Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-08-14 10:14:10 +00:00
Code Issues Packages Projects Releases Wiki Activity

Imported 24.04.21 from noble-release pocket.

Browse Source 
No reason for CPC update specified.
This commit is contained in:
CloudBuilder 2024-01-25 08:29:11 +00:00
parent e90394ef86
commit 2aeb74e5b8
42 changed files with 159 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

53
debian/changelog vendored
View File

@ -1,3 +1,56 @@
livecd-rootfs (24.04.21) noble; urgency=medium
* live-build/functions: avoid losetup -P as it appears to race with udev and
do it a bit more by-hand instead. (LP: #2045586)
-- Michael Hudson-Doyle <michael.hudson@ubuntu.com> Thu, 25 Jan 2024 10:28:38 +1300
livecd-rootfs (24.04.20) noble; urgency=medium
* fix: Fix for calling unminimize if lxd-installer package
not installed. (LP: #2049723)
* Do not exit live image build if PASSES_TO_LAYERS is true and layer
is already registered.
-- Philip Roche <phil.roche@canonical.com> Thu, 25 Jan 2024 07:57:29 +1300
livecd-rootfs (24.04.19) noble; urgency=medium
* live-build/auto/config: don't repeatedly add the same pass name to the
list of layers.
-- Steve Langasek <steve.langasek@ubuntu.com> Thu, 18 Jan 2024 11:03:55 -0800
livecd-rootfs (24.04.18) noble; urgency=medium
* update apparmor feature overlay match for target 6.6 kernel.
-- Thomas Bechtold <thomas.bechtold@canonical.com> Tue, 16 Jan 2024 13:06:37 +0100
livecd-rootfs (24.04.17) noble; urgency=medium
* unminimize: Use lxd-installer to install LXD itself. (LP: #2036725)
-- Utkarsh Gupta <utkarsh@ubuntu.com> Thu, 11 Jan 2024 15:12:53 +0530
livecd-rootfs (24.04.16) noble; urgency=medium
* Fix overlooked syntax error in live-build/auto/config.
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 03 Jan 2024 23:38:53 -0800
livecd-rootfs (24.04.15) noble; urgency=medium
* live-build/ubuntu/hooks/020-ubuntu-live.chroot_early: apply to any
layer ending in .live so this can be reused across flavors
* live-build/ubuntu/hooks/020-ubuntu-live.chroot_early: check for
glib-compile-schemas presence before calling
* live-build/auto/config: include a sanity check that no layered image has
more than one "live" layer that would cause undefined behavior with the
above hook.
-- Steve Langasek <steve.langasek@ubuntu.com> Wed, 03 Jan 2024 23:26:05 -0800
livecd-rootfs (24.04.14) noble; urgency=medium
* When the files we're creating in the live layer have static content,

1
live-build/apparmor/6.6/capability Normal file
View File

@ -0,0 +1 @@
0xffffff

1
live-build/apparmor/6.6/caps/mask Normal file
View File

@ -0,0 +1 @@
chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore

1
live-build/apparmor/6.6/dbus/mask Normal file
View File

@ -0,0 +1 @@
acquire send receive

1
live-build/apparmor/6.6/domain/attach_conditions/xattr Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/change_hat Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/change_hatv Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/change_onexec Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/change_profile Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/computed_longest_left Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/fix_binfmt_elf_mmap Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/post_nnp_subset Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/stack Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/domain/version Normal file
View File

@ -0,0 +1 @@
1.2

1
live-build/apparmor/6.6/file/mask Normal file
View File

@ -0,0 +1 @@
create read write exec append mmap_exec link lock

1
live-build/apparmor/6.6/io_uring/mask Normal file
View File

@ -0,0 +1 @@
sqpoll override_creds

1
live-build/apparmor/6.6/ipc/posix_mqueue Normal file
View File

@ -0,0 +1 @@
create read write open delete setattr getattr

1
live-build/apparmor/6.6/mount/mask Normal file
View File

@ -0,0 +1 @@
mount umount pivot_root

1
live-build/apparmor/6.6/namespaces/mask Normal file
View File

@ -0,0 +1 @@
userns_create

1
live-build/apparmor/6.6/namespaces/pivot_root Normal file
View File

@ -0,0 +1 @@
no

1
live-build/apparmor/6.6/namespaces/profile Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/network/af_mask Normal file
View File

@ -0,0 +1 @@
unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp

1
live-build/apparmor/6.6/network/af_unix Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/network_v8/af_mask Normal file
View File

@ -0,0 +1 @@
unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp

1
live-build/apparmor/6.6/policy/outofband Normal file
View File

@ -0,0 +1 @@
0x000001

1
live-build/apparmor/6.6/policy/set_load Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/policy/versions/v5 Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/policy/versions/v6 Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/policy/versions/v7 Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/policy/versions/v8 Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/policy/versions/v9 Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/ptrace/mask Normal file
View File

@ -0,0 +1 @@
read trace

1
live-build/apparmor/6.6/query/label/data Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/query/label/multi_transaction Normal file
View File

@ -0,0 +1 @@
yes

1
live-build/apparmor/6.6/query/label/perms Normal file
View File

@ -0,0 +1 @@
allow deny audit quiet

1
live-build/apparmor/6.6/rlimit/mask Normal file
View File

@ -0,0 +1 @@
cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime

1
live-build/apparmor/6.6/signal/mask Normal file
View File

@ -0,0 +1 @@
hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost

7
live-build/auto/build
View File

@ -307,12 +307,13 @@ fi
if [ "$PROJECT" = "ubuntu-cpc" ] || [ "$PROJECT" = "ubuntu-server" ]; then
cat >> chroot/usr/local/sbin/unminimize <<'EOF'
# installing LXD using the lxd-installer by simply invoking it
echo "Invoking LXD so that it can be installed by the lxd-installer's script.."
lxd --version
echo "Removing lxd installer package..."
apt-get purge -y lxd-installer
. /etc/os-release
echo "Installing lxd from snap from stable/ubuntu-$VERSION_ID channel"
snap install --channel="stable/ubuntu-$VERSION_ID" lxd
EOF
fi
cat >> chroot/usr/local/sbin/unminimize <<'EOF'

25
live-build/auto/config
View File

@ -107,6 +107,31 @@ _register_pass () {
# $1 Name of the pass
[ "$PASSES_TO_LAYERS" != "true" ] && return
case "$PASSES" in
*$1*)
# The pass is already registered in the list of layers.
# If PASSES_TO_LAYERS is true, then the above if statement's error
# code will be non-zero and a return statement with no argument
# will return the error code of the if statement, non-zero, thus
# exiting the script and build. This is not our intent. So we need
# to return 0 here.
return 0
;;
esac
# live-build/ubuntu/hooks/020-ubuntu-live.chroot_early assumes the
# layer ending in '.live' is THE live layer to use, so ensure that
# we only define a single layer ending in '.live'. It principle it
# is not invalid to have multiple layers with .live in the name but
# we should not let this happen accidentally.
case "$PASSES $1" in
*.live\ *.live)
echo "ERROR: only one 'live' layer allowed"
exit 1
;;
*)
;;
esac
PASSES="$PASSES $1"
}

15
live-build/functions
View File

@ -62,13 +62,26 @@ mount_image() {
trap clean_loops EXIT
backing_img="$1"
local rootpart="$2"
loop_device=$(losetup --show -f -P -v ${backing_img})
# As explained in excruciating detail in LP: #2045586, "losetup
# -P" (a.k.a. --partscan) appears to race with udev in a way that
# prevents the device nodes for the partitions from being
# created. So instead we run losetup without -P, wait for udev to
# settle, then run partprobe and then settle udev again (which is
# probably unnecessary but at this point a bit more superstition
# can't hurt)
loop_device=$(losetup --show -f -v ${backing_img})
if [ ! -b ${loop_device} ]; then
echo "unable to find loop device for ${backing_img}"
exit 1
fi
udevadm settle
partprobe ${loop_device}
udevadm settle
# Find the rootfs location
rootfs_dev_mapper="${loop_device}p${rootpart}"
if [ ! -b "${rootfs_dev_mapper}" ]; then

30
live-build/ubuntu-server/hooks/01-unminimize.chroot_early
View File

@ -10,14 +10,30 @@ case ${PASS} in
;;
esac
# The unminimize script will try to install the lxd snap. We can't
# do that at this stage so just neuter the snap command (the snap
# The unminimize script will try to install the lxd snap using the shim script
# /usr/sbin/lxd from the lxd-installer package.
# We can't do that at this stage so just neuter the lxd command (the snap
# will get properly seeded by generic machinery).
dpkg-divert --add --divert /usr/bin/snap.REAL --rename /usr/bin/snap
ln -s /bin/true /usr/bin/snap
yes | /usr/local/sbin/unminimize
rm /usr/bin/snap
dpkg-divert --remove --rename /usr/bin/snap
if [ -f "/usr/sbin/lxd" ]; then
dpkg-divert --add --divert /usr/sbin/lxd.REAL --rename /usr/sbin/lxd
ln -s /bin/true /usr/sbin/lxd
yes | /usr/local/sbin/unminimize
# unminimize also uninstalls lxd-installer package
# and also removed `/usr/sbin/lxd` as a result, so we don't need to restore, but
# we do need to remove the mock we used as part of dpkg-divert
# first we need to remove the diversion
dpkg-divert --remove --no-rename /usr/sbin/lxd
# now remove the renamed file that we originally diverted to
rm -v /usr/sbin/lxd.REAL
else
# if /usr/sbin/lxd doesn't exist then lxd-installer package isn't installed.
# Instead, we can mock the command to avoid the unminimize script failing
ln -s /bin/true /usr/sbin/lxd
yes | /usr/local/sbin/unminimize
# as the lxd-installer package was not installed and thus not removed by `unminimize`
# the mock /usr/sbin/lxd will still be present, so we need to remove it
rm -v /usr/sbin/lxd
fi
# Fix up missing recommends. Other non-layered flavors handle this in
# live-build/auto/build, but we need to do it here. Also, there are

6
live-build/ubuntu/hooks/020-ubuntu-live.chroot_early
View File

@ -3,7 +3,7 @@
set -eu
case ${PASS:-} in
minimal.standard.live)
*.live)
;;
*)
exit 0
@ -14,4 +14,6 @@ cat <<EOF > /etc/initramfs-tools/conf.d/default-layer.conf
LAYERFS_PATH=${PASS}.squashfs
EOF
glib-compile-schemas /usr/share/glib-2.0/schemas/
if which glib-compile-schemas >/dev/null 2>&1; then
glib-compile-schemas /usr/share/glib-2.0/schemas/
fi