Skip to content

mkosi v20

Marketplace
Marketplace
Compare
Choose a tag to compare
@bluca bluca released this 09 Jan 15:08
· 795 commits to main since this release
v20
This tag was signed with the committer’s verified signature.
bluca Luca Boccassi
GPG key ID: 286BF7EFCD77241E
Learn about vigilant mode.
443219d
  • The current working directory is not mounted unconditionally to
    /work/src anymore. Instead, the default value for BuildSources=
    now mounts the current working directory to /work/src. This means
    that the current working directory is no longer implicitly included
    when BuildSources= is explicitly configured.
  • Assigning the empty string to a setting that takes a list of values
    now overrides any configured default value as well.
  • The github action does not build and install systemd from source
    anymore. Instead, ToolsTree=default can be used to make sure a
    recent version of systemd is used to do the image build.
  • Added EnvironmentFiles= to read environment variables from
    environment files.
  • We drastically reduced how much of the host system we expose to
    scripts. Aside from /usr, a few directories in /etc, /tmp,
    /var/tmp and various directories configured in mkosi settings, all
    host directories are hidden from scripts, package managers and other
    tools executed by mkosi.
  • Added RuntimeScratch= to automatically mount a directory with extra
    scratch space into mkosi-spawned containers and virtual machines.
  • Package manager trees can now be used to configure every tool invoked
    by mkosi while building an image that reads config files from /etc
    or /usr.
  • Added SELinuxRelabel= to specify whether to relabel selinux files
    or not.
  • Many fixes to tools trees were made and tools trees are now covered by
    CI. Some combinations aren't possible yet but we're actively working
    to make these possible.
  • mkosi qemu can now direct kernel boot s390x and powerpc images.
  • Added HostArchitecture= match to match against the host
    architecture.
  • We don't use the user's SSH public/private keypair anymore for
    mkosi ssh but instead use a separate key pair which can be
    generated by mkosi genkey. Users using mkosi ssh will have to run
    mkosi genkey once to generate the necessary files to keep
    mkosi ssh working.
  • We don't automatically set --offline=no anymore when we detect the
    Subvolumes= setting is used in a systemd-repart partition
    definition file. Instead, use the new RepartOffline= option to
    explicitly disable running systemd-repart in offline mode.
  • During the image build we now install UKIs/kernels/initrds to /boot
    instead of /efi. While this will generally not be noticeable, users
    with custom systemd-repart ESP partition definitions will need to add
    CopyFiles=/boot:/ along with the usual CopyFiles=/efi:/ to their
    ESP partition definitions. By installing UKIs/kernels/initrds to
    /boot, it becomes possible to use /boot to populate an XBOOTLDR
    partition which wasn't possible before. Note that this is also safe to
    do before v20 so CopyFiles=/boot:/ can unconditionally be added to
    any ESP partition definition files.
  • Added QemuFirmwareVariables= to allow specifying a custom OVMF
    variables file to use.
  • Added MinimumVersion= to allow specifying the minimum required mkosi
    version to build an image.
  • Added support for Arch Linux's debug repositories
  • Merged the mkosi-initrd project into mkosi itself. mkosi-initrd is now
    used to build the default initrd.
  • Implemented mkosi-initrd for all supported distributions.
  • Added ShimBootloader= to support installing shim to the ESP.
  • Added sysext, confext and portable output formats. These will produce
    signed disk images that can be used as sysexts, confexts and portable
    services respectively.
  • Added QemuVsockConnectionId= to configure how to allocate the vsock
    connection ID when QemUVsock= is enabled.
  • Added documentation on how to build sysexts with mkosi.
  • Global systemd user presets are now also configured.
  • Implemented WithDocs= for apt.
  • On supported package managers, locale data for other locales is now
    stripped if the local is explicitly configured using Locale=.
  • All rpm plugins are now disabled when building images.
  • Added KernelModulesIncludeHost= and
    KernelModulesInitrdIncludeHost= to only include modules loaded on
    the host system in the image/initrd respectively.
  • Implemented RemovePackages= for Arch Linux.
  • Added useradd and groupadd scripts to configure these binaries to
    operate on the image during builds instead on the host.
  • Added microcode support. If installed into the image, an early
    microcode initrd will automatically be built and prepended to the
    initrd.
  • A passwordless root account may now be created by specifying hashed:
  • The Autologin= feature was extended with support for arm64,
    s390x and powerpc architectures.
  • Added SecureBootAutoEnroll= to control automatic enrollment of secureboot
    keys separately from signing systemd-boot and generated UKIs.
  • ImageVersion= is no longer automatically appended to the output files,
    instead this is automatically appended to Output= if not specified and
    results in the %o specifier being equivalent to %i or %i_%v depending
    on if ImageVersion= is specified.
Assets 2