update mkosi

Signed-off-by: Dominick Grift <dominick.grift@defensec.nl>
author: Dominick Grift <dominick.grift@defensec.nl> 2025-01-25 15:01:20 +0100
committer: Dominick Grift <dominick.grift@defensec.nl> 2025-01-25 15:01:20 +0100
commit: 1347d778548279cc4c10d460d46f58e57eb326a5 (patch)
tree: e6385c16ebd02a03eb267b0333e6fe5a1d8b746b
parent: 0b2d88168939c4efc4fa05fb9e714eaac0eb93df (diff)
download: selinux-policy-1347d778548279cc4c10d460d46f58e57eb326a5.tar.gz
3 files changed, 96 insertions, 102 deletions
diff --git a/.gitignore b/.gitignore
index 955ca96..9a0cebd 100644
--- a/.gitignore
+++ b/.gitignore
@@ -4,14 +4,6 @@
 /policy.*
 /file_contexts
 
-/mkosi.crt
-/mkosi.key
-
-/mkosi.local.conf
-
-/mkosi.builddir
-/mkosi.builddir/
-/mkosi.cache
-/mkosi.cache/
-/mkosi.output
-/mkosi.output/
+/mkosi.*
+!/mkosi.conf
+!/mkosi.prepare.chroot
diff --git a/mkosi.conf b/mkosi.conf
index bab9e33..b0be35f 100644
--- a/mkosi.conf
+++ b/mkosi.conf
@@ -1,107 +1,106 @@
 # SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
 # SPDX-License-Identifier: Unlicense
 
-[Match]
-Distribution=debian
-
-[Distribution]
-Mirror=https://mirror.nl.leaseweb.net/debian/
-Release=testing
-Repositories=
-	contrib
-	non-free
-	non-free-firmware
+[Build]
+BuildDirectory=%D/mkosi.builddir
+CacheDirectory=%D/mkosi.cache
+PackageCacheDirectory=%D/mkosi.pkgcache
+WorkspaceDirectory=/tmp
 
-[Output]
-@BuildDirectory=mkosi.builddir
-@OutputDirectory=mkosi.output
-@PackageCacheDirectory=mkosi.cache
-@WorkspaceDirectory=/tmp
-Format=disk
-Output=dssp5
+[Config]
+MinimumVersion=25
 
 [Content]
-@Hostname=dssp5
-@Keymap=us-euro
-@Locale=en_US.UTF-8
-@Timezone=Europe/Amsterdam
 Autologin=yes
 Bootable=yes
 CleanPackageMetadata=no
-InitrdPackages=
-	dosfstools
-	kmod
-	wireless-regdb
 KernelCommandLine=
-	fbcon=font:TER16x32
-	quiet
-	security=selinux
+    security=selinux
+    fbcon=font:TER16x32
+    quiet
+Keymap=us-euro
+Locale=en_US.UTF-8
+LocaleMessages=en_US.UTF-8
 Packages=
-	acl
-	apt
-	attr
-	bash-completion
-	ca-certificates
-	coreutils
-	cryptsetup-bin
-	dbus-broker
-	dbus-session-bus-common
-	dbus-user-session
-	diffutils
-	dosfstools
-	e2fsprogs
-	fdisk
-	findutils
-	grep
-	kbd
-	kmod
-	less
-	libfido2-1
-	libnss-myhostname
-	libnss-mymachines
-	libnss-resolve
-	libnss-systemd
-	libpam-systemd
-	libqrencode4
-	linux-image-generic
-	locales
-	make
-	nano
-	netcat-openbsd
-	nftables
-	openssh-server
-	openssl
-	policycoreutils
-	polkitd
-	procps
-	python3
-	quota
-	qrencode
-	sed
-	strace
-	systemd
-	systemd-boot
-	systemd-container
-	systemd-resolved
-	systemd-sysv
-	systemd-timesyncd
-	systemd-zram-generator
-	tpm2-tools
-	tree
-	tzdata
-	udev
-	util-linux
-	wireguard-tools
-	xxd
-	zsh
-RemoveFiles=/work
-RootPassword=
+    apt-utils
+    ca-certificates
+    dbus-broker
+    dosfstools
+    kbd
+    less
+    locales
+    libarchive13t64
+    libbpf1
+    libdw1t64
+    libelf1t64
+    libip4tc2
+    libnss-myhostname
+    libnss-resolve
+    libpwquality1
+    login
+    nano
+    ncurses-term
+    netbase
+    openssh-server
+    openssl
+    psmisc
+    qrencode
+    systemd
+    systemd-resolved
+    systemd-timesyncd
+    tree
+    tzdata
+    udev
+    acl
+    bash-completion
+    bsdextrautils
+    cryptsetup-bin
+    dialog
+    efibootmgr
+    fdisk
+    iproute2
+    iputils-ping
+    iputils-tracepath
+    kmod
+    nftables
+    policycoreutils
+    sudo
+    systemd-boot
+    systemd-cryptsetup
+    systemd-repart
+    systemd-sysv
+    systemd-zram-generator
+    tmux
+    tpm2-tools
+    vlock
+    e2fsprogs
+    quota
+    linux-image-cloud-amd64
+    linux-sysctl-defaults
+    rng-tools5
+    make
+RootPassword=IForgotToSetMyRootPassword!
+Timezone=Europe/Amsterdam
 WithDocs=no
 
-[Host]
-@QemuMem=2G
-@QemuSmp=2
-@RuntimeScratch=no
+[Distribution]
+Architecture=x86-64
+Distribution=debian
+Mirror=https://mirror.nl.leaseweb.net/debian
+Release=testing
+Repositories=
+    contrib
+    non-free
+    non-free-firmware
+
+[Output]
+Format=disk
+ImageId=test-mcs
+ImageVersion=0.1
+OutputDirectory=%D/mkosi.output
+
+[Runtime]
+RuntimeScratch=no
 
 [Validation]
 SecureBoot=yes
diff --git a/mkosi.prepare.chroot b/mkosi.prepare.chroot
index 23d902b..3b90bd7 100755
--- a/mkosi.prepare.chroot
+++ b/mkosi.prepare.chroot
@@ -3,6 +3,9 @@
 # SPDX-FileCopyrightText: © 2025 Dominick Grift <dominick.grift@defensec.nl>
 # SPDX-License-Identifier: Unlicense
 
+echo 'en_US.UTF-8 UTF-8' >> /etc/locale.gen
+locale-gen
+
 cat > /etc/selinux/config <<'EOF'
 SELINUX=enforcing
 SELINUXTYPE=dssp5
author	Dominick Grift <dominick.grift@defensec.nl>	2025-01-25 15:01:20 +0100
committer	Dominick Grift <dominick.grift@defensec.nl>	2025-01-25 15:01:20 +0100
commit	1347d778548279cc4c10d460d46f58e57eb326a5 (patch)
tree	e6385c16ebd02a03eb267b0333e6fe5a1d8b746b
parent	0b2d88168939c4efc4fa05fb9e714eaac0eb93df (diff)
download	selinux-policy-1347d778548279cc4c10d460d46f58e57eb326a5.tar.gz