From 2072f2ab90b38311c074fd1a5f23e386c2807bae Mon Sep 17 00:00:00 2001 From: Liu Yue Date: Mon, 29 Apr 2024 06:26:05 +0800 Subject: [PATCH] feat: Add language config and manifest for `mkosi` --- package.json | 17 ++ src/hint-data/manifests/mkosi.json | 335 +++++++++++++++++++++++++++++ 2 files changed, 352 insertions(+) create mode 100644 src/hint-data/manifests/mkosi.json diff --git a/package.json b/package.json index bc1d67e..64b974b 100644 --- a/package.json +++ b/package.json @@ -42,6 +42,7 @@ "build:webpack": "webpack --mode production --devtool hidden-source-map", "copy:assets": "cd src && copyfiles '**/*.{tmLanguage,png}' ../out", "fetch:base": "node --enable-source-maps out/hint-data/fetch/systemd-all", + "fetch:mkosi": "node --enable-source-maps out/hint-data/fetch/mkosi", "fetch:podman": "node --enable-source-maps out/hint-data/fetch/podman-quadlet", "fetch:capabilities": "node --enable-source-maps out/hint-data/fetch/linux-capabilities", "fetch:syscalls": "node --enable-source-maps out/hint-data/fetch/linux-syscalls", @@ -54,6 +55,17 @@ ], "contributes": { "languages": [ + { + "id": "mkosi-conf", + "aliases": [ + "Mkosi Configuration", + "mkosi-conf" + ], + "filenamePatterns": [ + "mkosi.conf" + ], + "configuration": "./language-configuration.json" + }, { "id": "systemd-conf", "aliases": [ @@ -101,6 +113,11 @@ "language": "systemd-conf", "scopeName": "source.systemd", "path": "./out/syntax/systemd.tmLanguage" + }, + { + "language": "mkosi-conf", + "scopeName": "source.mkosi", + "path": "./out/syntax/mkosi.tmLanguage" } ], "commands": [ diff --git a/src/hint-data/manifests/mkosi.json b/src/hint-data/manifests/mkosi.json new file mode 100644 index 0000000..ba8b713 --- /dev/null +++ b/src/hint-data/manifests/mkosi.json @@ -0,0 +1,335 @@ +[ +[3,1,"mkosi.md","mkosi - Build Bespoke OS Images","https://raw.githubusercontent.com/systemd/mkosi/main/mkosi/resources/mkosi.md"], +[5,"C","Parent directory of current config file",""], +[5,"D","Directory that mkosi was invoked in",""], +[5,"O","OutputDirectory=",""], +[5,"P","Current working directory",""], +[5,"a","Architecture=",""], +[5,"d","Distribution=",""], +[5,"i","ImageId=",""], +[5,"o","Output=",""], +[5,"p","Profile=",""], +[5,"r","Release=",""], +[5,"t","Format=",""], +[5,"v","ImageVersion=",""], +[6,1,"Match"], +[4,1,"Matches against the configured profile.","mkosi.md#match-section"], +[4,2,"Matches against the configured distribution.","mkosi.md#match-section"], +[4,3,"Matches against the configured distribution release. If this condition is used and no distribution has been\n explicitly configured yet, the host distribution and release are used.","mkosi.md#match-section"], +[4,4,"Matches against the configured architecture. If this condition is used\n and no architecture has been explicitly configured yet, the host\n architecture is used.","mkosi.md#match-section"], +[4,5,"This condition is satisfied if the given path exists. Relative paths are interpreted relative to the parent\n directory of the config file that the condition is read from.","mkosi.md#match-section"], +[4,6,"Matches against the configured image ID, supporting globs. If this condition is used and no image ID has\n been explicitly configured yet, this condition fails.","mkosi.md#match-section"], +[4,7,"Matches against the configured image version. Image versions can be prepended by the operators `==`, `!=`,\n `>=`, `<=`, `<`, `>` for rich version comparisons according to the UAPI group version format specification.\n If no operator is prepended, the equality operator is assumed by default. If this condition is used and no\n image version has been explicitly configured yet, this condition fails.","mkosi.md#match-section"], +[4,8,"Matches against the configured value for the `Bootable=` feature. Takes a boolean value or `auto`.","mkosi.md#match-section"], +[4,9,"Matches against the configured value for the `Format=` option. Takes\n an output format (see the `Format=` option).","mkosi.md#match-section"], +[4,10,"Matches against the systemd version on the host (as reported by\n `systemctl --version`). Values can be prepended by the operators `==`,\n `!=`, `>=`, `<=`, `<`, `>` for rich version comparisons according to\n the UAPI group version format specification. If no operator is\n prepended, the equality operator is assumed by default.","mkosi.md#match-section"], +[4,11,"Takes a build source target path (see `BuildSources=`). This match is\n satisfied if any of the configured build sources uses this target\n path. For example, if we have a `mkosi.conf` file containing:\n\n ```conf\n [Content]\n BuildSources=../abc/qed:kernel\n ```\n\n and a drop-in containing:\n\n ```conf\n [Match]\n BuildSources=kernel\n ```\n\n The drop-in will be included.\n\n: Any absolute paths passed to this setting are interpreted relative to\n the current working directory.","mkosi.md#match-section"], +[4,12,"Matches against the host's native architecture. See the\n `Architecture=` setting for a list of possible values.","mkosi.md#match-section"], +[4,13,"Matches against the configured tools tree distribution.","mkosi.md#match-section"], +[4,14,"Matches against a specific key/value pair configured with\n `Environment=`.\n\n| Matcher | Globs | Rich Comparisons | Default |\n|--------------------------|-------|------------------|---------------------------------------|\n| `Profile=` | no | no | match fails |\n| `Distribution=` | no | no | match host distribution |\n| `Release=` | no | no | match host release |\n| `Architecture=` | no | no | match host architecture |\n| `PathExists=` | no | no | n/a |\n| `ImageId=` | yes | no | match fails |\n| `ImageVersion=` | no | yes | match fails |\n| `Bootable=` | no | no | match auto feature |\n| `Format=` | no | no | match default format |\n| `SystemdVersion=` | no | yes | n/a |\n| `BuildSources=` | no | no | match fails |\n| `HostArchitecture=` | no | no | n/a |\n| `ToolsTreeDistribution=` | no | no | match default tools tree distribution |\n| `Environment=` | no | no | n/a |","mkosi.md#match-section"], +[2,"Architecture",[],4,1,1], +[2,"Bootable","B",8,1,1], +[2,"BuildSources",[],11,1,1], +[2,"Distribution",[],2,1,1], +[2,"Environment",[],14,1,1], +[2,"Format",[],9,1,1], +[2,"HostArchitecture",[],12,1,1], +[2,"ImageId",[],6,1,1], +[2,"ImageVersion",[],7,1,1], +[2,"PathExists",[],5,1,1], +[2,"Profile",[],1,1,1], +[2,"Release",[],3,1,1], +[2,"SystemdVersion",[],10,1,1], +[2,"ToolsTreeDistribution",[],13,1,1], +[6,2,"Config"], +[4,15,"Select the given profile. A profile is a configuration file or\n directory in the `mkosi.profiles/` directory. When selected, this\n configuration file or directory is included after parsing the\n `mkosi.conf` file, but before any `mkosi.conf.d/*.conf` drop in\n configuration.","mkosi.md#config-section"], +[4,16,"Include extra configuration from the given file or directory. The\n extra configuration is included immediately after parsing the setting,\n except when a default is set using `@Include=`, in which case the\n configuration is included after parsing all the other configuration\n files.\n\n: Note that each path containing extra configuration is only parsed\n once, even if included more than once with `Include=`.\n\n: The builtin configs for the mkosi default initrd and default tools\n tree can be included by including the literal value `mkosi-initrd` and\n `mkosi-tools` respectively.\n\n: Note: Include names starting with either of the literals `mkosi-` or\n `contrib-` are reserved for use by mkosi itself.","mkosi.md#config-section"], +[4,17,"Same as `Include=`, but the extra configuration files or directories\n are included when building the default initrd.","mkosi.md#config-section"], +[4,18,"If specified, only build the given image. Can be specified multiple\n times to build multiple images. All the given images and their\n dependencies are built. If not specified, all images are built. See\n the **Building multiple images** section for more information.\n\n: Note that this section only takes effect when specified in the global\n configuration files. It has no effect if specified as an image\n specific setting.","mkosi.md#config-section"], +[4,19,"The images that this image depends on specified as a comma-separated\n list. All images configured in this option will be built before this\n image and will be pulled in as dependencies of this image when\n `Images=` is used.","mkosi.md#config-section"], +[4,20,"The minimum mkosi version required to build this configuration. If\n specified multiple times, the highest specified version is used.","mkosi.md#config-section"], +[4,21,"Takes a comma-separated list of paths to executables that are used as\n the configure scripts for this image. See the **Scripts** section for\n more information.","mkosi.md#config-section"], +[2,"ConfigureScripts",[],21,1,2], +[2,"Dependencies",[],19,1,2], +[2,"Images",[],18,1,2], +[2,"Include",[],16,1,2], +[2,"InitrdInclude",[],17,1,2], +[2,"MinimumVersion",[],20,1,2], +[2,"Profile",[],15,1,2], +[6,3,"Distribution"], +[4,22,"The distribution to install in the image. Takes one of the following\n arguments: `fedora`, `debian`, `ubuntu`, `arch`, `opensuse`, `mageia`,\n `centos`, `rhel`, `rhel-ubi`, `openmandriva`, `rocky`, `alma`,\n `custom`. If not specified, defaults to the distribution of the host\n or `custom` if the distribution of the host is not a supported\n distribution.","mkosi.md#distribution-section"], +[4,23,"The release of the distribution to install in the image. The precise\n syntax of the argument this takes depends on the distribution used,\n and is either a numeric string (in case of Fedora Linux, CentOS, …,\n e.g. `29`), or a distribution version name (in case of Debian, Ubuntu,\n …, e.g. `artful`). Defaults to a recent version of the chosen\n distribution, or the version of the distribution running on the host\n if it matches the configured distribution.","mkosi.md#distribution-section"], +[4,24,"The architecture to build the image for. The architectures that are\n actually supported depends on the distribution used and whether a\n bootable image is requested or not. When building for a foreign\n architecture, you'll also need to install and register a user mode\n emulator for that architecture.\n\n: One of the following architectures can be specified per image built:\n `alpha`, `arc`, `arm`, `arm64`, `ia64`, `loongarch64`, `mips64-le`,\n `mips-le`, `parisc`, `ppc`, `ppc64`, `ppc64-le`, `riscv32`, `riscv64`,\n `s390`, `s390x`, `tilegx`, `x86`, `x86-64`.","mkosi.md#distribution-section"], +[4,25,"The mirror to use for downloading the distribution packages. Expects\n a mirror URL as argument. If not provided, the default mirror for the\n distribution is used.\n\n: The default mirrors for each distribution are as follows (unless\n specified, the same mirror is used for all architectures):\n\n | | x86-64 | aarch64 |\n |----------------|-----------------------------------|--------------------------------|\n | `debian` | http://deb.debian.org/debian | |\n | `arch` | https://geo.mirror.pkgbuild.com | http://mirror.archlinuxarm.org |\n | `opensuse` | http://download.opensuse.org | |\n | `ubuntu` | http://archive.ubuntu.com | http://ports.ubuntu.com |\n | `centos` | https://mirrors.centos.org | |\n | `rocky` | https://mirrors.rockylinux.org | |\n | `alma` | https://mirrors.almalinux.org | |\n | `fedora` | https://mirrors.fedoraproject.org | |\n | `rhel-ubi` | https://cdn-ubi.redhat.com | |\n | `mageia` | https://www.mageia.org | |\n | `openmandriva` | http://mirrors.openmandriva.org | |","mkosi.md#distribution-section"], +[4,26,"The mirror will be used as a local, plain and direct mirror instead\n of using it as a prefix for the full set of repositories normally supported\n by distributions. Useful for fully offline builds with a single repository.\n Supported on deb/rpm/arch based distributions. Overrides `--mirror=` but only\n for the local mkosi build, it will not be configured inside the final image,\n `--mirror=` (or the default repository) will be configured inside the final\n image instead.","mkosi.md#distribution-section"], +[4,27,"Controls signature/key checks when using repositories, enabled by default.\n Useful to disable checks when combined with `--local-mirror=` and using only\n a repository from a local filesystem. Not used for DNF-based distros yet.","mkosi.md#distribution-section"], +[4,28,"Enable package repositories that are disabled by default. This can be used to enable the EPEL repos for\n CentOS or different components of the Debian/Ubuntu repositories.","mkosi.md#distribution-section"], +[4,29,"Takes one of `auto`, `metadata`, `always` or `never`. Defaults to\n `auto`. If `always`, the package manager is instructed not to contact\n the network. This provides a minimal level of reproducibility, as long\n as the package cache is already fully populated. If set to `metadata`,\n the package manager can still download packages, but we won't sync the\n repository metadata. If set to `auto`, the repository metadata is\n synced unless we have a cached image (see `Incremental=`) and packages\n can be downloaded during the build. If set to `never`, repository\n metadata is always synced and and packages can be downloaded during\n the build.","mkosi.md#distribution-section"], +[4,30,"This option mirrors the above `SkeletonTrees=` option and defaults to the\n same value if not configured otherwise, but installs the files to a\n subdirectory of the workspace directory instead of the OS tree. This\n subdirectory of the workspace is used to configure the package manager.\n\n: `mkosi` will look for the package manager configuration and related\n files in the configured package manager trees. Unless specified\n otherwise, it will use the configuration files from their canonical\n locations in `/usr` or `/etc` in the package manager trees. For\n example, it will look for `etc/dnf/dnf.conf` in the package manager\n trees if `dnf` is used to install packages.\n\n: `SkeletonTrees=` and `PackageManagerTrees=` fulfill similar roles. Use\n `SkeletonTrees=` if you want the files to be present in the final image. Use\n `PackageManagerTrees=` if you don't want the files to be present in the final\n image, e.g. when building an initrd or if you want to refer to paths outside\n of the image in your repository configuration.","mkosi.md#distribution-section"], +[2,"Architecture",[],24,1,3], +[2,"CacheOnly",[],29,1,3], +[2,"Distribution",[],22,1,3], +[2,"LocalMirror",[],26,1,3], +[2,"Mirror",[],25,1,3], +[2,"PackageManagerTrees",[],30,1,3], +[2,"Release",[],23,1,3], +[2,"Repositories",[],28,1,3], +[2,"RepositoryKeyCheck",[],27,1,3], +[6,4,"Output"], +[4,31,"The image format type to generate. One of `directory` (for generating\n an OS image directly in a local directory), `tar` (similar, but a\n tarball of the OS image is generated), `cpio` (similar, but a cpio\n archive is generated), `disk` (a block device OS image with a GPT\n partition table), `uki` (a unified kernel image with the OS image in\n the `.initrd` PE section), `esp` (`uki` but wrapped in a disk image\n with only an ESP partition), `oci` (a directory compatible with the\n OCI image specification), `sysext`, `confext`, `portable` or `none`\n (the OS image is solely intended as a build image to produce another\n artifact).\n\n: If the `disk` output format is used, the disk image is generated using\n `systemd-repart`. The repart partition definition files to use can be\n configured using the `RepartDirectories=` setting or via\n `mkosi.repart/`. When verity partitions are configured using\n systemd-repart's `Verity=` setting, mkosi will automatically parse the\n verity hash partition's roothash from systemd-repart's JSON output and\n include it in the kernel command line of every unified kernel image\n built by mkosi.","mkosi.md#output-section"], +[4,32,"The manifest format type or types to generate. A comma-delimited\n list consisting of `json` (the standard JSON output format that\n describes the packages installed), `changelog` (a human-readable\n text format designed for diffing). By default no manifest is\n generated.","mkosi.md#output-section"], +[4,33,"Name to use for the generated output image file or directory. Defaults\n to `image` or, if `ImageId=` is specified, it is used as the default\n output name, optionally suffixed with the version set with\n `ImageVersion=`. Note that this option does not allow configuring the\n output directory, use `OutputDirectory=` for that.\n\n: Note that this only specifies the output prefix, depending on the\n specific output format, compression and image version used, the full\n output name might be `image_7.8.raw.xz`.","mkosi.md#output-section"], +[4,34,"Configure compression for the resulting image or archive. The argument can be\n either a boolean or a compression algorithm (`xz`, `zstd`). `zstd`\n compression is used by default, except CentOS and derivatives up to version\n 8, which default to `xz`, and OCI images, which default to `gzip`.\n Note that when applied to block device image types,\n compression means the image cannot be started directly but needs to be\n decompressed first. This also means that the `shell`, `boot`, `qemu` verbs\n are not available when this option is used. Implied for `tar`, `cpio`, `uki`,\n `esp`, and `oci`.","mkosi.md#output-section"], +[4,35,"Configure the compression level to use. Takes an integer. The possible\n values depend on the compression being used.","mkosi.md#output-section"], +[4,36,"Path to a directory where to place all generated artifacts. If this is\n not specified and the directory `mkosi.output/` exists in the local\n directory, it is automatically used for this purpose.","mkosi.md#output-section"], +[4,37,"Path to a directory where to store data required temporarily while\n building the image. This directory should have enough space to store\n the full OS image, though in most modes the actually used disk space\n is smaller. If not specified, a subdirectory of `$XDG_CACHE_HOME` (if\n set), `$HOME/.cache` (if set) or `/var/tmp` is used.\n\n: The data in this directory is removed automatically after each\n build. It's safe to manually remove the contents of this directory\n should an `mkosi` invocation be aborted abnormally (for example, due\n to reboot/power failure).","mkosi.md#output-section"], +[4,38,"Takes a path to a directory to use as the incremental cache directory\n for the incremental images produced when the `Incremental=` option is\n enabled. If this option is not used, but a `mkosi.cache/` directory is\n found in the local directory it is automatically used for this\n purpose.","mkosi.md#output-section"], +[4,39,"Takes a path to a directory to use as the package cache directory for\n the distribution package manager used. If unset, a suitable directory\n in the user's home directory or system is used.","mkosi.md#output-section"], +[4,40,"Takes a path to a directory to use as the build directory for build\n systems that support out-of-tree builds (such as Meson). The directory\n used this way is shared between repeated builds, and allows the build\n system to reuse artifacts (such as object files, executable, …)\n generated on previous invocations. The build scripts can find the path\n to this directory in the `$BUILDDIR` environment variable. This\n directory is mounted into the image's root directory when\n `mkosi-chroot` is invoked during execution of the build scripts. If\n this option is not specified, but a directory `mkosi.builddir/` exists\n in the local directory it is automatically used for this purpose (also\n see the **Files** section below).","mkosi.md#output-section"], +[4,41,"Configure the image version. This accepts any string, but it is\n recommended to specify a series of dot separated components. The\n version may also be configured in a file `mkosi.version` in which\n case it may be conveniently managed via the `bump` verb or the\n `--auto-bump` option. When specified the image version is included\n in the default output file name, i.e. instead of `image.raw` the\n default will be `image_0.1.raw` for version `0.1` of the image, and\n similar. The version is also passed via the `$IMAGE_VERSION` to any\n build scripts invoked (which may be useful to patch it into\n `/usr/lib/os-release` or similar, in particular the `IMAGE_VERSION=`\n field of it).","mkosi.md#output-section"], +[4,42,"Configure the image identifier. This accepts a freeform string that\n shall be used to identify the image with. If set the default output\n file will be named after it (possibly suffixed with the version). The\n identifier is also passed via the `$IMAGE_ID` to any build scripts\n invoked. The image ID is automatically added to `/usr/lib/os-release`.","mkosi.md#output-section"], +[4,43,"If specified and building a disk image, pass `--split=yes` to systemd-repart\n to have it write out split partition files for each configured partition.\n Read the [man](https://www.freedesktop.org/software/systemd/man/systemd-repart.html#--split=BOOL)\n page for more information. This is useful in A/B update scenarios where\n an existing disk image shall be augmented with a new version of a\n root or `/usr` partition along with its Verity partition and unified\n kernel.","mkosi.md#output-section"], +[4,44,"Paths to directories containing systemd-repart partition definition\n files that are used when mkosi invokes systemd-repart when building a\n disk image. If `mkosi.repart/` exists in the local directory, it will\n be used for this purpose as well. Note that mkosi invokes repart with\n `--root=` set to the root of the image root, so any `CopyFiles=`\n source paths in partition definition files will be relative to the\n image root directory.","mkosi.md#output-section"], +[4,45,"Override the default sector size that systemd-repart uses when building a disk\n image.","mkosi.md#output-section"], +[4,46,"Specifies whether to build disk images using loopback devices. Enabled\n by default. When enabled, `systemd-repart` will not use loopback\n devices to build disk images. When disabled, `systemd-repart` will\n always use loopback devices to build disk images.\n\n: Note that when using `RepartOffline=no` mkosi cannot run unprivileged and\n the image build has to be done as the root user outside of any\n containers and with loopback devices available on the host system.\n\n: There are currently two known scenarios where `RepartOffline=no` has to be\n used. The first is when using `Subvolumes=` in a repart partition\n definition file, as subvolumes cannot be created without using\n loopback devices. The second is when creating a system with SELinux\n and an XFS root partition. Because `mkfs.xfs` does not support\n populating an XFS filesystem with extended attributes, loopback\n devices have to be used to ensure the SELinux extended attributes end\n up in the generated XFS filesystem.","mkosi.md#output-section"], +[4,47,"When used together with `BaseTrees=`, the output will consist only out of\n changes to the specified base trees. Each base tree is attached as a lower\n layer in an overlayfs structure, and the output becomes the upper layer,\n initially empty. Thus files that are not modified compared to the base trees\n will not be present in the final output.\n\n: This option may be used to create [systemd *system extensions* or\n *portable services*](https://uapi-group.org/specifications/specs/extension_image).","mkosi.md#output-section"], +[4,48,"Takes a boolean or `auto`. Enables or disables use of btrfs subvolumes for\n directory tree outputs. If enabled, mkosi will create the root directory as\n a btrfs subvolume and use btrfs subvolume snapshots where possible to copy\n base or cached trees which is much faster than doing a recursive copy. If\n explicitly enabled and `btrfs` is not installed or subvolumes cannot be\n created, an error is raised. If `auto`, missing `btrfs` or failures to\n create subvolumes are ignored.","mkosi.md#output-section"], +[4,49,"Takes a UUID as argument or the special value `random`.\n Overrides the seed that [`systemd-repart(8)`](https://www.freedesktop.org/software/systemd/man/systemd-repart.service.html)\n uses when building a disk image. This is useful to achieve reproducible\n builds, where deterministic UUIDs and other partition metadata should be\n derived on each build.","mkosi.md#output-section"], +[4,50,"Takes a timestamp as argument. Resets file modification times of all files to\n this timestamp. The variable is also propagated to systemd-repart and\n scripts executed by mkosi. If not set explicitly, `SOURCE_DATE_EPOCH` from\n `--environment` and from the host environment are tried in that order.\n This is useful to make builds reproducible. See\n [SOURCE_DATE_EPOCH](https://reproducible-builds.org/specs/source-date-epoch/)\n for more information.","mkosi.md#output-section"], +[4,51,"Takes a comma-separated list of paths to executables that are used as\n the clean scripts for this image. See the **Scripts** section for\n more information.","mkosi.md#output-section"], +[2,"BuildDirectory",[],40,1,4], +[2,"CacheDirectory",[],38,1,4], +[2,"CleanScripts",[],51,1,4], +[2,"CompressLevel",[],35,1,4], +[2,"CompressOutput",[],34,1,4], +[2,"Format",[],31,1,4], +[2,"ImageId",[],42,1,4], +[2,"ImageVersion",[],41,1,4], +[2,"ManifestFormat",[],32,1,4], +[2,"Output",[],33,1,4], +[2,"OutputDirectory",[],36,1,4], +[2,"Overlay",[],47,1,4], +[2,"PackageCacheDirectory",[],39,1,4], +[2,"RepartDirectories",[],44,1,4], +[2,"RepartOffline",[],46,1,4], +[2,"SectorSize",[],45,1,4], +[2,"Seed",[],49,1,4], +[2,"SourceDateEpoch",[],50,1,4], +[2,"SplitArtifacts",[],43,1,4], +[2,"UseSubvolumes",[],48,1,4], +[2,"WorkspaceDirectory",[],37,1,4], +[6,5,"Content"], +[4,52,"Install the specified distribution packages (i.e. RPM, DEB, …) in the\n image. Takes a comma separated list of package specifications. This\n option may be used multiple times in which case the specified package\n lists are combined. Use `BuildPackages=` to specify packages that\n shall only be installed in an overlay that is mounted when the prepare\n scripts are executed with the `build` argument and when the build scripts\n are executed.\n\n: The types and syntax of *package specifications* that are allowed\n depend on the package installer (e.g. `dnf` for `rpm`-based distros or\n `apt` for `deb`-based distros), but may include package names, package\n names with version and/or architecture, package name globs, paths to\n packages in the file system, package groups, and virtual provides,\n including file paths.\n\n: Example: when using a distro that uses `dnf`, the following configuration\n would install the `meson` package (in the latest version), the 32-bit version\n of the `libfdisk-devel` package, all available packages that start with the\n `git-` prefix, a `systemd` rpm from the local file system, one of the\n packages that provides `/usr/bin/ld`, the packages in the *Development Tools*\n group, and the package that contains the `mypy` python module.\n\n ```conf\n Packages=meson\n libfdisk-devel.i686\n git-*\n prebuilt/rpms/systemd-249-rc1.local.rpm\n /usr/bin/ld\n @development-tools\n python3dist(mypy)\n ```\n\n: Note that since mkosi runs in a sandbox with most of the host files\n unavailable, any local packages have to be mounted into the sandbox\n explicitly using `BuildSources=`. For example, let's say we have a\n local package located at `../my-packages/abc.rpm` relative to the mkosi\n working directory, then we'd be able to install it as follows:\n\n ```conf\n BuildSources=../my-packages:my-packages-in-sandbox\n Packages=my-packages-in-sandbox/abc.rpm\n ```","mkosi.md#content-section"], +[4,53,"Similar to `Packages=`, but configures packages to install only in an\n overlay that is made available on top of the image to the prepare\n scripts when executed with the `build` argument and the build scripts.\n This option should be used to list packages containing header files,\n compilers, build systems, linkers and other build tools the\n `mkosi.build` scripts require to operate. Note that packages listed\n here will be absent in the final image.","mkosi.md#content-section"], +[4,54,"Similar to `Packages=`, but packages configured with this setting are\n not cached when `Incremental=` is enabled and are installed after\n executing any build scripts.\n\n: Specifically, this setting can be used to install packages that change\n often or which are built by a build script.","mkosi.md#content-section"], +[4,55,"Specify directories containing extra packages to be made available during\n the build. `mkosi` will create a local repository containing all\n packages in these directories and make it available when installing packages or\n running scripts. If the `mkosi.packages/` directory is found in the local\n directory it is also used for this purpose.\n\n: Note that this local repository is also made available when running\n scripts. Build scripts can add more packages to the local repository\n by placing the built packages in `$PACKAGEDIR`.","mkosi.md#content-section"], +[4,56,"Configures whether to install recommended or weak dependencies,\n depending on how they are named by the used package manager, or not.\n By default, recommended packages are not installed. This is only used\n for package managers that support the concept, which are currently\n apt, dnf and zypper.","mkosi.md#content-section"], +[4,57,"Include documentation in the image. Enabled by default. When disabled,\n if the underlying distribution package manager supports it\n documentation is not included in the image. The `$WITH_DOCS`\n environment variable passed to the `mkosi.build` scripts is set to `0`\n or `1` depending on whether this option is enabled or disabled.","mkosi.md#content-section"], +[4,58,"Takes a comma separated list of paths to use as base trees. When used,\n these base trees are each copied into the OS tree and form the base\n distribution instead of installing the distribution from scratch. Only\n extra packages are installed on top of the ones already installed in\n the base trees. Note that for this to work properly, the base image\n still needs to contain the package manager metadata by setting\n `CleanPackageMetadata=no` (see `CleanPackageMetadata=`).\n\n: Instead of a directory, a tar file or a disk image may be provided. In\n this case it is unpacked into the OS tree. This mode of operation\n allows setting permissions and file ownership explicitly, in\n particular for projects stored in a version control system such as\n `git` which retain full file ownership and access mode metadata for\n committed files.","mkosi.md#content-section"], +[4,59,"Takes a comma separated list of colon separated path pairs. The first\n path of each pair refers to a directory to copy into the OS tree\n before invoking the package manager. The second path of each pair\n refers to the target directory inside the image. If the second path is\n not provided, the directory is copied on top of the root directory of\n the image. The second path is always interpreted as an absolute path.\n Use this to insert files and directories into the OS tree before the\n package manager installs any packages. If the `mkosi.skeleton/`\n directory is found in the local directory it is also used for this\n purpose with the root directory as target (also see the **Files**\n section below).\n\n: Note that skeleton trees are cached and any changes to skeleton trees\n after a cached image has been built (when using `Incremental=`) are\n only applied when the cached image is rebuilt (by using `-ff` or\n running `mkosi -f clean`).\n\n: As with the base tree logic above, instead of a directory, a tar\n file may be provided too. `mkosi.skeleton.tar` will be automatically\n used if found in the local directory.","mkosi.md#content-section"], +[4,60,"Takes a comma separated list of colon separated path pairs. The first\n path of each pair refers to a directory to copy from the host into the\n image. The second path of each pair refers to the target directory\n inside the image. If the second path is not provided, the directory is\n copied on top of the root directory of the image. The second path is\n always interpreted as an absolute path. Use this to override any\n default configuration files shipped with the distribution. If the\n `mkosi.extra/` directory is found in the local directory it is also\n used for this purpose with the root directory as target. (also see the\n **Files** section below).\n\n: As with the base tree logic above, instead of a directory, a tar\n file may be provided too. `mkosi.extra.tar` will be automatically\n used if found in the local directory.","mkosi.md#content-section"], +[4,61,"Takes a comma-separated list of package specifications for removal, in\n the same format as `Packages=`. The removal will be performed as one\n of the last steps. This step is skipped if `CleanPackageMetadata=no`\n is used.","mkosi.md#content-section"], +[4,62,"Takes a comma-separated list of globs. Files in the image matching\n the globs will be purged at the end.","mkosi.md#content-section"], +[4,63,"Enable/disable removal of package manager databases and repository\n metadata at the end of installation. Can be specified as `true`,\n `false`, or `auto` (the default). With `auto`, package manager\n databases and repository metadata will be removed if the respective\n package manager executable is *not* present at the end of the\n installation.","mkosi.md#content-section"], +[4,64,"Takes a comma-separated list of paths to executables that are used as\n the sync scripts for this image. See the **Scripts** section for\n more information.","mkosi.md#content-section"], +[4,65,"Takes a comma-separated list of paths to executables that are used as\n the prepare scripts for this image. See the **Scripts** section for\n more information.","mkosi.md#content-section"], +[4,66,"Takes a comma-separated list of paths to executables that are used as\n the build scripts for this image. See the **Scripts** section for more\n information.","mkosi.md#content-section"], +[4,67,"Takes a comma-separated list of paths to executables that are used as\n the post-installation scripts for this image. See the **Scripts** section\n for more information.","mkosi.md#content-section"], +[4,68,"Takes a comma-separated list of paths to executables that are used as\n the finalize scripts for this image. See the **Scripts** section for more\n information.","mkosi.md#content-section"], +[4,69,"Takes a comma separated list of colon separated path pairs. The first\n path of each pair refers to a directory to mount from the host. The\n second path of each pair refers to the directory where the source\n directory should be mounted when running scripts. Every target path is\n prefixed with `/work/src` and all build sources are sorted\n lexicographically by their target before mounting, so that top level\n paths are mounted first. If not configured explicitly, the current\n working directory is mounted to `/work/src`.","mkosi.md#content-section"], +[4,70,"Takes a boolean. Disabled by default. Configures whether changes to\n source directories (The working directory and configured using\n `BuildSources=`) are persisted. If enabled, all source directories\n will be reset to their original state every time after running all\n scripts of a specific type (except sync scripts).","mkosi.md#content-section"], +[4,71,"Adds variables to the environment that package managers and the\n prepare/build/postinstall/finalize scripts are executed with. Takes\n a space-separated list of variable assignments or just variable\n names. In the latter case, the values of those variables will be\n passed through from the environment in which `mkosi` was invoked.\n This option may be specified more than once, in which case all\n listed variables will be set. If the same variable is set twice, the\n later setting overrides the earlier one.","mkosi.md#content-section"], +[4,72,"Takes a comma-separated list of paths to files that contain environment\n variable definitions to be added to the scripting environment. Uses\n `mkosi.env` if it is found in the local directory. The variables are\n first read from `mkosi.env` if it exists, then from the given list of\n files and then from the `Environment=` settings.","mkosi.md#content-section"], +[4,73,"If set to false (or when the command-line option is used), the\n `$WITH_TESTS` environment variable is set to `0` when the\n `mkosi.build` scripts are invoked. This is supposed to be used by the\n build scripts to bypass any unit or integration tests that are\n normally run during the source build process. Note that this option\n has no effect unless the `mkosi.build` build scripts honor it.","mkosi.md#content-section"], +[4,74,"When true, enables network connectivity while the build scripts\n `mkosi.build` are invoked. By default, the build scripts run with\n networking turned off. The `$WITH_NETWORK` environment variable is\n passed to the `mkosi.build` build scripts indicating whether the\n build is done with or without network.","mkosi.md#content-section"], +[4,75,"Takes a boolean or `auto`. Enables or disables generation of a\n bootable image. If enabled, mkosi will install an EFI bootloader, and\n add an ESP partition when the disk image output is used. If the\n selected EFI bootloader (See `Bootloader=`) is not installed or no\n kernel images can be found, the build will fail. `auto` behaves as if\n the option was enabled, but the build won't fail if either no kernel\n images or the selected EFI bootloader can't be found. If disabled, no\n bootloader will be installed even if found inside the image, no\n unified kernel images will be generated and no ESP partition will be\n added to the image if the disk output format is used.","mkosi.md#content-section"], +[4,76,"Takes one of `none`, `systemd-boot`, `uki` or `grub`. Defaults to\n `systemd-boot`. If set to `none`, no EFI bootloader will be installed\n into the image. If set to `systemd-boot`, systemd-boot will be\n installed and for each installed kernel, a UKI will be generated and\n stored in `EFI/Linux` in the ESP. If set to `uki`, a single UKI will\n be generated for the latest installed kernel (the one with the highest\n version) which is installed to `EFI/BOOT/BOOTX64.EFI` in the ESP. If\n set to `grub`, for each installed kernel, a UKI will be generated and\n stored in `EFI/Linux` in the ESP. For each generated UKI, a menu entry\n is appended to the grub configuration in `grub/grub.cfg` in the ESP\n which chainloads into the UKI. A shim grub.cfg is also written to\n `EFI//grub.cfg` in the ESP which loads `grub/grub.cfg`\n in the ESP for compatibility with signed versions of grub which load\n the grub configuration from this location.\n\n: Note that we do not yet install grub to the ESP when `Bootloader=` is\n set to `grub`. This has to be done manually in a postinst or finalize\n script. The grub EFI binary should be installed to\n `/efi/EFI/BOOT/BOOTX64.EFI` (or similar depending on the architecture)\n and should be configured to load its configuration from\n `EFI//grub.cfg` in the ESP. Signed versions of grub\n shipped by distributions will load their configuration from this\n location by default.","mkosi.md#content-section"], +[4,77,"Takes one of `none` or `grub`. Defaults to `none`. If set to `none`,\n no BIOS bootloader will be installed. If set to `grub`, grub is\n installed as the BIOS boot loader if a bootable image is requested\n with the `Bootable=` option. If no repart partition definition files\n are configured, mkosi will add a grub BIOS boot partition and an EFI\n system partition to the default partition definition files.\n\n: Note that this option is not mutually exclusive with `Bootloader=`. It\n is possible to have an image that is both bootable on UEFI and BIOS by\n configuring both `Bootloader=` and `BiosBootloader=`.\n\n: The grub BIOS boot partition should have UUID\n `21686148-6449-6e6f-744e-656564454649` and should be at least 1MB.\n\n: Even if no EFI bootloader is installed, we still need an ESP for BIOS\n boot as that's where we store the kernel, initrd and grub modules.","mkosi.md#content-section"], +[4,78,"Takes one of `none`, `unsigned`, or `signed`. Defaults to `none`. If\n set to `none`, shim and MokManager will not be installed to the ESP.\n If set to `unsigned`, mkosi will search for unsigned shim and\n MokManager EFI binaries and install them. If `SecureBoot=` is enabled,\n mkosi will sign the unsigned EFI binaries before installing them. If\n set to `signed`, mkosi will search for signed EFI binaries and install\n those. Even if `SecureBoot=` is enabled, mkosi won't sign these\n binaries again.\n\n: Note that this option only takes effect when an image that is bootable\n on UEFI firmware is requested using other options\n (`Bootable=`, `Bootloader=`).\n\n: Note that when this option is enabled, mkosi will only install already\n signed bootloader binaries, kernel image files and unified kernel\n images as self-signed binaries would not be accepted by the signed\n version of shim.","mkosi.md#content-section"], +[4,79,"Specifies whether to use unified kernel images or not when\n `Bootloader=` is set to `systemd-boot` or `grub`. Takes a boolean\n value or `auto`. Defaults to `auto`. If enabled, unified kernel images\n are always used and the build will fail if any components required to\n build unified kernel images are missing. If set to `auto`, unified\n kernel images will be used if all necessary components are available.\n Otherwise Type 1 entries as defined by the Boot Loader Specification\n will be used instead. If disabled, Type 1 entries will always be used.","mkosi.md#content-section"], +[4,80,"Use user-provided initrd(s). Takes a comma separated list of paths to initrd\n files. This option may be used multiple times in which case the initrd lists\n are combined. If no initrds are specified and a bootable image is requested,\n mkosi will look for initrds in a subdirectory `io.mkosi.initrd` of the\n artifact directory (see `$ARTIFACTDIR` in the section **ENVIRONMENT\n VARIABLES**), if none are found there mkosi will automatically build a\n default initrd.","mkosi.md#content-section"], +[4,81,"Extra packages to install into the default initrd. Takes a comma\n separated list of package specifications. This option may be used\n multiple times in which case the specified package lists are combined.","mkosi.md#content-section"], +[4,82,"Similar to `VolatilePackages=`, except it applies to the default\n initrd.","mkosi.md#content-section"], +[4,83,"When set to true only include microcode for the host's CPU in the image.","mkosi.md#content-section"], +[4,84,"Use the specified kernel command line when building images.\n Defaults to `console=ttyS0`. For `arm`, `s390` and `ppc`, `ttyS0` is replaced\n with `ttyAMA0`, `ttysclp0` or `hvc0`, respectively.","mkosi.md#content-section"], +[4,85,"Takes a list of regex patterns that specify kernel modules to include in the image. Patterns should be\n relative to the `/usr/lib/modules//kernel` directory. mkosi checks for a match anywhere in the module\n path (e.g. `i915` will match against `drivers/gpu/drm/i915.ko`). All modules that match any of the\n specified patterns are included in the image. All module and firmware dependencies of the matched modules\n are included in the image as well. This setting takes priority over `KernelModulesExclude=` and only makes\n sense when used in combination with it because all kernel modules are included in the image by default.","mkosi.md#content-section"], +[4,86,"Takes a list of regex patterns that specify modules to exclude from the image. Behaves the same as\n `KernelModulesInclude=` except that all modules that match any of the specified patterns are excluded from\n the image.","mkosi.md#content-section"], +[4,87,"Takes a boolean. Specifies whether to include the currently loaded\n modules on the host system in the image. This setting takes priority\n over `KernelModulesExclude=` and only makes sense when used in\n combination with it because all kernel modules are included in the\n image by default.","mkosi.md#content-section"], +[4,88,"Enable/Disable generation of the kernel modules initrd when building a bootable image. Enabled by default.\n If enabled, when building a bootable image, for each kernel that we assemble a unified kernel image for we\n generate an extra initrd containing only the kernel modules for that kernel version and append it to the\n prebuilt initrd. This allows generating kernel independent initrds which are augmented with the necessary\n kernel modules when the UKI is assembled.","mkosi.md#content-section"], +[4,89,"Like `KernelModulesInclude=`, but applies to the kernel modules included in the kernel modules initrd.","mkosi.md#content-section"], +[4,90,"Like `KernelModulesExclude=`, but applies to the kernel modules included in the kernel modules initrd.","mkosi.md#content-section"], +[4,91,"Like `KernelModulesIncludeHost=`, but applies to the kernel modules included in the kernel modules initrd.","mkosi.md#content-section"], +[4,92,"The settings `Locale=`, `--locale=`, `LocaleMessages=`, `--locale-messages=`,\n `Keymap=`, `--keymap=`, `Timezone=`, `--timezone=`, `Hostname=`,\n `--hostname=`, `RootShell=`, `--root-shell=` correspond to the identically\n named systemd-firstboot options. See the systemd firstboot\n [manpage](https://www.freedesktop.org/software/systemd/man/systemd-firstboot.html)\n for more information. Additionally, where applicable, the corresponding\n systemd credentials for these settings are written to `/usr/lib/credstore`,\n so that they apply even if only `/usr` is shipped in the image.","mkosi.md#content-section"], +[4,93,"Set the system root password. If this option is not used, but a `mkosi.rootpw` file is found in the local\n directory, the password is automatically read from it. If the password starts with `hashed:`, it is treated\n as an already hashed root password. The root password is also stored in `/usr/lib/credstore` under the\n appropriate systemd credential so that it applies even if only `/usr` is shipped in the image. To create\n an unlocked account without any password use `hashed:` without a hash.","mkosi.md#content-section"], +[4,94,"Enable autologin for the `root` user on `/dev/pts/0` (nspawn),\n `/dev/tty1` and `/dev/ttyS0`.","mkosi.md#content-section"], +[4,95,"Add `/etc/initrd-release` and `/init` to the image so that it can be\n used as an initramfs.","mkosi.md#content-section"], +[4,96,"If specified, an sshd socket unit and matching service are installed\n in the final image that expose SSH over VSock. When building with this\n option and running the image using `mkosi qemu`, the `mkosi ssh`\n command can be used to connect to the container/VM via SSH. Note that\n you still have to make sure openssh is installed in the image to make\n this option behave correctly. Run `mkosi genkey` to automatically\n generate an X509 certificate and private key to be used by mkosi to\n enable SSH access to any virtual machines via `mkosi ssh`. To access\n images booted using `mkosi boot`, use `machinectl`.","mkosi.md#content-section"], +[4,97,"Specifies whether to relabel files to match the image's SELinux\n policy. Takes a boolean value or `auto`. Defaults to `auto`. If\n disabled, files will not relabeled. If enabled, an SELinux policy has\n to be installed in the image and `setfiles` has to be available to\n relabel files. If any errors occur during `setfiles`, the build will\n fail. If set to `auto`, files will be relabeled if an SELinux policy\n is installed in the image and if `setfiles` is available. Any errors\n occurred during `setfiles` will be ignored.\n\n: Note that when running unprivileged, `setfiles` will fail to set any\n labels that are not in the host's SELinux policy. To ensure `setfiles`\n succeeds without errors, make sure to run mkosi as root or build from\n a host system with the same SELinux policy as the image you're\n building.","mkosi.md#content-section"], +[2,"Autologin",[],94,1,5], +[2,"BaseTrees",[],58,1,5], +[2,"BiosBootloader",[],77,1,5], +[2,"Bootable",[],75,1,5], +[2,"Bootloader",[],76,1,5], +[2,"BuildPackages",[],53,1,5], +[2,"BuildScripts",[],66,1,5], +[2,"BuildSources",[],69,1,5], +[2,"BuildSourcesEphemeral","b",70,1,5], +[2,"CleanPackageMetadata",[],63,1,5], +[2,"Environment",[],71,1,5], +[2,"EnvironmentFiles",[],72,1,5], +[2,"ExtraTrees",[],60,1,5], +[2,"FinalizeScripts",[],68,1,5], +[2,"Hostname",[],92,1,5], +[2,"InitrdPackages",[],81,1,5], +[2,"InitrdVolatilePackages",[],82,1,5], +[2,"Initrds",[],80,1,5], +[2,"KernelCommandLine",[],84,1,5], +[2,"KernelModulesExclude",[],86,1,5], +[2,"KernelModulesInclude",[],85,1,5], +[2,"KernelModulesIncludeHost","b",87,1,5], +[2,"KernelModulesInitrd",[],88,1,5], +[2,"KernelModulesInitrdExclude",[],90,1,5], +[2,"KernelModulesInitrdInclude",[],89,1,5], +[2,"KernelModulesInitrdIncludeHost",[],91,1,5], +[2,"Keymap",[],92,1,5], +[2,"Locale",[],92,1,5], +[2,"LocaleMessages",[],92,1,5], +[2,"MakeInitrd",[],95,1,5], +[2,"MicrocodeHost",[],83,1,5], +[2,"PackageDirectories",[],55,1,5], +[2,"Packages",[],52,1,5], +[2,"PostInstallationScripts",[],67,1,5], +[2,"PrepareScripts",[],65,1,5], +[2,"RemoveFiles",[],62,1,5], +[2,"RemovePackages",[],61,1,5], +[2,"RootPassword",[],93,1,5], +[2,"RootShell",[],92,1,5], +[2,"SELinuxRelabel","B",97,1,5], +[2,"ShimBootloader",[],78,1,5], +[2,"SkeletonTrees",[],59,1,5], +[2,"Ssh",[],96,1,5], +[2,"SyncScripts",[],64,1,5], +[2,"Timezone",[],92,1,5], +[2,"UnifiedKernelImages","B",79,1,5], +[2,"VolatilePackages",[],54,1,5], +[2,"WithDocs",[],57,1,5], +[2,"WithNetwork",[],74,1,5], +[2,"WithRecommends",[],56,1,5], +[2,"WithTests",[],73,1,5], +[6,6,"Validation"], +[4,98,"Sign systemd-boot (if it is not signed yet) and any generated\n unified kernel images for UEFI SecureBoot.","mkosi.md#validation-section"], +[4,99,"Set up automatic enrollment of the secure boot keys in virtual machines as\n documented in the systemd-boot\n [man page](https://www.freedesktop.org/software/systemd/man/systemd-boot.html)\n if `SecureBoot=` is used.\n Note that systemd-boot will only do automatic secure boot key\n enrollment in virtual machines starting from systemd v253. To do auto\n enrollment on systemd v252 or on bare metal machines, write a\n systemd-boot configuration file to `/efi/loader/loader.conf` using an\n extra tree with `secure-boot-enroll force` or\n `secure-boot-enroll manual` in it. Auto enrollment is not supported on\n systemd versions older than v252. Defaults to `yes`.","mkosi.md#validation-section"], +[4,100,"Path to the PEM file containing the secret key for signing the\n UEFI kernel image if `SecureBoot=` is used and PCR signatures when\n `SignExpectedPcr=` is also used. When `SecureBootKeySource=` is specified,\n the input type depends on the source.","mkosi.md#validation-section"], +[4,101,"Source of `SecureBootKey=`, to support OpenSSL engines. E.g.:\n `--secure-boot-key-source=engine:pkcs11`","mkosi.md#validation-section"], +[4,102,"Path to the X.509 file containing the certificate for the signed\n UEFI kernel image, if `SecureBoot=` is used.","mkosi.md#validation-section"], +[4,103,"Tool to use to sign secure boot PE binaries. Takes one of `sbsign`, `pesign` or `auto`. Defaults to `auto`.\n If set to `auto`, either sbsign or pesign are used if available, with sbsign being preferred if both are\n installed.","mkosi.md#validation-section"], +[4,104,"Path to the PEM file containing the secret key for signing the verity signature, if a verity signature\n partition is added with systemd-repart. When `VerityKeySource=` is specified, the input type depends on\n the source.","mkosi.md#validation-section"], +[4,105,"Source of `VerityKey=`, to support OpenSSL engines. E.g.:\n `--verity-key-source=engine:pkcs11`","mkosi.md#validation-section"], +[4,106,"Path to the X.509 file containing the certificate for signing the verity signature, if a verity signature\n partition is added with systemd-repart.","mkosi.md#validation-section"], +[4,107,"Measure the components of the unified kernel image (UKI) using\n `systemd-measure` and embed the PCR signature into the unified kernel\n image. This option takes a boolean value or the special value `auto`,\n which is the default, which is equal to a true value if the\n `systemd-measure` binary is in `PATH`. Depends on `SecureBoot=`\n being enabled and key from `SecureBootKey=`.","mkosi.md#validation-section"], +[4,108,"Specify the path to a file containing the passphrase to use for LUKS\n encryption. It should contain the passphrase literally, and not end in\n a newline character (i.e. in the same format as cryptsetup and\n `/etc/crypttab` expect the passphrase files). The file must have an\n access mode of 0600 or less.","mkosi.md#validation-section"], +[4,109,"Generate a `SHA256SUMS` file of all generated artifacts after the\n build is complete.","mkosi.md#validation-section"], +[4,110,"Sign the generated `SHA256SUMS` using `gpg` after completion.","mkosi.md#validation-section"], +[4,111,"Select the `gpg` key to use for signing `SHA256SUMS`. This key must\n be already present in the `gpg` keyring.","mkosi.md#validation-section"], +[2,"Checksum",[],109,1,6], +[2,"Key",[],111,1,6], +[2,"Passphrase",[],108,1,6], +[2,"SecureBoot",[],98,1,6], +[2,"SecureBootAutoEnroll",[],99,1,6], +[2,"SecureBootCertificate",[],102,1,6], +[2,"SecureBootKey",[],100,1,6], +[2,"SecureBootKeySource",[],101,1,6], +[2,"SecureBootSignTool",[],103,1,6], +[2,"Sign",[],110,1,6], +[2,"SignExpectedPcr","b",107,1,6], +[2,"VerityCertificate",[],106,1,6], +[2,"VerityKey",[],104,1,6], +[2,"VerityKeySource",[],105,1,6], +[6,7,"Host"], +[4,112,"Configure a proxy to be used for all outgoing network connections.\n Various tools that mkosi invokes and for which the proxy can be\n configured are configured to use this proxy. mkosi also sets various\n well-known environment variables to specify the proxy to use for any\n programs it invokes that may need internet access.","mkosi.md#host-section"], +[4,113,"Configure hostnames for which requests should not go through the\n proxy. Takes a comma separated list of hostnames.","mkosi.md#host-section"], +[4,114,"Configure a file containing certificates used to verify the proxy.\n Defaults to the system-wide certificate store.\n\n: Currently, setting a proxy peer certificate is only supported when\n `dnf` or `dnf5` is used to build the image.","mkosi.md#host-section"], +[4,115,"Configure a file containing the certificate used to authenticate the\n client with the proxy.\n\n: Currently, setting a proxy client certificate is only supported when\n `dnf` or `dnf5` is used to build the image.","mkosi.md#host-section"], +[4,116,"Configure a file containing the private key used to authenticate the\n client with the proxy. Defaults to the proxy client certificate if one\n is provided.\n\n: Currently, setting a proxy client key is only supported when `dnf` or\n `dnf5` is used to build the image.","mkosi.md#host-section"], +[4,117,"Enable incremental build mode. In this mode, a copy of the OS image is\n created immediately after all OS packages are installed and the\n prepare scripts have executed but before the `mkosi.build` scripts are\n invoked (or anything that happens after it). On subsequent invocations\n of `mkosi` with the `-i` switch this cached image may be used to skip\n the OS package installation, thus drastically speeding up repetitive\n build times. Note that while there is some rudimentary cache\n invalidation, it is definitely not perfect. In order to force\n rebuilding of the cached image, combine `-i` with `-ff` to ensure the\n cached image is first removed and then re-created.","mkosi.md#host-section"], +[4,118,"Specifies a `.nspawn` settings file for `systemd-nspawn` to use in\n the `boot` and `shell` verbs, and to place next to the generated\n image file. This is useful to configure the `systemd-nspawn`\n environment when the image is run. If this setting is not used but\n an `mkosi.nspawn` file found in the local directory it is\n automatically used for this purpose.","mkosi.md#host-section"], +[4,119,"List of colon-separated paths to look for tools in, before using the\n regular `$PATH` search path.","mkosi.md#host-section"], +[4,120,"Configures the virtual machine monitor to use. Takes one of `qemu` or\n `vmspawn`. Defaults to `qemu`.\n\n: When set to `qemu`, the image is booted with `qemu`. Most output\n formats can be booted in `qemu`. Any arguments specified after the\n verb are appended to the `qemu` invocation and are interpreted as\n extra qemu command line arguments.\n\n: When set to `vmspawn`, `systemd-vmspawn` is used to boot up the image,\n `vmspawn` only supports disk and directory type images. Any arguments\n specified after the verb are appended to the `systemd-vmspawn`\n invocation and are interpreted as extra vmspawn options and extra\n kernel command line arguments.","mkosi.md#host-section"], +[4,121,"If enabled, qemu is executed with its graphical interface instead of\n with a serial console.","mkosi.md#host-section"], +[4,122,"When used with the `qemu` verb, this options sets `qemu`'s `-smp`\n argument which controls the number of guest's CPUs. Defaults to `2`.\n\n: When set to `0`, the number of CPUs available to the mkosi process\n will be used.","mkosi.md#host-section"], +[4,123,"When used with the `qemu` verb, this options sets `qemu`'s `-m`\n argument which controls the amount of guest's RAM. Defaults to `2G`.","mkosi.md#host-section"], +[4,124,"When used with the `qemu` verb, this option specifies whether QEMU should use KVM acceleration. Takes a\n boolean value or `auto`. Defaults to `auto`.","mkosi.md#host-section"], +[4,125,"When used with the `qemu` verb, this option specifies whether QEMU should be configured with a vsock. Takes\n a boolean value or `auto`. Defaults to `auto`.","mkosi.md#host-section"], +[4,126,"When used with the `qemu` verb, this option specifies the vsock\n connection ID to use. Takes a number in the interval `[3, 0xFFFFFFFF)`\n or `hash` or `auto`. Defaults to `auto`. When set to `hash`, the\n connection ID will be derived from the full path to the image. When\n set to `auto`, `mkosi` will try to find a free connection ID\n automatically. Otherwise, the provided number will be used as is.","mkosi.md#host-section"], +[4,127,"When used with the `qemu` verb, this option specifies whether to start an instance of swtpm to be used as a\n TPM with qemu. This requires swtpm to be installed on the host. Takes a boolean value or `auto`. Defaults\n to `auto`.","mkosi.md#host-section"], +[4,128,"When used with the `qemu` verb, this option specifies whether to\n attach the image to the virtual machine as a CD-ROM device. Takes a\n boolean. Defaults to `no`.","mkosi.md#host-section"], +[4,129,"When used with the `qemu` verb, this option specifies which firmware\n to use. Takes one of `uefi`, `uefi-secure-boot`, `bios`, `linux`, or\n `auto`. Defaults to `auto`. When set to `uefi`, the OVMF firmware\n without secure boot support is used. When set to `uefi-secure-boot`,\n the OVMF firmware with secure boot support is used. When set to\n `bios`, the default SeaBIOS firmware is used. When set to `linux`,\n direct kernel boot is used. See the `QemuKernel=` option for more\n details on which kernel image is used with direct kernel boot. When\n set to `auto`, `uefi-secure-boot` is used if possible and `linux`\n otherwise.","mkosi.md#host-section"], +[4,130,"When used with the `qemu` verb, this option specifies the path to the\n the firmware variables file to use. Currently, this option is only\n taken into account when the `uefi` or `uefi-secure-boot` firmware is\n used. If not specified, mkosi will search for the default variables\n file and use that instead.\n\n: When set to `microsoft`, a firmware variables file with the Microsoft\n secure boot certificates already enrolled will be used.\n\n: When set to `custom`, the secure boot certificate from\n `SecureBootCertificate=` will be enrolled into the default firmware\n variables file.\n\n: `virt-fw-vars` from the\n [virt-firmware](https://gitlab.com/kraxel/virt-firmware) project can\n be used to customize OVMF variable files.","mkosi.md#host-section"], +[4,131,"Set the kernel image to use for qemu direct kernel boot. If not\n specified, mkosi will use the kernel provided via the command line\n (`-kernel` option) or latest the kernel that was installed into\n the image (or fail if no kernel was installed into the image).\n\n: Note that when the `cpio` output format is used, direct kernel boot is\n used regardless of the configured firmware. Depending on the\n configured firmware, qemu might boot the kernel itself or using the\n configured firmware.","mkosi.md#host-section"], +[4,132,"Add a qemu drive. Takes a colon-delimited string of format\n `:[:[:]]`. `id` specifies the qemu id we\n assign to the drive. This can be used as the `drive=` property in\n various qemu devices. `size` specifies the size of the drive. This\n takes a size in bytes. Additionally, the suffixes `K`, `M` and `G` can\n be used to specify a size in kilobytes, megabytes and gigabytes\n respectively. `directory` optionally specifies the directory in which\n to create the file backing the drive. `options` optionally specifies\n extra comma-delimited properties which are passed verbatim to qemu's\n `-drive` option.\n\n: Example usage:\n\n ```conf\n [Host]\n QemuDrives=btrfs:10G\n ext4:20G\n QemuArgs=-device nvme,serial=btrfs,drive=btrfs\n -device nvme,serial=ext4,drive=ext4\n ```","mkosi.md#host-section"], +[4,133,"Space-delimited list of additional arguments to pass when invoking\n qemu.","mkosi.md#host-section"], +[4,134,"When used with the `shell`, `boot`, or `qemu` verbs, this option runs the specified verb on a temporary\n snapshot of the output image that is removed immediately when the container terminates. Taking the\n temporary snapshot is more efficient on file systems that support reflinks natively (btrfs or xfs)\n than on more traditional file systems that do not (ext4).","mkosi.md#host-section"], +[4,135,"Set credentials to be passed to systemd-nspawn or qemu respectively\n when `mkosi shell/boot` or `mkosi qemu` are used. This option takes a\n space separated list of values which can be either key=value pairs or\n paths. If a path is provided, if it is a file, the credential name\n will be the name of the file. If the file is executable, the\n credential value will be the output of executing the file. Otherwise,\n the credential value will be the contents of the file. If the path is\n a directory, the same logic applies to each file in the directory.\n\n: Note that values will only be treated as paths if they do not contain\n the delimiter (`=`).","mkosi.md#host-section"], +[4,136,"Set extra kernel command line entries that are appended to the kernel command\n line at runtime when booting the image. When booting in a container, these are\n passed as extra arguments to systemd. When booting in a VM, these are appended\n to the kernel command line via the SMBIOS io.systemd.stub.kernel-cmdline-extra\n OEM string. This will only be picked up by systemd-boot/systemd-stub versions\n newer than or equal to v254.","mkosi.md#host-section"], +[4,137,"If specified, ACLs will be set on any generated root filesystem directories that\n allow the user running mkosi to remove them without needing privileges.","mkosi.md#host-section"], +[4,138,"If specified, programs executed by mkosi to build and boot an image\n are looked up inside the given tree instead of in the host system. Use\n this option to make image builds more reproducible by always using the\n same versions of programs to build the final image instead of whatever\n version is installed on the host system. If this option is not used,\n but the `mkosi.tools/` directory is found in the local directory it is\n automatically used for this purpose with the root directory as target.\n\n: Note if a binary is found in any of the paths configured with\n `ExtraSearchPaths=`, the binary will be executed on the host.\n\n: If set to `default`, mkosi will automatically add an extra tools tree\n image and use it as the tools tree. The following table shows for\n which distributions default tools tree packages are defined and which\n packages are included in those default tools trees:\n\n | | Fedora | CentOS | Debian | Ubuntu | Arch | openSUSE |\n |-------------------------|--------|--------|--------|--------|------|----------|\n | `acl` | X | X | X | X | X | X |\n | `apt` | X | X | X | X | X | |\n | `archlinux-keyring` | X | | X | X | X | |\n | `attr` | X | X | X | X | X | X |\n | `bash` | X | X | X | X | X | X |\n | `btrfs-progs` | X | | X | X | X | X |\n | `bubblewrap` | X | X | X | X | X | X |\n | `ca-certificates` | X | X | X | X | X | X |\n | `coreutils` | X | X | X | X | X | X |\n | `cpio` | X | X | X | X | X | X |\n | `curl` | X | X | X | X | X | X |\n | `debian-keyring` | X | X | X | X | X | |\n | `diffutils` | X | X | X | X | X | X |\n | `distribution-gpg-keys` | X | X | | | | X |\n | `dnf` | X | X | X | X | X | X |\n | `dnf-plugins-core` | X | X | | | | X |\n | `dnf5` | X | | | | | |\n | `dnf5-plugins` | X | | | | | |\n | `dosfstools` | X | X | X | X | X | X |\n | `e2fsprogs` | X | X | X | X | X | X |\n | `edk2-ovmf` | X | X | X | X | X | X |\n | `erofs-utils` | X | | X | X | X | X |\n | `findutils` | X | X | X | X | X | X |\n | `git` | X | X | X | X | X | X |\n | `grep` | X | X | X | X | X | X |\n | `jq` | X | X | X | X | X | X |\n | `kmod` | X | X | X | X | X | X |\n | `less` | X | X | X | X | X | X |\n | `mtools` | X | X | X | X | X | X |\n | `nano` | X | X | X | X | X | X |\n | `openssh` | X | X | X | X | X | X |\n | `openssl` | X | X | X | X | X | X |\n | `sed` | X | X | X | X | X | X |\n | `pacman` | X | | X | X | X | |\n | `pesign` | X | X | X | X | X | X |\n | `policycoreutils` | X | X | X | X | | X |\n | `qemu` | X | X | X | X | X | X |\n | `sbsigntools` | X | | X | X | X | X |\n | `socat` | X | X | X | X | X | X |\n | `squashfs-tools` | X | X | X | X | X | X |\n | `strace` | X | X | X | X | X | X |\n | `swtpm` | X | X | X | X | X | X |\n | `systemd` | X | X | X | X | X | X |\n | `ukify` | X | | X | X | X | X |\n | `tar` | X | X | X | X | X | X |\n | `ubuntu-keyring` | X | X | X | X | X | |\n | `util-linux` | X | X | X | X | X | X |\n | `virtiofsd` | X | X | | | X | X |\n | `virt-firmware` | X | X | | | X | |\n | `xfsprogs` | X | X | X | X | X | X |\n | `xz` | X | X | X | X | X | X |\n | `zstd` | X | X | X | X | X | X |\n | `zypper` | X | | X | X | X | |","mkosi.md#host-section"], +[4,139,"Set the distribution to use for the default tools tree. By default,\n the same distribution as the image that's being built is used, except\n for CentOS and Ubuntu images, in which case Fedora and Debian are used\n respectively.","mkosi.md#host-section"], +[4,140,"Set the distribution release to use for the default tools tree. By\n default, the hardcoded default release in mkosi for the distribution\n is used.","mkosi.md#host-section"], +[4,141,"Set the mirror to use for the default tools tree. By default, the\n default mirror for the tools tree distribution is used.","mkosi.md#host-section"], +[4,142,"Same as `Repositories=` but for the default tools tree.","mkosi.md#host-section"], +[4,143,"Same as `PackageManagerTrees=` but for the default tools tree.","mkosi.md#host-section"], +[4,144,"Extra packages to install into the default tools tree. Takes a comma\n separated list of package specifications. This option may be used\n multiple times in which case the specified package lists are combined.","mkosi.md#host-section"], +[4,145,"Specify whether to use certificates and keys from the tools tree. If\n enabled, `/usr/share/keyrings`, `/usr/share/distribution-gpg-keys`,\n `/etc/pki`, `/etc/ssl`, `/etc/ca-certificates`, `/etc/pacman.d/gnupg`\n and `/var/lib/ca-certificates` from the tools tree are used.\n Otherwise, these directories are picked up from the host.","mkosi.md#host-section"], +[4,146,"Takes a colon separated pair of paths. The first path refers to a\n directory to mount into any machine (container or VM) started by\n mkosi. The second path refers to the target directory inside the\n machine. If the second path is not provided, the directory is mounted\n at `/root/src` in the machine. If the second path is relative, it\n is interpreted relative to `/root/src` in the machine.\n\n: For each mounted directory, the uid and gid of the user running mkosi\n are mapped to the root user in the machine. This means that all the\n files and directories will appear as if they're owned by root in the\n machine, and all new files and directories created by root in the\n machine in these directories will be owned by the user running mkosi\n on the host.\n\n: Note that when using `mkosi qemu` with this feature systemd v254 or\n newer has to be installed in the image.","mkosi.md#host-section"], +[4,147,"If specified, disk images are grown to the specified size when\n they're booted with `mkosi boot` or `mkosi qemu`. Takes a size in\n bytes. Additionally, the suffixes `K`, `M` and `G` can be used to\n specify a size in kilobytes, megabytes and gigabytes respectively.","mkosi.md#host-section"], +[4,148,"Takes a boolean value or `auto`. Specifies whether to mount extra\n scratch space to `/var/tmp`. If enabled, practically unlimited scratch\n space is made available under `/var/tmp` when booting the image with\n `mkosi qemu`, `mkosi boot` or `mkosi shell`.\n\n: Note that using this feature with `mkosi qemu` requires systemd v254\n or newer in the guest.","mkosi.md#host-section"], +[4,149,"Takes one of `user`, `interface` or `none`. Defaults to `user`.\n Specifies the networking to set up when booting the image. `user` sets\n up usermode networking. `interface` sets up a virtual network\n connection between the host and the image. This translates to a veth\n interface for `mkosi shell` and `mkosi boot` and a tap interface for\n `mkosi qemu` and `mkosi vmspawn`.\n\n: Note that when using `interface`, mkosi does not automatically\n configure the host interface. It is expected that a recent version of\n `systemd-networkd` is running on the host which will automatically\n configure the host interface of the link.","mkosi.md#host-section"], +[4,150,"Mount the build sources configured with `BuildSources=` and the build\n directory (if one is configured) to the same locations in `/work` that\n they were mounted to when running the build script when using `mkosi\n boot` or `mkosi qemu`.","mkosi.md#host-section"], +[4,151,"Path to the X509 private key in PEM format to use to connect to a\n virtual machine started with `mkosi qemu` and built with the `Ssh=`\n option enabled via the `mkosi ssh` command. If not configured and\n `mkosi.key` exists in the working directory, it will automatically be\n used for this purpose. Run `mkosi genkey` to automatically generate\n a key in `mkosi.key`.","mkosi.md#host-section"], +[4,152,"Path to the X509 certificate in PEM format to provision as the SSH\n public key in virtual machines started with `mkosi qemu`. If not\n configured and `mkosi.crt` exists in the working directory, it will\n automatically be used for this purpose. Run `mkosi genkey` to\n automatically generate a certificate in `mkosi.crt`.","mkosi.md#host-section"], +[4,153,"Specify the machine name to use when booting the image. Can also be\n used to refer to a specific image when SSH-ing into an image (e.g.\n `mkosi --image=myimage ssh`).\n\n: Note that `Ephemeral=` has to be enabled to start multiple instances\n of the same image.","mkosi.md#host-section"], +[4,154,"Specify the path to which journal logs from containers and virtual\n machines should be forwarded. If the path has the `.journal`\n extension, it is interpreted as a file to which the journal should be\n written. Otherwise, the path is interpreted as a directory to which\n the journal should be written.\n\n: Note that systemd v256 or newer is required in the virtual machine for\n log forwarding to work.\n\n: Note that if a path with the `.journal` extension is given, the\n journal size is limited to `4G`. Configure an output directory instead\n of file if your workload produces more than `4G` worth of journal\n data.","mkosi.md#host-section"], +[2,"Acl",[],137,1,7], +[2,"Credentials",[],135,1,7], +[2,"Ephemeral",[],134,1,7], +[2,"ExtraSearchPaths",[],119,1,7], +[2,"ForwardJournal",[],154,1,7], +[2,"Incremental",[],117,1,7], +[2,"KernelCommandLineExtra",[],136,1,7], +[2,"Machine",[],153,1,7], +[2,"NSpawnSettings",[],118,1,7], +[2,"ProxyClientCertificate",[],115,1,7], +[2,"ProxyClientKey",[],116,1,7], +[2,"ProxyExclude",[],113,1,7], +[2,"ProxyPeerCertificate",[],114,1,7], +[2,"ProxyUrl",[],112,1,7], +[2,"QemuArgs",[],133,1,7], +[2,"QemuCdrom","b",128,1,7], +[2,"QemuDrives",[],132,1,7], +[2,"QemuFirmware",[],129,1,7], +[2,"QemuFirmwareVariables",[],130,1,7], +[2,"QemuGui",[],121,1,7], +[2,"QemuKernel",[],131,1,7], +[2,"QemuKvm","B",124,1,7], +[2,"QemuMem",[],123,1,7], +[2,"QemuSmp",[],122,1,7], +[2,"QemuSwtpm","B",127,1,7], +[2,"QemuVsock","B",125,1,7], +[2,"QemuVsockConnectionId",[],126,1,7], +[2,"RuntimeBuildSources",[],150,1,7], +[2,"RuntimeNetwork",[],149,1,7], +[2,"RuntimeScratch","B",148,1,7], +[2,"RuntimeSize",[],147,1,7], +[2,"RuntimeTrees",[],146,1,7], +[2,"SshCertificate",[],152,1,7], +[2,"SshKey",[],151,1,7], +[2,"ToolsTree",[],138,1,7], +[2,"ToolsTreeCertificates",[],145,1,7], +[2,"ToolsTreeDistribution",[],139,1,7], +[2,"ToolsTreeMirror",[],141,1,7], +[2,"ToolsTreePackageManagerTrees",[],143,1,7], +[2,"ToolsTreePackages",[],144,1,7], +[2,"ToolsTreeRelease",[],140,1,7], +[2,"ToolsTreeRepositories",[],142,1,7], +[2,"VirtualMachineMonitor",[],120,1,7] +] \ No newline at end of file