From 686425a6343590993f1592d30a957833ac8ac1e5 Mon Sep 17 00:00:00 2001 From: Cody Shepherd Date: Wed, 12 Feb 2020 09:37:27 -0800 Subject: [PATCH 1/7] Enable building buildd artifacts with an ext4 image target --- live-build/buildd/hooks/00-mirror.binary | 2 +- live-build/buildd/hooks/01-policy-rc-d.binary | 8 ++++---- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/live-build/buildd/hooks/00-mirror.binary b/live-build/buildd/hooks/00-mirror.binary index 7f3cdba4..a6722e0b 100755 --- a/live-build/buildd/hooks/00-mirror.binary +++ b/live-build/buildd/hooks/00-mirror.binary @@ -9,4 +9,4 @@ set -e # /var/lib/apt/lists/ has suitable cached Packages files; this speeds up # builds on buildds. sed -i "s,${LB_PARENT_MIRROR_BINARY},${LB_MIRROR_BINARY},g" \ - binary/etc/apt/sources.list + chroot/etc/apt/sources.list diff --git a/live-build/buildd/hooks/01-policy-rc-d.binary b/live-build/buildd/hooks/01-policy-rc-d.binary index d827875f..bdfaf52d 100755 --- a/live-build/buildd/hooks/01-policy-rc-d.binary +++ b/live-build/buildd/hooks/01-policy-rc-d.binary @@ -6,8 +6,8 @@ set -e # installed, but that doesn't work because live-build has already installed # a dummy one at that point. The simplest approach is to repair the # situation by putting it in place here. -if [ -L binary/etc/alternatives/policy-rc.d ] && \ - [ ! -e binary/usr/sbin/policy-rc.d ] && \ - [ ! -L binary/usr/sbin/policy-rc.d ]; then - ln -s /etc/alternatives/policy-rc.d binary/usr/sbin/policy-rc.d +if [ -L chroot/etc/alternatives/policy-rc.d ] && \ + [ ! -e chroot/usr/sbin/policy-rc.d ] && \ + [ ! -L chroot/usr/sbin/policy-rc.d ]; then + ln -s /etc/alternatives/policy-rc.d chroot/usr/sbin/policy-rc.d fi From 58962d67d02ef33e5370131adbdd6d4331ac1671 Mon Sep 17 00:00:00 2001 From: Cody Shepherd Date: Wed, 12 Feb 2020 09:55:56 -0800 Subject: [PATCH 2/7] Add hooks to build bootable buildd images Only install policyrd-script-zg2 in lxd tarball --- live-build/auto/config | 1 - live-build/buildd/hooks/01-policy-rc-d.binary | 13 -- .../buildd/hooks/02-disk-image-uefi.binary | 158 ++++++++++++++++++ live-build/buildd/hooks/49-policy-rc-d.binary | 7 + .../hooks/52-linux-virtual-image.binary | 61 +++++++ .../buildd/includes.chroot/etc/hostname | 2 +- live-build/buildd/includes.chroot/etc/hosts | 4 +- .../buildd/includes.chroot/etc/resolv.conf | 0 .../systemd-networkd.service | 1 + .../systemd-networkd-wait-online.service | 1 + .../systemd-networkd.socket | 1 + 11 files changed, 232 insertions(+), 17 deletions(-) delete mode 100755 live-build/buildd/hooks/01-policy-rc-d.binary create mode 100755 live-build/buildd/hooks/02-disk-image-uefi.binary create mode 100644 live-build/buildd/hooks/49-policy-rc-d.binary create mode 100755 live-build/buildd/hooks/52-linux-virtual-image.binary delete mode 100644 live-build/buildd/includes.chroot/etc/resolv.conf create mode 120000 live-build/buildd/includes.chroot/etc/systemd/system/multi-user.target.wants/systemd-networkd.service create mode 120000 live-build/buildd/includes.chroot/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service create mode 120000 live-build/buildd/includes.chroot/etc/systemd/system/sockets.target.wants/systemd-networkd.socket diff --git a/live-build/auto/config b/live-build/auto/config index 858b0535..98baa19f 100755 --- a/live-build/auto/config +++ b/live-build/auto/config @@ -763,7 +763,6 @@ case $SUBPROJECT in OPTS="${OPTS:+$OPTS }--security false --volatile false" add_package install adduser - add_package install policyrcd-script-zg2 add_package install pkgbinarymangler add_package install ca-certificates add_package install gpg diff --git a/live-build/buildd/hooks/01-policy-rc-d.binary b/live-build/buildd/hooks/01-policy-rc-d.binary deleted file mode 100755 index bdfaf52d..00000000 --- a/live-build/buildd/hooks/01-policy-rc-d.binary +++ /dev/null @@ -1,13 +0,0 @@ -#! /bin/sh -set -e - -# Put the /usr/sbin/policy-rc.d alternatives symlink in place. Ordinarily -# update-alternatives ought to create this when policyrcd-script-zg2 is -# installed, but that doesn't work because live-build has already installed -# a dummy one at that point. The simplest approach is to repair the -# situation by putting it in place here. -if [ -L chroot/etc/alternatives/policy-rc.d ] && \ - [ ! -e chroot/usr/sbin/policy-rc.d ] && \ - [ ! -L chroot/usr/sbin/policy-rc.d ]; then - ln -s /etc/alternatives/policy-rc.d chroot/usr/sbin/policy-rc.d -fi diff --git a/live-build/buildd/hooks/02-disk-image-uefi.binary b/live-build/buildd/hooks/02-disk-image-uefi.binary new file mode 100755 index 00000000..b3290e09 --- /dev/null +++ b/live-build/buildd/hooks/02-disk-image-uefi.binary @@ -0,0 +1,158 @@ +#!/bin/bash -eux + +case $ARCH in + amd64|arm64|armhf) + ;; + *) + echo "We don't create EFI images for $ARCH." + exit 0 + ;; +esac + +IMAGE_STR="# BUILDD_IMG: This file was created/modified by the Buildd Image build process" +FS_LABEL="buildd-rootfs" + +. config/binary + +. config/functions + +create_partitions() { + disk_image="$1" + sgdisk "${disk_image}" --zap-all + case $ARCH in + arm64|armhf) + sgdisk "${disk_image}" \ + --new=15:0:204800 \ + --typecode=15:ef00 \ + --new=1: + ;; + amd64) + sgdisk "${disk_image}" \ + --new=14::+4M \ + --new=15::+106M \ + --new=1:: + sgdisk "${disk_image}" \ + -t 14:ef02 \ + -t 15:ef00 + ;; + esac + sgdisk "${disk_image}" \ + --print +} + +create_and_mount_uefi_partition() { + uefi_dev="/dev/mapper${loop_device///dev/}p15" + mountpoint="$1" + mkfs.vfat -F 32 -n UEFI "${uefi_dev}" + + mkdir -p "${mountpoint}"/boot/efi + mount "${uefi_dev}" "$mountpoint"/boot/efi + + cat << EOF >> "mountpoint/etc/fstab" +LABEL=UEFI /boot/efi vfat defaults 0 0 +EOF +} + +install_grub() { + mkdir mountpoint + mount_partition "${rootfs_dev_mapper}" mountpoint + + create_and_mount_uefi_partition mountpoint + + echo "(hd0) ${loop_device}" > mountpoint/tmp/device.map + mkdir -p mountpoint/etc/default/grub.d + efi_boot_dir="/boot/efi/EFI/BOOT" + chroot mountpoint mkdir -p "${efi_boot_dir}" + + if [ -n "$partuuid" ]; then + echo "GRUB_FORCE_PARTUUID=$partuuid" >> mountpoint/etc/default/grub.d/40-force-partuuid.cfg + fi + + chroot mountpoint apt-get -y update + + # UEFI GRUB modules are meant to be used equally by Secure Boot and + # non-Secure Boot systems. If you need an extra module not already + # provided or run into "Secure Boot policy forbids loading X" problems, + # please file a bug against grub2 to include the affected module. + case $ARCH in + arm64) + chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm64 grub-efi-arm64-bin + efi_target=arm64-efi + ;; + armhf) + chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm grub-efi-arm-bin + efi_target=arm-efi + ;; + amd64) + chroot mountpoint apt-get install -qqy grub-pc + chroot mountpoint apt-get install -qqy grub-efi-amd64-signed shim-signed + efi_target=x86_64-efi + ;; + esac + + # This call to rewrite the debian package manifest is added here to capture + # grub-efi packages that otherwise would not make it into the base + # manifest. filesystem.packages is moved into place via symlinking to + # livecd.ubuntu-cpc.manifest by live-build/auto/build after lb_binary runs + # and at that time snaps are added to the manifest (create-manifest is + # not called here as it calls snap-seed-parse, resulting in duplicate + # snap listings) + chroot mountpoint dpkg-query -W > binary/boot/filesystem.packages + + chroot mountpoint grub-install "${loop_device}" \ + --boot-directory=/boot \ + --efi-directory=/boot/efi \ + --target=${efi_target} \ + --removable \ + --uefi-secure-boot \ + --no-nvram + + if [ -f mountpoint/boot/efi/EFI/BOOT/grub.cfg ]; then + sed -i "s| root| root hd0,gpt1|" mountpoint/boot/efi/EFI/BOOT/grub.cfg + sed -i "1i${IMAGE_STR}" mountpoint/boot/efi/EFI/BOOT/grub.cfg + # For some reason the grub disk is looking for /boot/grub/grub.cfg on + # part 15.... + chroot mountpoint mkdir -p /boot/efi/boot/grub + chroot mountpoint cp /boot/efi/EFI/BOOT/grub.cfg /boot/efi/boot/grub + fi + + if [ "$ARCH" = "amd64" ]; then + # Install the BIOS/GPT bits. Since GPT boots from the ESP partition, + # it means that we just run this simple command and we're done + chroot mountpoint grub-install --target=i386-pc "${loop_device}" + fi + + divert_grub mountpoint + chroot mountpoint update-grub + replace_grub_root_with_label mountpoint + undivert_grub mountpoint + + chroot mountpoint apt-get -y clean + + rm mountpoint/tmp/device.map + umount mountpoint/boot/efi + mount + umount_partition mountpoint + rmdir mountpoint +} + +disk_image=binary/boot/disk-uefi.ext4 + +create_empty_disk_image "${disk_image}" +create_partitions "${disk_image}" +mount_image "${disk_image}" 1 + +partuuid=$(blkid -s PARTUUID -o value "$rootfs_dev_mapper") + +# Copy the chroot in to the disk +make_ext4_partition "${rootfs_dev_mapper}" +mkdir mountpoint +mount "${rootfs_dev_mapper}" mountpoint +cp -a chroot/* mountpoint/ +umount mountpoint +rmdir mountpoint + +install_grub + +clean_loops +trap - EXIT diff --git a/live-build/buildd/hooks/49-policy-rc-d.binary b/live-build/buildd/hooks/49-policy-rc-d.binary new file mode 100644 index 00000000..fb3c481b --- /dev/null +++ b/live-build/buildd/hooks/49-policy-rc-d.binary @@ -0,0 +1,7 @@ +#!/bin/sh +set -e + +# This is run after 02-disk-image-uefi.binary because +# we don't want policyrcd-script-zg2 installed in +# bootable images. +chroot chroot apt-get install -y policyrcd-script-zg2 diff --git a/live-build/buildd/hooks/52-linux-virtual-image.binary b/live-build/buildd/hooks/52-linux-virtual-image.binary new file mode 100755 index 00000000..f373136b --- /dev/null +++ b/live-build/buildd/hooks/52-linux-virtual-image.binary @@ -0,0 +1,61 @@ +#!/bin/bash -eux +# vi: ts=4 expandtab +# +# Generate linux-virtual image +# + +echo "Building bootable Buildd image" + +IMAGE_STR="# BUILDD_IMG: This file was created/modified by the Buildd Image build process" + +. config/functions + +mount_d=$(mktemp -d) + +create_derivative uefi linux-virtual #sets $derivative_img +mount_disk_image $derivative_img $mount_d + +# unmount disk image and remove created folders on exit +# even though we unmount manually before we convert to +# qcow2, we have this here just in case we error out before +# that step +cleanup_linux_virtual() { + if [ -d "$mount_d" ]; then + umount_disk_image "$mount_d" + fi + rm -rf $mount_d $derivative_img +} +trap cleanup_linux_virtual EXIT + +# Install dependencies +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + update --assume-yes +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + install -y lsb-release locales initramfs-tools busybox-initramfs \ + udev dbus netplan.io cloud-init openssh-server sudo snapd + +# Install a kernel +divert_grub "$mount_d" +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + install --assume-yes linux-image-virtual +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + autoremove --purge --assume-yes +chroot "$mount_d" update-grub +undivert_grub "$mount_d" + +# Update initramfs image +chroot "$mount_d" \ + sh -c 'update-initramfs -c -v -k $(ls /boot/vmlinuz*generic | sed 1q | cut -d- -f2-3)' + +# Cleanup +env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ + clean + +create_manifest $mount_d "livecd.$PROJECT.disk-linux-virtual.manifest" + +# unmount disk image to prevent corruption +# and remove it so the trap doesn't try to unmount it again +umount_disk_image $mount_d +rm -rf $mount_d + +convert_to_qcow2 $derivative_img "livecd.$PROJECT.disk-linux-virtual.img" diff --git a/live-build/buildd/includes.chroot/etc/hostname b/live-build/buildd/includes.chroot/etc/hostname index e420fe4d..e9e5f7ce 100644 --- a/live-build/buildd/includes.chroot/etc/hostname +++ b/live-build/buildd/includes.chroot/etc/hostname @@ -1 +1 @@ -INVALID +ubuntu diff --git a/live-build/buildd/includes.chroot/etc/hosts b/live-build/buildd/includes.chroot/etc/hosts index 7a0cb5d4..56e7c15b 100644 --- a/live-build/buildd/includes.chroot/etc/hosts +++ b/live-build/buildd/includes.chroot/etc/hosts @@ -1,7 +1,7 @@ -127.0.0.1 localhost.localdomain localhost +127.0.0.1 localhost # The following lines are desirable for IPv6 capable hosts -::1 ip6-localhost ip6-loopback +::1 ip6-localhost ip6-loopback fe00::0 ip6-localnet ff00::0 ip6-mcastprefix ff02::1 ip6-allnodes diff --git a/live-build/buildd/includes.chroot/etc/resolv.conf b/live-build/buildd/includes.chroot/etc/resolv.conf deleted file mode 100644 index e69de29b..00000000 diff --git a/live-build/buildd/includes.chroot/etc/systemd/system/multi-user.target.wants/systemd-networkd.service b/live-build/buildd/includes.chroot/etc/systemd/system/multi-user.target.wants/systemd-networkd.service new file mode 120000 index 00000000..3c55b243 --- /dev/null +++ b/live-build/buildd/includes.chroot/etc/systemd/system/multi-user.target.wants/systemd-networkd.service @@ -0,0 +1 @@ +/lib/systemd/system/systemd-networkd.service \ No newline at end of file diff --git a/live-build/buildd/includes.chroot/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service b/live-build/buildd/includes.chroot/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service new file mode 120000 index 00000000..3b627c5c --- /dev/null +++ b/live-build/buildd/includes.chroot/etc/systemd/system/network-online.target.wants/systemd-networkd-wait-online.service @@ -0,0 +1 @@ +/lib/systemd/system/systemd-networkd-wait-online.service \ No newline at end of file diff --git a/live-build/buildd/includes.chroot/etc/systemd/system/sockets.target.wants/systemd-networkd.socket b/live-build/buildd/includes.chroot/etc/systemd/system/sockets.target.wants/systemd-networkd.socket new file mode 120000 index 00000000..bcfcdbac --- /dev/null +++ b/live-build/buildd/includes.chroot/etc/systemd/system/sockets.target.wants/systemd-networkd.socket @@ -0,0 +1 @@ +/lib/systemd/system/systemd-networkd.socket \ No newline at end of file From b628d90ef8b49b5bacf5a3b74ac35ce28bf16cbf Mon Sep 17 00:00:00 2001 From: Cody Shepherd Date: Wed, 12 Feb 2020 10:26:04 -0800 Subject: [PATCH 3/7] Include empty resolv.conf only in buildd lxd tarballs. --- live-build/buildd/hooks/52-linux-virtual-image.binary | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/live-build/buildd/hooks/52-linux-virtual-image.binary b/live-build/buildd/hooks/52-linux-virtual-image.binary index f373136b..000eebc1 100755 --- a/live-build/buildd/hooks/52-linux-virtual-image.binary +++ b/live-build/buildd/hooks/52-linux-virtual-image.binary @@ -27,6 +27,10 @@ cleanup_linux_virtual() { } trap cleanup_linux_virtual EXIT +# The base buildd chroot includes an empty resolv.conf +# We don't want to include that in the bootable images +rm $mount_d/etc/resolv.conf + # Install dependencies env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ update --assume-yes From 6fed316068915d1eac112e3389e65180cdcf7cb8 Mon Sep 17 00:00:00 2001 From: Cody Shepherd Date: Wed, 12 Feb 2020 10:28:29 -0800 Subject: [PATCH 4/7] Fix broken DNS in buildd image builds. Instead of injecting an empty resolv.conf with an includes.chroot, we'll inject it in late with a hook. The empty resolv.conf breaks DNS early in the build, and causes some binary hooks to fail --- .../hooks/{49-policy-rc-d.binary => 48-policy-rc-d.binary} | 0 live-build/buildd/hooks/49-empty-resolv-conf.binary | 4 ++++ live-build/buildd/hooks/52-linux-virtual-image.binary | 4 ---- 3 files changed, 4 insertions(+), 4 deletions(-) rename live-build/buildd/hooks/{49-policy-rc-d.binary => 48-policy-rc-d.binary} (100%) mode change 100644 => 100755 create mode 100755 live-build/buildd/hooks/49-empty-resolv-conf.binary diff --git a/live-build/buildd/hooks/49-policy-rc-d.binary b/live-build/buildd/hooks/48-policy-rc-d.binary old mode 100644 new mode 100755 similarity index 100% rename from live-build/buildd/hooks/49-policy-rc-d.binary rename to live-build/buildd/hooks/48-policy-rc-d.binary diff --git a/live-build/buildd/hooks/49-empty-resolv-conf.binary b/live-build/buildd/hooks/49-empty-resolv-conf.binary new file mode 100755 index 00000000..df4a9b9a --- /dev/null +++ b/live-build/buildd/hooks/49-empty-resolv-conf.binary @@ -0,0 +1,4 @@ +#!/bin/sh +set -e + +chroot chroot truncate -s 0 /etc/resolv.conf diff --git a/live-build/buildd/hooks/52-linux-virtual-image.binary b/live-build/buildd/hooks/52-linux-virtual-image.binary index 000eebc1..f373136b 100755 --- a/live-build/buildd/hooks/52-linux-virtual-image.binary +++ b/live-build/buildd/hooks/52-linux-virtual-image.binary @@ -27,10 +27,6 @@ cleanup_linux_virtual() { } trap cleanup_linux_virtual EXIT -# The base buildd chroot includes an empty resolv.conf -# We don't want to include that in the bootable images -rm $mount_d/etc/resolv.conf - # Install dependencies env DEBIAN_FRONTEND=noninteractive chroot "$mount_d" apt-get \ update --assume-yes From a668e09ac41260fbfe061c2297766ad99bee7058 Mon Sep 17 00:00:00 2001 From: Cody Shepherd Date: Wed, 12 Feb 2020 10:29:17 -0800 Subject: [PATCH 5/7] Properly setup the chroot before using the network in buildd hook. --- live-build/buildd/hooks/48-policy-rc-d.binary | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/live-build/buildd/hooks/48-policy-rc-d.binary b/live-build/buildd/hooks/48-policy-rc-d.binary index fb3c481b..5d3b73dc 100755 --- a/live-build/buildd/hooks/48-policy-rc-d.binary +++ b/live-build/buildd/hooks/48-policy-rc-d.binary @@ -1,7 +1,18 @@ #!/bin/sh + set -e # This is run after 02-disk-image-uefi.binary because # we don't want policyrcd-script-zg2 installed in # bootable images. + +. config/functions + +cleanup() { + teardown_mountpoint chroot +} +trap cleanup EXIT + +setup_mountpoint chroot + chroot chroot apt-get install -y policyrcd-script-zg2 From 15a0b598d16a4b65c51cdf5d1cd6323c201767db Mon Sep 17 00:00:00 2001 From: Cody Shepherd Date: Wed, 12 Feb 2020 10:30:03 -0800 Subject: [PATCH 6/7] Only build bootable buildd images for amd64. --- live-build/buildd/hooks/02-disk-image-uefi.binary | 2 +- live-build/buildd/hooks/52-linux-virtual-image.binary | 9 +++++++++ 2 files changed, 10 insertions(+), 1 deletion(-) diff --git a/live-build/buildd/hooks/02-disk-image-uefi.binary b/live-build/buildd/hooks/02-disk-image-uefi.binary index b3290e09..75d93aa5 100755 --- a/live-build/buildd/hooks/02-disk-image-uefi.binary +++ b/live-build/buildd/hooks/02-disk-image-uefi.binary @@ -1,7 +1,7 @@ #!/bin/bash -eux case $ARCH in - amd64|arm64|armhf) + amd64) ;; *) echo "We don't create EFI images for $ARCH." diff --git a/live-build/buildd/hooks/52-linux-virtual-image.binary b/live-build/buildd/hooks/52-linux-virtual-image.binary index f373136b..a0c64d75 100755 --- a/live-build/buildd/hooks/52-linux-virtual-image.binary +++ b/live-build/buildd/hooks/52-linux-virtual-image.binary @@ -4,6 +4,15 @@ # Generate linux-virtual image # +case $ARCH in + amd64) + ;; + *) + echo "We don't build bootable Buildd images for $ARCH." + exit 0 + ;; +esac + echo "Building bootable Buildd image" IMAGE_STR="# BUILDD_IMG: This file was created/modified by the Buildd Image build process" From 7d5a52d8f2bfaa9bae17df1bdf9e84b4d148fd36 Mon Sep 17 00:00:00 2001 From: Cody Shepherd Date: Wed, 12 Feb 2020 14:10:19 -0800 Subject: [PATCH 7/7] Updating changelong for bootable buildd image changes. LP: #1863024 --- debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/debian/changelog b/debian/changelog index 349286da..f52aff28 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,9 @@ +livecd-rootfs (2.525.42) UNRELEASED; urgency=medium + + * Add bootable buildd image, LP: #1863024 + + -- Cody Shepherd Wed, 12 Feb 2020 14:09:56 -0800 + livecd-rootfs (2.525.41) bionic; urgency=medium * Use snap cli rather than custom snap-tool (LP: #1864252)