mkosi.conf

@@ -3,6 +3,13 @@
 [Match]
 Distribution=centos
 
+[Distribution]
+Release=9
+Repositories=epel
+             epel-next
+             hyperscale-packages-main
+             hyperscale-packages-experimental
+
 [Content]
 Environment=
         Environment=

mkosi.conf.d/10-debian-ubuntu/mkosi.conf

@@ -4,6 +4,9 @@
 Distribution=|debian
 Distribution=|ubuntu
 
+[Distribution]
+PackageManagerTrees=mkosi-pinning.pref:/etc/apt/preferences.d/mkosi-pinning.pref
+
 [Content]
 Environment=
         GIT_URL=https://salsa.debian.org/systemd-team/systemd.git
@@ -11,9 +14,6 @@ Environment=
         GIT_BRANCH=debian/master
         GIT_COMMIT=abf24e775c67cf054f474526dd5d9d952a00228b
 
-[Distribution]
-PackageManagerTrees=mkosi-pinning.pref:/etc/apt/preferences.d/mkosi-pinning.pref
-
 VolatilePackages=
         libnss-myhostname
         libnss-mymachines

mkosi.conf.d/10-debian.conf

@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=debian
-
-[Distribution]
-@Release=testing

mkosi.conf.d/10-debian/mkosi.conf

@@ -3,6 +3,9 @@
 [Match]
 Distribution=debian
 
+[Distribution]
+Release=testing
+
 [Content]
 Packages=
         linux-perf

mkosi.conf.d/10-fedora.conf

@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=fedora
-
-[Distribution]
-@Release=rawhide

mkosi.conf.d/10-fedora/mkosi.conf

@@ -3,6 +3,9 @@
 [Match]
 Distribution=fedora
 
+[Distribution]
+Release=rawhide
+
 [Content]
 Environment=
         GIT_URL=https://src.fedoraproject.org/rpms/systemd.git

mkosi.conf.d/10-opensuse.conf

@@ -1,8 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=opensuse
-
-[Distribution]
-@Release=tumbleweed
-PackageManagerTrees=mkosi.conf.d/macros.db_backend:/etc/rpm/macros.db_backend

mkosi.conf.d/10-opensuse/mkosi.conf

@@ -6,6 +6,10 @@ Distribution=opensuse
 [Config]
 InitrdInclude=initrd/
 
+[Distribution]
+Release=tumbleweed
+PackageManagerTrees=macros.db_backend:/etc/rpm/macros.db_backend
+
 [Content]
 Environment=
         GIT_URL=https://src.opensuse.org/rpm/systemd

mkosi.conf.d/10-ubuntu.conf

@@ -1,8 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Distribution=ubuntu
-
-[Distribution]
-@Release=noble
-Repositories=universe

mkosi.conf.d/10-ubuntu/mkosi.conf

@@ -3,6 +3,10 @@
 [Match]
 Distribution=ubuntu
 
+[Distribution]
+Release=noble
+Repositories=universe
+
 [Content]
 Packages=
         linux-image-generic

mkosi.conf.d/20-none.conf

@@ -0,0 +1,9 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+# If we're only rerunning the build script, remove all subimage dependencies to speed up builds.
+
+[Match]
+Format=none
+
+[Config]
+Dependencies=

mkosi.conf.d/20-particle/mkosi.conf

@@ -8,8 +8,8 @@ RepartDirectories=
 RepartDirectories=mkosi.repart
 
 [Validation]
-@SecureBoot=yes
-@SignExpectedPcr=yes
+SecureBoot=yes
+SignExpectedPcr=yes
 
 [Host]
-@RuntimeSize=8G
+RuntimeSize=8G

mkosi.images/exitrd/mkosi.conf

@@ -1,22 +1,14 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
-[Config]
-ConfigureScripts=
-
 [Output]
 Format=directory
 
 [Content]
 Bootable=no
-@Locale=C.UTF-8
+Locale=C.UTF-8
 WithDocs=no
 CleanPackageMetadata=yes
 MakeInitrd=yes
 
-BuildSources=
-Packages=
-BuildPackages=
-VolatilePackages=
-
 Packages=
         bash

mkosi.images/minimal-0/mkosi.conf

@@ -2,7 +2,6 @@
 
 [Config]
 Dependencies=minimal-base
-ConfigureScripts=
 
 [Distribution]
 CacheOnly=always
@@ -15,11 +14,3 @@ SplitArtifacts=yes
 BaseTrees=%O/minimal-base
 Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs
 Bootable=no
-
-BuildSources=
-Packages=
-BuildPackages=
-VolatilePackages=
-
-[Host]
-Incremental=no

mkosi.images/minimal-1/mkosi.conf

@@ -2,7 +2,6 @@
 
 [Config]
 Dependencies=minimal-base
-ConfigureScripts=
 
 [Distribution]
 CacheOnly=always
@@ -15,11 +14,3 @@ SplitArtifacts=yes
 BaseTrees=%O/minimal-base
 Environment=SYSTEMD_REPART_OVERRIDE_FSTYPE=squashfs
 Bootable=no
-
-BuildSources=
-Packages=
-BuildPackages=
-VolatilePackages=
-
-[Host]
-Incremental=no

mkosi.images/minimal-base/mkosi.conf

@@ -1,22 +1,14 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
-[Config]
-ConfigureScripts=
-
 [Output]
 Format=directory
 
 [Content]
 Bootable=no
-@Locale=C.UTF-8
+Locale=C.UTF-8
 WithDocs=no
 CleanPackageMetadata=yes
 
-BuildSources=
-Packages=
-BuildPackages=
-VolatilePackages=
-
 Packages=
         bash
         coreutils

mkosi.images/system/initrd/mkosi.conf

@@ -1,7 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Content]
-PostInstallationScripts=../mkosi.sanitizers.chroot
-ExtraTrees=
-    ../leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
-    ../coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf

mkosi.images/system/mkosi.conf

@@ -1,81 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Config]
-InitrdInclude=initrd/
-
-[Output]
-RepartDirectories=mkosi.repart
-
-[Content]
-Autologin=yes
-ExtraTrees=
-        %D/mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
-        leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
-        coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
-
-PostInstallationScripts=mkosi.sanitizers.chroot
-
-Environment=
-        SYSTEMD_REPART_OVERRIDE_FSTYPE_ROOT=%F
-
-InitrdPackages=
-        btrfs-progs
-        findutils
-        grep
-        sed
-
-Packages=
-        acl
-        attr
-        bash-completion
-        bpftrace
-        btrfs-progs
-        clang
-        coreutils
-        curl
-        diffutils
-        dnsmasq
-        dosfstools
-        e2fsprogs
-        findutils
-        gdb
-        grep
-        gzip
-        jq
-        kbd
-        kexec-tools
-        kmod
-        knot
-        less
-        lld
-        llvm
-        lvm2
-        man
-        mdadm
-        mtools
-        nano
-        nftables
-        nvme-cli
-        opensc
-        openssl
-        p11-kit
-        pciutils
-        python3
-        qrencode
-        radvd
-        rsync
-        sed
-        socat
-        strace
-        systemd
-        tar
-        tmux
-        tree
-        udev
-        util-linux
-        valgrind
-        which
-        wireguard-tools
-        xfsprogs
-        zsh
-        zstd

mkosi.images/system/mkosi.conf.d/20-images.conf

@@ -1,22 +0,0 @@
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-[Match]
-Format=!none
-
-[Config]
-Dependencies=
-        exitrd
-        minimal-base
-        minimal-0
-        minimal-1
-
-[Content]
-ExtraTrees=
-        %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
-        %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
-        %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
-        %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw
-        %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity
-        %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig
-        %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template
-        %O/exitrd:/exitrd

mkosi.initrd/mkosi.conf

@@ -0,0 +1,7 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+[Content]
+PostInstallationScripts=../mkosi.sanitizers.chroot
+ExtraTrees=
+    ../mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
+    ../mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf

test/integration-test-wrapper.py

@@ -134,7 +134,6 @@ def main():
         '--runtime-network=none',
         '--runtime-scratch=no',
         *args.mkosi_args,
-        '--append',
         '--qemu-firmware', args.firmware,
         '--qemu-kvm', "auto" if not bool(int(os.getenv("TEST_NO_KVM", "0"))) else "no",
         '--kernel-command-line-extra',
@@ -184,9 +183,8 @@ def main():
                     text=True,
                 ).stdout
             )
-            images = {image["Image"]: image for image in j["Images"]}
-            distribution = images["system"]["Distribution"]
-            release = images["system"]["Release"]
+            distribution = j["Images"][-1]["Distribution"]
+            release = j["Images"][-1]["Release"]
             artifact = f"ci-mkosi-{id}-{iteration}-{distribution}-{release}-failed-test-journals"
             ops += [f"gh run download {id} --name {artifact} -D ci/{artifact}"]
             journal_file = Path(f"ci/{artifact}/test/journal/{name}.journal")