From 5c619086a172aea5438c1e3a76fde1f5d56df3b1 Mon Sep 17 00:00:00 2001
From: Didier Roche <didier.roche@canonical.com>
Date: Wed, 22 Apr 2015 09:34:26 +0100
Subject: [PATCH] Create hooks for the ubuntu-desktop-next new based on snappy
 image.

---
 debian/changelog                              |   6 +
 .../hooks/00-uid-gid-fix.chroot_early         | 241 ++++++++++++++++++
 .../hooks/01-setup_user.chroot                |  37 +++
 .../hooks/02-add_user_to_groups.chroot        |   8 +
 .../hooks/03-boot_with_systemd.chroot         |  11 +
 .../hooks/04-configure_network.chroot         |   9 +
 .../hooks/05-create_minimal_fstab.chroot      |   6 +
 .../07-configure-system-image-client.chroot   |   7 +
 .../hooks/08-etc-writable.chroot              |  15 ++
 .../hooks/10-remove-documentation.binary      |  22 ++
 .../hooks/14-set-motd.chroot                  |  14 +
 .../hooks/15-remove-grub-common.chroot        |   4 +
 .../hooks/400-create-apt-get-warning.binary   |  19 ++
 .../500-move-kernel-to-device-tar.binary      | 108 ++++++++
 .../hooks/99zz-check-uid-gid.chroot           |  52 ++++
 15 files changed, 559 insertions(+)
 create mode 100755 live-build/ubuntu-desktop-next/hooks/00-uid-gid-fix.chroot_early
 create mode 100755 live-build/ubuntu-desktop-next/hooks/01-setup_user.chroot
 create mode 100755 live-build/ubuntu-desktop-next/hooks/02-add_user_to_groups.chroot
 create mode 100755 live-build/ubuntu-desktop-next/hooks/03-boot_with_systemd.chroot
 create mode 100755 live-build/ubuntu-desktop-next/hooks/04-configure_network.chroot
 create mode 100755 live-build/ubuntu-desktop-next/hooks/05-create_minimal_fstab.chroot
 create mode 100755 live-build/ubuntu-desktop-next/hooks/07-configure-system-image-client.chroot
 create mode 100644 live-build/ubuntu-desktop-next/hooks/08-etc-writable.chroot
 create mode 100644 live-build/ubuntu-desktop-next/hooks/10-remove-documentation.binary
 create mode 100644 live-build/ubuntu-desktop-next/hooks/14-set-motd.chroot
 create mode 100644 live-build/ubuntu-desktop-next/hooks/15-remove-grub-common.chroot
 create mode 100644 live-build/ubuntu-desktop-next/hooks/400-create-apt-get-warning.binary
 create mode 100644 live-build/ubuntu-desktop-next/hooks/500-move-kernel-to-device-tar.binary
 create mode 100755 live-build/ubuntu-desktop-next/hooks/99zz-check-uid-gid.chroot

diff --git a/debian/changelog b/debian/changelog
index eb3798e2..2efd1adc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+livecd-rootfs (2.299+desktopnext1) vivid; urgency=medium
+
+  * Create hooks for the ubuntu-desktop-next new based on snappy image.
+
+ -- Didier Roche <didrocks@ubuntu.com>  Wed, 22 Apr 2015 09:32:15 +0100
+
 livecd-rootfs (2.299) vivid; urgency=medium
 
   * Fix snappy motd to not reference 'development', which isn't always true.
diff --git a/live-build/ubuntu-desktop-next/hooks/00-uid-gid-fix.chroot_early b/live-build/ubuntu-desktop-next/hooks/00-uid-gid-fix.chroot_early
new file mode 100755
index 00000000..00ff4e3f
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/00-uid-gid-fix.chroot_early
@@ -0,0 +1,241 @@
+#!/bin/sh -eu
+
+ERRCNT=""
+
+# Known good post-debootstrap values
+passwd_bootstrap="af34a24499223f08ab713138bec7ff54"
+shadow_bootstrap="1fd73103260cbe5a13a4a38320de4129"
+group_bootstrap="9edf30f181a6fd1d860cc7f4a71aa640"
+gshadow_bootstrap="b9db51ef767ab98db963db69844635dd"
+
+# Current post-debootstrap values
+passwd_hash=$(set -- $(md5sum /etc/passwd) && echo $1)
+shadow_hash=$(set -- $(cat /etc/shadow | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1)
+group_hash=$(set -- $(md5sum /etc/group) && echo $1)
+gshadow_hash=$(set -- $(md5sum /etc/gshadow) && echo $1)
+
+# /etc/passwd
+if [ "$passwd_bootstrap" = "$passwd_hash" ]; then
+    cat > /etc/passwd <<EOF
+root:x:0:0:root:/root:/bin/bash
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+bin:x:2:2:bin:/bin:/usr/sbin/nologin
+sys:x:3:3:sys:/dev:/usr/sbin/nologin
+sync:x:4:65534:sync:/bin:/bin/sync
+games:x:5:60:games:/usr/games:/usr/sbin/nologin
+man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
+lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
+mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
+news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
+uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
+proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
+www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
+backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
+list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
+irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
+gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
+nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
+messagebus:x:100:103::/var/run/dbus:/bin/false
+clickpkg:x:101:104::/nonexistent:/bin/false
+sshd:x:102:65534::/var/run/sshd:/usr/sbin/nologin
+systemd-timesync:x:103:108:systemd Time Synchronization,,,:/run/systemd:/bin/false
+systemd-network:x:104:109:systemd Network Management,,,:/run/systemd/netif:/bin/false
+systemd-resolve:x:105:110:systemd Resolver,,,:/run/systemd/resolve:/bin/false
+systemd-bus-proxy:x:106:111:systemd Bus Proxy,,,:/run/systemd:/bin/false
+docker:x:107:113::/nonexistent:/bin/false
+syslog:x:108:114::/home/syslog:/bin/false
+EOF
+else
+    echo "/etc/passwd post-debootstrap hash doesn't match record" >&2
+    echo "The output below might help to resolve the issue" >&2
+    cat /etc/passwd
+    echo "passwd md5sum: $passwd_hash" >&2
+    ERRCNT=1
+fi
+
+# /etc/shadow
+if [ "$shadow_bootstrap" = "$shadow_hash" ]; then
+    cat > /etc/shadow <<EOF
+root:*:16329:0:99999:7:::
+daemon:*:16329:0:99999:7:::
+bin:*:16329:0:99999:7:::
+sys:*:16329:0:99999:7:::
+sync:*:16329:0:99999:7:::
+games:*:16329:0:99999:7:::
+man:*:16329:0:99999:7:::
+lp:*:16329:0:99999:7:::
+mail:*:16329:0:99999:7:::
+news:*:16329:0:99999:7:::
+uucp:*:16329:0:99999:7:::
+proxy:*:16329:0:99999:7:::
+www-data:*:16329:0:99999:7:::
+backup:*:16329:0:99999:7:::
+list:*:16329:0:99999:7:::
+irc:*:16329:0:99999:7:::
+gnats:*:16329:0:99999:7:::
+nobody:*:16329:0:99999:7:::
+messagebus:*:16413:0:99999:7:::
+clickpkg:*:16413:0:99999:7:::
+sshd:*:16413:0:99999:7:::
+systemd-timesync:*:16413:0:99999:7:::
+systemd-network:*:16413:0:99999:7:::
+systemd-resolve:*:16413:0:99999:7:::
+systemd-bus-proxy:*:16413:0:99999:7:::
+docker:*:16413:0:99999:7:::
+syslog:*:16521:0:99999:7:::
+EOF
+else
+    echo "/etc/shadow post-debootstrap hash doesn't match record" >&2
+    echo "The output below might help to resolve the issue" >&2
+    cat /etc/shadow
+    echo "shadow md5sum: $shadow_hash" >&2
+    ERRCNT=1
+fi
+
+# /etc/group
+if [ "$group_bootstrap" = "$group_hash" ]; then
+    cat > /etc/group <<EOF
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:syslog
+tty:x:5:
+disk:x:6:
+lp:x:7:
+mail:x:8:
+news:x:9:
+uucp:x:10:
+man:x:12:
+proxy:x:13:
+kmem:x:15:
+dialout:x:20:
+fax:x:21:
+voice:x:22:
+cdrom:x:24:
+floppy:x:25:
+tape:x:26:
+sudo:x:27:ubuntu
+audio:x:1005:
+dip:x:30:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+list:x:38:
+irc:x:39:
+src:x:40:
+gnats:x:41:
+shadow:x:42:
+utmp:x:43:
+video:x:44:
+sasl:x:45:
+plugdev:x:46:
+staff:x:50:
+games:x:60:
+users:x:100:
+nogroup:x:65534:
+netdev:x:101:
+crontab:x:102:
+messagebus:x:103:
+clickpkg:x:104:
+ssh:x:105:
+systemd-journal:x:106:
+systemd-journal-remote:x:107:
+systemd-timesync:x:108:
+systemd-network:x:109:
+systemd-resolve:x:110:
+systemd-bus-proxy:x:111:
+input:x:112:
+docker:x:113:ubuntu
+syslog:x:114:
+EOF
+else
+    echo "/etc/group post-debootstrap hash doesn't match record" >&2
+    echo "The output below might help to resolve the issue" >&2
+    cat /etc/group
+    echo "group md5sum: $group_hash" >&2
+    ERRCNT=1
+fi
+
+# /etc/gshadow
+if [ "$gshadow_bootstrap" = "$gshadow_hash" ]; then
+    cat > /etc/gshadow <<EOF
+root:*::
+daemon:*::
+bin:*::
+sys:*::
+adm:*::syslog
+tty:*::
+disk:*::
+lp:*::
+mail:*::
+news:*::
+uucp:*::
+man:*::
+proxy:*::
+kmem:*::
+dialout:*::
+fax:*::
+voice:*::
+cdrom:*::
+floppy:*::
+tape:*::
+sudo:*::ubuntu
+audio:*::pulse
+dip:*::
+www-data:*::
+backup:*::
+operator:*::
+list:*::
+irc:*::
+src:*::
+gnats:*::
+shadow:*::
+utmp:*::
+video:*::
+sasl:*::
+plugdev:*::
+staff:*::
+games:*::
+users:*::
+nogroup:*::
+netdev:!::
+crontab:!::
+messagebus:!::
+clickpkg:!::
+ssh:!::
+systemd-journal:!::
+systemd-journal-remote:!::
+systemd-timesync:!::
+systemd-network:!::
+systemd-resolve:!::
+systemd-bus-proxy:!::
+input:!::
+docker:!::ubuntu
+syslog:!::
+EOF
+else
+    echo "/etc/gshadow post-debootstrap hash doesn't match record" >&2
+    echo "The output below might help to resolve the issue" >&2
+    cat /etc/gshadow
+    echo "gshadow md5sum: $gshadow_hash" >&2
+    ERRCNT=1
+fi
+
+if [ -n "$ERRCNT" ]; then
+        echo "There were changes to the password database," >&2
+        echo "please adjust the values in the livecd-rootfs source in the file:" >&2
+        echo "live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early" >&2
+        echo >&2
+        echo "Please check also if a maintainer script of the package" >&2
+        echo "that added these entries perhaps created a home directory and," >&2
+        echo "if needed, add code for creation of it to the above hook" >&2
+        exit 1
+fi
+
+
+# Record the current state for later comparison
+for file in /etc/passwd /etc/shadow /etc/group /etc/gshadow; do
+    rm -f ${file}-
+    cp ${file} ${file}.orig
+done
diff --git a/live-build/ubuntu-desktop-next/hooks/01-setup_user.chroot b/live-build/ubuntu-desktop-next/hooks/01-setup_user.chroot
new file mode 100755
index 00000000..967c6a1b
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/01-setup_user.chroot
@@ -0,0 +1,37 @@
+#!/bin/sh -x
+
+set -e
+
+USER=ubuntu
+UGID=1000
+
+echo "I: creating default user $USER"
+adduser --gecos $USER --disabled-login $USER --uid $UGID
+
+chown -R $UGID:$UGID /home/$USER
+
+# Enable libnss-extrusers
+sed -i 's/^group:.*compat/\0 extrausers/' /etc/nsswitch.conf
+sed -i 's/^passwd:.*compat/\0 extrausers/' /etc/nsswitch.conf
+sed -i 's/^shadow:.*compat/\0 extrausers/' /etc/nsswitch.conf
+
+# Move user from /etc to extrausers location
+grep "^$USER" /etc/group >> /var/lib/extrausers/group
+grep "^$USER" /etc/passwd >> /var/lib/extrausers/passwd
+grep "^$USER" /etc/shadow >> /var/lib/extrausers/shadow
+grep "^$USER" /etc/gshadow >> /var/lib/extrausers/gshadow
+chmod 0644 /var/lib/extrausers/group
+chmod 0644 /var/lib/extrausers/passwd
+chmod 0640 /var/lib/extrausers/shadow
+chmod 0640 /var/lib/extrausers/gshadow
+chown root:shadow /var/lib/extrausers/shadow
+chown root:shadow /var/lib/extrausers/gshadow
+sed -i "/^$USER/d" /etc/group
+sed -i "/^$USER/d" /etc/passwd
+sed -i "/^$USER/d" /etc/shadow
+sed -i "/^$USER/d" /etc/gshadow
+
+# needs to run *after* the user was moved out to /var/lib/extrausers
+echo "I: set user $USER password to $USER"
+echo "$USER:$USER" | chpasswd
+
diff --git a/live-build/ubuntu-desktop-next/hooks/02-add_user_to_groups.chroot b/live-build/ubuntu-desktop-next/hooks/02-add_user_to_groups.chroot
new file mode 100755
index 00000000..104cd44c
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/02-add_user_to_groups.chroot
@@ -0,0 +1,8 @@
+#!/bin/sh -x
+
+USER=ubuntu
+
+DEFGROUPS="docker,sudo"
+
+echo "I: add $USER to ($DEFGROUPS) group(s)"
+usermod -a -G ${DEFGROUPS} ${USER}
diff --git a/live-build/ubuntu-desktop-next/hooks/03-boot_with_systemd.chroot b/live-build/ubuntu-desktop-next/hooks/03-boot_with_systemd.chroot
new file mode 100755
index 00000000..f19164f0
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/03-boot_with_systemd.chroot
@@ -0,0 +1,11 @@
+#!/bin/sh -x
+
+# Boot using systemd and disable quiet boot
+# to see what is happening.
+systemd=/lib/systemd/systemd
+if [ -f /etc/default/grub ]; then
+    sed -i \
+        -e "s,^\\([ 	]*GRUB_CMDLINE_LINUX\\)=\"\"$,\\1=\"init=$systemd\",g" \
+        -e 's,^\([ 	]*GRUB_CMDLINE_LINUX_DEFAULT\)="quiet splash",\1="",g' \
+    /etc/default/grub
+fi
diff --git a/live-build/ubuntu-desktop-next/hooks/04-configure_network.chroot b/live-build/ubuntu-desktop-next/hooks/04-configure_network.chroot
new file mode 100755
index 00000000..d96d9aa8
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/04-configure_network.chroot
@@ -0,0 +1,9 @@
+#!/bin/sh -x
+
+if=eth0
+
+# Manually configure the first ethernet device
+cat >/etc/network/interfaces.d/"$if"<<EOT
+allow-hotplug $if
+iface $if inet dhcp
+EOT
diff --git a/live-build/ubuntu-desktop-next/hooks/05-create_minimal_fstab.chroot b/live-build/ubuntu-desktop-next/hooks/05-create_minimal_fstab.chroot
new file mode 100755
index 00000000..461c752f
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/05-create_minimal_fstab.chroot
@@ -0,0 +1,6 @@
+#!/bin/sh -x
+
+cat >>/etc/fstab<<EOT
+# Minimal setup required for systemd to provide a r/w FS
+/dev/root	/	rootfs	defaults	0	0
+EOT
diff --git a/live-build/ubuntu-desktop-next/hooks/07-configure-system-image-client.chroot b/live-build/ubuntu-desktop-next/hooks/07-configure-system-image-client.chroot
new file mode 100755
index 00000000..130ad28b
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/07-configure-system-image-client.chroot
@@ -0,0 +1,7 @@
+#!/bin/sh -x
+
+# Change default cache partition (until LP: #1373467 is fixed).
+if [ -f /etc/system-image/client.ini ]; then
+	sed -ie 's!cache_partition: /android/cache/recovery!cache_partition: /userdata/cache!g' \
+			/etc/system-image/client.ini
+fi
diff --git a/live-build/ubuntu-desktop-next/hooks/08-etc-writable.chroot b/live-build/ubuntu-desktop-next/hooks/08-etc-writable.chroot
new file mode 100644
index 00000000..0ca61c6c
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/08-etc-writable.chroot
@@ -0,0 +1,15 @@
+#!/bin/sh
+set -e
+
+mkdir -p /etc/writable
+
+# cloud-init needs to be able to modify hostname and has the ability to
+# set the other two.
+for f in timezone localtime hostname; do
+    if [ -e /etc/$f ]; then
+        echo "I: Moving /etc/$f to /etc/writable/"
+        mv /etc/$f /etc/writable/$f
+    fi
+    echo "I: Linking /etc/$f to /etc/writable/"
+    ln -s writable/$f /etc/$f
+done
diff --git a/live-build/ubuntu-desktop-next/hooks/10-remove-documentation.binary b/live-build/ubuntu-desktop-next/hooks/10-remove-documentation.binary
new file mode 100644
index 00000000..e870e239
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/10-remove-documentation.binary
@@ -0,0 +1,22 @@
+#!/bin/sh -x
+
+echo "I: Remove unneeded files from /usr/share/doc "
+find binary/boot/filesystem.dir/usr/share/doc -depth -type f ! -name copyright|xargs rm -f || true
+find binary/boot/filesystem.dir/usr/share/doc -empty|xargs rmdir || true
+find binary/boot/filesystem.dir/usr/share/doc -type f -exec gzip -9 {} \;
+
+echo "I: Remove man/info pages"
+rm -rf binary/boot/filesystem.dir/usr/share/man \
+       binary/boot/filesystem.dir/usr/share/groff \
+       binary/boot/filesystem.dir/usr/share/info \
+       binary/boot/filesystem.dir/usr/share/lintian \
+       binary/boot/filesystem.dir/usr/share/linda \
+       binary/boot/filesystem.dir/var/cache/man
+    
+
+echo "I: Removing /var/lib/apt/lists/*"
+find binary/boot/filesystem.dir/var/lib/apt/lists/ -type f | xargs rm -f
+
+echo "I: Removing /var/cache/apt/*.bin"
+rm -f binary/boot/filesystem.dir/var/cache/apt/*.bin
+
diff --git a/live-build/ubuntu-desktop-next/hooks/14-set-motd.chroot b/live-build/ubuntu-desktop-next/hooks/14-set-motd.chroot
new file mode 100644
index 00000000..daca4b6c
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/14-set-motd.chroot
@@ -0,0 +1,14 @@
+#!/bin/sh
+
+cat >/etc/motd<<EOF
+Welcome to snappy Ubuntu Desktop Next, a transactionally updated Ubuntu.
+
+ * See https://ubuntu.com/snappy
+
+It's a brave new world here in snappy Ubuntu Desktop Next! This machine
+does not use apt-get or deb packages. Please see 'snappy --help'
+for app installation and transactional updates.
+
+This is a *highly* experimental image.
+
+EOF
diff --git a/live-build/ubuntu-desktop-next/hooks/15-remove-grub-common.chroot b/live-build/ubuntu-desktop-next/hooks/15-remove-grub-common.chroot
new file mode 100644
index 00000000..cd300d4b
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/15-remove-grub-common.chroot
@@ -0,0 +1,4 @@
+#!/bin/sh
+
+# see bug https://bugs.launchpad.net/snappy-ubuntu/+bug/1442231
+rm -f /etc/init.d/grub-common
\ No newline at end of file
diff --git a/live-build/ubuntu-desktop-next/hooks/400-create-apt-get-warning.binary b/live-build/ubuntu-desktop-next/hooks/400-create-apt-get-warning.binary
new file mode 100644
index 00000000..94e88a1f
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/400-create-apt-get-warning.binary
@@ -0,0 +1,19 @@
+#!/bin/sh
+
+set -ex
+
+echo "I: Creating warning to use snappy when apt-get is used"
+
+PREFIX=binary/boot/filesystem.dir
+
+mkdir -p $PREFIX/usr/local/bin
+cat >$PREFIX/usr/local/bin/no-apt <<EOF
+#!/bin/sh
+cat <<EOF
+Ubuntu Core does not use apt-get, see 'snappy --help'!
+EOF
+chmod 755 $PREFIX/usr/local/bin/no-apt
+
+for cmd in apt apt-cache apt-get; do
+    ln -s no-apt $PREFIX/usr/local/bin/$cmd
+done
diff --git a/live-build/ubuntu-desktop-next/hooks/500-move-kernel-to-device-tar.binary b/live-build/ubuntu-desktop-next/hooks/500-move-kernel-to-device-tar.binary
new file mode 100644
index 00000000..d4df2f9e
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/500-move-kernel-to-device-tar.binary
@@ -0,0 +1,108 @@
+#!/bin/sh
+#
+# move the kernel out into a new device tarfile with system/boot 
+
+set -ex
+
+echo "I: Moving kernel into device tarball"
+
+HERE="$(pwd)"
+TMPDIR="$(mktemp -d)"
+ARCH=$(dpkg --print-architecture)
+mkdir -p $TMPDIR/system/
+mkdir -p $TMPDIR/assets/
+
+# cp files, we can't simply use tar --transform as it changes the symlink target
+(
+ cd binary/boot/filesystem.dir 
+
+ # for compatibility with current grub/u-d-f
+ cp -ar --parent boot/vmlinu?-* boot/initrd.img-* boot/abi-* boot/System.map-* $TMPDIR/system/
+ if [ -e vmlinu? ] && [ -e initrd.img ]; then
+     cp -ar --parent vmlinu? initrd.img $TMPDIR/system
+ fi
+ cp -ar --parent lib/modules/ $TMPDIR/system/
+ cp -ar --parent lib/firmware/ $TMPDIR/system/
+
+ # new assets handling
+ cp -ar boot/vmlinu?-* $TMPDIR/assets/vmlinuz
+ cp -ar boot/initrd.img-* $TMPDIR/assets/initrd.img
+ cp -ar boot/vmlinu?-* boot/initrd.img-* boot/abi-* boot/System.map-* $TMPDIR/assets/
+
+ dtbs=$(find lib/firmware -type d -name 'device-tree' -print0)
+ [ -n "$dtbs" ] && mv "$dtbs" $TMPDIR/assets/dtbs
+
+ if [ -e vmlinu? ] && [ -e initrd.img ]; then
+     cp -ar --parent vmlinu? initrd.img $TMPDIR/assets
+     cp -ar --parent vmlinu? initrd.img $TMPDIR/assets
+ fi
+)
+# create hardware.yaml for u-boot
+# this assumes armh == u-boot
+# and all others grub
+(
+# common bits
+ cat > $TMPDIR/hardware.yaml << EOF
+kernel: assets/vmlinuz
+initrd: assets/initrd.img
+partiton-layout: system-AB
+EOF
+
+# arch specific ones
+if [ "$ARCH" = "armhf" ]; then
+ cat >> $TMPDIR/hardware.yaml << EOF
+dtbs: assets/dtbs
+bootloader: u-boot
+EOF
+else
+ cat >> $TMPDIR/hardware.yaml << EOF
+bootloader: grub
+EOF
+fi
+)
+
+# and tar it up
+(
+ cd $TMPDIR
+ tar -c -z -f $HERE/device.tar.gz system assets hardware.yaml
+)
+
+# now build the azure device tarball by adding walinuxagent
+if [ -e binary/boot/filesystem.dir/var/lib/dpkg/info/walinuxagent.list ];
+then
+(
+ cd binary/boot/filesystem.dir 
+ while read line; do
+     line=$(echo $line |cut -d/ -f2-)
+     if [ -e "$line" ] && [ ! -d "$line" ]; then
+         cp -ar --parent $line $TMPDIR/system
+     fi
+ done < var/lib/dpkg/info/walinuxagent.list
+ # created by walinuxagent postinst/dh-systemd
+ cp -ar --parent var/lib/systemd/deb-systemd-helper-enabled/walinuxagent* $TMPDIR/system
+ cp -ar --parent etc/systemd/system/multi-user.target.wants/walinuxagent* $TMPDIR/system
+ mkdir -p $TMPDIR/system/var/lib/waagent
+)
+# and tar it up
+(
+ cd $TMPDIR
+ tar -c -z -f $HERE/device-azure.tar.gz system assets hardware.yaml
+)
+fi
+rm -rf $TMPDIR
+
+# remove files from the root filesystem
+(cd binary/boot/filesystem.dir
+ rm -f boot/vmlinu?-*
+ rm -f boot/initrd.img-*
+ rm -f boot/abi-*
+ rm -f boot/System.map-*
+ rm -f initrd.img
+ rm -f vmlinu?
+ rm -rf lib/modules
+ rm -rf lib/firmware
+ # remove walinuxagent
+ if [ -e var/lib/dpkg/info/walinuxagent.list ]; then
+     chroot . dpkg --purge walinuxagent || true
+ fi
+)
diff --git a/live-build/ubuntu-desktop-next/hooks/99zz-check-uid-gid.chroot b/live-build/ubuntu-desktop-next/hooks/99zz-check-uid-gid.chroot
new file mode 100755
index 00000000..4d7b807d
--- /dev/null
+++ b/live-build/ubuntu-desktop-next/hooks/99zz-check-uid-gid.chroot
@@ -0,0 +1,52 @@
+#!/bin/sh -eu
+
+ERRCNT=""
+
+passwd_hash=$(set -- $(md5sum /etc/passwd) && echo $1)
+shadow_hash=$(set -- $(cat /etc/shadow | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1)
+group_length=$(cat /etc/group | wc -l)
+gshadow_length=$(cat /etc/gshadow | wc -l)
+
+passwd_orig_hash=$(set -- $(md5sum /etc/passwd.orig) && echo $1)
+shadow_orig_hash=$(set -- $(cat /etc/shadow.orig | sed "s/:.*:0:99999:/:0:99999:/g" | md5sum) && echo $1)
+group_orig_length=$(cat /etc/group.orig | wc -l)
+gshadow_orig_length=$(cat /etc/gshadow.orig | wc -l)
+
+if [ "$passwd_hash" != "$passwd_orig_hash" ]; then
+    echo "/etc/passwd has changed during setup." >&2
+    echo "The new /etc/passwd md5sum is: $passwd_hash" >&2
+    diff -Nrup /etc/passwd.orig /etc/passwd >&2 || true
+    ERRCNT=1
+fi
+
+if [ "$shadow_hash" != "$shadow_orig_hash" ]; then
+    echo "/etc/shadow has changed during setup." >&2
+    echo "The new /etc/shadow md5sum is: $shadow_hash" >&2
+    diff -Nrup /etc/shadow.orig /etc/shadow >&2 || true
+    ERRCNT=1
+fi
+
+if [ "$group_length" != "$group_orig_length" ]; then
+    echo "/etc/group has changed during setup." >&2
+    diff -Nrup /etc/group.orig /etc/group >&2 || true
+    ERRCNT=1
+fi
+
+if [ "$gshadow_length" != "$gshadow_orig_length" ]; then
+    echo "/etc/gshadow has changed during setup." >&2
+    diff -Nrup /etc/gshadow.orig /etc/gshadow >&2 || true
+    ERRCNT=1
+fi
+
+if [ -n "$ERRCNT" ]; then
+	echo "There were changes to the password database," >&2
+	echo "please adjust the values in the livecd-rootfs source in the file:" >&2
+	echo "live-build/ubuntu-core/hooks/00-uid-gid-fix.chroot_early" >&2
+	echo >&2
+	echo "Please check also if a maintainer script of the package" >&2
+	echo "that added these entries perhaps created a home directory and," >&2
+	echo "if needed, add code for creation of it to the above hook" >&2
+	exit 1
+fi
+
+rm /etc/passwd.orig /etc/shadow.orig /etc/group.orig /etc/gshadow.orig