From aee4e79c87bc904e07c71ea30b16055335d55ef7 Mon Sep 17 00:00:00 2001
From: Steve Langasek <steve.langasek@ubuntu.com>
Date: Mon, 11 Sep 2017 14:38:42 -0700
Subject: [PATCH] Import patches-unapplied version 2.408.15 to
 ubuntu/xenial-proposed

Imported using git-ubuntu import.

Changelog parent: 2473668b91bf1e0c83f8160377ba7de3364657b0

New changelog entries:
  [ Mathieu Trudel-Lapierre ]
  * Drop preloading of grub modules that are built into the grub signed
    image.  This is functionally a no-op, changed only to clean up the code.
  [ Steve Langasek ]
  * live-build/ubuntu-cpc/functions: mount tmpfs on /var/cache/apt and
    /var/lib/apt, so we don't have to leave empty space in our derivative
    images for packages that have been downloaded/installed/removed.  This
    normally isn't relevant for the installed system, since the root
    filesystem will auto-expand in place on the target disk, but lets us
    ship smaller images.
  * live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary: call apt-get
    update *before* installing packages, not after.
  [ Colin Watson ]
  * Mount and unmount /dev recursively, to cope with setups where there are
    interesting bind-mounts under /dev (e.g. loop devices bind-mounted by
    LXD).  LP: #1716465.
  [ Balint Reczey ]
  * Fix suppression of kpartx error.  LP: #1684090.
---
 debian/changelog                              | 26 +++++++++++++++++++
 live-build/ubuntu-cpc/functions               | 14 +++++-----
 .../ubuntu-cpc/hooks/030-root-tarball.binary  |  3 +--
 .../hooks/033-disk-image-uefi.binary          | 15 ++++++++---
 4 files changed, 44 insertions(+), 14 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index 23dccc2a..0694cb4a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,29 @@
+livecd-rootfs (2.408.15) xenial; urgency=medium
+
+  [ Mathieu Trudel-Lapierre ]
+  * Drop preloading of grub modules that are built into the grub signed
+    image.  This is functionally a no-op, changed only to clean up the code.
+
+  [ Steve Langasek ]
+  * live-build/ubuntu-cpc/functions: mount tmpfs on /var/cache/apt and
+    /var/lib/apt, so we don't have to leave empty space in our derivative
+    images for packages that have been downloaded/installed/removed.  This
+    normally isn't relevant for the installed system, since the root
+    filesystem will auto-expand in place on the target disk, but lets us
+    ship smaller images.
+  * live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary: call apt-get
+    update *before* installing packages, not after.
+
+  [ Colin Watson ]
+  * Mount and unmount /dev recursively, to cope with setups where there are
+    interesting bind-mounts under /dev (e.g. loop devices bind-mounted by
+    LXD).  LP: #1716465.
+
+  [ Balint Reczey ]
+  * Fix suppression of kpartx error.  LP: #1684090.
+
+ -- Steve Langasek <steve.langasek@ubuntu.com>  Mon, 11 Sep 2017 14:38:42 -0700
+
 livecd-rootfs (2.408.14) xenial; urgency=medium
 
   * live-build/auto/config: Filter libgles1-mesa out of tasks, as it is not a
diff --git a/live-build/ubuntu-cpc/functions b/live-build/ubuntu-cpc/functions
index 7ed46906..685bc24f 100644
--- a/live-build/ubuntu-cpc/functions
+++ b/live-build/ubuntu-cpc/functions
@@ -21,7 +21,7 @@ clean_loops() {
         kpartx_stdout=$(kpartx -v -d "${backing_img}") || kpartx_ret=$?
         echo "$kpartx_stdout"
         if [ -n "$kpartx_ret" ]; then
-            if echo "$kpartx_stdout" | grep -q "loop deleted: "; then
+            if echo "$kpartx_stdout" | grep -q "loop deleted"; then
                 echo "Suppressing kpartx returning error (#860894)"
             else
                 exit $kpartx_ret
@@ -82,11 +82,12 @@ mount_image() {
 setup_mountpoint() {
     local mountpoint="$1"
 
-    mount --bind /dev "$mountpoint/dev"
-    mount devpts-live -t proc "$mountpoint/dev/pts"
+    mount --rbind /dev "$mountpoint/dev"
     mount proc-live -t proc "$mountpoint/proc"
     mount sysfs-live -t sysfs "$mountpoint/sys"
     mount -t tmpfs none "$mountpoint/tmp"
+    mount -t tmpfs none "$mountpoint/var/lib/apt"
+    mount -t tmpfs none "$mountpoint/var/cache/apt"
     mv "$mountpoint/etc/resolv.conf" resolv.conf.tmp
     cp /etc/resolv.conf "$mountpoint/etc/resolv.conf"
 
@@ -134,11 +135,8 @@ umount_settle() {
 umount_partition() {
     local mountpoint=${1}
     mv resolv.conf.tmp "$mountpoint/etc/resolv.conf"
-    for submnt in proc sys dev/pts dev tmp;
-    do
-        umount_settle $mountpoint/$submnt
-    done
-    umount_settle $mountpoint
+    umount -R $mountpoint
+    udevadm settle
 
     if [ -n "${rootfs_dev_mapper}" -a -b "${rootfs_dev_mapper}" ]; then
         # buildd's don't have /etc/mtab symlinked
diff --git a/live-build/ubuntu-cpc/hooks/030-root-tarball.binary b/live-build/ubuntu-cpc/hooks/030-root-tarball.binary
index 7571711b..60d2bf62 100755
--- a/live-build/ubuntu-cpc/hooks/030-root-tarball.binary
+++ b/live-build/ubuntu-cpc/hooks/030-root-tarball.binary
@@ -27,6 +27,5 @@ chroot binary/boot/filesystem.dir dpkg-divert --remove --local --rename /usr/sbi
 mv resolv.conf.tmp "binary/boot/filesystem.dir/etc/resolv.conf"
 umount "binary/boot/filesystem.dir/proc"
 umount "binary/boot/filesystem.dir/sys"
-umount "binary/boot/filesystem.dir/dev/pts"
-umount "binary/boot/filesystem.dir/dev"
+umount -R "binary/boot/filesystem.dir/dev"
 umount "binary/boot/filesystem.dir/tmp"
diff --git a/live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary b/live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary
index cdef497b..4f534609 100755
--- a/live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary
+++ b/live-build/ubuntu-cpc/hooks/033-disk-image-uefi.binary
@@ -61,15 +61,22 @@ install_grub() {
     efi_boot_dir="/boot/efi/EFI/BOOT"
     chroot mountpoint mkdir -p "${efi_boot_dir}"
 
+    chroot mountpoint apt-get -y update
+
+    # The modules below only make sense on non-Secure Boot UEFI systems.
+    # Otherwise, with Secure Boot enabled GRUB will refuse to load them.
+    # Any modules already in debian/build-efi-images do not need to be listed.
+    # Furthermore, other modules such as terminal, video_* and efi_* are all
+    # already available.
     case $ARCH in
         arm64)
             chroot mountpoint apt-get -qqy install --no-install-recommends grub-efi-arm64 grub-efi-arm64-bin
-            grub_modules="part_gpt fat gzio ext2 normal chain boot configfile linux search_fs_uuid search_label terminal serial video video_fb efi_gop"
+            grub_modules="serial"
             efi_target=arm64-efi
             ;;
         amd64)
             chroot mountpoint apt-get install -qqy grub-efi-amd64-signed grub-efi-amd64 shim-signed
-            grub_modules="part_gpt fat ext2 normal chain boot configfile linux multiboot search_fs_uuid search_label terminal serial video video_fb video_bochs usb usb_keyboard efi_gop efi_uga"
+            grub_modules="multiboot serial usb usb_keyboard"
             efi_target=x86_64-efi
             ;;
     esac
@@ -77,8 +84,9 @@ install_grub() {
     cat << EOF >> mountpoint/etc/default/grub.d/50-cloudimg-settings.cfg
 ${CLOUD_IMG_STR}
 # For Cloud Image compatability
-GRUB_PRELOAD_MODULES="${grub_modules}"
+GRUB_PRELOAD_MODULES="${GRUB_PRELOAD_MODULES:-$grub_modules}"
 EOF
+
     chroot mountpoint grub-install "${loop_device}" \
         --boot-directory=/boot \
         --efi-directory=/boot/efi \
@@ -109,7 +117,6 @@ EOF
     chroot mountpoint dpkg-divert --remove --local --rename /etc/grub.d/30_os-prober
 
     chroot mountpoint apt-get -y clean
-    chroot mountpoint apt-get -y update
 
     rm mountpoint/tmp/device.map
     sync