diff --git a/debian/changelog b/debian/changelog index 9074eb15..f916753b 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,34 @@ +livecd-rootfs (2.700) hirsute; urgency=medium + + [ David Krauser ] + * buildd: produce kernel and initrd as separate artifacts + * buildd: call update-initramfs for all installed kernels + We only have one kernel installed, so we don't need to + specify an explicit version. + * Include -security and -updates packages in bootable buildd images + * Produce buildd kernel and initrd as separate artifacts + + [ Patrick Viafore ] + * Replace archive.ubuntu.com and security.ubuntu.com with launchpad + mirrors. This is only done inside a build context, and the original + sources.list file is restored at the end of the build + + [ Robert C Jennings ] + * Use build env archive mirror in binary hooks + * Ensure a binary hook has not changed the temporary sources.list + + [ Dimitri John Ledkov ] + * disk-image.binary: actually skip building MBR image on EFI platforms. + * disk-image.binary: skip building MBR image on riscv64. + * disk-image.binary: however still build MBR image on amd64. + * disk-image-uefi.binary: enable secureboot on the arm64 image. + * disk-image-uefi.binary: build riscv64 image without a bootloader. + + [ Sebastien Bacher ] + * During the layered build generate the right content for no languages + + -- Dimitri John Ledkov Thu, 19 Nov 2020 17:43:47 +0000 + livecd-rootfs (2.699) hirsute; urgency=medium * hyper-v hook: Fix writing of pkla file out to correct scratch directory diff --git a/live-build/auto/config b/live-build/auto/config index e95d5a88..5694708e 100755 --- a/live-build/auto/config +++ b/live-build/auto/config @@ -218,7 +218,7 @@ remove_packages_from_seed_regexp() { if [ -z "${seed_regexp}" ]; then pass="${1}.no-${2}" _register_pass "$pass" - subtract_package_lists ${2} "" >> config/package-lists/livecd-rootfs.removal-list.chroot_$pass + subtract_package_lists ${2} "desktop-minimal" >> config/package-lists/livecd-rootfs.removal-list.chroot_$pass return fi diff --git a/live-build/buildd/hooks/52-linux-virtual-image.binary b/live-build/buildd/hooks/52-linux-virtual-image.binary index d8efab84..4f791e8e 100755 --- a/live-build/buildd/hooks/52-linux-virtual-image.binary +++ b/live-build/buildd/hooks/52-linux-virtual-image.binary @@ -36,12 +36,19 @@ cleanup_linux_virtual() { } trap cleanup_linux_virtual EXIT -# Install dependencies +# The base image is built with packages from the release pocket; +# however, we want the latest from updates and security. Those +# pockets are already enabled, we just need to perform an upgrade +# to pull in the latest packages. env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ update --assume-yes # Perform a dist-upgrade to pull in package updates env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ dist-upgrade --assume-yes +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + dist-upgrade --assume-yes + +# Install dependencies env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ install -y lsb-release locales initramfs-tools busybox-initramfs \ udev dbus netplan.io cloud-init openssh-server sudo snapd @@ -56,8 +63,11 @@ chroot "$mount_d" update-grub undivert_grub "$mount_d" # Update initramfs image -chroot "$mount_d" \ - sh -c 'update-initramfs -c -v -k $(ls /boot/vmlinuz*generic | sed 1q | cut -d- -f2-3)' +chroot "$mount_d" update-initramfs -c -v -k all + +# extract kernel and initrd +cp $mount_d/boot/initrd.img-* livecd.$PROJECT.initrd-generic +cp $mount_d/boot/vmlinuz-* livecd.$PROJECT.vmlinuz-generic # Cleanup env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ diff --git a/live-build/functions b/live-build/functions index 7197a152..aba59859 100644 --- a/live-build/functions +++ b/live-build/functions @@ -87,6 +87,42 @@ mount_image() { return 0 } +use_lp_archives_in_sourceslist(){ + # Use the build environment apt mirror during the build, + # for both archive and security. + # live-build does this in the chroot (lb_chroot_archives) + # but not for the binary hooks + # + # To restore the sourceslist back to the original, call + # recover_sourceslist + + mountpoint="${1}" + MOUNTPOINT_BACKUP_SOURCES_LIST="sources.list.tmp" + . config/bootstrap # For the LB_MIRROR_* variables + cp -a "${mountpoint}/etc/apt/sources.list" "${MOUNTPOINT_BACKUP_SOURCES_LIST}" + sed -i "s#http://archive.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \ + "${mountpoint}/etc/apt/sources.list" + sed -i "s#http://security.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \ + "${mountpoint}/etc/apt/sources.list" + + sha256sum "${mountpoint}/etc/apt/sources.list" > sources.list.sha +} + +recover_sourceslist(){ + # Remove the build environment apt mirror from the image + + # Check that the sources.list has not changed. If it has changed then the + # binary hook has modified the file that will be discarded. If the build + # fails here the binary hook needs to alter sources.list.tmp and regenerate + # sources.list.sha + + mountpoint="${1}" + sha256sum --check sources.list.sha + + mv "${MOUNTPOINT_BACKUP_SOURCES_LIST}" "${mountpoint}/etc/apt/sources.list" + unset MOUNTPOINT_BACKUP_SOURCES_LIST +} + setup_mountpoint() { local mountpoint="$1" @@ -109,6 +145,7 @@ setup_mountpoint() { cp /etc/resolv.conf "$mountpoint/etc/resolv.conf" mv "$mountpoint/etc/nsswitch.conf" nsswitch.conf.tmp sed 's/systemd//g' nsswitch.conf.tmp > "$mountpoint/etc/nsswitch.conf" + use_lp_archives_in_sourceslist "${mountpoint}" chroot "$mountpoint" apt-get update } @@ -125,6 +162,7 @@ teardown_mountpoint() { mount --make-private $submount umount $submount done + recover_sourceslist "${mountpoint}" mv resolv.conf.tmp "$mountpoint/etc/resolv.conf" mv nsswitch.conf.tmp "$mountpoint/etc/nsswitch.conf" } diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary index f997bb4e..916bc424 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary @@ -1,7 +1,7 @@ #!/bin/bash -eux case $ARCH in - amd64|arm64|armhf) + amd64|arm64|armhf|riscv64) ;; *) echo "We don't create EFI images for $ARCH." @@ -35,6 +35,15 @@ create_partitions() { --typecode=15:ef00 \ --new=1: ;; + riscv64) + # same as arm64/armhf, but set bit 2 legacy bios bootable + # on the first partition for uboot + sgdisk "${disk_image}" \ + --new=15:0:204800 \ + --typecode=15:ef00 \ + --new=1: \ + --attributes=1:set:2 + ;; amd64) sgdisk "${disk_image}" \ --new=14::+4M \ @@ -81,7 +90,7 @@ install_grub() { # please file a bug against grub2 to include the affected module. case $ARCH in arm64) - chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm64 grub-efi-arm64-bin + chroot mountpoint apt-get -qqy install --no-install-recommends shim-signed grub-efi-arm64-signed efi_target=arm64-efi ;; armhf) @@ -92,6 +101,22 @@ install_grub() { chroot mountpoint apt-get install -qqy grub-pc shim-signed efi_target=x86_64-efi ;; + riscv64) + # TODO does not exist yet on riscv64 + chroot mountpoint apt-get install -qqy u-boot-menu #grub-efi-riscv64 + efi_target=riscv64-efi + + chroot mountpoint u-boot-update + + ## TODO remove below once we have grub-efi-riscv64 + rm mountpoint/tmp/device.map + umount mountpoint/boot/efi + mount + umount_partition mountpoint + rmdir mountpoint + return + ## + ;; esac chroot mountpoint apt-get autoremove --purge --assume-yes diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary index 96bf83a5..ed383109 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image.binary @@ -19,10 +19,6 @@ case $ARCH:$SUBARCH in echo "POWER disk images are handled separately" exit 0 ;; - amd64|arm64|armhf) - echo "We only create EFI images for $ARCH." - exit 0 - ;; armhf:raspi2) # matches the size of the snappy image IMAGE_SIZE=$((4*1000*1000*1000)) @@ -31,6 +27,10 @@ case $ARCH:$SUBARCH in BOOTPART_END=138M BOOT_MOUNTPOINT=/boot/firmware ;; + arm64:*|armhf:*|riscv64:*) + echo "We only create EFI images for $ARCH." + exit 0 + ;; *) ;; esac