From 8a0a5a7e4af68e07e9047c71e2c3bc1b85dfdcc1 Mon Sep 17 00:00:00 2001
From: Julian Andres Klode <julian.klode@canonical.com>
Date: Wed, 10 Jan 2024 18:13:05 +0100
Subject: [PATCH] Switch from sources.list to ubuntu.sources

Template is based on the specification with some rewording for
Ubuntu Pro as agreed.

v2:
- Enabled backports by default (I did not see that!)
- Enabled restricted, multiverse security updates
- Replaced tweaked with adjusted

v3:
- Insert an explanatory sources.list

LP: #2048129
---
 live-build/functions | 132 ++++++++++++++++++++++++++-----------------
 1 file changed, 81 insertions(+), 51 deletions(-)

diff --git a/live-build/functions b/live-build/functions
index 85e58aa3..18124302 100644
--- a/live-build/functions
+++ b/live-build/functions
@@ -101,15 +101,27 @@ use_lp_archives_in_sourceslist(){
     # recover_sourceslist
 
     mountpoint="${1}"
-    MOUNTPOINT_BACKUP_SOURCES_LIST="sources.list.tmp"
     . config/bootstrap  # For the LB_MIRROR_* variables
-    cp -a "${mountpoint}/etc/apt/sources.list" "${MOUNTPOINT_BACKUP_SOURCES_LIST}"
-    sed -i "s#http://archive.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \
-        "${mountpoint}/etc/apt/sources.list"
-    sed -i "s#http://security.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \
-        "${mountpoint}/etc/apt/sources.list"
-
-    sha256sum "${mountpoint}/etc/apt/sources.list" > sources.list.sha
+    if [ -e "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources" ]; then
+        MOUNTPOINT_BACKUP_UBUNTU_SOURCES="ubuntu.sources.tmp"
+        cp -a "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources" "${MOUNTPOINT_BACKUP_UBUNTU_SOURCES}"
+        sed -i "s#http://archive.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \
+            "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources"
+        sed -i "s#http://security.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \
+            "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources"
+
+        sha256sum "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources" > ubuntu.sources.sha
+    fi
+    if [ -e "${mountpoint}/etc/apt/sources.list" ]; then
+        MOUNTPOINT_BACKUP_SOURCES_LIST="sources.list.tmp"
+        cp -a "${mountpoint}/etc/apt/sources.list" "${MOUNTPOINT_BACKUP_SOURCES_LIST}"
+        sed -i "s#http://archive.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \
+            "${mountpoint}/etc/apt/sources.list"
+        sed -i "s#http://security.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \
+            "${mountpoint}/etc/apt/sources.list"
+
+        sha256sum "${mountpoint}/etc/apt/sources.list" > sources.list.sha
+    fi
 }
 
 recover_sourceslist(){
@@ -121,10 +133,18 @@ recover_sourceslist(){
     # sources.list.sha
 
     mountpoint="${1}"
-    sha256sum --check sources.list.sha
+    if [ -e "${MOUNTPOINT_BACKUP_UBUNTU_SOURCES:-/doesnotexist}" ]; then
+        sha256sum --check ubuntu.sources.sha
+
+        mv "${MOUNTPOINT_BACKUP_UBUNTU_SOURCES}" "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources"
+        unset MOUNTPOINT_BACKUP_UBUNTU_SOURCES
+    fi
+    if [ -e "${MOUNTPOINT_BACKUP_SOURCES_LIST:-/doesnotexist}" ]; then
+        sha256sum --check sources.list.sha
 
-    mv "${MOUNTPOINT_BACKUP_SOURCES_LIST}" "${mountpoint}/etc/apt/sources.list"
-    unset MOUNTPOINT_BACKUP_SOURCES_LIST
+        mv "${MOUNTPOINT_BACKUP_SOURCES_LIST}" "${mountpoint}/etc/apt/sources.list"
+        unset MOUNTPOINT_BACKUP_SOURCES_LIST
+    fi
 }
 
 setup_mountpoint() {
@@ -872,48 +892,58 @@ configure_universe() {
         # debian-installer's apt-setup:
 
         cat > chroot/etc/apt/sources.list << EOF
+# Ubuntu sources have moved to the /etc/apt/sources.list.d/ubuntu.sources
+# file, which uses the deb822 format. Use deb822-formatted .sources files
+# to manage package sources in the /etc/apt/sources.list.d/ directory.
+# See the sources.list(5) manual page for details.
+EOF
+
+        cat > chroot/etc/apt/sources.list.d/ubuntu.sources << EOF
 # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
 # newer versions of the distribution.
-deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted
-# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted
-
-## Major bug fix updates produced after the final release of the
-## distribution.
-deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted
-# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted
-
-## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
-## team. Also, please note that software in universe WILL NOT receive any
-## review or updates from the Ubuntu security team.
-deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe
-# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe
-deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe
-# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe
-
-## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
-## team, and may not be under a free licence. Please satisfy yourself as to
-## your rights to use the software. Also, please note that software in
-## multiverse WILL NOT receive any review or updates from the Ubuntu
-## security team.
-deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse
-# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse
-deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse
-# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse
-
-## N.B. software from this repository may not have been tested as
-## extensively as that contained in the main release, although it includes
-## newer versions of some applications which may provide useful features.
-## Also, please note that software in backports WILL NOT receive any review
-## or updates from the Ubuntu security team.
-deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse
-# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse
-
-deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted
-# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted
-deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe
-# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe
-deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse
-# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse
+
+## Ubuntu distribution repository
+##
+## The following settings can be adjusted to configure which packages to use from Ubuntu.
+## Mirror your choices (except for URIs and Suites) in the security section below to
+## ensure timely security updates.
+##
+## Types: Append deb-src to enable the fetching of source package.
+## URIs: A URL to the repository (you may add multiple URLs)
+## Suites: The following additional suites can be configured
+##   <name>-updates   - Major bug fix updates produced after the final release of the
+##                      distribution.
+##   <name>-backports - software from this repository may not have been tested as
+##                      extensively as that contained in the main release, although it includes
+##                      newer versions of some applications which may provide useful features.
+##                      Also, please note that software in backports WILL NOT receive any review
+##                      or updates from the Ubuntu security team.
+## Components: Aside from main, the following components can be added to the list
+##   restricted  - Software that may not be under a free license, or protected by patents.
+##   universe    - Community maintained packages.
+##                 Software from this repository is only maintained and supported by Canonical
+##                 for machines with Ubuntu Pro subscriptions. Without Ubuntu Pro, the Ubuntu
+##                 community provides best-effort security maintenance.
+##   multiverse  - Community maintained of restricted. Software from this repository is
+##                 ENTIRELY UNSUPPORTED by the Ubuntu team, and may not be under a free
+##                 licence. Please satisfy yourself as to your rights to use the software.
+##                 Also, please note that software in multiverse WILL NOT receive any
+##                 review or updates from the Ubuntu security team.
+##
+## See the sources.list(5) manual page for further settings.
+Types: deb
+URIs: $LB_PARENT_MIRROR_BINARY
+Suites: $LB_DISTRIBUTION $LB_DISTRIBUTION-updates $LB_DISTRIBUTION-backports
+Components: main universe restricted multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
+
+## Ubuntu security updates. Aside from URIs and Suites,
+## this should mirror your choices in the previous section.
+Types: deb
+URIs: $LB_PARENT_MIRROR_BINARY_SECURITY
+Suites: $LB_DISTRIBUTION-security
+Components: main universe restricted multiverse
+Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
 EOF
 
 fi