Skip to content

Buildstream#4149

Draft
daandemeyer wants to merge 3 commits intosystemd:mainfrom
daandemeyer:buildstream
Draft

Buildstream#4149
daandemeyer wants to merge 3 commits intosystemd:mainfrom
daandemeyer:buildstream

Conversation

@daandemeyer
Copy link
Contributor

@daandemeyer daandemeyer commented Feb 4, 2026

This will stay in draft until gnomeos has the necessary elements in place to allow properly integrating with mkosi so I can test this end-to-end.

cc @AdrianVovk

@abderrahim
Copy link

abderrahim commented Feb 8, 2026

I'm seeing the following error when buildstream tries to call bubblewrap to run a build

    bwrap: Unexpected capabilities but not setuid, old file caps config?

@daandemeyer
Copy link
Contributor Author

daandemeyer commented Feb 8, 2026

@abderrahim Yeah I ran into that and various other errors when I was still using bubblewrap in mkosi as well. I consider it to be a totally broken check in bubblewrap. It should not fail when running unprivileged with capabilities, it's a totally valid use case. But the upstream is pretty much dead unfortunately.

We can avoid the check by pretending we're root (while still setting HOME to the user home directory to reuse the cache). I'll push an update to that effect, please try again then.

@daandemeyer daandemeyer force-pushed the buildstream branch 2 times, most recently from 7519755 to 0496128 Compare February 9, 2026 11:44
@aleixpol
Copy link

aleixpol commented Feb 23, 2026

Hi, I was asked to look into this and give it a go as I have been looking into working on something very similar. 👍

I was wondering what the ultimate goal is here. As I understand in here we are only changing the need for having a script such as:

bst build awesomeos.bst
bst artifact checkout awesomeos.bst --directory aweseomerootfs
mkosi ....

into just calling mkosi and having it configured to look at the buildstream files in the directory. It's true it does save an intermediary script but it also makes it harder to, for example, pass extra arguments to bst (-C comes to mind).

It also occurs to me this means we are relying on mkosi to be part of the OS in which the image is getting built. Is that what we are after? I would expect one to have a mkosi.bst element and then have BuildStream build the final image. Does that make sense?

@abderrahim
Copy link

abderrahim commented Feb 23, 2026

Hi, I was asked to look into this and give it a go as I have been looking into working on something very similar. 👍

I was wondering what the ultimate goal is here. As I understand in here we are only changing the need for having a script such as:

bst build awesomeos.bst
bst artifact checkout awesomeos.bst --directory aweseomerootfs
mkosi ....

In a way, maybe. https://gitlab.com/freedesktop-sdk/mkbstosi was an attempt at such a script.

Ultimately, it would be nice to have things directly in mkosi and not have to install a third project. There are also a few complications with trying to call mkosi on a directory structure.

into just calling mkosi and having it configured to look at the buildstream files in the directory. It's true it does save an intermediary script but it also makes it harder to, for example, pass extra arguments to bst (-C comes to mind).

Do you often need to call bst -C? I kinda find that to be a niche feature: you almost always want to run bst from the project directory (or from a workspace, which is also a feature we discussed).

Either way, if it's something that's useful I guess it can be added.

It also occurs to me this means we are relying on mkosi to be part of the OS in which the image is getting built. Is that what we are after?

Yeah, mkosi would be another dependency in addition to buildstream.

I would expect one to have a mkosi.bst element and then have BuildStream build the final image. Does that make sense?

That would be nice, but

  1. that's not how mkosi works: it expects to run its own sandbox and that wouldn't work inside the buildstream sandbox
  2. there are a few things that make it hard to work on an OS build like that from within buildstream. Things such as secrets and version numbers.
  3. mkosi has other features than building an OS (e.g. running in nspawn/qemu) that make it useful to have on your development machine anyway.

So in a way, it's a trade off and we (GNOME OS) are pretty happy with it. I thought it might be useful to you too :)

daandemeyer and others added 3 commits February 23, 2026 20:24
@daandemeyer
kmod: Don't insist on kernel images being suffixed with -
b9884e7 
Since we don't require the version to be in the kernel image
filename anymore, let's not insist on the - anymore.
@daandemeyer
run: Always bind-mount non-canonical directories in /
dce8b65 
In weird CI setups or such, there might be stuff in non-canonical
directories in /. This stuff only has a minimal chance to affect the
image build accidentally, so let's mount them in by default in case
the image build actually does need to look up stuff in these directories.
@daandemeyer
Add BuildStream support
6744421 
The GnomeOS folks are looking into mkosi to build their images instead
of BuildStream. While BuildStream will still take care of providing the
rootfs tree, mkosi would take over the responsibility of packaging that
directory tree into a disk image.

Let's add support for BuildStream to mkosi to make this possible. Unlike
the other supported distributions, BuildStream is not intended to be consumed
by installing individual packages. Instead, BuildStream elements should be
exposed which provide the full rootfs that should go into the image. That's
why we limit the number of packages that can be specified to a single one, which
should always provide all contents that should go into the image.
@abderrahim
Copy link

abderrahim commented Feb 25, 2026

@daandemeyer I'm noticing a weird behaviour with this MR. When I set Bootable=yes, the "Installing BuildStream" step seems to do nothing, and the subsequent "Generating hardware database" step fails. Is this a bug, or am I doing something wrong?

aleixpol
aleixpol reviewed Mar 6, 2026
View reviewed changes
mkosi/installer/bst.py
Comment on lines +39 to +43
) -> None:
options = [
"--same-dir",
*context.rootoptions(),
# bst might need to lookup files/paths across the user's home directory so make sure it is
Copy link

@aleixpol aleixpol Mar 6, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
) -> None:
options = [
"--same-dir",
*context.rootoptions(),
# bst might need to lookup files/paths across the user's home directory so make sure it is
) -> None:
options = [
"--same-dir",
*context.rootoptions(),
# we are passing --same-dir. Ensure the current working directory to make chdir() reliable.
"--bind", Path.cwd(), Path.cwd(),
# bst might need to lookup files/paths across the user's home directory so make sure it is

I needed this to run it properly, I'm running it from distrobox and it does weird things to the home directory. Regardless, passing the directory we run it from seems sound.

abderrahim
abderrahim reviewed Mar 7, 2026
View reviewed changes
mkosi/resources/mkosi-initrd/mkosi.conf.d/buildstream.conf
[Content]
# BuildStream is a generic distribution so we don't know which package to install, hence override to the
# empty list.
Packages=
Copy link

@abderrahim abderrahim Mar 7, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I found the issue: this file gets loaded last (after mkosi-initrd/mkosi.conf and after the user provided mkosi.conf and mkosi.initrd.conf) so it overrides the packages to the empty list.

(as I workaround I removed this line, and the Packages list from mkosi-initrd/mkosi.conf, which obviously breaks other distros)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

2 more reviewers

@abderrahim abderrahim abderrahim left review comments

@aleixpol aleixpol aleixpol left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@daandemeyer @abderrahim @aleixpol