From c9853672a030cb27a802fce58e8e8b1fba26cd5d Mon Sep 17 00:00:00 2001
From: Daan De Meyer <daan.j.demeyer@gmail.com>
Date: Thu, 9 Feb 2023 09:53:05 +0100
Subject: mkosi: Update to latest

Let's make sure we're testing unprivileged builds properly. Usage
of SourceFileTransfer= and SourceFileTransferFinal= are removed as
they were dropped by mkosi. SourceFileTransfer=mount is now the
default in mkosi so behavior for the build script is unchanged. We
stop copying sources in the final image until mkosi adds support
for virtiofs.
---
 .github/workflows/mkosi.yml  | 11 ++++++-----
 mkosi.build                  |  4 ----
 mkosi.conf.d/10-systemd.conf |  2 --
 mkosi.prepare                |  8 ++++++++
 4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index 84f930abd1..9c5656d273 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -79,7 +79,7 @@ jobs:
 
     steps:
     - uses: actions/checkout@755da8c3cf115ac066823e79a1e1788f8940201b
-    - uses: systemd/mkosi@500f93a36cc3d5bf1d06848a0a8870bf1424625f
+    - uses: systemd/mkosi@4be912b0fa4931403fddf649aa242cd4406471c4
 
     - name: Configure
       run: |
@@ -87,6 +87,7 @@ jobs:
         [Distribution]
         Distribution=${{ matrix.distro }}
         Release=${{ matrix.release }}
+        SecureBoot=yes
 
         [Content]
         Environment=CI_BUILD=1
@@ -96,13 +97,13 @@ jobs:
         EOF
 
     - name: Generate secure boot key
-      run: sudo mkosi genkey
+      run: mkosi genkey
 
     - name: Build ${{ matrix.distro }}
-      run: sudo mkosi --idmap no --secure-boot
+      run: mkosi
 
     - name: Show ${{ matrix.distro }} image summary
-      run: sudo mkosi summary
+      run: mkosi summary
 
     - name: Boot ${{ matrix.distro }} systemd-nspawn
       run: sudo mkosi boot ${{ env.KERNEL_CMDLINE }} audit=0
@@ -111,7 +112,7 @@ jobs:
       run: sudo mkosi shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
 
     - name: Boot ${{ matrix.distro }} QEMU
-      run: sudo timeout -k 30 10m mkosi qemu
+      run: timeout -k 30 10m mkosi qemu
 
     - name: Check ${{ matrix.distro }} QEMU
       run: sudo mkosi shell bash -c "[[ -e /testok ]] || { cat /failed-services; exit 1; }"
diff --git a/mkosi.build b/mkosi.build
index b058b0352f..fa78aa8982 100755
--- a/mkosi.build
+++ b/mkosi.build
@@ -175,10 +175,6 @@ fi
 cd "$BUILDDIR"
 ninja "$@"
 if [ "$WITH_TESTS" = 1 ] ; then
-        for id in 1 2 3; do
-                getent group $id >/dev/null || echo "g testgroup$id $id -" | ./systemd-sysusers -
-        done
-
         if [ -n "$SANITIZERS" ]; then
                 export ASAN_OPTIONS="$ASAN_OPTIONS"
                 export UBSAN_OPTIONS="$UBSAN_OPTIONS"
diff --git a/mkosi.conf.d/10-systemd.conf b/mkosi.conf.d/10-systemd.conf
index a91378da97..57db7ecda9 100644
--- a/mkosi.conf.d/10-systemd.conf
+++ b/mkosi.conf.d/10-systemd.conf
@@ -11,8 +11,6 @@ OutputDirectory=mkosi.output
 [Content]
 BuildDirectory=mkosi.builddir
 Cache=mkosi.cache
-SourceFileTransfer=mount
-SourceFileTransferFinal=copy-git-others
 Packages=
         acl
         bash-completion
diff --git a/mkosi.prepare b/mkosi.prepare
index 9d377cf716..3fcfe26c15 100755
--- a/mkosi.prepare
+++ b/mkosi.prepare
@@ -17,3 +17,11 @@ if [ "$(grep '^ID=' /etc/os-release)" = "ID=\"centos\"" ] && [ "$(grep '^VERSION
     alternatives --install /usr/bin/python3 python3 /usr/bin/python3.9 1
     alternatives --set python3 /usr/bin/python3.9
 fi
+
+# Make sure the necessary test users are available in the build image. We do this here because the build
+# script does not run as root.
+if [ "$1" = "build" ]; then
+    for id in 1 2 3; do
+        getent group $id >/dev/null || echo "g testgroup$id $id -" | systemd-sysusers -
+    done
+fi
-- 
cgit v1.2.1