From a893b0d8173dc0aae84ab2f689d0876abed73691 Mon Sep 17 00:00:00 2001 From: josh Date: Sat, 18 Apr 2026 03:13:38 -0400 Subject: [PATCH] live-image: stage agent binary via mkosi.extra MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit mkosi only mounts live-image/ as /work/src, so the postinst couldn't reach the repo-root bin/vetting-agent.linux-amd64 — the build failed in CI with `install: cannot stat '/work/src/bin/vetting-agent.linux-amd64'`. The Makefile now copies the prebuilt agent into mkosi.extra/, which mkosi merges into the image root automatically. The postinst is reduced to creating the multi-user.target.wants symlink. Co-Authored-By: Claude Opus 4.7 --- .gitignore | 4 ++++ live-image/Makefile | 10 ++++++++-- live-image/mkosi.postinst | 15 +++++---------- 3 files changed, 17 insertions(+), 12 deletions(-) diff --git a/.gitignore b/.gitignore index 91632f4..2832fd5 100644 --- a/.gitignore +++ b/.gitignore @@ -12,6 +12,10 @@ vetting.yaml !deploy/vetting.example.yaml live-image/out/ +live-image/mkosi.extra/ +live-image/mkosi.cache/ +live-image/mkosi.output/ +live-image/build/ .vscode/ .idea/ .claude/ diff --git a/live-image/Makefile b/live-image/Makefile index 0508fbb..9a2eb7a 100644 --- a/live-image/Makefile +++ b/live-image/Makefile @@ -10,9 +10,10 @@ endif REPO_ROOT := $(abspath ..) AGENT_BIN := $(REPO_ROOT)/bin/vetting-agent.linux-amd64 +MKOSI_EXTRA_AGENT := mkosi.extra/usr/local/sbin/vetting-agent .PHONY: all check-linux agent clean -all: check-linux agent +all: check-linux $(MKOSI_EXTRA_AGENT) mkosi --force build agent: $(AGENT_BIN) @@ -20,6 +21,11 @@ agent: $(AGENT_BIN) $(AGENT_BIN): cd $(REPO_ROOT) && GOOS=linux GOARCH=amd64 go build -o $(AGENT_BIN) ./cmd/vetting-agent +# Stage the prebuilt agent into mkosi.extra/ so mkosi copies it into the +# image root without the postinst needing to reach outside the source tree. +$(MKOSI_EXTRA_AGENT): $(AGENT_BIN) + install -D -m 0755 $< $@ + check-linux: ifneq ($(UNAME_S),Linux) @echo "ERROR: live-image must be built on Linux (you're on $(UNAME_S))." @@ -29,4 +35,4 @@ endif @command -v mkosi >/dev/null 2>&1 || { echo "ERROR: mkosi not installed. Try: apt install mkosi"; exit 1; } clean: - rm -rf build mkosi.output mkosi.cache + rm -rf build mkosi.output mkosi.cache mkosi.extra diff --git a/live-image/mkosi.postinst b/live-image/mkosi.postinst index 09e5e18..aea9cfd 100755 --- a/live-image/mkosi.postinst +++ b/live-image/mkosi.postinst @@ -1,15 +1,10 @@ #!/bin/sh -# mkosi postinst: install the vetting-agent binary and its systemd unit -# into the image. The binary must already be built for linux-amd64 at -# repo root under bin/vetting-agent.linux-amd64 (the top-level Makefile -# does this via `make agent-linux`). +# mkosi postinst: enable the vetting-agent service. The binary lands in +# the image via mkosi.extra/ (staged by the live-image Makefile from +# ../bin/vetting-agent.linux-amd64); the service unit lands via +# mkosi.skeleton/. All we need here is the multi-user.target symlink. set -eu -AGENT_BIN="${SRCDIR:-..}/bin/vetting-agent.linux-amd64" - -install -D -m 0755 "$AGENT_BIN" "$BUILDROOT/usr/local/sbin/vetting-agent" -install -D -m 0644 "$SRCDIR/mkosi.skeleton/etc/systemd/system/vetting-agent.service" \ - "$BUILDROOT/etc/systemd/system/vetting-agent.service" - +mkdir -p "$BUILDROOT/etc/systemd/system/multi-user.target.wants" ln -sf /etc/systemd/system/vetting-agent.service \ "$BUILDROOT/etc/systemd/system/multi-user.target.wants/vetting-agent.service"