diff --git a/debian/changelog b/debian/changelog index 4f066a67..afc96acf 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,41 @@ +livecd-rootfs (2.847) mantic; urgency=medium + + * canary images: add boot-managed-by-snapd preinstalled by default on the + enhanced-secureboot layer. This will make sure that all canary installs + will not allow installing non-snap kernels and bootloader packages (as + this could break their systems). + + -- Łukasz 'sil2100' Zemczak Mon, 05 Jun 2023 16:57:58 +0200 + +livecd-rootfs (2.846) mantic; urgency=medium + + * Make the newly added mtools dependency arch-specific as it's not + installable on i386, causing migration issues. + + -- Łukasz 'sil2100' Zemczak Thu, 01 Jun 2023 11:40:52 +0200 + +livecd-rootfs (2.845) mantic; urgency=medium + + * Add the mtools dependency for ubuntu-image. + + -- Łukasz 'sil2100' Zemczak Wed, 31 May 2023 17:08:44 +0200 + +livecd-rootfs (2.844) mantic; urgency=medium + + * Switch to use ubuntu-image 3.0 for our raspberry pi mantic images. + + -- Łukasz 'sil2100' Zemczak Wed, 31 May 2023 15:15:09 +0200 + +livecd-rootfs (2.843) mantic; urgency=medium + + * Unconditionally enable i386 in the chroot for Ubuntu Desktop; the new + installer doesn't handle enabling this at install time, and late + enablement also misses us some recommends. + * Restore losetup code, the necessary launchpad-buildd changes were being + deployed just as this revert landed. + + -- Steve Langasek Fri, 26 May 2023 13:51:18 -0700 + livecd-rootfs (2.842) mantic; urgency=medium * Revert once again the kpartx->losetup changes as those are causing diff --git a/debian/control b/debian/control index c8c78a76..0fb57629 100644 --- a/debian/control +++ b/debian/control @@ -27,6 +27,8 @@ Depends: ${misc:Depends}, lsb-release, lzma, make, + mount, + mtools [!i386], parted, procps, python3, @@ -38,8 +40,7 @@ Depends: ${misc:Depends}, snapd (>= 2.39) [!i386], squashfs-tools (>= 1:3.3-1), sudo, - u-boot-tools [armhf arm64], - ubuntu-image [!i386 !riscv64], + u-boot-tools [arm64 armhf], python3-vmdkstream [amd64 i386], xorriso [!i386], xz-utils, diff --git a/live-build/auto/build b/live-build/auto/build index df39063c..824d3a30 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -89,9 +89,15 @@ PREFIX="livecd.$PROJECT${SUBARCH:+-$SUBARCH}" if [ "${IMAGEFORMAT:-}" = "ubuntu-image" ]; then # Use ubuntu-image instead of live-build + export SNAPPY_STORE_NO_CDN=1 + snap install --classic ubuntu-image + + # TODO: eventually, this should be handled by a single ubuntu-image + # call without having to do a conditional on ubuntu-core/classic. + # We could already do that, but then we'd still have to do the + # compressing for the core images. if [ "$PROJECT" = "ubuntu-core" ]; then - env SNAPPY_STORE_NO_CDN=1 \ - ubuntu-image snap $UBUNTU_IMAGE_ARGS \ + /snap/bin/ubuntu-image snap $UBUNTU_IMAGE_ARGS \ -O output "$PREFIX".model-assertion # XXX: currently we only have one image generated, but really # we should be supporting more than one for models that @@ -100,20 +106,23 @@ if [ "${IMAGEFORMAT:-}" = "ubuntu-image" ]; then xz -0 -T4 "$PREFIX".img mv output/seed.manifest "$PREFIX".manifest else - # First we need to build the gadget tree - make -C "config/$PREFIX-gadget" \ - ARCH=$ARCH SERIES=$SUITE $GADGET_TARGET - ubuntu-image classic $UBUNTU_IMAGE_ARGS \ - -s $SUITE -p $PROJECT -a $ARCH --subarch $SUBARCH \ - -O output config/$PREFIX-gadget/install - # XXX: currently we only have one image generated, but really - # we should be supporting more than one for models that - # define those. - mv output/*.img "$PREFIX".img - xz -0 -T4 "$PREFIX".img - # Also link the output image to a filename that cdimage expects - ln "$PREFIX".img.xz livecd.ubuntu-cpc.disk1.img.xz - mv output/filesystem.manifest "$PREFIX".manifest + /snap/bin/ubuntu-image classic --verbose $UBUNTU_IMAGE_ARGS \ + -O output "$PREFIX".yaml + # Since the output of the ubuntu-image call can vary based on what + # kind of an image we build, the safest bet is to 'export' all the + # artifacts from the output directory. The image definition file + # should be what defines what is expected, so that we don't have + # to tweak livecd-rootfs everytime a different type of artifact + # is needed. + for artifact in output/*; do + # We want to be dynamic, and want to support even + # two-part extensions. + filename=$(basename $artifact) + noversion=$(echo $filename | sed 's/[0-9][0-9]\.[0-9][0-9]//') + extension=${noversion#*.} + mv $artifact "$PREFIX".$extension + done + [ -f $PREFIX.img ] && xz -0 -T4 "$PREFIX".img fi exit 0 diff --git a/live-build/auto/config b/live-build/auto/config index 00408808..170ca688 100755 --- a/live-build/auto/config +++ b/live-build/auto/config @@ -322,8 +322,9 @@ _get_live_passes () if [ -z "${IMAGEFORMAT:-}" ]; then case $PROJECT:${SUBPROJECT:-} in ubuntu-cpc:*|ubuntu:desktop-preinstalled|ubuntu-wsl:*) - case $SUBARCH in - raspi|intel-iot) + case $ARCH+${SUBARCH:-} in + *+raspi) + # All raspi images use ubuntu-image. IMAGEFORMAT=ubuntu-image ;; *) @@ -496,41 +497,20 @@ case $IMAGEFORMAT in else # classic images - # Certain models have different names but are built from the same source gadget tree - case $MODEL in - pi-arm64|pi3-arm64) - MODEL=pi - ;; - intel-iot) - MODEL=pc - ;; - esac - - GADGET_TARGET="server" - if [ "$SUBPROJECT" = "desktop-preinstalled" ]; then - GADGET_TARGET="desktop" - fi + IMAGE_PROJECT=$PROJECT + [ "$IMAGE_PROJECT" = "ubuntu-cpc" ] && IMAGE_PROJECT="ubuntu-server" + DEFINITION="$IMAGE_PROJECT-$MODEL.yaml" - UBUNTU_IMAGE_ARGS="$UBUNTU_IMAGE_ARGS${SUBPROJECT:+ --subproject \"$SUBPROJECT\"}" - UBUNTU_IMAGE_ARGS="$UBUNTU_IMAGE_ARGS${PROPOSED:+ --with-proposed}" - UBUNTU_IMAGE_ARGS="$UBUNTU_IMAGE_ARGS${EXTRA_PPAS:+ --extra-ppas \"$EXTRA_PPAS\"}" - - # We need to look in two places for the gadget tree: - # - Launchpad hosted gadgets will be in the snap-gadget repo - # - Github hosted gadgets are mirrored into a github-mirror repo - BRANCH="classic" - git clone git://git.launchpad.net/~canonical-foundations/snap-$MODEL/+git/snap-$MODEL -b $BRANCH config/$PREFIX-gadget || git clone git://git.launchpad.net/~canonical-foundations/snap-$MODEL/+git/github-mirror -b $BRANCH config/$PREFIX-gadget || git clone git://git.launchpad.net/~canonical-foundations/snap-$MODEL/+git/github-mirror-$ARCH -b $BRANCH config/$PREFIX-gadget - - echo "IMAGEFORMAT=$IMAGEFORMAT" >> config/common - echo "SUITE=$SUITE" >> config/common - echo "GADGET_TARGET=$GADGET_TARGET" >> config/common - echo "UBUNTU_IMAGE_ARGS=\"$UBUNTU_IMAGE_ARGS\"" >> config/common - - echo "Configured ubuntu-image for the following gadget model: $MODEL" + git clone git://git.launchpad.net/ubuntu-images -b $SUITE image-definitions + cp image-definitions/$DEFINITION "$PREFIX".yaml + echo "Configured ubuntu-image for the following image-definition:" + cat "$PREFIX".yaml + echo "----------------------------------------------------------" fi # Save the model name used for building, mostly for any model-specific hook execution echo "MODEL=$MODEL" >> config/common + echo "IMAGEFORMAT=$IMAGEFORMAT" >> config/common # Fake finished configuration for lb build mkdir -p .build touch .build/config @@ -745,7 +725,7 @@ case $PROJECT in add_package minimal.standard.live linux-generic casper lvm2 mdadm cryptsetup remove_package minimal.standard.live ubiquity-frontend-gtk # the enhanced-secureboot layer, contains all packages for the enhanced secureboot install - add_package minimal.standard.enhanced-secureboot cryptsetup + add_package minimal.standard.enhanced-secureboot cryptsetup boot-managed-by-snapd # now let's create the neccessary catalog files # TODO: make sure that we handle locale_support: langpack correctly cat <<-EOF > config/minimal.catalog-in.yaml diff --git a/live-build/buildd/hooks/02-disk-image-uefi.binary b/live-build/buildd/hooks/02-disk-image-uefi.binary index d358596a..44a7ff42 100755 --- a/live-build/buildd/hooks/02-disk-image-uefi.binary +++ b/live-build/buildd/hooks/02-disk-image-uefi.binary @@ -41,7 +41,7 @@ create_partitions() { } create_and_mount_uefi_partition() { - uefi_dev="/dev/mapper${loop_device///dev/}p15" + uefi_dev="${loop_device}p15" mountpoint="$1" mkfs.vfat -F 32 -n UEFI "${uefi_dev}" diff --git a/live-build/functions b/live-build/functions index c00a06b5..b21a8518 100644 --- a/live-build/functions +++ b/live-build/functions @@ -12,16 +12,13 @@ loop_raw= backing_img= clean_loops() { - local kpartx_ret - local kpartx_stdout - - if [ -n "${backing_img}" ]; then + if [ -n "${loop_device}" ]; then # If something just finished writing to the device or a # partition (e.g. the zerofree in umount_partition) udev might # still be processing the device. udevadm settle sync - kpartx -v -d "${backing_img}" + losetup -v -d "${loop_device}" unset backing_img fi @@ -65,18 +62,15 @@ mount_image() { trap clean_loops EXIT backing_img="$1" local rootpart="$2" - kpartx_mapping="$(kpartx -s -v -a ${backing_img})" + loop_device=$(losetup --show -f -P -v ${backing_img}) - # Find the loop device - loop_p1="$(echo -e ${kpartx_mapping} | head -n1 | awk '{print$3}')" - loop_device="/dev/${loop_p1%p[0-9]*}" if [ ! -b ${loop_device} ]; then echo "unable to find loop device for ${backing_img}" exit 1 fi # Find the rootfs location - rootfs_dev_mapper="/dev/mapper/${loop_p1%%[0-9]}${rootpart}" + rootfs_dev_mapper="${loop_device}p${rootpart}" if [ ! -b "${rootfs_dev_mapper}" ]; then echo "${rootfs_dev_mapper} is not a block device"; exit 1 @@ -213,7 +207,7 @@ mount_disk_image() { mount_image ${disk_image} 1 mount_partition "${rootfs_dev_mapper}" $mountpoint - local uefi_dev="/dev/mapper${loop_device///dev/}p15" + local uefi_dev="${loop_device}p15" if [ -b ${uefi_dev} -a -e $mountpoint/boot/efi ]; then mount "${uefi_dev}" $mountpoint/boot/efi fi @@ -254,7 +248,7 @@ umount_partition() { umount_disk_image() { mountpoint="$1" - local uefi_dev="/dev/mapper${loop_device///dev/}p15" + local uefi_dev="${loop_device}p15" if [ -e "$mountpoint/boot/efi" -a -b "$uefi_dev" ]; then # zero fill free space in UEFI partition cat < /dev/zero > "$mountpoint/boot/efi/bloat_file" 2> /dev/null || true diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary index dc87a361..b5b7cffc 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary @@ -49,7 +49,7 @@ GRUB_TIMEOUT=0 # Set the default commandline GRUB_CMDLINE_LINUX_DEFAULT="console=hvc0 earlyprintk" EOF - prep_partition="/dev/mapper${loop_device///dev/}p2" + prep_partition="${loop_device}p2" chroot mountpoint grub-install "${prep_partition}" \ --no-nvram \ --boot-directory=/boot \ diff --git a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary index 91e77516..042db427 100755 --- a/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary +++ b/live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary @@ -197,7 +197,7 @@ create_partitions() { } create_and_mount_uefi_partition() { - uefi_dev="/dev/mapper${loop_device///dev/}p15" + uefi_dev="${loop_device}p15" mountpoint="$1" mkfs.vfat -F 32 -n UEFI "${uefi_dev}" @@ -234,7 +234,7 @@ install_grub() { # Server preinstalled image # Setup cidata sample data & nocloud fallback # Allows login on first boot with or without metadata - cidata_dev="/dev/mapper${loop_device///dev/}p14" + cidata_dev="${loop_device}p14" setup_cidata "${cidata_dev}" setup_cinocloud mountpoint fi @@ -246,7 +246,7 @@ install_grub() { # Server preinstalled image # Setup cidata sample data & nocloud fallback # Allows login on first boot with or without metadata - cidata_dev="/dev/mapper${loop_device///dev/}p14" + cidata_dev="${loop_device}p14" setup_cidata "${cidata_dev}" setup_cinocloud mountpoint fi @@ -258,7 +258,7 @@ install_grub() { # Server preinstalled image # Setup cidata sample data & nocloud fallback # Allows login on first boot with or without metadata - cidata_dev="/dev/mapper${loop_device///dev/}p13" + cidata_dev="${loop_device}p13" setup_cidata "${cidata_dev}" setup_cinocloud mountpoint fi @@ -285,10 +285,10 @@ install_grub() { efi_target=riscv64-efi # The real U-Boot chroot mountpoint apt-get install -qqy u-boot-microchip - loader="/dev/mapper${loop_device///dev/}p13" + loader="${loop_device}p13" dd if=mountpoint/usr/lib/u-boot/microchip_icicle/u-boot.payload of=$loader # Provide end-user modifyable CIDATA - cidata_dev="/dev/mapper${loop_device///dev/}p12" + cidata_dev="${loop_device}p12" setup_cidata "${cidata_dev}" # Provide stock nocloud datasource # Allow interactive login on baremetal board, @@ -330,10 +330,10 @@ install_grub() { chroot mountpoint apt-get install -qqy u-boot-nezha # Since version 2022.10 U-Boot SPL and U-Boot are installed onto the same partition. # Package nezha-boot0 is not needed anymore. - loader1="/dev/mapper${loop_device///dev/}p13" + loader1="${loop_device}p13" dd if=mountpoint/usr/lib/u-boot/${SUBARCH}/u-boot-sunxi-with-spl.bin of=$loader1 # Provide end-user modifyable CIDATA - cidata_dev="/dev/mapper${loop_device///dev/}p12" + cidata_dev="${loop_device}p12" setup_cidata "${cidata_dev}" # Provide stock nocloud datasource # Allow interactive login on baremetal SiFive board, @@ -359,7 +359,7 @@ install_grub() { efi_target=riscv64-efi # factory u-boot requires a p3 partition with /boot/uEnv.txt file - uenv_dev="/dev/mapper${loop_device///dev/}p3" + uenv_dev="${loop_device}p3" mkfs.ext4 "${uenv_dev}" uenv_mnt_dir=`mktemp -d uenvXXX` mount "${uenv_dev}" "${uenv_mnt_dir}" @@ -387,7 +387,7 @@ EOF umount "${uenv_mnt_dir}" rmdir "${uenv_mnt_dir}" # Provide end-user modifyable CIDATA - cidata_dev="/dev/mapper${loop_device///dev/}p12" + cidata_dev="${loop_device}p12" setup_cidata "${cidata_dev}" # Provide stock nocloud datasource # Allow interactive login on baremetal SiFive board, @@ -406,7 +406,7 @@ EOF chroot mountpoint bash -c 'FK_FORCE=yes apt-get install -qqy grub-efi-riscv64 flash-kernel' efi_target=riscv64-efi # Provide end-user modifyable CIDATA - cidata_dev="/dev/mapper${loop_device///dev/}p12" + cidata_dev="${loop_device}p12" setup_cidata "${cidata_dev}" # Provide stock nocloud datasource # Allow interactive login on baremetal board, @@ -431,13 +431,13 @@ EOF fi chroot mountpoint apt-get install -qqy u-boot-sifive # FSBL, which gets U-Boot SPL - loader1="/dev/mapper${loop_device///dev/}p13" + loader1="${loop_device}p13" # The real U-Boot - loader2="/dev/mapper${loop_device///dev/}p14" + loader2="${loop_device}p14" dd if=mountpoint/usr/lib/u-boot/${u_boot_arch}/u-boot-spl.bin of=$loader1 dd if=mountpoint/usr/lib/u-boot/${u_boot_arch}/u-boot.itb of=$loader2 # Provide end-user modifyable CIDATA - cidata_dev="/dev/mapper${loop_device///dev/}p12" + cidata_dev="${loop_device}p12" setup_cidata "${cidata_dev}" # Provide stock nocloud datasource # Allow interactive login on baremetal SiFive board, diff --git a/live-build/ubuntu/hooks/020-canary-live.chroot_early b/live-build/ubuntu/hooks/020-canary-live.chroot_early index 5bd741dd..4fb89b37 100755 --- a/live-build/ubuntu/hooks/020-canary-live.chroot_early +++ b/live-build/ubuntu/hooks/020-canary-live.chroot_early @@ -19,3 +19,10 @@ EOF cat < /etc/initramfs-tools/conf.d/default-layer.conf LAYERFS_PATH=${PASS}.squashfs EOF + +if [ "$(dpkg --print-architecture)" = amd64 ]; then + echo "I: Enabling amd64 multiarch support on amd64" + dpkg --add-architecture i386 + + apt-get -y update +fi