josh/Vetting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

live-image: generate initrd explicitly; fail release on missing files
CI / Lint + build + test (push) Successful in 1m47s
Details
Release / release (push) Failing after 2m28s
Details

Browse Source 
Two bugs chained together to ship a broken bundle:

1. With Bootable=no, mkosi skips update-initramfs, so no
   /boot/initrd.img-<kver> ever gets generated inside the rootfs.
   The postinst now runs update-initramfs via chroot to produce it.

2. The `make release` recipe chained its `cp` calls with `;`, so
   a missing live-image/build/initrd.img silently failed and the
   bundle still got tarred + uploaded. Adding `set -e` at the top
   of the recipe makes any missing component fail the build loudly
   instead of shipping a half-bundle.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
This commit is contained in:
Josh Wright
2026-04-18 10:47:26 -04:00
parent f927a4a66b
commit 41a273b47f
2 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Makefile
+2 -1
View File
@@ -75,7 +75,8 @@ release: orchestrator-linux agent-linux live-image ## Build the scp-and-go relea
ifneq ($(findstring Windows,$(UNAME_S))$(findstring MINGW,$(UNAME_S))$(findstring MSYS,$(UNAME_S)),) ifneq ($(findstring Windows,$(UNAME_S))$(findstring MINGW,$(UNAME_S))$(findstring MSYS,$(UNAME_S)),)
@echo "ERROR: make release must be run from Linux/WSL (live-image dep needs mkosi)." && exit 1 @echo "ERROR: make release must be run from Linux/WSL (live-image dep needs mkosi)." && exit 1
endif endif
@stamp=vetting-bundle-$(GIT_SHA); \ @set -e; \
stamp=vetting-bundle-$(GIT_SHA); \
rm -rf build/$$stamp bin/$$stamp.tar.gz; \ rm -rf build/$$stamp bin/$$stamp.tar.gz; \
mkdir -p build/$$stamp/bin build/$$stamp/live-image; \ mkdir -p build/$$stamp/bin build/$$stamp/live-image; \
cp bin/vetting-linux-amd64 bin/vetting-agent.linux-amd64 build/$$stamp/bin/; \ cp bin/vetting-linux-amd64 bin/vetting-agent.linux-amd64 build/$$stamp/bin/; \
live-image/mkosi.postinst
+11 -4
View File
@@ -1,10 +1,17 @@
#!/bin/sh #!/bin/sh
# mkosi postinst: enable the vetting-agent service. The binary lands in # mkosi postinst: enable the vetting-agent service and generate the
# the image via mkosi.extra/ (staged by the live-image Makefile from # initrd. The binary lands in the image via mkosi.extra/ (staged by the
# ../bin/vetting-agent.linux-amd64); the service unit lands via # live-image Makefile from ../bin/vetting-agent.linux-amd64); the
# mkosi.skeleton/. All we need here is the multi-user.target symlink. # service unit lands via mkosi.skeleton/.
set -eu set -eu
mkdir -p "$BUILDROOT/etc/systemd/system/multi-user.target.wants" mkdir -p "$BUILDROOT/etc/systemd/system/multi-user.target.wants"
ln -sf /etc/systemd/system/vetting-agent.service \ ln -sf /etc/systemd/system/vetting-agent.service \
"$BUILDROOT/etc/systemd/system/multi-user.target.wants/vetting-agent.service" "$BUILDROOT/etc/systemd/system/multi-user.target.wants/vetting-agent.service"
# Bootable=no means mkosi won't run update-initramfs for us, and the
# deferred initramfs-tools trigger inside the chroot doesn't actually
# generate /boot/initrd.img-<kver>. Do it explicitly so the top-level
# Makefile's cp of live-image/build/initrd.img has something to copy.
kver=$(ls "$BUILDROOT/lib/modules/" | head -n1)
chroot "$BUILDROOT" update-initramfs -c -k "$kver"