From 172a7dd55c6eb6f8e76d3e0bf67654c6d3e4d53e Mon Sep 17 00:00:00 2001 From: Cody Shepherd Date: Wed, 12 Feb 2020 10:38:11 -0800 Subject: [PATCH] Add hooks to build bootable buildd images Only install policyrd-script-zg2 in lxd tarball --- live-build/auto/config | 1 - live-build/buildd/hooks/01-policy-rc-d.binary | 13 -- .../buildd/hooks/02-disk-image-uefi.binary | 158 ++++++++++++++++++ live-build/buildd/hooks/49-policy-rc-d.binary | 7 + .../hooks/52-linux-virtual-image.binary | 61 +++++++ .../buildd/includes.chroot/etc/hostname | 2 +- live-build/buildd/includes.chroot/etc/hosts | 4 +- .../buildd/includes.chroot/etc/resolv.conf | 0 .../systemd-networkd.service | 1 + .../systemd-networkd-wait-online.service | 1 + .../systemd-networkd.socket | 1 + 11 files changed, 232 insertions(+), 17 deletions(-) delete mode 100755 live-build/buildd/hooks/01-policy-rc-d.binary create mode 100755 live-build/buildd/hooks/02-disk-image-uefi.binary create mode 100644 live-build/buildd/hooks/49-policy-rc-d.binary create mode 100755 live-build/buildd/hooks/52-linux-virtual-image.binary delete mode 100644 live-build/buildd/includes.chroot/etc/resolv.conf create mode 120000 live-build/buildd/includes.chroot/etc/systemd/system/multi-user.target.wants/systemd-networkd.service create mode 120000 live-build/buildd/includes.chroot/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service create mode 120000 live-build/buildd/includes.chroot/etc/systemd/system/sockets.target.wants/systemd-networkd.socket diff --git a/live-build/auto/config b/live-build/auto/config index 5ef7ae95..ecaed3fe 100755 --- a/live-build/auto/config +++ b/live-build/auto/config @@ -630,7 +630,6 @@ case $SUBPROJECT in OPTS="${OPTS:+$OPTS }--security false --volatile false" add_package install adduser - add_package install policyrcd-script-zg2 add_package install pkgbinarymangler add_package install ca-certificates add_package install pkg-create-dbgsym diff --git a/live-build/buildd/hooks/01-policy-rc-d.binary b/live-build/buildd/hooks/01-policy-rc-d.binary deleted file mode 100755 index bdfaf52d..00000000 --- a/live-build/buildd/hooks/01-policy-rc-d.binary +++ /dev/null @@ -1,13 +0,0 @@ -#! /bin/sh -set -e - -# Put the /usr/sbin/policy-rc.d alternatives symlink in place. Ordinarily -# update-alternatives ought to create this when policyrcd-script-zg2 is -# installed, but that doesn't work because live-build has already installed -# a dummy one at that point. The simplest approach is to repair the -# situation by putting it in place here. -if [ -L chroot/etc/alternatives/policy-rc.d ] && \ - [ ! -e chroot/usr/sbin/policy-rc.d ] && \ - [ ! -L chroot/usr/sbin/policy-rc.d ]; then - ln -s /etc/alternatives/policy-rc.d chroot/usr/sbin/policy-rc.d -fi diff --git a/live-build/buildd/hooks/02-disk-image-uefi.binary b/live-build/buildd/hooks/02-disk-image-uefi.binary new file mode 100755 index 00000000..b3290e09 --- /dev/null +++ b/live-build/buildd/hooks/02-disk-image-uefi.binary @@ -0,0 +1,158 @@ +#!/bin/bash -eux + +case $ARCH in + amd64|arm64|armhf) + ;; + *) + echo "We don't create EFI images for $ARCH." + exit 0 + ;; +esac + +IMAGE_STR="# BUILDD_IMG: This file was created/modified by the Buildd Image build process" +FS_LABEL="buildd-rootfs" + +. config/binary + +. config/functions + +create_partitions() { + disk_image="$1" + sgdisk "${disk_image}" --zap-all + case $ARCH in + arm64|armhf) + sgdisk "${disk_image}" \ + --new=15:0:204800 \ + --typecode=15:ef00 \ + --new=1: + ;; + amd64) + sgdisk "${disk_image}" \ + --new=14::+4M \ + --new=15::+106M \ + --new=1:: + sgdisk "${disk_image}" \ + -t 14:ef02 \ + -t 15:ef00 + ;; + esac + sgdisk "${disk_image}" \ + --print +} + +create_and_mount_uefi_partition() { + uefi_dev="/dev/mapper${loop_device///dev/}p15" + mountpoint="$1" + mkfs.vfat -F 32 -n UEFI "${uefi_dev}" + + mkdir -p "${mountpoint}"/boot/efi + mount "${uefi_dev}" "$mountpoint"/boot/efi + + cat << EOF >> "mountpoint/etc/fstab" +LABEL=UEFI /boot/efi vfat defaults 0 0 +EOF +} + +install_grub() { + mkdir mountpoint + mount_partition "${rootfs_dev_mapper}" mountpoint + + create_and_mount_uefi_partition mountpoint + + echo "(hd0) ${loop_device}" > mountpoint/tmp/device.map + mkdir -p mountpoint/etc/default/grub.d + efi_boot_dir="/boot/efi/EFI/BOOT" + chroot mountpoint mkdir -p "${efi_boot_dir}" + + if [ -n "$partuuid" ]; then + echo "GRUB_FORCE_PARTUUID=$partuuid" >> mountpoint/etc/default/grub.d/40-force-partuuid.cfg + fi + + chroot mountpoint apt-get -y update + + # UEFI GRUB modules are meant to be used equally by Secure Boot and + # non-Secure Boot systems. If you need an extra module not already + # provided or run into "Secure Boot policy forbids loading X" problems, + # please file a bug against grub2 to include the affected module. + case $ARCH in + arm64) + chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm64 grub-efi-arm64-bin + efi_target=arm64-efi + ;; + armhf) + chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm grub-efi-arm-bin + efi_target=arm-efi + ;; + amd64) + chroot mountpoint apt-get install -qqy grub-pc + chroot mountpoint apt-get install -qqy grub-efi-amd64-signed shim-signed + efi_target=x86_64-efi + ;; + esac + + # This call to rewrite the debian package manifest is added here to capture + # grub-efi packages that otherwise would not make it into the base + # manifest. filesystem.packages is moved into place via symlinking to + # livecd.ubuntu-cpc.manifest by live-build/auto/build after lb_binary runs + # and at that time snaps are added to the manifest (create-manifest is + # not called here as it calls snap-seed-parse, resulting in duplicate + # snap listings) + chroot mountpoint dpkg-query -W > binary/boot/filesystem.packages + + chroot mountpoint grub-install "${loop_device}" \ + --boot-directory=/boot \ + --efi-directory=/boot/efi \ + --target=${efi_target} \ + --removable \ + --uefi-secure-boot \ + --no-nvram + + if [ -f mountpoint/boot/efi/EFI/BOOT/grub.cfg ]; then + sed -i "s| root| root hd0,gpt1|" mountpoint/boot/efi/EFI/BOOT/grub.cfg + sed -i "1i${IMAGE_STR}" mountpoint/boot/efi/EFI/BOOT/grub.cfg + # For some reason the grub disk is looking for /boot/grub/grub.cfg on + # part 15.... + chroot mountpoint mkdir -p /boot/efi/boot/grub + chroot mountpoint cp /boot/efi/EFI/BOOT/grub.cfg /boot/efi/boot/grub + fi + + if [ "$ARCH" = "amd64" ]; then + # Install the BIOS/GPT bits. Since GPT boots from the ESP partition, + # it means that we just run this simple command and we're done + chroot mountpoint grub-install --target=i386-pc "${loop_device}" + fi + + divert_grub mountpoint + chroot mountpoint update-grub + replace_grub_root_with_label mountpoint + undivert_grub mountpoint + + chroot mountpoint apt-get -y clean + + rm mountpoint/tmp/device.map + umount mountpoint/boot/efi + mount + umount_partition mountpoint + rmdir mountpoint +} + +disk_image=binary/boot/disk-uefi.ext4 + +create_empty_disk_image "${disk_image}" +create_partitions "${disk_image}" +mount_image "${disk_image}" 1 + +partuuid=$(blkid -s PARTUUID -o value "$rootfs_dev_mapper") + +# Copy the chroot in to the disk +make_ext4_partition "${rootfs_dev_mapper}" +mkdir mountpoint +mount "${rootfs_dev_mapper}" mountpoint +cp -a chroot/* mountpoint/ +umount mountpoint +rmdir mountpoint + +install_grub + +clean_loops +trap - EXIT diff --git a/live-build/buildd/hooks/49-policy-rc-d.binary b/live-build/buildd/hooks/49-policy-rc-d.binary new file mode 100644 index 00000000..fb3c481b --- /dev/null +++ b/live-build/buildd/hooks/49-policy-rc-d.binary @@ -0,0 +1,7 @@ +#!/bin/sh +set -e + +# This is run after 02-disk-image-uefi.binary because +# we don't want policyrcd-script-zg2 installed in +# bootable images. +chroot chroot apt-get install -y policyrcd-script-zg2 diff --git a/live-build/buildd/hooks/52-linux-virtual-image.binary b/live-build/buildd/hooks/52-linux-virtual-image.binary new file mode 100755 index 00000000..f373136b --- /dev/null +++ b/live-build/buildd/hooks/52-linux-virtual-image.binary @@ -0,0 +1,61 @@ +#!/bin/bash -eux +# vi: ts=4 expandtab +# +# Generate linux-virtual image +# + +echo "Building bootable Buildd image" + +IMAGE_STR="# BUILDD_IMG: This file was created/modified by the Buildd Image build process" + +. config/functions + +mount_d=$(mktemp -d) + +create_derivative uefi linux-virtual #sets $derivative_img +mount_disk_image $derivative_img $mount_d + +# unmount disk image and remove created folders on exit +# even though we unmount manually before we convert to +# qcow2, we have this here just in case we error out before +# that step +cleanup_linux_virtual() { + if [ -d "$mount_d" ]; then + umount_disk_image "$mount_d" + fi + rm -rf $mount_d $derivative_img +} +trap cleanup_linux_virtual EXIT + +# Install dependencies +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + update --assume-yes +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + install -y lsb-release locales initramfs-tools busybox-initramfs \ + udev dbus netplan.io cloud-init openssh-server sudo snapd + +# Install a kernel +divert_grub "$mount_d" +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + install --assume-yes linux-image-virtual +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + autoremove --purge --assume-yes +chroot "$mount_d" update-grub +undivert_grub "$mount_d" + +# Update initramfs image +chroot "$mount_d" \ + sh -c 'update-initramfs -c -v -k $(ls /boot/vmlinuz*generic | sed 1q | cut -d- -f2-3)' + +# Cleanup +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + clean + +create_manifest $mount_d "livecd.$PROJECT.disk-linux-virtual.manifest" + +# unmount disk image to prevent corruption +# and remove it so the trap doesn't try to unmount it again +umount_disk_image $mount_d +rm -rf $mount_d + +convert_to_qcow2 $derivative_img "livecd.$PROJECT.disk-linux-virtual.img" diff --git a/live-build/buildd/includes.chroot/etc/hostname b/live-build/buildd/includes.chroot/etc/hostname index e420fe4d..e9e5f7ce 100644 --- a/live-build/buildd/includes.chroot/etc/hostname +++ b/live-build/buildd/includes.chroot/etc/hostname @@ -1 +1 @@ -INVALID +ubuntu diff --git a/live-build/buildd/includes.chroot/etc/hosts b/live-build/buildd/includes.chroot/etc/hosts index 7a0cb5d4..56e7c15b 100644 --- a/live-build/buildd/includes.chroot/etc/hosts +++ b/live-build/buildd/includes.chroot/etc/hosts @@ -1,7 +1,7 @@ -127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback +::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes diff --git a/live-build/buildd/includes.chroot/etc/resolv.conf b/live-build/buildd/includes.chroot/etc/resolv.conf deleted file mode 100644 index e69de29b..00000000 diff --git a/live-build/buildd/includes.chroot/etc/systemd/system/multi-user.target.wants/systemd-networkd.service b/live-build/buildd/includes.chroot/etc/systemd/system/multi-user.target.wants/systemd-networkd.service new file mode 120000 index 00000000..3c55b243 --- /dev/null +++ b/live-build/buildd/includes.chroot/etc/systemd/system/multi-user.target.wants/systemd-networkd.service @@ -0,0 +1 @@ +/lib/systemd/system/systemd-networkd.service \ No newline at end of file diff --git a/live-build/buildd/includes.chroot/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service b/live-build/buildd/includes.chroot/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service new file mode 120000 index 00000000..3b627c5c --- /dev/null +++ b/live-build/buildd/includes.chroot/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service @@ -0,0 +1 @@ +/lib/systemd/system/systemd-networkd-wait-online.service \ No newline at end of file diff --git a/live-build/buildd/includes.chroot/etc/systemd/system/sockets.target.wants/systemd-networkd.socket b/live-build/buildd/includes.chroot/etc/systemd/system/sockets.target.wants/systemd-networkd.socket new file mode 120000 index 00000000..bcfcdbac --- /dev/null +++ b/live-build/buildd/includes.chroot/etc/systemd/system/sockets.target.wants/systemd-networkd.socket @@ -0,0 +1 @@ +/lib/systemd/system/systemd-networkd.socket \ No newline at end of file