From 1ca11c979505ae1b8c4621f034d28070a2715293 Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Tue, 14 Jul 2020 21:52:34 -0500 Subject: [PATCH] Apply snap-preseed optimizations after seeding snaps The snap-preseed command can do a number of things during the build that are currently performed at first boot (apparmor profiles, systemd unit generation, etc). This patch adds a call to reset the seeding and apply these optimizations when adding a seeded snap. As a prerequisite to calling snap-preseed we need to make /dev/mem available as well as mounts from the host to perform this work, so those are also added here. --- live-build/auto/build | 15 +++++++++++++++ live-build/functions | 8 ++++++++ 2 files changed, 23 insertions(+) diff --git a/live-build/auto/build b/live-build/auto/build index 3c8f76fe..f14b23e0 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -112,7 +112,22 @@ preinstall_snaps() { for snap in "$@"; do SNAP_NO_VALIDATE_SEED=1 snap_preseed chroot "${snap}" done + + if [ ! -c /dev/mem ]; then + mknod -m 660 /dev/mem c 1 1 + chown root:kmem /dev/mem + fi + + mount --rbind /dev chroot/dev + mount --rbind /sys chroot/sys + mount --bind /proc chroot/proc + snap_validate_seed chroot + + umount --recursive chroot/proc + umount --recursive chroot/sys + umount --recursive chroot/dev + lb chroot_resolv remove } diff --git a/live-build/functions b/live-build/functions index 2a386990..8156dd51 100644 --- a/live-build/functions +++ b/live-build/functions @@ -90,9 +90,15 @@ mount_image() { setup_mountpoint() { local mountpoint="$1" + if [ ! -c /dev/mem ]; then + mknod -m 660 /dev/mem c 1 1 + chown root:kmem /dev/mem + fi + mount --rbind /dev "$mountpoint/dev" mount proc-live -t proc "$mountpoint/proc" mount sysfs-live -t sysfs "$mountpoint/sys" + mount securityfs -t securityfs "$mountpoint/sys/kernel/security" mount -t tmpfs none "$mountpoint/tmp" mount -t tmpfs none "$mountpoint/var/lib/apt" mount -t tmpfs none "$mountpoint/var/cache/apt" @@ -687,6 +693,8 @@ snap_validate_seed() { if [ -e "${CHROOT_ROOT}/var/lib/snapd/seed/seed.yaml" ]; then snap debug validate-seed "${CHROOT_ROOT}/var/lib/snapd/seed/seed.yaml" + /usr/lib/snapd/snap-preseed --reset $(realpath "${CHROOT_ROOT}") + /usr/lib/snapd/snap-preseed $(realpath "${CHROOT_ROOT}") fi }