Test sysexts

mkosi.conf

@@ -2,18 +2,21 @@
 Distribution=arch
 Architecture=x86-64
 PackageManagerTrees=mkosi.pacman
+#CacheOnly=yes
 
 [Config]
-Images=server
+Images=
+    server
+    mkosi
+    openssh
 MinimumVersion=20.2
 
 [Validation]
 # Use RSA 2048 keys for wide UEFI compatibility
 SecureBootKey=signing-keys/rafeOS_secureboot.key
 SecureBootCertificate=signing-keys/rafeOS_secureboot.crt
-# Use modern EC keys
-VerityKey=signing-keys/rafeOS_verity.key
-VerityCertificate=signing-keys/rafeOS_verity.crt
+VerityKey=signing-keys/rafeOS_secureboot.key
+VerityCertificate=signing-keys/rafeOS_secureboot.crt
 
 [Host]
 Incremental=true

mkosi.images/base/mkosi.extra/usr/lib/systemd/import-pubring.asc

@@ -0,0 +1,10 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEZZnR4RYJKwYBBAHaRw8BAQdAGRcV4reORo51jiWK0umHCTEIVPYVP0fdmkGg
+yRpOYzO0M3JhZmVPUyByZWxlYXNlIHNpZ25pbmcga2V5IDxyYWZlb3MtcmVsZWFz
+ZUByYWZlLmxpPoiUBBMWCgA8FiEESXsbF77lPV3wroM/YHdZAN3fqmcFAmWZ0eEC
+GwMFCQWjmoAECwkIBwQVCgkIBRYCAwEAAh4FAheAAAoJEGB3WQDd36pn95YBAJ46
+x71+zLZLGgqxbipMNZXTQhJX4t8BMCMyqY/1PB5wAP9v83NKCUx13LpXHcWASxOu
+EcW60JxJ/K6qn5ciCmVxAA==
+=ubh/
+-----END PGP PUBLIC KEY BLOCK-----

mkosi.images/base/mkosi.extra/usr/lib/tmpfiles.d/arch-fwupd.conf

@@ -11,11 +11,9 @@ d   /etc/pki/fwupd/             0755 root root
 # copy from factory when missing
 C   /etc/fwupd/bios-settings.d/README.md
 C   /etc/fwupd/fwupd.conf
-C   /etc/fwupd/remotes.d/fwupd-tests.conf
 C   /etc/fwupd/remotes.d/lvfs-testing.conf
 C   /etc/fwupd/remotes.d/lvfs.conf
 C   /etc/fwupd/remotes.d/vendor-directory.conf
-C   /etc/fwupd/remotes.d/vendor.conf
 C   /etc/grub.d/35_fwupd
 C   /etc/pki/fwupd-metadata/GPG-KEY-Linux-Foundation-Metadata
 C   /etc/pki/fwupd-metadata/GPG-KEY-Linux-Vendor-Firmware-Service

mkosi.images/base/mkosi.postinst.chroot

@@ -192,11 +192,9 @@ install -d -m0755 $ETC_FACTORY_DIR/fwupd/bios-settings.d/
 cp -af /etc/fwupd/bios-settings.d/README.md $ETC_FACTORY_DIR/fwupd/bios-settings.d/
 
 install -d -m0755 $ETC_FACTORY_DIR/fwupd/remotes.d/
-cp -af /etc/fwupd/remotes.d/fwupd-tests.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
 cp -af /etc/fwupd/remotes.d/lvfs-testing.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
 cp -af /etc/fwupd/remotes.d/lvfs.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
 cp -af /etc/fwupd/remotes.d/vendor-directory.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
-cp -af /etc/fwupd/remotes.d/vendor.conf $ETC_FACTORY_DIR/fwupd/remotes.d/
 
 install -d -m0755 $ETC_FACTORY_DIR/grub.d/
 cp -af /etc/grub.d/35_fwupd $ETC_FACTORY_DIR/grub.d/

mkosi.images/mkosi/mkosi.conf

@@ -0,0 +1,21 @@
+[Config]
+Dependencies=base
+
+[Output]
+Format=sysext
+Overlay=yes
+Output=mkosi_%v.sysext
+SectorSize=4096
+# For Reproducible Builds
+Seed=834dd70f55be43cc9934b20fc0b7f7be
+
+[Validation]
+SecureBoot=true
+SignExpectedPcr=true
+
+[Content]
+SourceDateEpoch=0
+BaseTrees=../../mkosi.output/base/
+Packages=
+    mkosi
+    ukify

mkosi.images/mkosi/mkosi.postinst.chroot

@@ -0,0 +1,14 @@
+#!/bin/bash
+set -eu
+
+mkdir -p /usr/lib/extension-release.d/
+cat >/usr/lib/extension-release.d/extension-release.mkosi <<EOF
+ID=rafeOS
+SYSEXT_ID=mkosi
+SYSEXT_SCOPE=system
+EOF
+
+# The default profiles mount the host's /etc/resolv.conf into our
+# image. For that the file to mount over needs to exist. Let's create
+# it here.
+touch /etc/resolv.conf

mkosi.images/mkosi/mkosi.version

@@ -0,0 +1 @@
+0.0.4

mkosi.images/openssh/mkosi.conf

@@ -0,0 +1,20 @@
+[Config]
+Dependencies=base
+
+[Output]
+Format=portable
+Overlay=yes
+Output=openssh_%v.portable
+SectorSize=4096
+# For Reproducible Builds
+Seed=834dd70f55be43cc9934b20fc0b7f7be
+
+[Validation]
+SecureBoot=true
+SignExpectedPcr=true
+
+[Content]
+SourceDateEpoch=0
+BaseTrees=../../mkosi.output/base/
+Packages=
+    openssh

mkosi.images/openssh/mkosi.postinst.chroot

@@ -0,0 +1,15 @@
+#!/bin/bash
+set -eu
+
+cat >/usr/lib/os-release <<EOF
+ID=rafeOS
+SYSEXT_ID=openssh
+SYSEXT_SCOPE=portable
+PORTABLE_PREFIXES=sshd
+PORTABLE_PRETTY_NAME="OpenSSH Portable Service"
+EOF
+
+# The default profiles mount the host's /etc/resolv.conf into our
+# image. For that the file to mount over needs to exist. Let's create
+# it here.
+touch /etc/resolv.conf

mkosi.images/openssh/mkosi.version

@@ -0,0 +1 @@
+0.0.4

mkosi.images/server/mkosi.conf

@@ -4,7 +4,7 @@ Dependencies=base
 
 [Output]
 Format=disk
-Output=rafeOS-server
+Output=rafeOS-server_%v
 SplitArtifacts=yes
 ManifestFormat=json,changelog
 ImageId=rafeOS

mkosi.images/server/mkosi.version

@@ -1 +1 @@
-0.0.2
+0.0.4

prepare-release-upload.sh

@@ -90,7 +90,7 @@ release_directory="$output_directory/release-v$version_string"
 mkdir -p "$release_directory"
 
 # Move all files of the release to the new directory
-mv "$output_directory/${IMAGE_ID}-${IMAGE_VARIANT}_$version_string"* "$release_directory/"
+mv "$output_directory/${IMAGE_ID}-${IMAGE_VARIANT}_$version_string."* "$release_directory/"
 
 cd "$release_directory/"