Merge pull request #21722 from yuwata/bpf-framework

build: include BPF_FRAMEWORK in version string
Merge pull request #21708 from mrc0mmand/mkosi-ci-improvements
2026-04-10 17:15:03 +02:00 · 2021-12-10 17:18:24 +01:00 · 2021-12-10 13:50:55 +00:00 · 2021-12-10 20:07:38 +09:00 · 2021-12-10 19:54:33 +09:00 · 2021-12-10 19:54:33 +09:00
14 changed files with 225 additions and 147 deletions
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@ -17,6 +17,11 @@ on:
 permissions:
  contents: read

+env:
+  # Enable debug logging in systemd, but keep udev's log level to info,
+  # since it's _very_ verbose in the QEMU task
+  KERNEL_CMDLINE: "systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console"
+
 jobs:
  ci:
    runs-on: ubuntu-20.04
@ -57,13 +62,19 @@ jobs:
        systemd-nspawn --version

    - name: Build ${{ matrix.distro }}
-      run: sudo python3 -m mkosi build
+      run: ./.github/workflows/run_mkosi.sh --build-environment=CI_BUILD=1 --kernel-command-line "${{ env.KERNEL_CMDLINE }}" build

    - name: Show ${{ matrix.distro }} image summary
-      run: sudo python3 -m mkosi summary
+      run: ./.github/workflows/run_mkosi.sh summary

    - name: Boot ${{ matrix.distro }} systemd-nspawn
-      run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi boot
+      run: ./.github/workflows/run_mkosi.sh boot ${{ env.KERNEL_CMDLINE }}
+
+    - name: Check ${{ matrix.distro }} systemd-nspawn
+      run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"

    - name: Boot ${{ matrix.distro }} QEMU
-      run: sudo ./.github/workflows/test_mkosi_boot.py python3 -m mkosi qemu
+      run: ./.github/workflows/run_mkosi.sh qemu
+
+    - name: Check ${{ matrix.distro }} QEMU
+      run: ./.github/workflows/run_mkosi.sh shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
--- a/.github/workflows/run_mkosi.sh
+++ b/.github/workflows/run_mkosi.sh
@ -0,0 +1,30 @@
+#!/bin/bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+# shellcheck disable=SC2064
+
+set -eu
+set -o pipefail
+
+EC=0
+TEMPFILE="$(mktemp)"
+trap "rm -f '$TEMPFILE'" EXIT
+
+for ((i = 0; i < 5; i++)); do
+    EC=0
+    (sudo python3 -m mkosi "$@") |& tee "$TEMPFILE" || EC=$?
+    if [[ $EC -eq 0 ]]; then
+        # The command passed - let's return immediatelly
+        break
+    fi
+
+    if ! grep -E "Failed to dissect image .+: Connection timed out" "$TEMPFILE"; then
+        # The command failed for other reason than the dissect-related timeout -
+        # let's exit with the same EC
+        exit $EC
+    fi
+
+    # The command failed due to the dissect-related timeout - let's try again
+    sleep 1
+done
+
+exit $EC
--- a/.github/workflows/test_mkosi_boot.py
+++ b/.github/workflows/test_mkosi_boot.py
@ -1,26 +0,0 @@
-#!/usr/bin/env python3
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-import pexpect
-import re
-import sys
-
-
-def run() -> None:
-    p = pexpect.spawnu(" ".join(sys.argv[1:]), logfile=sys.stdout, timeout=300)
-
-    # distro-independent root prompt
-    p.expect(re.compile("~[^#]{0,3}#"))
-    p.sendline("systemctl poweroff")
-
-    p.expect(pexpect.EOF)
-
-
-try:
-    run()
-except pexpect.EOF:
-    print("UNEXPECTED EOF")
-    sys.exit(1)
-except pexpect.TIMEOUT:
-    print("TIMED OUT")
-    sys.exit(1)
--- a/mkosi.build
+++ b/mkosi.build
@ -110,3 +110,12 @@ if [ -n "$IMAGE_VERSION" ] ; then
    cat /tmp/os-release.tmp > "$DESTDIR"/usr/lib/os-release
    rm /tmp/os-release.tmp
 fi
+
+# If $CI_BUILD is set, copy over the CI service which executes a service check
+# after boot and then shuts down the machine
+if [ -n "$CI_BUILD" ]; then
+    mkdir -p "$DESTDIR/usr/lib/systemd/system"
+    cp -v "$SRCDIR/test/mkosi-check-and-shutdown.service" "$DESTDIR/usr/lib/systemd/system/mkosi-check-and-shutdown.service"
+    cp -v "$SRCDIR/test/mkosi-check-and-shutdown.sh" "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh"
+    chmod +x "$DESTDIR/usr/lib/systemd/mkosi-check-and-shutdown.sh"
+fi
--- a/mkosi.default.d/opensuse/10-mkosi.opensuse
+++ b/mkosi.default.d/opensuse/10-mkosi.opensuse
@ -23,6 +23,7 @@ BuildPackages=
        libcryptsetup-devel
        libcurl-devel
        libgcrypt-devel
+        libgnutls-devel
        libkmod-devel
        liblz4-devel
        libmicrohttpd-devel
@ -35,8 +36,8 @@ BuildPackages=
        pciutils-devel
        pcre-devel
        python3
-        python3-lxml
        python3-Jinja2
+        python3-lxml
        qrencode-devel
        system-user-nobody
        systemd-sysvinit
@ -61,6 +62,7 @@ Packages=
        libcrypt1
        libcryptsetup12
        libgcrypt20
+        libgnutls30
        libkmod2
        liblz4-1
        libmount1
--- a/mkosi.postinst
+++ b/mkosi.postinst
@ -4,3 +4,13 @@
 if [ "$1" = "final" ] && command -v bootctl > /dev/null; then
    bootctl install
 fi
+
+# Temporary workaround until https://github.com/openSUSE/suse-module-tools/commit/158643414ddb8d8208016a5f03a4484d58944d7a
+# gets into OpenSUSE repos
+if [ "$1" = "final" ] && grep -q openSUSE /etc/os-release; then
+    if [ -e "/usr/lib/systemd/system/boot-sysctl.service" ] && \
+       ! grep -F -q 'ConditionPathExists=/boot/sysctl.conf' "/usr/lib/systemd/system/boot-sysctl.service"; then
+        mkdir -p "/etc/systemd/system/boot-sysctl.service.d/"
+        printf '[Unit]\nConditionPathExists=/boot/sysctl.conf-%%v' >"/etc/systemd/system/boot-sysctl.service.d/99-temporary-workaround.conf"
+    fi
+fi
--- a/src/basic/build.c
+++ b/src/basic/build.c
@ -194,6 +194,12 @@ const char* const systemd_features =

        /* other stuff that doesn't fit above */

+#if BPF_FRAMEWORK
+        " +BPF_FRAMEWORK"
+#else
+        " -BPF_FRAMEWORK"
+#endif
+
 #if HAVE_XKBCOMMON
        " +XKBCOMMON"
 #else
--- a/src/core/bpf/meson.build
+++ b/src/core/bpf/meson.build
@ -1,31 +1,34 @@
 # SPDX-License-Identifier: LGPL-2.1+

-if conf.get('BPF_FRAMEWORK') == 1
-        clang_flags = [
+if conf.get('BPF_FRAMEWORK') != 1
+        subdir_done()
+endif
+
+clang_flags = [
        '-Wno-compare-distinct-pointer-types',
        '-O2',
        '-target',
        'bpf',
        '-g',
        '-c',
-        ]
+]

-        clang_arch_flag = '-D__@0@__'.format(host_machine.cpu_family())
+clang_arch_flag = '-D__@0@__'.format(host_machine.cpu_family())

-        if meson.version().version_compare('>= 0.58')
+if meson.version().version_compare('>= 0.58')
        libbpf_include_dir = libbpf.get_variable('includedir')
-        else
+else
        libbpf_include_dir = libbpf.get_variable(pkgconfig : 'includedir')
-        endif
+endif

-        bpf_o_unstripped_cmd = [
+bpf_o_unstripped_cmd = [
        clang,
        clang_flags,
        clang_arch_flag,
        '-I.'
-        ]
+]

-        if not meson.is_cross_build()
+if not meson.is_cross_build()
        target_triplet_cmd = run_command('gcc', '-dumpmachine', check: false)
        if target_triplet_cmd.returncode() == 0
                target_triplet = target_triplet_cmd.stdout().strip()
@ -34,28 +37,27 @@ if conf.get('BPF_FRAMEWORK') == 1
                        '/usr/include/@0@'.format(target_triplet)
                ]
        endif
-        endif
+endif

-        bpf_o_unstripped_cmd += [
+bpf_o_unstripped_cmd += [
        '-idirafter',
        libbpf_include_dir,
        '@INPUT@',
        '-o',
        '@OUTPUT@'
-        ]
+]

-        bpf_o_cmd = [
+bpf_o_cmd = [
        llvm_strip,
        '-g',
        '@INPUT@',
        '-o',
        '@OUTPUT@'
-        ]
+]

-        skel_h_cmd = [
+skel_h_cmd = [
        bpftool,
        'g',
        's',
        '@INPUT@'
-        ]
-endif
+]
--- a/src/core/bpf/restrict_fs/meson.build
+++ b/src/core/bpf/restrict_fs/meson.build
@ -1,22 +1,24 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

-if conf.get('BPF_FRAMEWORK') == 1
-        restrict_fs_bpf_o_unstripped = custom_target(
+if conf.get('BPF_FRAMEWORK') != 1
+        subdir_done()
+endif
+
+restrict_fs_bpf_o_unstripped = custom_target(
        'restrict-fs.bpf.unstripped.o',
        input : 'restrict-fs.bpf.c',
        output : 'restrict-fs.bpf.unstripped.o',
        command : bpf_o_unstripped_cmd)

-        restrict_fs_bpf_o = custom_target(
+restrict_fs_bpf_o = custom_target(
        'restrict-fs.bpf.o',
        input : restrict_fs_bpf_o_unstripped,
        output : 'restrict-fs.bpf.o',
        command : bpf_o_cmd)

-        restrict_fs_skel_h = custom_target(
+restrict_fs_skel_h = custom_target(
        'restrict-fs.skel.h',
        input : restrict_fs_bpf_o,
        output : 'restrict-fs.skel.h',
        command : skel_h_cmd,
        capture : true)
-endif
--- a/src/core/bpf/restrict_ifaces/meson.build
+++ b/src/core/bpf/restrict_ifaces/meson.build
@ -1,22 +1,24 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

-if conf.get('BPF_FRAMEWORK') == 1
-        restrict_ifaces_bpf_o_unstripped = custom_target(
+if conf.get('BPF_FRAMEWORK') != 1
+        subdir_done()
+endif
+
+restrict_ifaces_bpf_o_unstripped = custom_target(
        'restrict-ifaces.bpf.unstripped.o',
        input : 'restrict-ifaces.bpf.c',
        output : 'restrict-ifaces.bpf.unstripped.o',
        command : bpf_o_unstripped_cmd)

-        restrict_ifaces_bpf_o = custom_target(
+restrict_ifaces_bpf_o = custom_target(
        'restrict-ifaces.bpf.o',
        input : restrict_ifaces_bpf_o_unstripped,
        output : 'restrict-ifaces.bpf.o',
        command : bpf_o_cmd)

-        restrict_ifaces_skel_h = custom_target(
+restrict_ifaces_skel_h = custom_target(
        'restrict-ifaces.skel.h',
        input : restrict_ifaces_bpf_o,
        output : 'restrict-ifaces.skel.h',
        command : skel_h_cmd,
        capture : true)
-endif
--- a/src/core/bpf/socket_bind/meson.build
+++ b/src/core/bpf/socket_bind/meson.build
@ -1,22 +1,24 @@
 # SPDX-License-Identifier: LGPL-2.1-or-later

-if conf.get('BPF_FRAMEWORK') == 1
-        socket_bind_bpf_o_unstripped = custom_target(
+if conf.get('BPF_FRAMEWORK') != 1
+        subdir_done()
+endif
+
+socket_bind_bpf_o_unstripped = custom_target(
        'socket-bind.bpf.unstripped.o',
        input : 'socket-bind.bpf.c',
        output : 'socket-bind.bpf.unstripped.o',
        command : bpf_o_unstripped_cmd)

-        socket_bind_bpf_o = custom_target(
+socket_bind_bpf_o = custom_target(
        'socket-bind.bpf.o',
        input : socket_bind_bpf_o_unstripped,
        output : 'socket-bind.bpf.o',
        command : bpf_o_cmd)

-        socket_bind_skel_h = custom_target(
+socket_bind_skel_h = custom_target(
        'socket-bind.skel.h',
        input : socket_bind_bpf_o,
        output : 'socket-bind.skel.h',
        command : skel_h_cmd,
        capture : true)
-endif
--- a/test/mkosi-check-and-shutdown.service
+++ b/test/mkosi-check-and-shutdown.service
@ -0,0 +1,14 @@
+# SPDX-License-Identifier: LGPL-2.1-or-later
+[Unit]
+Description=Check if any service failed and then shutdown the machine
+After=multi-user.target network-online.target
+Requires=multi-user.target
+Wants=systemd-resolved.service systemd-networkd.service network-online.target
+OnFailure=poweroff.target
+OnFailureJobMode=replace-irreversibly
+
+[Service]
+Type=oneshot
+ExecStartPre=-rm -f /failed-services
+ExecStart=/usr/lib/systemd/mkosi-check-and-shutdown.sh
+ExecStartPost=systemctl poweroff --no-block
--- a/test/mkosi-check-and-shutdown.sh
+++ b/test/mkosi-check-and-shutdown.sh
@ -0,0 +1,9 @@
+#!/bin/bash -eux
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+systemctl --failed --no-legend | tee /failed-services
+
+# Exit with non-zero EC if the /failed-services file is not empty (we have -e set)
+[[ ! -s /failed-services ]]
+
+: >/testok
--- a/test/units/testsuite-62.sh
+++ b/test/units/testsuite-62.sh
@ -36,7 +36,7 @@ teardown() {

 KERNEL_VERSION="$(uname -r)"
 KERNEL_MAJOR="${KERNEL_VERSION%%.*}"
-KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}"
+KERNEL_MINOR="${KERNEL_VERSION#"$KERNEL_MAJOR".}"
 KERNEL_MINOR="${KERNEL_MINOR%%.*}"

 MAJOR_REQUIRED=5
@ -47,6 +47,11 @@ if [[ "$KERNEL_MAJOR" -lt $MAJOR_REQUIRED || ("$KERNEL_MAJOR" -eq $MAJOR_REQUIRE
    exit 0
 fi

+if systemctl --version | grep -q -F "-BPF_FRAMEWORK"; then
+    echo "bpf-framework is disabled" >>/skipped
+    exit 0
+fi
+
 trap teardown EXIT
 setup
Author	SHA1	Message	Date
Zbigniew Jędrzejewski-Szmek	40676ce6f8	Merge pull request #21722 from yuwata/bpf-framework build: include BPF_FRAMEWORK in version string	2021-12-10 17:18:24 +01:00
Frantisek Sumsal	f4ec527492	Merge pull request #21708 from mrc0mmand/mkosi-ci-improvements ci: check for failed services after boot	2021-12-10 13:50:55 +00:00
Yu Watanabe	d1dfedcf85	test: addresses shell check warning This fixes the following warning: ----- In /github/workspace/test/units/testsuite-62.sh line 39: KERNEL_MINOR="${KERNEL_VERSION#$KERNEL_MAJOR.}" ^-----------^ SC2295 (info): Expansions inside ${..} need to be quoted separately, otherwise they match as patterns. Did you mean: KERNEL_MINOR="${KERNEL_VERSION#"$KERNEL_MAJOR".}"	2021-12-10 20:07:38 +09:00
Yu Watanabe	85445fba22	test: skip TEST-62 if bpf-framework is not supported Fixes #21718.	2021-12-10 19:54:33 +09:00
Yu Watanabe	6b35ed80ed	build: include BPF_FRAMEWORK tag in version string	2021-12-10 19:54:33 +09:00
Yu Watanabe	77a34a3751	meson: use subdir_done() to reduce indent	2021-12-10 19:54:33 +09:00
Frantisek Sumsal	f7e3951d41	ci: run mkosi in a wrapper So we can mitigate (to some degree) the reoccurring "dissect timeout" issue: ``` Run sudo python3 -m mkosi boot systemd.unit=mkosi-check-and-shutdown.service !quiet systemd.log_level=debug systemd.log_target=console udev.log_level=info systemd.default_standard_output=journal+console Failed to dissect image '/home/runner/work/systemd/systemd/image.raw': Connection timed out Error: Process completed with exit code 1. ```	2021-12-10 10:25:45 +01:00
Frantisek Sumsal	24acd4064e	ci: check for failed services after boot This should, hopefully, catch issues like systemd/systemd#21671 automagically.	2021-12-10 10:25:43 +01:00