diff --git a/debian/changelog b/debian/changelog index 894485ae..80a26fc5 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,18 @@ +livecd-rootfs (2.466) artful; urgency=medium + + * ubuntu-server: drop hard-coded test key from the subiquity overlay in + favor of the generic-classic assertion from the store. + * move snap assertion handling into the generic build script (and, in + the process, from the subiquity overlay to the base squashfs). + * add ubuntu-mate to the set of projects we add snap model assertions to. + * Factor out grub-related diversions and use them consistently, so we + don't end up with wrong os-probe output in our grub.cfg. + * Fix the force-partuuid handling to create the file under + /etc/default/grub.d/ with a .cfg extension as grub expects; it's unclear + how this ever worked without. + + -- Steve Langasek Wed, 04 Oct 2017 23:02:36 -0700 + livecd-rootfs (2.465) artful; urgency=medium * Skip installation of kernel headers for all minimal images diff --git a/live-build/auto/build b/live-build/auto/build index 37af4b0e..5b1e147e 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -297,6 +297,31 @@ deb file:/var/lib/preinstalled-pool/ $LB_DISTRIBUTION $LB_PARENT_ARCHIVE_AREAS > chroot/etc/apt/sources.list rm chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig fi + case $PROJECT:$SUBPROJECT in + ubuntu-server:live|ubuntu-mate:*) + assertions_dir="chroot/var/lib/snapd/seed/assertions" + model_assertion="$assertions_dir/generic-classic.model" + account_key_assertion="$assertions_dir/generic.account-key" + account_assertion="$assertions_dir/generic.account" + + mkdir -p "$assertions_dir" + snap known --remote model series=16 \ + model=generic-classic brand-id=generic \ + > "$model_assertion" + account_key=$(sed -n -e's/sign-key-sha3-384: //p' \ + < "$model_assertion") + + snap known --remote account-key \ + public-key-sha3-384="$account_key" \ + > "$account_key_assertion" + account=$(sed -n -e's/account-id: //p' \ + < "$account_key_assertion") + + snap known --remote account account-id=generic \ + > "$account_assertion" + ;; + esac + if [ "$PROJECT" = "ubuntu-touch" ] || [ "$PROJECT" = "ubuntu-touch-custom" ]; then if [ "$ARCH" = "armhf" ]; then INFO_DESC="$(lsb_release -d -s)" diff --git a/live-build/functions b/live-build/functions index 7fe52f30..4b316eb5 100644 --- a/live-build/functions +++ b/live-build/functions @@ -277,9 +277,38 @@ replace_grub_root_with_label() { # If boot by partuuid has been requested, don't override. if [ -f $CHROOT_ROOT/etc/default/grub.d/40-partuuid ] && \ - grep -q ^GRUB_FORCE_PARTUUID= $CHROOT_ROOT/etc/default/grub.d/40-partuuid; then + grep -q ^GRUB_FORCE_PARTUUID= $CHROOT_ROOT/etc/default/grub.d/40-partuuid.cfg; then return 0 fi sed -i -e "s,root=[^ ]\+,root=LABEL=${fs_label}," \ "$CHROOT_ROOT/boot/grub/grub.cfg" } + + +# When running update-grub in a chroot on a build host, we don't want it to +# probe for disks or probe for other installed OSes. Extract common +# diversion wrappers, so this isn't reinvented differently for each image. +divert_grub() { + CHROOT_ROOT="$1" + + chroot "$CHROOT_ROOT" dpkg-divert --local \ + --rename /usr/sbin/grub-probe + chroot "$CHROOT_ROOT" touch /usr/sbin/grub-probe + chroot "$CHROOT_ROOT" chmod +x /usr/sbin/grub-probe + + chroot "$CHROOT_ROOT" dpkg-divert --local \ + --divert /etc/grub.d/30_os-prober.dpkg-divert \ + --rename /etc/grub.d/30_os-prober +} + +undivert_grub() { + CHROOT_ROOT="$1" + + chroot "$CHROOT_ROOT" rm /usr/sbin/grub-probe + chroot "$CHROOT_ROOT" dpkg-divert --remove --local \ + --rename /usr/sbin/grub-probe + + chroot "$CHROOT_ROOT" dpkg-divert --remove --local \ + --divert /etc/grub.d/30_os-prober.dpkg-divert \ + --rename /etc/grub.d/30_os-prober +} diff --git a/live-build/ubuntu-cpc/hooks/032-disk-image.binary b/live-build/ubuntu-cpc/hooks/032-disk-image.binary index bb8bfc11..e369dfc9 100755 --- a/live-build/ubuntu-cpc/hooks/032-disk-image.binary +++ b/live-build/ubuntu-cpc/hooks/032-disk-image.binary @@ -124,8 +124,10 @@ if [ "${should_install_grub}" -eq 1 ]; then if [ "${SUBPROJECT:-}" = minimized ] && [ -n "$partuuid" ]; then echo "partuuid found for root device; forcing it in Grub" mkdir -p mountpoint/etc/default/grub.d - echo "GRUB_FORCE_PARTUUID=$partuuid" >> mountpoint/etc/default/grub.d/40-force-partuuid + echo "GRUB_FORCE_PARTUUID=$partuuid" >> mountpoint/etc/default/grub.d/40-force-partuuid.cfg + divert_grub mountpoint chroot mountpoint update-grub + undivert_grub mountpoint fi fi diff --git a/live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary b/live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary index 932484ea..8e8b0070 100755 --- a/live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary +++ b/live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary @@ -67,7 +67,7 @@ install_grub() { # and 033-disk-image-uefi.binary. We want to fix this to not # have initramfs-tools installed at all on these images. echo "partuuid found for root device; omitting initrd" - echo "GRUB_FORCE_PARTUUID=$partuuid" >> mountpoint/etc/default/grub.d/40-force-partuuid + echo "GRUB_FORCE_PARTUUID=$partuuid" >> mountpoint/etc/default/grub.d/40-force-partuuid.cfg fi chroot mountpoint apt-get -y update @@ -110,10 +110,10 @@ install_grub() { chroot mountpoint grub-install --target=i386-pc "${loop_device}" fi - chroot mountpoint dpkg-divert --local --rename /etc/grub.d/30_os-prober + divert_grub mountpoint chroot mountpoint update-grub replace_grub_root_with_label mountpoint - chroot mountpoint dpkg-divert --remove --local --rename /etc/grub.d/30_os-prober + undivert_grub mountpoint chroot mountpoint apt-get -y clean diff --git a/live-build/ubuntu-cpc/hooks/034-disk-image-ppc64el.binary b/live-build/ubuntu-cpc/hooks/034-disk-image-ppc64el.binary index 62a02094..649843e4 100755 --- a/live-build/ubuntu-cpc/hooks/034-disk-image-ppc64el.binary +++ b/live-build/ubuntu-cpc/hooks/034-disk-image-ppc64el.binary @@ -52,10 +52,10 @@ EOF --boot-directory=/boot \ --target=powerpc-ieee1275 - chroot mountpoint dpkg-divert --local --rename /etc/grub.d/30_os-prober + divert_grub mountpoint chroot mountpoint update-grub replace_grub_root_with_label mountpoint - chroot mountpoint dpkg-divert --remove --local --rename /etc/grub.d/30_os-prober + undivert_grub mountpoint umount_partition mountpoint rmdir mountpoint diff --git a/live-build/ubuntu-server/hooks/032-installer-squashfs.binary b/live-build/ubuntu-server/hooks/032-installer-squashfs.binary index 216f1922..81f5b658 100755 --- a/live-build/ubuntu-server/hooks/032-installer-squashfs.binary +++ b/live-build/ubuntu-server/hooks/032-installer-squashfs.binary @@ -70,83 +70,6 @@ snaps: EOF ' -cat < $SQUASH_ROOT/var/lib/snapd/seed/assertions/cyphermox.account -type: account -authority-id: canonical -account-id: H0szZPjHTU4x04XeYjLyv8tJqYXq7cYk -display-name: Mathieu Trudel -timestamp: 2016-09-12T20:11:03.478544Z -username: cyphermox -validation: unproven -sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul - -AcLBUgQAAQoABgUCV9cL1wAAbQIQAEa8X5Bf2achG/9gC2d9YHWE+Uk9/FXK58bZ4Ym5VDTPW2Es -BZOTMA6ROcCrii8/HM88+5bKGGoYLVNjfYUosYfR31kkFT1z1payhs4zfhANTBHXQpeNlGASm9ua -O1UkBNFJwYu+tRh9gsY5wuryjfxXndS2pzUm2fXlFB4I/FgQEZnKJP99C3H0cUkGHzEwadRc7vqu -/B+mmlwX/pgzlUwt3EXkCpx0hvN4ZgSzyKAtLn+ij2XSe4MxptT/uGCY2tnqsSa+H6J+O0RYENYD -Xa7MJLXSGS9iqOwBkTO5X1eHSNPUs0LqzAqz4zTL5Kd9c/ohFwPzZpO8ltLA2nhKEfHzofMsMjEi -qwhCDQ5LZD93dQ/VWzmmrCi9cmy+mci7K+hEYLtopzbkMl7cFBVVc2pQlTArspsFy9aMurCs4m8K -GfGJOmvYP4Rnn8YYVLtAIPbGADAzG4mxBDxc8r+NRCprDIJmVHed/aQo6gNNip6VHi7xORnAJYRI -0XQThASCRYzZxEBv3iND0GzAlRdlOLA+x+jRt2CDg0qLQ5DmuXGePEkEyJEMQb+OBsFHrPcvX1UI -eHoKL9ZyvcrhsuPmG92P2UYiGp7qeKYmPQFsWNNh/R18tgingyJbm75pAE8MrpyZ1TTyDEYhwzbm -F5zdm4dy0k1EGMhTTDz/hzlE0Ugw -EOF - -cat < $SQUASH_ROOT/var/lib/snapd/seed/assertions/cyphermox-sn-test.account-key -type: account-key -authority-id: canonical -public-key-sha3-384: vihTQiNMkgsi2g39sggy3k4EVGrkFyWMof_nIrCbhxSOO7U00PRD_TDeWrpqGNor -account-id: H0szZPjHTU4x04XeYjLyv8tJqYXq7cYk -name: cyphermox-sn-test -since: 2017-03-14T21:24:50Z -body-length: 717 -sign-key-sha3-384: BWDEoaqyr25nF5SNCvEv2v7QnM9QsfCc0PBMYD_i2NGSQ32EF2d4D0hqUel3m8ul - -AcbBTQRWhcGAARAAqJ9Xdy+csx9nQkipmldiKNsBKqwRh3HjwlnSrBm/YpI7Jbgs6zubD8Zj/hwr -bQiu4E2d6aobJcn3cgNdTlCEXES1M3sC6vSmkuz2fXdHRsYD6V3l5rlPjlyWPGNajcKvn1lEyOxC -j6efASJysX5lCDPfGy8Joe4OdeZxmPAwCJpuxpltlSMBlPjCHBgHMzv+C1zh9wkBuFh3wDIFP8ih -hnzGN/UevSHMfZCGh3y20TzDHeaeI35hiHkaibQuifqVNMTjnxReYKHV2eAP8/2XpEhfMAU6AD/Y -020ayr9REE/c6KTYq7Po7REzvUrWlG0KknBtHM7wCn9puo5HrM767K0H+ts6fsrvx5kRC5ZheVOf -Jh3EoXYQYCL1EGw0bzU03Lxx0RQ6teEc0WTDzky54vFr6UHjCAwethpzZ7MtZRdfwW4r/jUcxwXR -JXXKh03WK/ivhtr9KAROVkdUeMb/txp/8DvLW5zs7ohTaaC0qH5J+MMp0lm6ux0S8WyPmMOcb0SP -0IwOTvQc1ALDG3SiUgtJRP9Kt5jeuWIltH0cYE+QGPzey+fJ+iJx0QmeVnF2+O2JH2RihR5uJIBE -HzQlNMVZB/iyjgdCLamMUeqa6DAOpzR2haIRgaXKtK0G9Ho1ArEsXZsRiFYorhtxzrwGmkq7kGCw -tsY2pTeILZO1QPMAEQEAAQ== - -AcLBUgQAAQoABgUCWMhfrAAAXn4QALo795LKWhSNlzI7KIz3hq6rFK1YVDbj3KXW8xoF1FEwyE51 -4s1hZXc5N5h7DO49pj7JcXtE+Vi2gV+X294BqRevglBZgMwUtXdHX29IgPAx0jR9ARybS9A0QQYV -OaoKmnq+44p76D2gZz0blax18uROJCKfL6GCRw29/C/GJWpRnEEJlXC2DVD45vJeptSqLDcBL6z+ -AypoV9NhJlmGm2jxPg5Jm+BdkyCZSbfNMw2sBcjJbs63KHgE9XsaP6Frb9gBexwXCx8/U6Y2jFTL -wmyHpXXjBY0et8ze2bcqcEsDeW30eFALki/+FfPzjTtxY/Xo/r2j78YMHVFOkWJYj3MZJ+LJ0UWC -eM4xzJm2ROwxFhFpIqlIRtR6WUPIxAx3Fb1j3uDTSBXDYv/hjxhSLZpw3/AN7Rj7pLWnwfD3076i -3R900ad3/tRQp8hlrn4H9zRxBwaCKhZ9h1kfmyHcVpf0Nk03Fe5tHTai0pdHpC6bPi798Iw6qt0r -D7VoKv29fa55zlGRTAG9mW0cbgkKUq1SBtLnBSy+peluVGjJWgZ3j1K9waTEoQPiNn6/JJvg2GjK -awZPm8R1ngBYQs/vGPhcfz8DGF3uwFzbSh/bLAKky22qrRypTtczDXw4H1LWPlUvB4cQfTY6Ad+w -KaHPaPmuIpn1DVEfPhNeByz57PDu -EOF - -cat < $SQUASH_ROOT/var/lib/snapd/seed/assertions/cyphermox-classic.model -type: model -authority-id: H0szZPjHTU4x04XeYjLyv8tJqYXq7cYk -series: 16 -brand-id: H0szZPjHTU4x04XeYjLyv8tJqYXq7cYk -model: cyphermox-test-classic -classic: true -timestamp: 2017-03-15T14:32:45+00:00 -sign-key-sha3-384: vihTQiNMkgsi2g39sggy3k4EVGrkFyWMof_nIrCbhxSOO7U00PRD_TDeWrpqGNor - -AcLBXAQAAQoABgUCWMm5vAAKCRBdai1JSycAlUiAD/41bWorQOI343Ub/JVGFXN8aHXwZWh2iVzY -m42QbHZSuyyLBLiEqauiQLvuFa3Dtb3i6GC6hdtOlf/sPwZISriWrNuO5qPXik5SqP5zZop/qy4y -msWpG1S6M/aNqGVfUPIx0v7l9iTb4ZG9hyyxPwdE5lFj4nIqWlu6rIGPCGC+dfAS62PPkUGdXqzV -VOA6/D2FgthhxywaZZwSLwzP/Ee+JAgeO17iX605Lb0dzy/5HmopM7G8wUgzidPUY9AIZ63gr+GP -KyBrvwHzE6PbH9QjQy1Z7DhkThKeViocx67ewnBocBr75F09LfcVR+cAxMujSs7NBbYl444aQeth -HUuLwvuH189KsnQdqF2Tfta5lkCn9Uqeshq2c2jGyYXBTpvxyQny4X+yQZF1uEalH3PRR+AxIT9Y -2siMLMuRyS/iMhIkLToutzuhZS+7ujuGs7H4l9C0hUon9c+62XEIkNH4rjutR7lCuFbE3CMqVl9H -lgGQ6HXl0uoJHEzK4T1+ipstSiujn9KD+8LCtkz0YWFmdWQ97VHB2Wmjp4c2bze+BojbqJyfJ2bo -AAHP0AEiHQ7zN0yLl7+fkYIMy64xQJqamH1Z2BFN0GWMPwTjpXpszOC+ev7Bpbg0xoldQ1tBHHxH -J4Weia71DnXOnt8cj1VhebVMlyv7B/TGAbGwgprgmQ== -EOF - teardown_mountpoint "$SQUASH_ROOT" # Then unmount the overlay