diff --git a/live-build/auto/build b/live-build/auto/build index fca3b0e9..1eafe95e 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -311,105 +311,51 @@ EOF lb chroot "$@" fi - if [ "${SUBPROJECT:-}" = minimized ]; then - # force removal of initramfs-tools, which we assert is not - # required for any minimized images but is still pulled in by - # default - # also remove landscape-common, which is heavyweight and - # in the server seed only to provide /etc/motd content which - # would only be seen by humans - Chroot chroot "env DEBIAN_FRONTEND=noninteractive \ - apt-get -y purge initramfs-tools busybox-initramfs \ - busybox-static landscape-common" - # and if initramfs-tools was configured before our kernel, - # /etc/kernel/postinst.d/initramfs-tools will have created - # an initramfs despite the generic dpkg-divert; so remove it - # here. - rm -f chroot/boot/initrd.img-* - - # temporary workaround: don't remove linux-base which - # may have no other reverse-depends currently - Chroot chroot "env DEBIAN_FRONTEND=noninteractive \ - apt-mark manual linux-base" - Chroot chroot "env DEBIAN_FRONTEND=noninteractive \ - apt-get -y --purge autoremove" - fi + # Let all configuration non multi-layered project here. + # If those are moving to a multi-layer layout, this needs to be + # done in chroot hooks. + if [ -z "$PASSES" ]; then + if [ "${SUBPROJECT:-}" = minimized ]; then + # force removal of initramfs-tools, which we assert is not + # required for any minimized images but is still pulled in by + # default + # also remove landscape-common, which is heavyweight and + # in the server seed only to provide /etc/motd content which + # would only be seen by humans + Chroot chroot "env DEBIAN_FRONTEND=noninteractive \ + apt-get -y purge initramfs-tools busybox-initramfs \ + busybox-static landscape-common" + # and if initramfs-tools was configured before our kernel, + # /etc/kernel/postinst.d/initramfs-tools will have created + # an initramfs despite the generic dpkg-divert; so remove it + # here. + rm -f chroot/boot/initrd.img-* + + # temporary workaround: don't remove linux-base which + # may have no other reverse-depends currently + Chroot chroot "env DEBIAN_FRONTEND=noninteractive \ + apt-mark manual linux-base" + Chroot chroot "env DEBIAN_FRONTEND=noninteractive \ + apt-get -y --purge autoremove" + fi - # remove crufty files that shouldn't be left in an image - rm -f chroot/var/cache/debconf/*-old chroot/var/lib/dpkg/*-old - Chroot chroot apt clean - if [ "${PROJECT}:${SUBPROJECT:-}" = "ubuntu-base:minimized" ]; then - # Save even more size by removing apt lists (that are currently removed - # downstream anyway) - rm -rf chroot/var/lib/apt/lists/* - # Having device notes in the docker image can cause problems - # (https://github.com/tianon/docker-brew-ubuntu-core/issues/62) - # so remove them. We only do this for docker out of an - # abundance of caution. - rm -rf chroot/dev/* - fi + clean_debian_chroot + + if [ "${PROJECT}:${SUBPROJECT:-}" = "ubuntu-base:minimized" ]; then + # Save even more size by removing apt lists (that are currently removed + # downstream anyway) + rm -rf chroot/var/lib/apt/lists/* + # Having device notes in the docker image can cause problems + # (https://github.com/tianon/docker-brew-ubuntu-core/issues/62) + # so remove them. We only do this for docker out of an + # abundance of caution. + rm -rf chroot/dev/* + fi - if [ -f config/universe-enabled ]; then - -# This is cargo-culted almost verbatim (with some syntax changes for -# preinstalled being slightly different in what it doesn't ask) from -# debian-installer's apt-setup: - -cat > chroot/etc/apt/sources.list << EOF -# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to -# newer versions of the distribution. -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted - -## Major bug fix updates produced after the final release of the -## distribution. -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted - -## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu -## team. Also, please note that software in universe WILL NOT receive any -## review or updates from the Ubuntu security team. -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe - -## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu -## team, and may not be under a free licence. Please satisfy yourself as to -## your rights to use the software. Also, please note that software in -## multiverse WILL NOT receive any review or updates from the Ubuntu -## security team. -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse - -## N.B. software from this repository may not have been tested as -## extensively as that contained in the main release, although it includes -## newer versions of some applications which may provide useful features. -## Also, please note that software in backports WILL NOT receive any review -## or updates from the Ubuntu security team. -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse - -## Uncomment the following two lines to add software from Canonical's -## 'partner' repository. -## This software is not part of Ubuntu, but is offered by Canonical and the -## respective vendors as a service to Ubuntu users. -# deb http://archive.canonical.com/ubuntu $LB_DISTRIBUTION partner -# deb-src http://archive.canonical.com/ubuntu $LB_DISTRIBUTION partner - -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse -EOF + configure_universe - fi - if [ -d chroot/var/lib/preinstalled-pool ]; then - cat > config/indices/apt.conf <<-EOF + if [ -d chroot/var/lib/preinstalled-pool ]; then + cat > config/indices/apt.conf <<-EOF Dir { ArchiveDir "chroot/var/lib/preinstalled-pool"; OverrideDir "config/indices"; @@ -426,11 +372,11 @@ Tree "dists/$LB_DISTRIBUTION" Contents " "; } EOF - for component in $LB_PARENT_ARCHIVE_AREAS; do - mkdir -p chroot/var/lib/preinstalled-pool/dists/$LB_DISTRIBUTION/$component/binary-$LB_ARCHITECTURES - done - apt-ftparchive generate config/indices/apt.conf - cat << @@EOF > chroot/etc/apt/sources.list.preinstall + for component in $LB_PARENT_ARCHIVE_AREAS; do + mkdir -p chroot/var/lib/preinstalled-pool/dists/$LB_DISTRIBUTION/$component/binary-$LB_ARCHITECTURES + done + apt-ftparchive generate config/indices/apt.conf + cat << @@EOF > chroot/etc/apt/sources.list.preinstall # This is a sources.list entry for a small pool of packages # provided on your preinstalled filesystem for your convenience. # @@ -442,97 +388,83 @@ deb file:/var/lib/preinstalled-pool/ $LB_DISTRIBUTION $LB_PARENT_ARCHIVE_AREAS # @@EOF - cp chroot/etc/apt/sources.list chroot/etc/apt/sources.list.orig - cp chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list - - echo "Waiting on gnupg ("$GPG_PROCESS") to finish generating a key." - wait $GPG_PROCESS - - R_ORIGIN=$(lsb_release -i -s) - R_CODENAME=$(lsb_release -c -s) - R_VERSION=$(lsb_release -r -s) - R_PRETTYNAME=$(echo $R_CODENAME | sed -e 's/^\(.\)/\U\1/') - - apt-ftparchive -o APT::FTPArchive::Release::Origin=$R_ORIGIN \ - -o APT::FTPArchive::Release::Label=$R_ORIGIN \ - -o APT::FTPArchive::Release::Suite=$R_CODENAME-local \ - -o APT::FTPArchive::Release::Version=$R_VERSION \ - -o APT::FTPArchive::Release::Codename=$R_CODENAME \ - -o APT::FTPArchive::Release::Description="$R_ORIGIN $R_PRETTYNAME Local" \ - release chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/ \ - > config/gnupg/Release - - gpg --home config/gnupg --detach-sign --armor config/gnupg/Release - mv config/gnupg/Release \ - chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release - mv config/gnupg/Release.asc \ - chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release.gpg - apt-key --keyring chroot/etc/apt/trusted.gpg add config/gnupg/pubring.gpg - find chroot/var/lib/preinstalled-pool/ -name Packages | xargs rm - - Chroot chroot "apt-get update" - cat chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig \ - > chroot/etc/apt/sources.list - rm chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig - fi - case $PROJECT:$SUBPROJECT in - *) - if [ -e "config/seeded-snaps" ]; then - snap_list=$(cat config/seeded-snaps) - preinstall_snaps $snap_list - fi - ;; - esac - - if [ "$PROJECT" = "ubuntu-touch" ] || [ "$PROJECT" = "ubuntu-touch-custom" ]; then - if [ "$ARCH" = "armhf" ]; then - INFO_DESC="$(lsb_release -d -s)" - echo "$INFO_DESC - $ARCH ($BUILDSTAMP)" >chroot/etc/media-info - mkdir -p chroot/var/log/installer - Chroot chroot "ln -s /etc/media-info /var/log/installer/media-info" + cp chroot/etc/apt/sources.list chroot/etc/apt/sources.list.orig + cp chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list + + echo "Waiting on gnupg ("$GPG_PROCESS") to finish generating a key." + wait $GPG_PROCESS + + R_ORIGIN=$(lsb_release -i -s) + R_CODENAME=$(lsb_release -c -s) + R_VERSION=$(lsb_release -r -s) + R_PRETTYNAME=$(echo $R_CODENAME | sed -e 's/^\(.\)/\U\1/') + + apt-ftparchive -o APT::FTPArchive::Release::Origin=$R_ORIGIN \ + -o APT::FTPArchive::Release::Label=$R_ORIGIN \ + -o APT::FTPArchive::Release::Suite=$R_CODENAME-local \ + -o APT::FTPArchive::Release::Version=$R_VERSION \ + -o APT::FTPArchive::Release::Codename=$R_CODENAME \ + -o APT::FTPArchive::Release::Description="$R_ORIGIN $R_PRETTYNAME Local" \ + release chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/ \ + > config/gnupg/Release + + gpg --home config/gnupg --detach-sign --armor config/gnupg/Release + mv config/gnupg/Release \ + chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release + mv config/gnupg/Release.asc \ + chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release.gpg + apt-key --keyring chroot/etc/apt/trusted.gpg add config/gnupg/pubring.gpg + find chroot/var/lib/preinstalled-pool/ -name Packages | xargs rm + + Chroot chroot "apt-get update" + cat chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig \ + > chroot/etc/apt/sources.list + rm chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig fi - fi - if [ "$PROJECT" = "ubuntu-cpc" ]; then - if [ "${SUBPROJECT:-}" = minimized ]; then - BUILD_NAME=minimal - else - BUILD_NAME=server + case $PROJECT:$SUBPROJECT in + *) + if [ -e "config/seeded-snaps" ]; then + snap_list=$(cat config/seeded-snaps) + preinstall_snaps $snap_list + fi + ;; + esac + + if [ "$PROJECT" = "ubuntu-touch" ] || [ "$PROJECT" = "ubuntu-touch-custom" ]; then + if [ "$ARCH" = "armhf" ]; then + INFO_DESC="$(lsb_release -d -s)" + echo "$INFO_DESC - $ARCH ($BUILDSTAMP)" >chroot/etc/media-info + mkdir -p chroot/var/log/installer + Chroot chroot "ln -s /etc/media-info /var/log/installer/media-info" + fi fi - cat > chroot/etc/cloud/build.info << EOF + if [ "$PROJECT" = "ubuntu-cpc" ]; then + if [ "${SUBPROJECT:-}" = minimized ]; then + BUILD_NAME=minimal + else + BUILD_NAME=server + fi + cat > chroot/etc/cloud/build.info << EOF build_name: $BUILD_NAME serial: $BUILDSTAMP EOF - fi + fi - # If the image pre-installs network-manager, let it manage all devices by - # default. Installing NM on an existing system only manages wifi and wwan via - # /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf. When setting - # the global backend to NM, netplan overrides that file. - if [ -e chroot/usr/sbin/NetworkManager ]; then - echo "===== Enabling all devices in NetworkManager ====" - mkdir -p chroot/etc/netplan - cat < chroot/etc/netplan/01-network-manager-all.yaml -# Let NetworkManager manage all devices on this system -network: - version: 2 - renderer: NetworkManager -EOF - else - echo "==== NetworkManager not installed ====" - fi + configure_network_manager - echo "===== Checking size of /usr/share/doc =====" - echo BEGIN docdirs - (cd chroot && find usr/share/doc -maxdepth 1 -type d | xargs du -s | sort -nr) - echo END docdirs + echo "===== Checking size of /usr/share/doc =====" + echo BEGIN docdirs + (cd chroot && find usr/share/doc -maxdepth 1 -type d | xargs du -s | sort -nr) + echo END docdirs - /usr/share/livecd-rootfs/minimize-manual chroot + /usr/share/livecd-rootfs/minimize-manual chroot + fi lb binary "$@" # Teardown mount points in layered mode if [ -x config/teardown_chroot_layered ]; then - config/teardown_chroot_layered + config/teardown_chroot_layered fi # Create layered squashfs system diff --git a/live-build/functions b/live-build/functions index 615acfe0..33ef79e2 100644 --- a/live-build/functions +++ b/live-build/functions @@ -607,3 +607,89 @@ substract_package_lists() { rm list1 rm list2 } + +clean_debian_chroot() { + # remove crufty files that shouldn't be left in an image + rm -f chroot/var/cache/debconf/*-old chroot/var/lib/dpkg/*-old + Chroot chroot apt clean +} + +configure_universe() { + if [ -f config/universe-enabled ]; then + # This is cargo-culted almost verbatim (with some syntax changes for + # preinstalled being slightly different in what it doesn't ask) from + # debian-installer's apt-setup: + + cat > chroot/etc/apt/sources.list << EOF +# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to +# newer versions of the distribution. +deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted +# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted + +## Major bug fix updates produced after the final release of the +## distribution. +deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted +# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team. Also, please note that software in universe WILL NOT receive any +## review or updates from the Ubuntu security team. +deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe +# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe +deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe +# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe + +## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu +## team, and may not be under a free licence. Please satisfy yourself as to +## your rights to use the software. Also, please note that software in +## multiverse WILL NOT receive any review or updates from the Ubuntu +## security team. +deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse +# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse +deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse +# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse + +## N.B. software from this repository may not have been tested as +## extensively as that contained in the main release, although it includes +## newer versions of some applications which may provide useful features. +## Also, please note that software in backports WILL NOT receive any review +## or updates from the Ubuntu security team. +deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse +# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse + +## Uncomment the following two lines to add software from Canonical's +## 'partner' repository. +## This software is not part of Ubuntu, but is offered by Canonical and the +## respective vendors as a service to Ubuntu users. +# deb http://archive.canonical.com/ubuntu $LB_DISTRIBUTION partner +# deb-src http://archive.canonical.com/ubuntu $LB_DISTRIBUTION partner + +deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted +# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted +deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe +# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe +deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse +# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse +EOF + +fi +} + +configure_network_manager() { + # If the image pre-installs network-manager, let it manage all devices by + # default. Installing NM on an existing system only manages wifi and wwan via + # /usr/lib/NetworkManager/conf.d/10-globally-managed-devices.conf. When setting + # the global backend to NM, netplan overrides that file. + if [ -e chroot/usr/sbin/NetworkManager ]; then + echo "===== Enabling all devices in NetworkManager ====" + mkdir -p chroot/etc/netplan + cat < chroot/etc/netplan/01-network-manager-all.yaml +# Let NetworkManager manage all devices on this system +network: + version: 2 + renderer: NetworkManager +EOF + else + echo "==== NetworkManager not installed ====" + fi +}