systemd · elmarco · Jan 13, 2026 · Jan 13, 2026 · Jan 13, 2026 · Jan 13, 2026
diff --git a/README.md b/README.md
@@ -33,7 +33,7 @@ might have to add `~/.local/bin` to your user's `PATH`.
 
 ```shell
 git clone https://github.com/systemd/mkosi
-ln -s $PWD/mkosi/bin/mkosi ~/.local/bin/mkosi
+ln -s $PWD/bin/mkosi ~/.local/bin/mkosi
 mkosi --version
 ```
 

diff --git a/mkosi/resources/mkosi-tools/mkosi.conf.d/fedora/mkosi.conf b/mkosi/resources/mkosi-tools/mkosi.conf.d/fedora/mkosi.conf
@@ -12,3 +12,4 @@ Packages=
         erofs-utils
         pkcs11-provider
         python3-pefile
+        systemd-boot-unsigned
diff --git a/mkosi/tree.py b/mkosi/tree.py
@@ -98,6 +98,12 @@ def tree_has_selinux_xattr(path: Path) -> bool:
     )
 
 
+def tree_has_ima_xattr(path: Path) -> bool:
+    return any(
+        "security.ima" in os.listxattr(p, follow_symlinks=False) for p in (path, *path.rglob("*"))
+    )
-    return any(
-        "security.ima" in os.listxattr(p, follow_symlinks=False) for p in (path, *path.rglob("*"))
-    )
+    return any("security.ima" in os.listxattr(p, follow_symlinks=False) for p in (path, *path.rglob("*")))
-    return any(
-        "security.ima" in os.listxattr(p, follow_symlinks=False) for p in (path, *path.rglob("*"))
-    )
+    return any("security.ima" in os.listxattr(p, follow_symlinks=False) for p in (path, *path.rglob("*")))
+
+
 def copy_tree(
     src: Path,
     dst: Path,
@@ -118,9 +124,16 @@ def copy_tree(
     attrs = "mode,links"
     if preserve:
         attrs += ",timestamps,ownership"
+        with_xattrs = True
 
         # Trying to copy selinux xattrs to overlayfs fails with "Operation not supported" in containers.
         if statfs(os.fspath(dst.parent)) != OVERLAYFS_SUPER_MAGIC or not tree_has_selinux_xattr(src):
+            with_xattrs = False
+
+        if tree_has_ima_xattr(src):
+            with_xattrs = False
+
+        if with_xattrs:
             attrs += ",xattr"
 
     def copy() -> None: