Mike Yuan
3a497fbff5
advanced-issue-labeler: use correct label for env-generator
2024-08-02 21:45:18 +02:00
dependabot[bot]
89322b8c09
build(deps): bump github/codeql-action from 3.25.11 to 3.25.15
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.25.11 to 3.25.15.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](b611370bb5...afb54ba388
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:36:40 +02:00
dependabot[bot]
73eb21703e
build(deps): bump meson from 1.4.1 to 1.5.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.4.1 to 1.5.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.4.1...1.5.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:34:28 +02:00
dependabot[bot]
5186b40c6f
build(deps): bump systemd/mkosi
...
Bumps [systemd/mkosi](https://github.com/systemd/mkosi ) from 4eba736412c702bbbe2c6d4a58a92fa977219249 to 63fc1fde5b1aac1abf07ac499068c2b62263dafb.
- [Release notes](https://github.com/systemd/mkosi/releases )
- [Changelog](https://github.com/systemd/mkosi/blob/main/NEWS.md )
- [Commits](4eba736412...63fc1fde5b
)
---
updated-dependencies:
- dependency-name: systemd/mkosi
dependency-type: direct:production
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:34:09 +02:00
dependabot[bot]
1d8de1d5ac
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.3.0 to 5.4.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](60c9f2b924...cc6721c45a
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:09:16 +02:00
dependabot[bot]
e2dca8d9c0
build(deps): bump ossf/scorecard-action from 2.3.3 to 2.4.0
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.3 to 2.4.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](dc50aa9510...62b2cac7ed
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-08-01 13:08:42 +02:00
Daan De Meyer
7fe0ea2ead
Merge pull request #33857 from DaanDeMeyer/mkosi
...
Two small improvements
2024-07-29 15:40:48 +02:00
Daan De Meyer
578ee05155
test: Don't mount build sources into image when running non-interactively
2024-07-29 13:40:42 +02:00
Daan De Meyer
3d6c6f9b9e
mkosi: Update to latest
...
Includes the required fix to make mkosi copy NOCOW disk images properly.
2024-07-24 18:58:38 +02:00
Daan De Meyer
8b32cc79ec
mkosi: Add CI for CentOS Stream 10
...
We switch to the c10s-sig-hyperscale branch of the spec repository
as it will receive all the latest changes the earliest before they
end up in the c9s-sig-hyperscale branch.
2024-07-15 16:17:33 +02:00
Daan De Meyer
9e8cfe5daa
mkosi: Update to latest
2024-07-15 16:17:31 +02:00
Daan De Meyer
14fb6354f1
Merge pull request #33636 from DaanDeMeyer/ext4
...
Various integration test improvements
2024-07-10 21:33:23 +02:00
Daan De Meyer
dedd712dd9
TEST-06-SELINUX: Various fixes
...
- Stop installing the policy in the initramfs as it's not really
supported anyway (https://github.com/fedora-selinux/selinux-policy/issues/2221 )
- Stop relabeling on first boot and prefer to do it at image build time
- Disable mkosi relabeling by default but enable it in CI
- Build image as root in CI so the SELinux relabeling works properly
2024-07-10 18:52:29 +02:00
Daan De Meyer
d5c3868181
mkosi: Update to latest
2024-07-10 16:52:54 +02:00
Daan De Meyer
612a98a065
mkosi: Build a sysext if SYSEXT=1 is specified
2024-07-10 10:55:33 +02:00
Daan De Meyer
c8ce41954b
mkosi: Fix git commit
...
In https://github.com/systemd/systemd/pull/33659 the commit was
updated to point to my fork without changing it back after the mkosi
PR was merged so let's change it back to point to the official
repository.
2024-07-09 09:28:33 +02:00
Daan De Meyer
20345a86b7
mkosi: Adapt configuration to take into account configuration rework
...
In https://github.com/systemd/mkosi/pull/2847 , the '@' specifier is
removed, CLI arguments take priority over configuration files again
and the "main" image is defined at the top level instead of in
mkosi.images/. Additionally, not every setting from the top level
configuration is inherited by the images in mkosi.images/ anymore,
only settings which make sense to be inherited are inherited.
This commit gets rid of all the usages of '@', moves the "main" image
configuration from mkosi.images/system to the top level and gets rid
of various hacks we had in place to deal with quirks of the old
configuration parsing logic.
We also remove usages of Images= and --append as these options are
removed by the mentioned PR.
2024-07-09 08:07:09 +02:00
Daan De Meyer
b494c7bcb4
mkosi: Update to latest
2024-07-05 17:07:00 +02:00
Mike Yuan
5dfc88c12f
workflows/labeler: do not set labels on stable backport PRs
2024-07-04 20:55:53 +02:00
Mike Yuan
a3370d5d94
labeler: match all mkosi files
2024-07-04 20:55:42 +02:00
Mike Yuan
5e12de940a
labeler: remove matches for dropped files (Makefile)
2024-07-04 20:55:36 +02:00
dependabot[bot]
ba490e2281
build(deps): bump github/codeql-action from 3.24.7 to 3.25.11
...
Bumps [github/codeql-action](https://github.com/github/codeql-action ) from 3.24.7 to 3.25.11.
- [Release notes](https://github.com/github/codeql-action/releases )
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md )
- [Commits](3ab4101902...b611370bb5
)
---
updated-dependencies:
- dependency-name: github/codeql-action
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-01 22:08:28 +02:00
dependabot[bot]
502fbea8c1
build(deps): bump actions/checkout from 4.1.6 to 4.1.7
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.6 to 4.1.7.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](a5ac7e51b4...692973e3d9
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-07-01 13:18:45 +02:00
Luca Boccassi
ea6376d17f
mkosi: bump to latest commit
2024-06-26 15:47:13 +01:00
Luca Boccassi
3001339dc5
mkosi: bump to latest
2024-06-17 17:40:48 +01:00
Luca Boccassi
bdd0b45bfd
CI: disable secure boot in mkosi GHA runs
...
Booting a guest with secure boot is broken in Azure due to a hypervisor
bug. Disable it for now. Given there's no option, need to edit
the configuration on the fly.
2024-06-17 17:40:48 +01:00
Luca Boccassi
7f105dc1bd
mkosi: update to latest
2024-06-10 14:17:15 +01:00
Daan De Meyer
60f1e44ffe
mkosi: Stop using tools tree
...
Noble has all the tooling we need so let's stop using a tools tree
and just install the dependencies we need on the host system.
2024-06-08 12:33:32 +02:00
Daan De Meyer
d5474f78b8
ci: Switch to Ubuntu 24.04
2024-06-08 12:33:32 +02:00
Daan De Meyer
f42cb19931
mkosi: Update to latest
2024-06-08 12:33:28 +02:00
Daan De Meyer
20be62e4b9
mkosi: Update to latest
2024-06-06 16:43:58 +02:00
Daan De Meyer
d56cf40dd7
mkosi: Build Arch Linux image with -D_FORTIFY_SOURCE=3
...
_FORTIFY_SOURCE requires optimizations to be enabled so we set -O2
as well.
2024-06-04 12:27:29 +02:00
Daan De Meyer
cbbffa8355
mkosi: Drop $OPTIMIZATION variable
...
Let's instead just use $CFLAGS to override the optimization level.
2024-06-04 12:20:19 +02:00
Daan De Meyer
954019d211
Merge pull request #33146 from DaanDeMeyer/clang
...
mkosi: Add support for building with LLVM
2024-06-03 15:43:31 +02:00
Daan De Meyer
9ee96e7382
mkosi: Build Fedora Rawhide sanitizers job with LLVM
...
More coverage and clang tends to be better at sanitizers than gcc.
2024-06-03 13:47:37 +02:00
Daan De Meyer
aacf9527d6
mkosi: Build with --werror in CI
2024-06-03 13:47:37 +02:00
dependabot[bot]
988b837df8
build(deps): bump redhat-plumbers-in-action/differential-shellcheck
...
Bumps [redhat-plumbers-in-action/differential-shellcheck](https://github.com/redhat-plumbers-in-action/differential-shellcheck ) from 5.1.2 to 5.3.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/differential-shellcheck/releases )
- [Changelog](https://github.com/redhat-plumbers-in-action/differential-shellcheck/blob/main/docs/CHANGELOG.md )
- [Commits](52bab0caa5...60c9f2b924
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/differential-shellcheck
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:07:26 +02:00
dependabot[bot]
de5772c21d
build(deps): bump ossf/scorecard-action from 2.3.1 to 2.3.3
...
Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action ) from 2.3.1 to 2.3.3.
- [Release notes](https://github.com/ossf/scorecard-action/releases )
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md )
- [Commits](0864cf1902...dc50aa9510
)
---
updated-dependencies:
- dependency-name: ossf/scorecard-action
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:06:57 +02:00
dependabot[bot]
91c7d68d30
build(deps): bump softprops/action-gh-release from 2.0.4 to 2.0.5
...
Bumps [softprops/action-gh-release](https://github.com/softprops/action-gh-release ) from 2.0.4 to 2.0.5.
- [Release notes](https://github.com/softprops/action-gh-release/releases )
- [Changelog](https://github.com/softprops/action-gh-release/blob/master/CHANGELOG.md )
- [Commits](9d7c94cfd0...69320dbe05
)
---
updated-dependencies:
- dependency-name: softprops/action-gh-release
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:06:03 +02:00
dependabot[bot]
89b49c16ef
build(deps): bump actions/checkout from 4.1.2 to 4.1.6
...
Bumps [actions/checkout](https://github.com/actions/checkout ) from 4.1.2 to 4.1.6.
- [Release notes](https://github.com/actions/checkout/releases )
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md )
- [Commits](9bb56186c3...a5ac7e51b4
)
---
updated-dependencies:
- dependency-name: actions/checkout
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-06-03 13:04:50 +02:00
Daan De Meyer
ebec3c88c3
ci: Build Fedora rawhide with sanitizers in mkosi
...
Let's make sure one build has sanitizers enabled for extra coverage.
2024-05-31 17:26:13 +02:00
Daan De Meyer
8919f86f57
mkosi: Sanitizer improvements
...
- Let's set the environment on the kernel command line so it applies
to initrd and main system.
- Let's add the necessary wrappers that are also added in test-functions.
Unlike test-functions we don't use gcc/clang to get the library path as
that requires installing gcc/clang in the initrd.
- Let's drop the hack to get journald writing to the console and have
it write to kmsg instead. We'll get the output either way.
- Stop removing libstdc++ and sanitizer libraries from Arch Linux
initrds and other images as it's required by the sanitizer libraries.
- Add a workaround for specifying extra meson options for opensuse
- Add a leak sanitizer suppression file as a workaround for a false
positive leak in verify_selinuxmnt() in libselinux. We do a soname match
because the stacktrace can't be properly symbolized on Debian.
2024-05-31 17:26:13 +02:00
Luca Boccassi
87d6cedfdb
Merge pull request #33123 from DaanDeMeyer/fix
...
Two mkosi fixes
2024-05-31 11:38:43 +02:00
Daan De Meyer
3a8e9b4a0e
mkosi: Unify device timeout for CI and local runs
...
Now that we use KVM and don't use repart anymore to create a root
partition on first boot, let's see if we can use the same device timeout
for both local and CI runs.
2024-05-31 10:25:08 +02:00
Daan De Meyer
e2219740f3
mkosi: Drop two unnecessary settings in CI config
...
We don't build erofs images anymore and the firmware to use is set
per test so no need to configure it the CI config.
2024-05-31 10:23:58 +02:00
dependabot[bot]
d4d59423b5
build(deps): bump redhat-plumbers-in-action/advanced-issue-labeler
...
Bumps [redhat-plumbers-in-action/advanced-issue-labeler](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler ) from 3.0.0 to 3.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/advanced-issue-labeler/releases )
- [Commits](9e55064634...d498805e5c
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/advanced-issue-labeler
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:17:44 +02:00
dependabot[bot]
f47f849fad
build(deps): bump redhat-plumbers-in-action/devel-freezer
...
Bumps [redhat-plumbers-in-action/devel-freezer](https://github.com/redhat-plumbers-in-action/devel-freezer ) from 1.1.0 to 1.2.0.
- [Release notes](https://github.com/redhat-plumbers-in-action/devel-freezer/releases )
- [Commits](396c94ba8c...ad766eafd5
)
---
updated-dependencies:
- dependency-name: redhat-plumbers-in-action/devel-freezer
dependency-type: direct:production
update-type: version-update:semver-minor
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:17:10 +02:00
dependabot[bot]
4c8858dda6
build(deps): bump meson from 1.4.0 to 1.4.1 in /.github/workflows
...
Bumps [meson](https://github.com/mesonbuild/meson ) from 1.4.0 to 1.4.1.
- [Release notes](https://github.com/mesonbuild/meson/releases )
- [Commits](https://github.com/mesonbuild/meson/compare/1.4.0...1.4.1 )
---
updated-dependencies:
- dependency-name: meson
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
2024-05-31 10:16:56 +02:00
Daan De Meyer
ba592dc715
mkosi: Replace submodules with our own thing
...
Unfortunately, git submodules break in all sorts of ways:
- Various github workflows (dependabot, github pages) try to do a shallow
clone of git submodules which does not work at all when the git repository
is hosted on pagure (https://pagure.io/pagure/issue/5453 ,
https://github.com/dependabot/dependabot-core/issues/9391 ).
- If the git forge hosting the git repository uses SHA256, then it breaks our
usage of it as a submodule as SHA256 repositories cannot be used as submodules
in SHA1 repositories (src.opensuse.org moved to SHA256 which broke our usage of
opensuse's systemd spec as a submodule).
- git submodules completely break usage of git worktrees.
- ...
Let's avoid all these issues by just doing our own home grown implementation of
git submodules. We lose the automatic dependabot updates this way but since dependabot
fails to run more often that not with submodules we don't really lose anything.
2024-05-30 19:31:32 +02:00
Daan De Meyer
074ac66e88
Revert "mkosi: Sanitizer improvements"
...
This reverts commit aef13ad029
.
2024-05-30 14:50:21 +02:00