| # SPDX-License-Identifier: LGPL-2.1-or-later |
| |
| [Config] |
| MinimumVersion=25~devel |
| Dependencies= |
| exitrd |
| initrd |
| minimal-base |
| minimal-0 |
| minimal-1 |
| |
| PassEnvironment= |
| NO_BUILD |
| NO_SYNC |
| WIPE |
| SANITIZERS |
| CFLAGS |
| LDFLAGS |
| LLVM |
| MESON_VERBOSE |
| MESON_OPTIONS |
| SYSEXT |
| WITH_DEBUG |
| ASAN_OPTIONS |
| |
| [Output] |
| RepartDirectories=mkosi.repart |
| OutputDirectory=build/mkosi.output |
| BuildDirectory=build/mkosi.builddir |
| CacheDirectory=build/mkosi.cache |
| |
| [Content] |
| BuildSourcesEphemeral=yes |
| Autologin=yes |
| |
| ExtraTrees= |
| mkosi.crt:/usr/lib/verity.d/mkosi.crt # sysext verification key |
| mkosi.leak-sanitizer-suppressions:/usr/lib/systemd/leak-sanitizer-suppressions |
| mkosi.coredump-journal-storage.conf:/usr/lib/systemd/coredump.conf.d/10-coredump-journal-storage.conf |
| %O/minimal-0.root-%a.raw:/usr/share/minimal_0.raw |
| %O/minimal-0.root-%a-verity.raw:/usr/share/minimal_0.verity |
| %O/minimal-0.root-%a-verity-sig.raw:/usr/share/minimal_0.verity.sig |
| %O/minimal-1.root-%a.raw:/usr/share/minimal_1.raw |
| %O/minimal-1.root-%a-verity.raw:/usr/share/minimal_1.verity |
| %O/minimal-1.root-%a-verity-sig.raw:/usr/share/minimal_1.verity.sig |
| %O/minimal-base:/usr/share/TEST-13-NSPAWN-container-template |
| %O/exitrd:/exitrd |
| |
| Initrds=%O/initrd |
| |
| # Disable relabeling by default as it only matters for TEST-06-SELINUX, takes a non-trivial amount of time |
| # and results in lots of errors when building images as a regular user. |
| SELinuxRelabel=no |
| |
| # Adding more kernel command line arguments is likely to hit the kernel command line limit (512 bytes) in |
| # various scenarios. Consider adding support for a credential instead if possible and using that. |
| KernelCommandLine= |
| systemd.crash_shell |
| systemd.log_level=debug,console:info |
| systemd.log_ratelimit_kmsg=0 |
| # Disable the kernel's ratelimiting on userspace logging to kmsg. |
| printk.devkmsg=on |
| # Make sure /sysroot is mounted rw in the initrd. |
| rw |
| # Lower the default device timeout so we get a shell earlier if the root device does |
| # not appear for some reason. |
| systemd.default_device_timeout_sec=90 |
| # Make sure no LSMs are enabled by default. |
| selinux=0 |
| systemd.early_core_pattern=/core |
| systemd.firstboot=no |
| raid=noautodetect |
| oops=panic |
| panic=-1 |
| softlockup_panic=1 |
| panic_on_warn=1 |
| # These don't ship proper units with [Install] directives so we have to mask them instead. |
| systemd.mask=isc-dhcp-server.service |
| systemd.mask=mdmonitor.service |
| psi=1 |
| |
| KernelModulesInitrdExclude=.* |
| KernelModulesInitrdInclude=default |
| |
| Packages= |
| acl |
| attr |
| bash-completion |
| binutils |
| coreutils |
| curl |
| diffutils |
| dnsmasq |
| dosfstools |
| e2fsprogs |
| findutils |
| gdb |
| grep |
| gzip |
| jq |
| kbd |
| kexec-tools |
| kmod |
| less |
| llvm |
| lvm2 |
| man |
| mdadm |
| mtools |
| nano |
| nftables |
| nvme-cli |
| opensc |
| openssl |
| p11-kit |
| pciutils |
| python3 |
| radvd |
| rsync |
| sed |
| socat |
| strace |
| tar |
| tmux |
| tree |
| util-linux |
| valgrind |
| which |
| wireguard-tools |
| xfsprogs |
| zsh |
| zstd |
| |
| [Host] |
| Credentials=journal.storage=persistent |
| Incremental=yes |
| RuntimeBuildSources=yes |
| RuntimeScratch=no |
| QemuSmp=2 |
| QemuSwtpm=yes |
| QemuVsock=yes |
| QemuKvm=yes |
| ToolsTreePackages=virtiofsd |
