build(deps): bump systemd/mkosi from 10 to 14

[dependabot]

Bumps systemd/mkosi from 10 to 14.

Release notes

Sourced from systemd/mkosi's releases.

v14

• Support for Clear Linux was dropped. See systemd/mkosi#1037 for more information.

• Support for Photon was dropped. See systemd/mkosi#1048 for more information.

• The Arch kernel/bootloader pacman hooks were removed. For anyone that still wants to use them, they can be found here.

• mkosi now creates distro~release subdirectories inside the build, cache and output directories for each distro~release combination that is built. This allows building for multiple distros without throwing away the results of a previous distro build every time.

• The preferred names for mkosi configuration files and directories are now mkosi.conf and mkosi.conf.d/ respectively. The old names (mkosi.default and mkosi.default.d) have been removed from the docs but are still supported for backwards compatibility.

• plain_squashfs type images will now also be named with a .raw suffix.

• tar type images will now respect the --compress option.

• Pacman's SigLevel option was changed to use the same default value as used on Arch which is SigLevel = Required DatabaseOptional. If this results in keyring errors, you need to update the keyring by running pacman-key --populate archlinux.

• Support for CentOS 7 was dropped. If you still need to support CentOS 7, we recommend using any mkosi version up to 13.

• Support for BIOS/grub was dropped. because EFI hardware is widely available and legacy BIOS systems do not support the feature set to fully verify a boot chain from firmware to userland and it has become bothersome to maintain for little use.

  To generate BIOS images you can use any version of mkosi up to mkosi 13 or the new --bios-size option. This can be used to add a BIOS boot partition of the specified size on which grub (or any other bootloader) can be installed with the help of mkosi's script support (depending on your needs most likely mkosi.postinst or mkosi.finalize). This method can also be used for other EFI bootloaders that mkosi intentionally does not support.

• mkosi now unconditionally copies the kernel, initrd and kernel cmdline from the image that were previously only copied out for Qemu boot.

• mkosi now runs apt and dpkg on the host. As such, we now require apt and dpkg to be installed on the host along with debootstrap in order to be able to build debian/ubuntu images.

• Split dm-verity artifacts default names have been changed to match what systemd and other tools expect: image.root.raw, image.root.verity, image.root.roothash, image.root.roothash.p7s (same for usr variants).

• mkosi will again default to the same OS release as the host system when the host system uses the same distribution as the image that's being built.

• By default, mkosi will now change the owner of newly created directories to SUDO_UID or PKEXEC_UID if defined, unless --no-chown is used.

• If systemd-nspawn v252 or newer is used, bind-mounted directories with systemd-nspawn will use the new rootidmap option so files and directories created from within the container will be owned by the actual directory owner on the host.

v13

• The --network-veth option has been renamed to --netdev. The old name made sense with virtual ethernet devices, but when booting images with qemu a TUN/TAP device is used instead.
• The network config file installed by mkosi when the --netdev (previously --network-veth) option is used (formerly /etc/systemd/network/80-mkosi-network-veth.network in the image) now only matches network interfaces using the virtio_net driver. Please make sure you weren't relying on this file to configure any network interfaces other than the tun/tap virtio-net interface created by mkosi when booting the image in QEMU with the --netdev option. If you were relying on this config file to configure other interfaces, you'll have to re-create it with the correct match and a lower initial number in the filename to make sure systemd-networkd will keep configuring your interface, e.g. via the mkosi.skeleton or mkosi.extra trees or a mkosi.postinst script.
• The kernel-install script for building unified kernel images has been removed. From v13 onwards, on systems using kernel-install, mkosi won't automatically build new unified kernel images when a kernel is updated or installed. To keep the old behavior, you can install the kernel-install script manually via a skeleton tree; a copy can be found here.
• New QemuKvm option configures whether to use KVM when running mkosi qemu.
• mkosi will not default to the same OS release as the host system anymore when the host system uses the same distribution as the image that's being built. Instead, when no release is specified, mkosi will now always default to the default version embedded in mkosi itself.
• mkosi will now use the pacman keyring from the host when building Arch images. This means that users will, on top of installing archlinux-keyring, also have to run pacman-key --init and pacman-key --populate archlinux on the host system to be able to build Arch images. Also, unless the package manager is configured to do it automatically, the host keyring will have to be updated after archlinux-keyring updates by running pacman-key --populate archlinux and pacman-key --updatedb.
• Direct qemu linux boot is now supported with BootProtocols=linux. When enabled, the kernel image, initrd, and cmdline will be extracted from the image and passed to qemu by mkosi qemu to directly boot into the kernel image without a bootloader. This can be used to boot for example s390x images in qemu.
• The initrd will now always be rebuilt after the extra trees and build artifacts have been installed into the image.
• The github action has been migrated to Ubuntu Jammy. To migrate any jobs using the action, add runs-on: ubuntu-22.04 to the job config.
• All images are now configured by default with the C.UTF-8 locale.
• New --repository-directory option can be used to configure a directory with extra repository files to be used by the package manager when building an image. Note that this option is currently only supported for pacman and dnf-based distros.
• Option --skeleton-tree is now supported on Debian-based distros.

v12

No release notes provided.

v11

No release notes provided.

Changelog

Sourced from systemd/mkosi's changelog.

mkosi Changelog

v14

• Support for Clear Linux was dropped. See systemd/mkosi#1037 for more information.

• Support for Photon was dropped. See systemd/mkosi#1048 for more information.

• The Arch kernel/bootloader pacman hooks were removed. For anyone that still wants to use them, they can be found here.

• mkosi now creates distro~release subdirectories inside the build, cache and output directories for each distro~release combination that is built. This allows building for multiple distros without throwing away the results of a previous distro build every time.

• The preferred names for mkosi configuration files and directories are now mkosi.conf and mkosi.conf.d/ respectively. The old names (mkosi.default and mkosi.default.d) have been removed from the docs but are still supported for backwards compatibility.

• plain_squashfs type images will now also be named with a .raw suffix.

• tar type images will now respect the --compress option.

• Pacman's SigLevel option was changed to use the same default value as used on Arch which is SigLevel = Required DatabaseOptional. If this results in keyring errors, you need to update the keyring by running pacman-key --populate archlinux.

• Support for CentOS 7 was dropped. If you still need to support CentOS 7, we recommend using any mkosi version up to 13.

• Support for BIOS/grub was dropped. because EFI hardware is widely available and legacy BIOS systems do not support the feature set to fully verify a boot chain from firmware to userland and it has become bothersome to maintain for little use.

  To generate BIOS images you can use any version of mkosi up to mkosi 13 or the new --bios-size option. This can be used to add a BIOS boot partition of the specified size on which grub (or any other bootloader) can be installed with the help of mkosi's script support (depending on your needs most likely mkosi.postinst or mkosi.finalize). This method can also be used for other EFI bootloaders that mkosi intentionally does not support.

• mkosi now unconditionally copies the kernel, initrd and kernel cmdline from the image that were previously only copied out for Qemu boot.

• mkosi now runs apt and dpkg on the host. As such, we now require apt and dpkg to be installed on the host along with debootstrap in order to be able to build debian/ubuntu images.

• Split dm-verity artifacts default names have been changed to match what systemd and other tools expect: image.root.raw, image.root.verity, image.root.roothash, image.root.roothash.p7s (same for usr variants).

• mkosi will again default to the same OS release as the host system when the host system uses the same distribution as the image that's being built.

• By default, mkosi will now change the owner of newly created directories to SUDO_UID or PKEXEC_UID if defined, unless --no-chown is used.

... (truncated)

Commits

• c9772ec Version 14
• af84e53 Merge pull request #1151 from qdeslandes/map_permissions
• f7499ab Merge pull request #1243 from keszybz/argparse-tweaks
• cf52b72 Update NEWS.md
• 7feca9f Use nspawn's rootidmap option for --bind mount
• e313e00 chown mkosi-generated directories
• 3dc74ab Add --noplugins when calling dnf
• 945319d mkosi: supress printing of argparse help on error
• ce4b6a5 mkosi: disallow parameter abbreviations
• 27f5116 mkosi: do not build a temporary dictionary for kwargs
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)