josh/Vetting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
f79fe0f0db7bacedcb3940d2096bab58691179f5
Vetting/live-image/mkosi.conf
T
josh e73e31af92
CI / Lint + build + test (push) Successful in 1m32s
Details
Release / release (push) Successful in 6m28s
Details
live-image: install stage tools and fail loudly if any are missing 
The live image was still carrying the Phase 2 package list, so SMART,
CPUStress, and Network each hit a LookPath miss and returned
pass-with-skip. A run that skipped every real check still ended in
"completed" — nothing on the report said the image was broken.

Add smartmontools, stress-ng, fio, iperf3, lshw, lm-sensors,
e2fsprogs, and util-linux to mkosi.conf. Flip the three stages from
skip-pass to fail when their binary is missing so any future
packaging regression blocks the run instead of whispering past it.
Legitimate "no hardware" skips (no GPU, no hwmon, no disks,
non-destructive) are untouched.

Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
2026-04-18 16:39:28 -04:00

75 lines
2.3 KiB
Plaintext
Raw Blame History

# Vetting live image (Phase 2 skeleton).
#
# Produces a Debian-based rootfs packaged as squashfs plus a kernel
# image, ready to be served over HTTP to iPXE. The image is deliberately
# small: only what the agent needs to run Phase 2 (the Hello / Claim /
# Heartbeat loop). Phase 4+ adds smartctl, stress-ng, fio, iperf3, etc.
[Distribution]
Distribution=debian
Release=bookworm
# non-free-firmware is where bookworm landed i915 GuC/HuC, iwlwifi,
# amdgpu, nvidia-*, realtek NIC firmware, etc. — anything we'd want
# when PXE-booting a random repaired host. Without it i915 wedges
# on Tiger Lake+ and drags the serial console with it.
#
# Belt-and-suspenders: mkosi.sources.d/debian.sources ships an
# explicit deb822 sources drop-in so the bootstrap step sees the
# component regardless of how this shorthand is interpreted by the
# mkosi version doing the build.
Repositories=main non-free-firmware
[Output]
Format=directory
Output=build
[Content]
# PXE live image — iPXE loads vmlinuz+initrd from TFTP, so the rootfs
# itself doesn't need an EFI bootloader. Bootable=no skips mkosi's
# systemd-boot/bootctl dance; we still get /vmlinuz + /initrd.img
# symlinks courtesy of the linux-image-amd64 postinst.
Bootable=no
BuildPackages=
Packages=
systemd
systemd-sysv
udev
linux-image-amd64
live-boot
iproute2
iputils-ping
openssh-server
ca-certificates
curl
dmidecode
pciutils
usbutils
initramfs-tools
zstd
# Stage binaries. Every package here backs a stage the agent runs —
# if any one goes missing the corresponding stage now fails the run
# (was: pass-with-skip). Keep this list in sync with agent/tests.
smartmontools
stress-ng
fio
iperf3
lshw
lm-sensors
e2fsprogs
util-linux
# Firmware. firmware-linux-nonfree on bookworm is a thin metapackage
# that does NOT pull i915 GuC/HuC — those live in firmware-misc-nonfree.
# Enumerate explicitly so the blob for whatever hardware we boot on
# actually lands in /lib/firmware and then in the initrd.
firmware-misc-nonfree
firmware-iwlwifi
firmware-realtek
firmware-amd-graphics
firmware-intel-sound
intel-microcode
amd64-microcode
firmware-linux-nonfree
[Host]
# Copy the prebuilt Go agent in from the repo root via postinst.
Reference in New Issue View Git Blame Copy Permalink