diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh index 8d5dc660de968..f9bbdcee7236e 100755 --- a/.github/workflows/build_test.sh +++ b/.github/workflows/build_test.sh @@ -84,6 +84,14 @@ if [[ "$COMPILER" == clang ]]; then CXX="clang++-$COMPILER_VERSION" AR="llvm-ar-$COMPILER_VERSION" + if systemd-analyze compare-versions "$COMPILER_VERSION" ge 17; then + CFLAGS="-fno-sanitize=function" + CXXFLAGS="-fno-sanitize=function" + else + CFLAGS="" + CXXFLAGS="" + fi + # Prefer the distro version if available if ! apt-get -y install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then # Latest LLVM stack deb packages provided by https://apt.llvm.org/ @@ -99,6 +107,8 @@ elif [[ "$COMPILER" == gcc ]]; then CC="gcc-$COMPILER_VERSION" CXX="g++-$COMPILER_VERSION" AR="gcc-ar-$COMPILER_VERSION" + CFLAGS="" + CXXFLAGS="" if ! apt-get -y install --dry-run "gcc-$COMPILER_VERSION" >/dev/null; then # Latest gcc stack deb packages provided by @@ -112,10 +122,11 @@ else fi # This is added by default, and it is often broken, but we don't need anything from it -sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list -# PPA with some newer build dependencies (like zstd) -sudo add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci -sudo add-apt-repository -y --no-update --enable-source +sudo rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources} +# add-apt-repository --enable-source does not work on deb822 style sources. +for f in /etc/apt/sources.list.d/*.sources; do + sudo sed -i "s/Types: deb/Types: deb deb-src/g" "$f" +done sudo apt-get -y update sudo apt-get -y build-dep systemd sudo apt-get -y install "${PACKAGES[@]}" @@ -123,7 +134,7 @@ sudo apt-get -y install "${PACKAGES[@]}" # always support all the features we need (like --optimization=). Since the build-dep # command above installs the distro versions, let's install the pip ones just # locally and add the local bin directory to the $PATH. -pip3 install --user -r .github/workflows/requirements.txt --require-hashes +pip3 install --user -r .github/workflows/requirements.txt --require-hashes --break-system-packages export PATH="$HOME/.local/bin:$PATH" $CC --version @@ -141,8 +152,8 @@ for args in "${ARGS[@]}"; do info "Checking build with $args" # shellcheck disable=SC2086 if ! AR="$AR" \ - CC="$CC" CC_LD="$LINKER" CFLAGS="-Werror" \ - CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="-Werror" \ + CC="$CC" CC_LD="$LINKER" CFLAGS="$CFLAGS" \ + CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="$CXXFLAGS" \ meson setup \ -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \ -Dnobody-group=nogroup -Dcryptolib="${CRYPTOLIB:?}" -Ddebug=false \ diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 1fdf39bf561c3..164b3a0542254 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -17,7 +17,7 @@ permissions: jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 concurrency: group: ${{ github.workflow }}-${{ toJSON(matrix.env) }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml index 707ea0b6ba625..f0d321794a830 100644 --- a/.github/workflows/cflite_pr.yml +++ b/.github/workflows/cflite_pr.yml @@ -13,7 +13,7 @@ permissions: read-all jobs: PR: - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 if: github.repository != 'systemd/systemd' || github.event.pull_request.user.login == 'dependabot[bot]' concurrency: group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }} diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index a12ad9335f9d0..9b917405fe458 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -22,7 +22,8 @@ on: - main jobs: Fuzzing: - runs-on: ubuntu-latest + # FIXME: Figure out why 32-bit applications fail to run in docker on Ubuntu 24.04. + runs-on: ubuntu-22.04 if: github.repository == 'systemd/systemd' concurrency: group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ matrix.architecture }}-${{ github.ref }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index c840b18372744..0d284f75f1326 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -27,7 +27,7 @@ jobs: analyze: name: Analyze if: github.repository != 'systemd/systemd-security' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 concurrency: group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }} cancel-in-progress: true diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 4ac3443c60c50..ad7a5d2f4921c 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -14,7 +14,7 @@ permissions: jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: github.repository == 'systemd/systemd' env: # Set in repo settings -> secrets -> actions diff --git a/.github/workflows/development_freeze.yml b/.github/workflows/development_freeze.yml index f8a2e6c94c1b0..c2360a35ef8a1 100644 --- a/.github/workflows/development_freeze.yml +++ b/.github/workflows/development_freeze.yml @@ -17,7 +17,7 @@ jobs: github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' && github.repository == 'systemd/systemd' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: pull-requests: write diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml index bc9b22c497078..244f5d503b689 100644 --- a/.github/workflows/differential-shellcheck.yml +++ b/.github/workflows/differential-shellcheck.yml @@ -16,7 +16,7 @@ permissions: jobs: lint: if: github.event.repository.name != 'systemd-security' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: security-events: write diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml index 29b8c578d5990..e4a0caff0397f 100644 --- a/.github/workflows/gather-pr-metadata.yml +++ b/.github/workflows/gather-pr-metadata.yml @@ -12,7 +12,7 @@ permissions: jobs: gather-metadata: if: github.repository == 'systemd/systemd' - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - name: Repository checkout diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml index b30fc80fe5e14..4bedf0d3f2d55 100644 --- a/.github/workflows/issue_labeler.yml +++ b/.github/workflows/issue_labeler.yml @@ -10,7 +10,7 @@ permissions: jobs: label-component: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 permissions: issues: write diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index dd0933d2f7810..241b5819aa998 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -24,7 +24,7 @@ permissions: jobs: triage: if: github.repository == 'systemd/systemd' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: pull-requests: write diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml index 8c3c622c0bb1d..cf0bc09453fb9 100644 --- a/.github/workflows/linter.yml +++ b/.github/workflows/linter.yml @@ -16,7 +16,7 @@ permissions: jobs: build: name: Lint Code Base - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 concurrency: group: ${{ github.workflow }}-${{ github.ref }} cancel-in-progress: true @@ -29,7 +29,7 @@ jobs: fetch-depth: 0 - name: Lint Code Base - uses: super-linter/super-linter/slim@4e51915f4a812abf59fed160bb14595c0a38a9e7 + uses: super-linter/super-linter/slim@88ea3923a7e1f89dd485d079f6eb5f5e8f937589 env: DEFAULT_BRANCH: main MULTI_STATUS: false diff --git a/.github/workflows/make_release.yml b/.github/workflows/make_release.yml index aed724b142e30..dc7de6999e9ec 100644 --- a/.github/workflows/make_release.yml +++ b/.github/workflows/make_release.yml @@ -11,7 +11,7 @@ permissions: jobs: release: if: github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: contents: write diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml index f9cf3f76ae657..71037f8fac06a 100644 --- a/.github/workflows/mkosi.yml +++ b/.github/workflows/mkosi.yml @@ -46,7 +46,7 @@ permissions: jobs: ci: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 concurrency: group: ${{ github.workflow }}-${{ matrix.distro }}-${{ matrix.release }}-${{ github.ref }} cancel-in-progress: true @@ -92,7 +92,7 @@ jobs: steps: - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 - - uses: systemd/mkosi@38668e8099653cd8499fc8842af894d31ebc0f07 + - uses: systemd/mkosi@1cc81fb92ef0bb1ef7d51ac1e76327614d41ed74 # Freeing up disk space with rm -rf can take multiple minutes. Since we don't need the extra free space # immediately, we remove the files in the background. However, we first move them to a different location @@ -140,8 +140,6 @@ jobs: LLVM=${{ matrix.llvm }} [Host] - ToolsTree=default - ToolsTreeDistribution=fedora QemuMem=4G # We build with debuginfo so there's no point in mounting the sources into the machine. RuntimeBuildSources=no @@ -153,23 +151,20 @@ jobs: - name: Show image summary run: mkosi summary - - name: Install build dependencies + - name: Install dependencies run: | - sudo apt-get install \ - meson \ + mkosi dependencies | + xargs -d '\n' sudo apt-get install \ gperf \ - libfdisk-dev \ - libtss2-dev \ libblkid-dev \ - libmicrohttpd-dev \ libcap-dev \ - libcurl4-openssl-dev \ libcryptsetup-dev \ - erofs-utils \ - dosfstools \ - python3-pefile \ - sbsigntool \ - mtools + libcurl4-openssl-dev \ + libfdisk-dev \ + libmicrohttpd-dev \ + libmount-dev \ + libtss2-dev \ + meson - name: Configure meson run: | @@ -182,7 +177,7 @@ jobs: -Dtpm2=enabled \ -Dlibcryptsetup=enabled \ -Dlibcurl=enabled \ - -Drepart=disabled \ + -Drepart=enabled \ -Dfirstboot=true \ -Dsysusers=true \ -Dtmpfiles=true \ diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml index abb8bdac6b2ab..44ee6f18b51ec 100644 --- a/.github/workflows/scorecards.yml +++ b/.github/workflows/scorecards.yml @@ -23,7 +23,7 @@ jobs: analysis: name: Scorecards analysis if: github.repository == 'systemd/systemd' - runs-on: ubuntu-latest + runs-on: ubuntu-24.04 permissions: id-token: write # Used to receive a badge. diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh index 9236d45186d4c..4433d847ce264 100755 --- a/.github/workflows/unit_tests.sh +++ b/.github/workflows/unit_tests.sh @@ -53,14 +53,15 @@ for phase in "${PHASES[@]}"; do SETUP) info "Setup phase" # This is added by default, and it is often broken, but we don't need anything from it - rm -f /etc/apt/sources.list.d/microsoft-prod.list - # PPA with some newer build dependencies - add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci - add-apt-repository -y --no-update --enable-source + rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources} + # add-apt-repository --enable-source does not work on deb822 style sources. + for f in /etc/apt/sources.list.d/*.sources; do + sed -i "s/Types: deb/Types: deb deb-src/g" "$f" + done apt-get -y update apt-get -y build-dep systemd apt-get -y install "${ADDITIONAL_DEPS[@]}" - pip3 install -r .github/workflows/requirements.txt --require-hashes + pip3 install -r .github/workflows/requirements.txt --require-hashes --break-system-packages # Make sure the build dir is accessible even when drop privileges, otherwise the unprivileged # part of test-execute gets skipped, since it can't run systemd-executor @@ -71,6 +72,8 @@ for phase in "${PHASES[@]}"; do if [[ "$phase" =~ ^RUN_CLANG ]]; then export CC=clang export CXX=clang++ + export CFLAGS="-fno-sanitize=function" + export CXXFLAGS="-fno-sanitize=function" if [[ "$phase" == RUN_CLANG ]]; then # The docs build is slow and is not affected by compiler/flags, so do it just once MESON_ARGS+=(-Dman=enabled) @@ -95,6 +98,8 @@ for phase in "${PHASES[@]}"; do if [[ "$phase" =~ ^RUN_CLANG_ASAN_UBSAN ]]; then export CC=clang export CXX=clang++ + export CFLAGS="-fno-sanitize=function" + export CXXFLAGS="-fno-sanitize=function" # Build fuzzer regression tests only with clang (for now), # see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604 # -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764 diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index f2857f1d4dcaa..895068c2a2a7b 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -14,7 +14,7 @@ permissions: jobs: build: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 concurrency: group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ matrix.cryptolib }}-${{ github.ref }} cancel-in-progress: true diff --git a/mkosi.conf b/mkosi.conf index 650124865527c..38d6e8331a2e7 100644 --- a/mkosi.conf +++ b/mkosi.conf @@ -10,9 +10,6 @@ MinimumVersion=23~devel @CacheDirectory=build/mkosi.cache [Content] -# The kernel versions in CentOS Stream 9 and Ubuntu 22.04 don't support orphan_file, but later -# versions of mkfs.ext4 enabled it by default, so we disable it explicitly. -Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" @SELinuxRelabel=no BuildSourcesEphemeral=yes diff --git a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf index 395a22b56a80b..25059c229241c 100644 --- a/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf +++ b/mkosi.images/system/mkosi.conf.d/10-centos/mkosi.conf @@ -5,6 +5,9 @@ Distribution=centos [Content] Environment= + # The kernel versions in CentOS Stream 9 doesn't support orphan_file, but later versions of + # mkfs.ext4 enabled it by default, so we disable it explicitly. + Environment=SYSTEMD_REPART_MKFS_OPTIONS_EXT4="-O ^orphan_file" GIT_URL=https://git.centos.org/rpms/systemd.git GIT_BRANCH=c9s-sig-hyperscale GIT_COMMIT=8cf2aed0181920611421384f7374720db269d6c7 diff --git a/mkosi.images/system/mkosi.extra/usr/lib/sysusers.d/testuser.conf b/mkosi.images/system/mkosi.extra/usr/lib/sysusers.d/testuser.conf deleted file mode 100644 index 9d65a0ee09b04..0000000000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/sysusers.d/testuser.conf +++ /dev/null @@ -1 +0,0 @@ -u testuser 4711 "Test User" /home/testuser diff --git a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/testuser.conf b/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/testuser.conf deleted file mode 100644 index 1b6ecb6f541ea..0000000000000 --- a/mkosi.images/system/mkosi.extra/usr/lib/tmpfiles.d/testuser.conf +++ /dev/null @@ -1 +0,0 @@ -q /home/testuser 0700 4711 4711 diff --git a/mkosi.images/system/mkosi.postinst.chroot b/mkosi.images/system/mkosi.postinst.chroot index 3c8756369d7c3..46868020f6a92 100755 --- a/mkosi.images/system/mkosi.postinst.chroot +++ b/mkosi.images/system/mkosi.postinst.chroot @@ -3,6 +3,8 @@ set -e set -o nounset +useradd --uid 4711 --create-home --user-group testuser + if command -v authselect >/dev/null; then # authselect 1.5.0 renamed the minimal profile to the local profile without keeping backwards compat so # let's use the new name if it exists. @@ -38,15 +40,10 @@ cp "$SRCDIR/factory/etc/nsswitch.conf" /etc/nsswitch.conf # Remove to make TEST-73-LOCALE pass on Ubuntu. rm -f /etc/default/keyboard -# mkfs.ext4 on CentOS doesn't know the orphan_file feature so clear the mkfs options when we're building for -# CentOS. -if [[ "$DISTRIBUTION" == "centos" ]]; then - SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" -fi - -export SYSTEMD_REPART_MKFS_OPTIONS_EXT4 - -systemd-repart \ +# This is executed inside the chroot so no need to disable any features as the default features will match +# the kernel's supported features. +SYSTEMD_REPART_MKFS_OPTIONS_EXT4="" \ + systemd-repart \ --empty=create \ --dry-run=no \ --size=auto \