From 5126fb4e95279d2f305e18e36ba5e3df7c399365 Mon Sep 17 00:00:00 2001
From: CloudBuilder <cloud-image-builders@lists.canonical.com>
Date: Mon, 24 Aug 2020 18:18:33 +0000
Subject: [PATCH] Imported 2.664.5

No reason for CPC update specified.
---
 debian/changelog                                   | 14 ++++++++++++++
 live-build/auto/config                             |  2 +-
 live-build/buildd/hooks/02-disk-image-uefi.binary  |  3 +--
 .../buildd/hooks/52-linux-virtual-image.binary     |  3 +++
 4 files changed, 19 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index e8ada272..055f59d2 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,17 @@
+livecd-rootfs (2.664.5) focal; urgency=medium
+
+  [ Robert C Jennings ]
+  * Handle seeded lxd snap with channel name for ubuntu-cpc:minimized
+    (LP: #1889470)
+
+  [ Cody Shepherd ]
+  * Add dist-upgrade to bootable-buildd hook to ensure the built image
+    doesn't contain vulnerable kernels or other packages.  LP: #1891061.
+  * Don't explicitly install grub-efi-amd64-signed, it's a dependency of
+    shim-signed.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Tue, 04 Aug 2020 12:39:27 -0700
+
 livecd-rootfs (2.664.4) focal; urgency=medium
 
   * snap_preseed: support channel specification with snap name (LP: #1882374)
diff --git a/live-build/auto/config b/live-build/auto/config
index 0e9735c5..761dd429 100755
--- a/live-build/auto/config
+++ b/live-build/auto/config
@@ -894,7 +894,7 @@ if [ "$PROJECT:${SUBPROJECT:-}" = ubuntu-cpc:minimized ]; then
 	# build if we see such a snap.
 	for snap in `cat config/seeded-snaps`; do
 		case $snap in
-			lxd)
+			lxd | lxd=*)
 				;;
 			*)
 				echo "Unexpected seeded snap for ubuntu-cpc:minimized build: $snap"
diff --git a/live-build/buildd/hooks/02-disk-image-uefi.binary b/live-build/buildd/hooks/02-disk-image-uefi.binary
index 75d93aa5..18f74bae 100755
--- a/live-build/buildd/hooks/02-disk-image-uefi.binary
+++ b/live-build/buildd/hooks/02-disk-image-uefi.binary
@@ -84,8 +84,7 @@ install_grub() {
             efi_target=arm-efi
             ;;
         amd64)
-            chroot mountpoint apt-get install -qqy grub-pc
-            chroot mountpoint apt-get install -qqy grub-efi-amd64-signed shim-signed
+            chroot mountpoint apt-get install -qqy grub-pc shim-signed
             efi_target=x86_64-efi
             ;;
     esac
diff --git a/live-build/buildd/hooks/52-linux-virtual-image.binary b/live-build/buildd/hooks/52-linux-virtual-image.binary
index a0c64d75..d8efab84 100755
--- a/live-build/buildd/hooks/52-linux-virtual-image.binary
+++ b/live-build/buildd/hooks/52-linux-virtual-image.binary
@@ -39,6 +39,9 @@ trap cleanup_linux_virtual EXIT
 # Install dependencies
 env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \
     update --assume-yes
+# Perform a dist-upgrade to pull in package updates
+env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \
+    dist-upgrade --assume-yes
 env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \
     install -y lsb-release locales initramfs-tools busybox-initramfs \
                udev dbus netplan.io cloud-init openssh-server sudo snapd