Merge 262d1b115d into 6fd3496cfd

test: mask tmpfiles.d file shipped by selinux policy package in containers
This tmpfiles.d wants to write to sysfs, which is read-only in containers, so systemd-tmpfiles --create fails in TEST-22-TMPFILES when ran in nspawn if the selinux policy package is instealled. Mask it, as it's not our config file, we don't need it in the test.
2024-11-24 22:55:21 -08:00 · 2024-11-25 15:25:55 +09:00 · 2024-11-25 15:09:58 +09:00 · 2024-11-25 00:21:10 +01:00
10 changed files with 18 additions and 7 deletions
--- a/mkosi.clangd
+++ b/mkosi.clangd
@ -1,12 +1,18 @@
 #!/bin/bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
-MKOSI_CONFIG="$(mkosi --json summary | jq -r .Images[-1])"
+if command -v flatpak-spawn >/dev/null; then
    SPAWN=(flatpak-spawn --host)
 else
    SPAWN=()
 fi
 MKOSI_CONFIG="$("${SPAWN[@]}" --host mkosi --json summary | jq -r .Images[-1])"
 DISTRIBUTION="$(jq -r .Distribution <<< "$MKOSI_CONFIG")"
 RELEASE="$(jq -r .Release <<< "$MKOSI_CONFIG")"
 ARCH="$(jq -r .Architecture <<< "$MKOSI_CONFIG")"
-exec mkosi \
+exec "${SPAWN[@]}" mkosi \
    --incremental=strict \
    --build-sources-ephemeral=no \
    --format=none \
--- a/mkosi.conf
+++ b/mkosi.conf
@ -38,9 +38,8 @@ SignExpectedPcr=yes
 [Content]
 ExtraTrees=
        mkosi.extra.common
        mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key
        mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
        mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
        %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw
        %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity
        %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig
--- a/mkosi.extra.common/etc/issue
+++ b/mkosi.extra.common/etc/issue
--- a/mkosi.extra.common/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
+++ b/mkosi.extra.common/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
--- a/mkosi.extra.common/usr/lib/systemd/journald.conf.d/ratelimit.conf
+++ b/mkosi.extra.common/usr/lib/systemd/journald.conf.d/ratelimit.conf
--- a/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions
+++ b/mkosi.extra.common/usr/lib/systemd/leak-sanitizer-suppressions
--- a/mkosi.extra.common/usr/lib/systemd/system-preset/00-mkosi.preset
+++ b/mkosi.extra.common/usr/lib/systemd/system-preset/00-mkosi.preset
--- a/mkosi.extra.common/usr/lib/systemd/system-preset/99-mkosi.preset
+++ b/mkosi.extra.common/usr/lib/systemd/system-preset/99-mkosi.preset
--- a/mkosi.images/initrd/mkosi.conf
+++ b/mkosi.images/initrd/mkosi.conf
@ -6,9 +6,7 @@ Include=
        %D/mkosi.sanitizers
 [Content]
-ExtraTrees=
+ExtraTrees=%D/mkosi.extra.common
        %D/mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions
        %D/mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf
 Packages=
        findutils
--- a/test/units/TEST-22-TMPFILES.sh
+++ b/test/units/TEST-22-TMPFILES.sh
@ -6,6 +6,14 @@ set -o pipefail
 # shellcheck source=test/units/test-control.sh
 . "$(dirname "$0")"/test-control.sh
 if systemd-detect-virt --quiet --container; then
    # This comes from the selinux package and tries to write
    # some files under sysfs, which will be read-only in a container,
    # so mask it. It's not our tmpfiles.d file anyway.
    mkdir -p /run/tmpfiles.d/
    ln -s /dev/null /run/tmpfiles.d/selinux-policy.conf
 fi
 run_subtests
 touch /testok
Author	SHA1	Message	Date
Lennart Poettering	e3e8d3f91b	Merge `262d1b115d` into `6fd3496cfd`	2024-11-24 22:55:21 -08:00
Luca Boccassi	6fd3496cfd	test: mask tmpfiles.d file shipped by selinux policy package in containers This tmpfiles.d wants to write to sysfs, which is read-only in containers, so systemd-tmpfiles --create fails in TEST-22-TMPFILES when ran in nspawn if the selinux policy package is instealled. Mask it, as it's not our config file, we don't need it in the test.	2024-11-25 15:25:55 +09:00
Daan De Meyer	bb486fe9df	mkosi: Use shared extra tree between initrd and main image Let's share more between initrd and main system and use a shared extra tree to achieve that.	2024-11-25 15:09:58 +09:00
Daan De Meyer	0e44a351ea	mkosi: Make sure mkosi.clangd always runs on the host If the editor that invokes mkosi.clangd is a flatpak, let's make sure that mkosi is run on the host and not in the flatpak sandbox since it won't be installed there.	2024-11-25 00:21:10 +01:00