Imported 2.608

No reason for CPC update specified.
impish
CloudBuilder 5 years ago
parent b4515f8ffb
commit 9fbef5dcd7

12
debian/changelog vendored

@ -1,3 +1,15 @@
livecd-rootfs (2.608) eoan; urgency=medium
[ Iain Lane ]
* snap_preseed: Handle SNAP_NO_VALIDATE_SEED being unset.
[ Colin Watson ]
* Use iptables-legacy rather than iptables when running on older
(pre-4.15) kernel versions. The newer nf_tables-based tools misbehave
at least on 4.4.
-- Colin Watson <cjwatson@ubuntu.com> Tue, 03 Sep 2019 15:35:17 +0100
livecd-rootfs (2.607) eoan; urgency=medium
* snap seeding: Defer validation for regular image builds. When getting the

@ -17,6 +17,32 @@ fi
. config/functions
# New nf_tables-based versions of iptables don't work well on old kernels.
# We aren't sure exactly how old is a problem: 4.15 works, but with 4.4 new
# rules are added to all chains in the requested table rather than just one,
# and the new rules seem to have no useful effect. In such cases,
# iptables-legacy works better.
#
# We can simplify this once livecd-rootfs no longer needs to support running
# on Ubuntu 16.04 (that is, once Launchpad's build VMs are upgraded to
# Ubuntu 18.04).
run_iptables () {
local kver kver_major kver_minor
kver="$(uname -r)"
kver="${kver%%-*}"
kver_major="${kver%%.*}"
kver="${kver#*.}"
kver_minor="${kver%%.*}"
if [ "$kver_major" -lt 4 ] || \
([ "$kver_major" = 4 ] && [ "$kver_minor" -lt 15 ]); then
iptables-legacy "$@"
else
iptables "$@"
fi
}
if [ -n "$REPO_SNAPSHOT_STAMP" ]; then
if [ "`whoami`" != "root" ]; then
echo "Magic repo snapshots only work when running as root." >&2
@ -26,8 +52,8 @@ if [ -n "$REPO_SNAPSHOT_STAMP" ]; then
apt-get -qyy install iptables
# Redirect all outgoing traffic to port 80 to proxy instead.
iptables -t nat -A OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon \
-j REDIRECT --to 8080
run_iptables -t nat -A OUTPUT -p tcp --dport 80 \
-m owner ! --uid-owner daemon -j REDIRECT --to 8080
# Run proxy as "daemon" to avoid infinite loop.
/usr/share/livecd-rootfs/magic-proxy \
@ -871,8 +897,8 @@ if [ -f "config/magic-proxy.pid" ]; then
rm -f config/magic-proxy.pid
# Remove previously-inserted iptables rule.
iptables -t nat -D OUTPUT -p tcp --dport 80 -m owner ! --uid-owner daemon \
-j REDIRECT --to 8080
run_iptables -t nat -D OUTPUT -p tcp --dport 80 \
-m owner ! --uid-owner daemon -j REDIRECT --to 8080
fi
case $PROJECT in

@ -656,7 +656,7 @@ snap_preseed() {
# i.e. snaps with bases need to add bases first etc
#
# Skip validation by setting SNAP_NO_VALIDATE_SEED=1.
if [ -z "${SNAP_NO_VALIDATE_SEED}" ]; then
if [ -z "${SNAP_NO_VALIDATE_SEED:-}" ]; then
snap_validate_seed "${CHROOT_ROOT}"
fi
}

Loading…
Cancel
Save