Bump systemd/mkosi from 18 to 20

[dependabot]

Bumps systemd/mkosi from 18 to 20.

Release notes

Sourced from systemd/mkosi's releases.

mkosi v20

• The current working directory is not mounted unconditionally to /work/src anymore. Instead, the default value for BuildSources= now mounts the current working directory to /work/src. This means that the current working directory is no longer implicitly included when BuildSources= is explicitly configured.
• Assigning the empty string to a setting that takes a list of values now overrides any configured default value as well.
• The github action does not build and install systemd from source anymore. Instead, ToolsTree=default can be used to make sure a recent version of systemd is used to do the image build.
• Added EnvironmentFiles= to read environment variables from environment files.
• We drastically reduced how much of the host system we expose to scripts. Aside from /usr, a few directories in /etc, /tmp, /var/tmp and various directories configured in mkosi settings, all host directories are hidden from scripts, package managers and other tools executed by mkosi.
• Added RuntimeScratch= to automatically mount a directory with extra scratch space into mkosi-spawned containers and virtual machines.
• Package manager trees can now be used to configure every tool invoked by mkosi while building an image that reads config files from /etc or /usr.
• Added SELinuxRelabel= to specify whether to relabel selinux files or not.
• Many fixes to tools trees were made and tools trees are now covered by CI. Some combinations aren't possible yet but we're actively working to make these possible.
• mkosi qemu can now direct kernel boot s390x and powerpc images.
• Added HostArchitecture= match to match against the host architecture.
• We don't use the user's SSH public/private keypair anymore for mkosi ssh but instead use a separate key pair which can be generated by mkosi genkey. Users using mkosi ssh will have to run mkosi genkey once to generate the necessary files to keep mkosi ssh working.
• We don't automatically set --offline=no anymore when we detect the Subvolumes= setting is used in a systemd-repart partition definition file. Instead, use the new RepartOffline= option to explicitly disable running systemd-repart in offline mode.
• During the image build we now install UKIs/kernels/initrds to /boot instead of /efi. While this will generally not be noticeable, users with custom systemd-repart ESP partition definitions will need to add CopyFiles=/boot:/ along with the usual CopyFiles=/efi:/ to their ESP partition definitions. By installing UKIs/kernels/initrds to /boot, it becomes possible to use /boot to populate an XBOOTLDR partition which wasn't possible before. Note that this is also safe to do before v20 so CopyFiles=/boot:/ can unconditionally be added to any ESP partition definition files.
• Added QemuFirmwareVariables= to allow specifying a custom OVMF

... (truncated)

Changelog

Sourced from systemd/mkosi's changelog.

v20

• The current working directory is not mounted unconditionally to /work/src anymore. Instead, the default value for BuildSources= now mounts the current working directory to /work/src. This means that the current working directory is no longer implicitly included when BuildSources= is explicitly configured.
• Assigning the empty string to a setting that takes a list of values now overrides any configured default value as well.
• The github action does not build and install systemd from source anymore. Instead, ToolsTree=default can be used to make sure a recent version of systemd is used to do the image build.
• Added EnvironmentFiles= to read environment variables from environment files.
• We drastically reduced how much of the host system we expose to scripts. Aside from /usr, a few directories in /etc, /tmp, /var/tmp and various directories configured in mkosi settings, all host directories are hidden from scripts, package managers and other tools executed by mkosi.
• Added RuntimeScratch= to automatically mount a directory with extra scratch space into mkosi-spawned containers and virtual machines.
• Package manager trees can now be used to configure every tool invoked by mkosi while building an image that reads config files from /etc or /usr.
• Added SELinuxRelabel= to specify whether to relabel selinux files or not.
• Many fixes to tools trees were made and tools trees are now covered by CI. Some combinations aren't possible yet but we're actively working to make these possible.
• mkosi qemu now supports direct kernel boots of s390x and powerpc images.
• Added HostArchitecture= match to match against the host architecture.
• We don't use the user's SSH public/private keypair anymore for mkosi ssh but instead use a separate key pair which can be generated by mkosi genkey. Users using mkosi ssh will have to run mkosi genkey once to generate the necessary files to keep mkosi ssh working.
• We don't automatically set --offline=no anymore when we detect the Subvolumes= setting is used in a systemd-repart partition definition file. Instead, use the new RepartOffline= option to explicitly disable running systemd-repart in offline mode.
• During the image build we now install UKIs/kernels/initrds to /boot instead of /efi. While this will generally not be noticeable, users with custom systemd-repart ESP partition definitions will need to add CopyFiles=/boot:/ along with the usual CopyFiles=/efi:/ to their ESP partition definitions. By installing UKIs/kernels/initrds to /boot, it becomes possible to use /boot to populate an XBOOTLDR partition which wasn't possible before. Note that this is also safe to do before v20 so CopyFiles=/boot:/ can unconditionally be added to any ESP partition definition files.

... (truncated)

Commits

• 443219d Release 20
• dbce89a Make sure SYSTEMD_REPART_MKFS_OPTIONS_<fs> always applies
• f4b1621 Only run mount --make-rslave / if we didn't unshare a user namespace
• 1f6fe87 Merge pull request #2258 from DaanDeMeyer/policycoreutils
• 6a21950 Add policycoreutils to tools trees
• cc04caf Add Ubuntu to tools trees docs packages list
• 69c3789 Merge pull request #2255 from DaanDeMeyer/simplify
• 2227eb2 Unshare IPC namespace when not in relaxed mode
• 0ffba6d Only set --security-label if the filesystem was relabeled
• e8adfc4 Simplify apivfs_cmd() and chroot_cmd()
• Additional commits viewable in compare view

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

---

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

• @dependabot rebase will rebase this PR
• @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
• @dependabot merge will merge this PR after your CI passes on it
• @dependabot squash and merge will squash and merge this PR after your CI passes on it
• @dependabot cancel merge will cancel a previously requested merge and block automerging
• @dependabot reopen will reopen this PR if it is closed
• @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
• @dependabot show <dependency name> ignore conditions will show all of the ignore conditions of the specified dependency
• @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
• @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

[dependabot]

Superseded by #23.