Commit Graph

639 Commits

Author SHA1 Message Date
Mike Yuan
3a497fbff5 advanced-issue-labeler: use correct label for env-generator 2024-08-02 21:45:18 +02:00
dependabot[bot]
89322b8c09 build(deps): bump github/codeql-action from 3.25.11 to 3.25.15
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.25.11 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](b611370bb5...afb54ba388)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:36:40 +02:00
dependabot[bot]
73eb21703e build(deps): bump meson from 1.4.1 to 1.5.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.4.1 to 1.5.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.4.1...1.5.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:34:28 +02:00
dependabot[bot]
5186b40c6f build(deps): bump systemd/mkosi
Bumps [systemd/mkosi](https://github.com/systemd/mkosi) from 4eba736412c702bbbe2c6d4a58a92fa977219249 to 63fc1fde5b1aac1abf07ac499068c2b62263dafb.
- [Release notes](https://github.com/systemd/mkosi/releases)
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md)
- [Commits](4eba736412...63fc1fde5b)

---
updated-dependencies:
- dependency-name: systemd/mkosi
  dependency-type: direct:production
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:34:09 +02:00
dependabot[bot]
1d8de1d5ac build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](60c9f2b924...cc6721c45a)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:09:16 +02:00
dependabot[bot]
e2dca8d9c0 build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](dc50aa9510...62b2cac7ed)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:08:42 +02:00
Daan De Meyer
7fe0ea2ead
Merge pull request #33857 from DaanDeMeyer/mkosi
Two small improvements
2024-07-29 15:40:48 +02:00
Daan De Meyer
578ee05155 test: Don't mount build sources into image when running non-interactively 2024-07-29 13:40:42 +02:00
Daan De Meyer
3d6c6f9b9e mkosi: Update to latest
Includes the required fix to make mkosi copy NOCOW disk images properly.
2024-07-24 18:58:38 +02:00
Daan De Meyer
8b32cc79ec mkosi: Add CI for CentOS Stream 10
We switch to the c10s-sig-hyperscale branch of the spec repository
as it will receive all the latest changes the earliest before they
end up in the c9s-sig-hyperscale branch.
2024-07-15 16:17:33 +02:00
Daan De Meyer
9e8cfe5daa mkosi: Update to latest 2024-07-15 16:17:31 +02:00
Daan De Meyer
14fb6354f1
Merge pull request #33636 from DaanDeMeyer/ext4
Various integration test improvements
2024-07-10 21:33:23 +02:00
Daan De Meyer
dedd712dd9 TEST-06-SELINUX: Various fixes
- Stop installing the policy in the initramfs as it's not really
supported anyway (https://github.com/fedora-selinux/selinux-policy/issues/2221)
- Stop relabeling on first boot and prefer to do it at image build time
- Disable mkosi relabeling by default but enable it in CI
- Build image as root in CI so the SELinux relabeling works properly
2024-07-10 18:52:29 +02:00
Daan De Meyer
d5c3868181 mkosi: Update to latest 2024-07-10 16:52:54 +02:00
Daan De Meyer
612a98a065 mkosi: Build a sysext if SYSEXT=1 is specified 2024-07-10 10:55:33 +02:00
Daan De Meyer
c8ce41954b mkosi: Fix git commit
In https://github.com/systemd/systemd/pull/33659 the commit was
updated to point to my fork without changing it back after the mkosi
PR was merged so let's change it back to point to the official
repository.
2024-07-09 09:28:33 +02:00
Daan De Meyer
20345a86b7 mkosi: Adapt configuration to take into account configuration rework
In https://github.com/systemd/mkosi/pull/2847, the '@' specifier is
removed, CLI arguments take priority over configuration files again
and the "main" image is defined at the top level instead of in
mkosi.images/. Additionally, not every setting from the top level
configuration is inherited by the images in mkosi.images/ anymore,
only settings which make sense to be inherited are inherited.

This commit gets rid of all the usages of '@', moves the "main" image
configuration from mkosi.images/system to the top level and gets rid
of various hacks we had in place to deal with quirks of the old
configuration parsing logic.

We also remove usages of Images= and --append as these options are
removed by the mentioned PR.
2024-07-09 08:07:09 +02:00
Daan De Meyer
b494c7bcb4 mkosi: Update to latest 2024-07-05 17:07:00 +02:00
Mike Yuan
5dfc88c12f
workflows/labeler: do not set labels on stable backport PRs 2024-07-04 20:55:53 +02:00
Mike Yuan
a3370d5d94
labeler: match all mkosi files 2024-07-04 20:55:42 +02:00
Mike Yuan
5e12de940a
labeler: remove matches for dropped files (Makefile) 2024-07-04 20:55:36 +02:00
dependabot[bot]
ba490e2281 build(deps): bump github/codeql-action from 3.24.7 to 3.25.11
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 3.24.7 to 3.25.11.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](3ab4101902...b611370bb5)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-01 22:08:28 +02:00
dependabot[bot]
502fbea8c1 build(deps): bump actions/checkout from 4.1.6 to 4.1.7
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](a5ac7e51b4...692973e3d9)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-07-01 13:18:45 +02:00
Luca Boccassi
ea6376d17f mkosi: bump to latest commit 2024-06-26 15:47:13 +01:00
Luca Boccassi
3001339dc5 mkosi: bump to latest 2024-06-17 17:40:48 +01:00
Luca Boccassi
bdd0b45bfd CI: disable secure boot in mkosi GHA runs
Booting a guest with secure boot is broken in Azure due to a hypervisor
bug. Disable it for now. Given there's no option, need to edit
the configuration on the fly.
2024-06-17 17:40:48 +01:00
Luca Boccassi
7f105dc1bd mkosi: update to latest 2024-06-10 14:17:15 +01:00
Daan De Meyer
60f1e44ffe mkosi: Stop using tools tree
Noble has all the tooling we need so let's stop using a tools tree
and just install the dependencies we need on the host system.
2024-06-08 12:33:32 +02:00
Daan De Meyer
d5474f78b8 ci: Switch to Ubuntu 24.04 2024-06-08 12:33:32 +02:00
Daan De Meyer
f42cb19931 mkosi: Update to latest 2024-06-08 12:33:28 +02:00
Daan De Meyer
20be62e4b9 mkosi: Update to latest 2024-06-06 16:43:58 +02:00
Daan De Meyer
d56cf40dd7 mkosi: Build Arch Linux image with -D_FORTIFY_SOURCE=3
_FORTIFY_SOURCE requires optimizations to be enabled so we set -O2
as well.
2024-06-04 12:27:29 +02:00
Daan De Meyer
cbbffa8355 mkosi: Drop $OPTIMIZATION variable
Let's instead just use $CFLAGS to override the optimization level.
2024-06-04 12:20:19 +02:00
Daan De Meyer
954019d211
Merge pull request #33146 from DaanDeMeyer/clang
mkosi: Add support for building with LLVM
2024-06-03 15:43:31 +02:00
Daan De Meyer
9ee96e7382 mkosi: Build Fedora Rawhide sanitizers job with LLVM
More coverage and clang tends to be better at sanitizers than gcc.
2024-06-03 13:47:37 +02:00
Daan De Meyer
aacf9527d6 mkosi: Build with --werror in CI 2024-06-03 13:47:37 +02:00
dependabot[bot]
988b837df8 build(deps): bump redhat-plumbers-in-action/differential-shellcheck
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck) from 5.1.2 to 5.3.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases)
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md)
- [Commits](52bab0caa5...60c9f2b924)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:07:26 +02:00
dependabot[bot]
de5772c21d build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](0864cf1902...dc50aa9510)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:06:57 +02:00
dependabot[bot]
91c7d68d30 build(deps): bump softprops/action-gh-release from 2.0.4 to 2.0.5
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/softprops/action-gh-release/releases)
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md)
- [Commits](9d7c94cfd0...69320dbe05)

---
updated-dependencies:
- dependency-name: softprops/action-gh-release
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:06:03 +02:00
dependabot[bot]
89b49c16ef build(deps): bump actions/checkout from 4.1.2 to 4.1.6
Bumps [actions/checkout](https://github.com/actions/checkout) from 4.1.2 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](9bb56186c3...a5ac7e51b4)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:04:50 +02:00
Daan De Meyer
ebec3c88c3 ci: Build Fedora rawhide with sanitizers in mkosi
Let's make sure one build has sanitizers enabled for extra coverage.
2024-05-31 17:26:13 +02:00
Daan De Meyer
8919f86f57 mkosi: Sanitizer improvements
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
2024-05-31 17:26:13 +02:00
Luca Boccassi
87d6cedfdb
Merge pull request #33123 from DaanDeMeyer/fix
Two mkosi fixes
2024-05-31 11:38:43 +02:00
Daan De Meyer
3a8e9b4a0e mkosi: Unify device timeout for CI and local runs
Now that we use KVM and don't use repart anymore to create a root
partition on first boot, let's see if we can use the same device timeout
for both local and CI runs.
2024-05-31 10:25:08 +02:00
Daan De Meyer
e2219740f3 mkosi: Drop two unnecessary settings in CI config
We don't build erofs images anymore and the firmware to use is set
per test so no need to configure it the CI config.
2024-05-31 10:23:58 +02:00
dependabot[bot]
d4d59423b5 build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases)
- [Commits](9e55064634...d498805e5c)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:17:44 +02:00
dependabot[bot]
f47f849fad build(deps): bump redhat-plumbers-in-action/devel-freezer
Bumps [redhat-plumbers-in-action/devel-freezer](https://github.com/redhat-plumbers-in-action/devel-freezer) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/devel-freezer/releases)
- [Commits](396c94ba8c...ad766eafd5)

---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/devel-freezer
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:17:10 +02:00
dependabot[bot]
4c8858dda6 build(deps): bump meson from 1.4.0 to 1.4.1 in /.github/workflows
Bumps [meson](https://github.com/mesonbuild/meson) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/mesonbuild/meson/releases)
- [Commits](https://github.com/mesonbuild/meson/compare/1.4.0...1.4.1)

---
updated-dependencies:
- dependency-name: meson
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:16:56 +02:00
Daan De Meyer
ba592dc715 mkosi: Replace submodules with our own thing
Unfortunately, git submodules break in all sorts of ways:

- Various github workflows (dependabot, github pages) try to do a shallow
clone of git submodules which does not work at all when the git repository
is hosted on pagure (https://pagure.io/pagure/issue/5453,
https://github.com/dependabot/dependabot-core/issues/9391).
- If the git forge hosting the git repository uses SHA256, then it breaks our
usage of it as a submodule as SHA256 repositories cannot be used as submodules
in SHA1 repositories (src.opensuse.org moved to SHA256 which broke our usage of
opensuse's systemd spec as a submodule).
- git submodules completely break usage of git worktrees.
- ...

Let's avoid all these issues by just doing our own home grown implementation of
git submodules. We lose the automatic dependabot updates this way but since dependabot
fails to run more often that not with submodules we don't really lose anything.
2024-05-30 19:31:32 +02:00
Daan De Meyer
074ac66e88 Revert "mkosi: Sanitizer improvements"
This reverts commit aef13ad029.
2024-05-30 14:50:21 +02:00