diff -Nru livecd-rootfs-23.10.59~rebuild2~ppa2/debian/changelog livecd-rootfs-23.10.60~ppa1/debian/changelog --- livecd-rootfs-23.10.59~rebuild2~ppa2/debian/changelog 2024-02-07 18:37:26.000000000 +0000 +++ livecd-rootfs-23.10.60~ppa1/debian/changelog 2024-04-14 20:48:13.000000000 +0000 @@ -1,23 +1,20 @@ -livecd-rootfs (23.10.59~rebuild2~ppa2) mantic; urgency=medium +livecd-rootfs (23.10.60~ppa1) mantic; urgency=medium - * auto/config, auto/build, functions: Add some code to make building against - a rebuild archive easier (such a build will still require a sourceful - change, but that seems OK). - * Store the to-be-installed kernel package name in the live environment's - /etc rather than /run and remove a now-obsolete initramfs script. - * Consolidate the logic for mapping a flavor to a kernel metapkg into one - place. - * Use an unsigned kernel when building a server installer from a rebuild - archive. - * Add a terrible hack to use an unsigned kernel when building most other - images from a rebuild archive. + * Build images out of the release pocket only. - -- Michael Hudson-Doyle Thu, 08 Feb 2024 07:37:26 +1300 + -- Michael Hudson-Doyle Mon, 15 Apr 2024 08:48:13 +1200 + +livecd-rootfs (23.10.59) mantic; urgency=medium + + * Use Ubuntu policy default channel "latest" for preseeded snaps + (LP: #2061121) + + -- Philip Roche Fri, 12 Apr 2024 12:37:29 +0100 livecd-rootfs (23.10.58) mantic; urgency=medium [ Simon Poirier ] - * fix: add back systemd-resolved to buildd images. + * fix: add back systemd-resolved to buildd images (LP: #2007419) -- Dimitri John Ledkov Wed, 03 Jan 2024 15:17:17 +0000 diff -Nru livecd-rootfs-23.10.59~rebuild2~ppa2/debian/control livecd-rootfs-23.10.60~ppa1/debian/control --- livecd-rootfs-23.10.59~rebuild2~ppa2/debian/control 2024-02-07 00:19:22.000000000 +0000 +++ livecd-rootfs-23.10.60~ppa1/debian/control 2024-04-13 22:33:49.000000000 +0000 @@ -44,7 +44,6 @@ u-boot-tools [arm64 armhf], python3-vmdkstream [amd64 i386], xorriso [!i386], - wget, xz-utils, zerofree, zstd diff -Nru livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/auto/build livecd-rootfs-23.10.60~ppa1/live-build/auto/build --- livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/auto/build 2024-02-07 00:19:22.000000000 +0000 +++ livecd-rootfs-23.10.60~ppa1/live-build/auto/build 2024-04-14 20:45:03.000000000 +0000 @@ -163,9 +163,6 @@ GPG_PROCESS=$! fi - if [ -e ./config/rebuild-archive-keyring.gpg ]; then - export DEBOOTSTRAP_OPTIONS='--keyring ./config/rebuild-archive-keyring.gpg' - fi lb bootstrap "$@" case $PROJECT:${SUBPROJECT:-} in diff -Nru livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/auto/config livecd-rootfs-23.10.60~ppa1/live-build/auto/config --- livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/auto/config 2024-02-07 03:33:00.000000000 +0000 +++ livecd-rootfs-23.10.60~ppa1/live-build/auto/config 2024-04-14 20:47:41.000000000 +0000 @@ -1,46 +1,19 @@ #! /bin/sh -set -ex +set -e if [ -e config/germinate-output ]; then - mv -T config/germinate-output germ-tmp - rm -rf config - mkdir config - mv -T germ-tmp config/germinate-output + mv -T config/germinate-output germ-tmp + rm -rf config + mkdir config + mv -T germ-tmp config/germinate-output else - rm -rf config - mkdir config + rm -rf config fi echo "Building on $(hostname --fqdn)" -OPTS= - -REBUILDARCHIVENAME= - SEEDMIRROR=https://ubuntu-archive-team.ubuntu.com/seeds/ -if [ -n "$REBUILDARCHIVENAME" ]; then - EXTMIRROR=http://rebuild-test.ubuntu.com/ubuntu-$REBUILDARCHIVENAME/ubuntu/ - case $(hostname --fqdn) in - *.ubuntu.com|*.buildd|*.ppa|*.scalingstack) - MIRROR=http://rebuild-test.internal/ubuntu-$REBUILDARCHIVENAME/ubuntu/ - SEEDMIRROR=http://archive-team.internal/seeds/ - ;; - *) - MIRROR=$EXTMIRROR - ;; - esac - - # Assume the rebuild archive does not publish security or updates pockets. - OPTS="$OPTS --security false --volatile false --mirror-binary=${EXTMIRROR}" - - wget -O- https://api.launchpad.net/devel/ubuntu/+archive/$REBUILDARCHIVENAME?ws.op=getSigningKeyData \ - | python3 -c 'import sys, json; print(json.load(sys.stdin))' \ - | gpg --import --no-default-keyring --keyring ./config/rebuild-archive-keyring.gpg - - mkdir -p config/archives - gpg --no-default-keyring --keyring ./config/rebuild-archive-keyring.gpg \ - --output config/archives/rebuild-archive.key.chroot --export -elif [ -z "$MIRROR" ]; then +if [ -z "$MIRROR" ]; then case $(hostname --fqdn) in *.ubuntu.com|*.buildd|*.ppa|*.scalingstack) MIRROR=http://ftpmaster.internal/ubuntu/ @@ -55,8 +28,6 @@ esac fi -REBUILDARCHIVENAME=1 - mkdir -p config cp -af /usr/share/livecd-rootfs/live-build/functions config/functions cp -af /usr/share/livecd-rootfs/live-build/lb_*_layered config/ @@ -68,6 +39,7 @@ . config/functions +OPTS="--security false --volatile false" COMPONENTS= BINARY_REMOVE_LINUX=: BINARY_IMAGES=none @@ -696,14 +668,8 @@ if [ -n "$COMPONENTS" ]; then GERMINATE_ARG="-c $(echo $COMPONENTS | sed -e's/ \+/,/g')" fi - if [ -n "$REBUILDARCHIVENAME" ]; then - # Rebuild archives do not have pockets - SUITES=$SUITE - else - SUITES=$SUITE,$SUITE-updates - fi (cd config/germinate-output && germinate --no-rdepends --no-installer \ - -S $SEEDMIRROR -m $MIRROR -d $SUITES -s $FLAVOUR.$SUITE \ + -S $SEEDMIRROR -m $MIRROR -d $SUITE -s $FLAVOUR.$SUITE \ $GERMINATE_ARG -a $ARCH) fi @@ -967,38 +933,44 @@ # time only one kernel is offered. case ${SUBARCH:-} in intel-iot) - flavors='intel-iotg' + variants='intel' ;; tegra) - flavors='nvidia-tegra' + variants='tegra' ;; tegra-igx) - flavors='nvidia-tegra-igx' + variants='tegra-igx' ;; *) - # flavors='generic generic-hwe' - flavors='generic' + # variants='ga hwe' + variants='ga' ;; esac - for flavor in $flavors; do - metapkg=$(kernel_flavour_to_metapkg $flavor) - - if [ -n "$REBUILDARCHIVENAME" ]; then - # Install an unsigned kernel for an image built from the rebuild - # archive as building signed kernels there is tedious. - - header_meta=$(echo $metapkg | sed -e s/^linux-/linux-headers-/) - unsigned_image_pkg=$(unsigned_kernel_package_name $metapkg) - - pkgs="$header_meta $unsigned_image_pkg" + for variant in $variants; do + if [ "$variant" = "ga" ]; then + kernel_metapkg=linux-generic + flavor=generic + elif [ "$variant" = "hwe" ]; then + kernel_metapkg=linux-generic-hwe-$(lsb_release -sr) + flavor=generic-hwe + elif [ "$variant" = "intel" ]; then + kernel_metapkg=linux-intel-iotg + flavor=intel-iotg + elif [ "$variant" = "tegra" ]; then + kernel_metapkg=linux-nvidia-tegra + flavor=nvidia-tegra + elif [ "$variant" = "tegra-igx" ]; then + kernel_metapkg=linux-nvidia-tegra-igx + flavor=nvidia-tegra-igx else - pkgs="$metapkg" + echo "bogus variant: $variant" + exit 1 fi - add_package ubuntu-server-minimal.ubuntu-server.installer.$flavor $pkgs + + add_package ubuntu-server-minimal.ubuntu-server.installer.$flavor $kernel_metapkg LIVE_PASSES="${LIVE_PASSES:+$LIVE_PASSES }ubuntu-server-minimal.ubuntu-server.installer.$flavor" done - case $ARCH in amd64) add_package ubuntu-server-minimal.ubuntu-server.installer.generic.netboot grub-pc shim-signed pxelinux @@ -1277,16 +1249,11 @@ ;; esac -if [ -n "$KERNEL_FLAVOURS" ] && [ "$KERNEL_FLAVOURS" != "none" ] && [ -n "$REBUILDARCHIVENAME" ]; then - package="$(unsigned_kernel_package_name linux-$KERNEL_FLAVOURS | sed -e "s/-$KERNEL_FLAVOURS//")" - KERNEL_FLAVOURS=${package##*-} - OPTS="${OPTS:+$OPTS }--linux-packages=${package%-*}" -fi - lb config noauto \ --mode ubuntu \ --distribution "$SUITE" \ --iso-preparer "livecd-rootfs" \ + --bootstrap-keyring ubuntu-keyring \ --binary-images "$BINARY_IMAGES" \ --memtest "$MEMTEST" \ $SOURCE \ @@ -1325,7 +1292,6 @@ if [ -n "$LIVE_PASSES" ]; then echo "LIVE_PASSES=\"$LIVE_PASSES\"" >> config/common fi -echo "REBUILDARCHIVENAME=\"$REBUILDARCHIVENAME\"" >> config/common echo "LB_BINARY_HOOKS=\"$BINARY_HOOKS\"" >> config/binary echo "BUILDSTAMP=\"$NOW\"" >> config/binary echo "SUBPROJECT=\"${SUBPROJECT:-}\"" >> config/binary @@ -1444,8 +1410,6 @@ cat > config/archives/dvd.list.binary << EOF deb $LB_PARENT_MIRROR_BINARY $SUITE universe multiverse -deb $LB_PARENT_MIRROR_BINARY_VOLATILE $SUITE-updates universe multiverse -deb $LB_PARENT_MIRROR_BINARY_SECURITY $SUITE-security universe multiverse EOF if [ "$PROPOSED" ]; then cat >> config/archives/dvd.list.binary << EOF diff -Nru livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/functions livecd-rootfs-23.10.60~ppa1/live-build/functions --- livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/functions 2024-02-07 00:19:22.000000000 +0000 +++ livecd-rootfs-23.10.60~ppa1/live-build/functions 2024-04-14 20:47:50.000000000 +0000 @@ -730,7 +730,7 @@ CHANNEL=${2#*=} ;; *) - CHANNEL="stable/ubuntu-$(release_ver)" + CHANNEL="latest/stable/ubuntu-$(release_ver)" ;; esac fi @@ -853,30 +853,22 @@ } configure_universe() { - if [ -f config/universe-enabled ]; then - if [ $LB_VOLATILE = "true" ]; then - # This is cargo-culted almost verbatim (with some syntax changes for - # preinstalled being slightly different in what it doesn't ask) from - # debian-installer's apt-setup: + if [ -f config/universe-enabled ]; then + # This is cargo-culted almost verbatim (with some syntax changes for + # preinstalled being slightly different in what it doesn't ask) from + # debian-installer's apt-setup: - cat > chroot/etc/apt/sources.list << EOF + cat > chroot/etc/apt/sources.list << EOF # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to # newer versions of the distribution. deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted # deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted -## Major bug fix updates produced after the final release of the -## distribution. -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted - ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team. Also, please note that software in universe WILL NOT receive any ## review or updates from the Ubuntu security team. deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe # deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe ## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu ## team, and may not be under a free licence. Please satisfy yourself as to @@ -885,8 +877,6 @@ ## security team. deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse # deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse ## N.B. software from this repository may not have been tested as ## extensively as that contained in the main release, although it includes @@ -895,33 +885,9 @@ ## or updates from the Ubuntu security team. deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse # deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse - -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse -EOF - else - # We only expect to fall into this path when building for a rebuild archive. - if [ "$LB_PARENT_MIRROR_BINARY" = "http://archive.ubuntu.com/ubuntu/" ] || - [ "$LB_PARENT_MIRROR_BINARY" = "http://archive.ubuntu.com/ubuntu/" ]; then - echo "Unexpected LB_VOLATILE=false" >&2 - exit 1 - fi - cat > chroot/etc/apt/sources.list << EOF -# This install was created from a rebuild archive and should not be -# treated as a regular Ubuntu installation. -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse EOF - fi - fi + +fi } configure_oci() { @@ -1276,28 +1242,3 @@ chroot "$rootdir" apt-get install --reinstall -y snapd teardown_mountpoint "$rootdir" } - - -kernel_flavour_to_metapkg () { - case $1 in - generic-hwe) - echo linux-generic-hwe-$(lsb_release -sr) - ;; - generic-64k-hwe) - echo linux-generic-64k-hwe-$(lsb_release -sr) - ;; - generic|generic-64k|intel-iotg|nvidia-tegra|nvidia-tegra-igx) - echo linux-$1 - ;; - *) - echo "bogus kernel flavor: $1" - exit 1 - ;; - esac -} - -unsigned_kernel_package_name() { - image_meta=$(echo $1 | sed -e s/^linux-/linux-image-/) - image_pkg=$(apt-cache show --no-all-versions $image_meta | grep-dctrl -nsDepends linux | sed -e 's/, /\n/g' | grep ^linux-image) - echo $image_pkg | sed s/linux-image/linux-image-unsigned/ -} diff -Nru livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/ubuntu-server/hooks/03-kernel-metapkg.chroot_early livecd-rootfs-23.10.60~ppa1/live-build/ubuntu-server/hooks/03-kernel-metapkg.chroot_early --- livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/ubuntu-server/hooks/03-kernel-metapkg.chroot_early 2024-01-29 09:29:06.000000000 +0000 +++ livecd-rootfs-23.10.60~ppa1/live-build/ubuntu-server/hooks/03-kernel-metapkg.chroot_early 2024-04-14 20:45:03.000000000 +0000 @@ -6,12 +6,50 @@ exit 0 ;; ubuntu-server-minimal.ubuntu-server.installer.*) + flavor=${PASS##*.} + if [ "$flavor" = "generic" ]; then + kernel_metapkg=linux-generic + elif [ "$flavor" = "generic-hwe" ]; then + kernel_metapkg=linux-generic-hwe-$(lsb_release -sr) + elif [ "$flavor" = "intel-iotg" ]; then + kernel_metapkg=linux-intel-iotg + elif [ "$flavor" = "nvidia-tegra" ]; then + kernel_metapkg=linux-nvidia-tegra + elif [ "$flavor" = "nvidia-tegra-igx" ]; then + kernel_metapkg=linux-nvidia-tegra-igx + else + echo "bogus flavor: $flavor" + exit 1 + fi ;; *) exit 0 ;; esac +# Add a script to record which kernel meta-package to use and to set +# up the /media/filesystem mount that subiquity currently depends +# on. It would be cleaner to do this mount in a systemd mount unit but +# that doesn't work because we mask the cdrom mount to avoid strange +# issues with the handover from the initrd to systemd in the live +# session. In any case, subiquity will sooner or later not require +# this mount to be here at all and then we can delete these mount commands. + +cat < /etc/initramfs-tools/scripts/init-bottom/live-server +#!/bin/sh +case \$1 in +prereqs) exit 0;; +esac + +echo ${kernel_metapkg} > /run/kernel-meta-package + +mkdir -p \${rootmnt}/media/filesystem \${rootmnt}/media/full \${rootmnt}/media/minimal +mount -o ro -t squashfs \${rootmnt}/cdrom/casper/ubuntu-server-minimal.squashfs \${rootmnt}/media/minimal +mount -o ro -t squashfs \${rootmnt}/cdrom/casper/ubuntu-server-minimal.ubuntu-server.squashfs \${rootmnt}/media/full +mount -o ro,lowerdir=\${rootmnt}/media/full:\${rootmnt}/media/minimal -t overlay overlay \${rootmnt}/media/filesystem +EOF +chmod +x /etc/initramfs-tools/scripts/init-bottom/live-server + cat < /etc/initramfs-tools/conf.d/casperize.conf export CASPER_GENERATE_UUID=1 EOF diff -Nru livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/ubuntu-server/hooks/04-kernel-bits.binary livecd-rootfs-23.10.60~ppa1/live-build/ubuntu-server/hooks/04-kernel-bits.binary --- livecd-rootfs-23.10.59~rebuild2~ppa2/live-build/ubuntu-server/hooks/04-kernel-bits.binary 2024-02-07 00:19:22.000000000 +0000 +++ livecd-rootfs-23.10.60~ppa1/live-build/ubuntu-server/hooks/04-kernel-bits.binary 2024-04-13 22:33:49.000000000 +0000 @@ -1,11 +1,6 @@ -#!/bin/bash -eu +#!/bin/bash -eux # vi: ts=4 noexpandtab -. config/functions -. config/common - -set -x - case $PASS in ubuntu-server-minimal.ubuntu-server.installer.*.*) exit 0 @@ -18,12 +13,6 @@ ;; esac -pkg=$(kernel_flavour_to_metapkg $flavor) -if [ -n "$REBUILDARCHIVENAME" ]; then - pkg=$(unsigned_kernel_package_name $pkg) -fi -echo $pkg > chroot/etc/subiquity/kernel-meta-package - PROJECT=$PROJECT${SUBARCH:+-$SUBARCH} # Fish out generated kernel image and initrd