From 152adcaa04d9ed7af03a7eca416d300965535063 Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Tue, 3 Apr 2018 05:12:22 -0500 Subject: [PATCH 01/10] live-build/functions: add snap preseeding support --- live-build/functions | 87 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 87 insertions(+) diff --git a/live-build/functions b/live-build/functions index 66aadff1..f74d9d44 100644 --- a/live-build/functions +++ b/live-build/functions @@ -360,3 +360,90 @@ recreate_initramfs() { esac mv "$CHROOT"/boot/initrd.img-* $DESTDIR } + +_snap_preseed() { + # Download the snap/assertion and add to the preseed + local CHROOT_ROOT=$1 + local SNAP=$2 + local SNAP_NAME=${SNAP%/*} + local CHANNEL=${3:?Snap channel must be specified} + + local seed_dir="$CHROOT_ROOT/var/lib/snapd/seed" + local snaps_dir="$seed_dir/snaps" + local seed_yaml="$seed_dir/seed.yaml" + local assertions_dir="$seed_dir/assertions" + + # Download the snap & assertion + chroot $CHROOT_ROOT sh -c " + set -x; + cd /var/lib/snapd/seed; + SNAPPY_STORE_NO_CDN=1 snap download \ + --channel=$CHANNEL \"$SNAP_NAME\"" + mv -v $seed_dir/*.assert $assertions_dir + mv -v $seed_dir/*.snap $snaps_dir + + # Add the snap to the seed.yaml + ! [ -e $seed_yaml ] && echo "snaps:" > $seed_yaml + cat <> $seed_yaml +- name: ${SNAP_NAME} + channel: ${CHANNEL} +EOF + + case ${SNAP} in */classic) echo " classic: true" >> $seed_yaml;; esac + + echo -n " file: " >> $seed_yaml + (cd $snaps_dir; ls -1 ${SNAP_NAME}_*.snap) >> $seed_yaml +} + +snap_prepare() { + # Configure basic snapd assertions and pre-seeds the 'core' snap + local CHROOT_ROOT=$1 + + local seed_dir="$CHROOT_ROOT/var/lib/snapd/seed" + local snaps_dir="$seed_dir/snaps" + local assertions_dir="$seed_dir/assertions" + local model_assertion="$assertions_dir/generic-classic.model" + local account_key_assertion="$assertions_dir/generic.account-key" + local account_assertion="$assertions_dir/generic.account" + + mkdir -p "$assertions_dir" + mkdir -p "$snaps_dir" + + if ! [ -e "$model_assertion" ] ; then + snap known --remote model series=16 \ + model=generic-classic brand-id=generic \ + > "$model_assertion" + fi + + if ! [ -e "$account_key_assertion" ] ; then + local account_key=$(sed -n -e's/sign-key-sha3-384: //p' \ + < "$model_assertion") + snap known --remote account-key \ + public-key-sha3-384="$account_key" \ + > "$account_key_assertion" + fi + + # XXX Copied from auto/build this value is never used. + # Is that correct in that file or was there a reason for this? + # account=$(sed -n -e's/account-id: //p' \ < "$account_key_assertion") + + if ! [ -e "$account_assertion" ] ; then + snap known --remote account account-id=generic \ + > "$account_assertion" + fi + + # Download the core snap + if ! [ -f $snaps_dir/core_[0-9]*.snap ] ; then + _snap_preseed $CHROOT_ROOT core stable + fi +} + +snap_preseed() { + # Preseeed a snap in the image + local CHROOT_ROOT=$1 + local SNAP=$2 + local CHANNEL=${3:-stable} + + snap_prepare $CHROOT_ROOT + _snap_preseed $CHROOT_ROOT $SNAP $CHANNEL +} From e655aff7b162eada31dbd5c4f45d3d685cd0098e Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Fri, 6 Apr 2018 12:51:47 -0500 Subject: [PATCH 02/10] live-build/functions: Migrate from generic snap account-id --- live-build/functions | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/live-build/functions b/live-build/functions index f74d9d44..ceef5d78 100644 --- a/live-build/functions +++ b/live-build/functions @@ -423,12 +423,10 @@ snap_prepare() { > "$account_key_assertion" fi - # XXX Copied from auto/build this value is never used. - # Is that correct in that file or was there a reason for this? - # account=$(sed -n -e's/account-id: //p' \ < "$account_key_assertion") + account=$(sed -n -e's/account-id: //p' \ < "$account_key_assertion") if ! [ -e "$account_assertion" ] ; then - snap known --remote account account-id=generic \ + snap known --remote account account-id=$account \ > "$account_assertion" fi From 57261c3edfe39051a245a2a43e89a4194d217e4a Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Fri, 6 Apr 2018 13:12:53 -0500 Subject: [PATCH 03/10] auto/build: Install snaps using common functions --- live-build/auto/build | 59 ++++--------------------------------------- 1 file changed, 5 insertions(+), 54 deletions(-) diff --git a/live-build/auto/build b/live-build/auto/build index 22863f8e..6a8f58f3 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -15,6 +15,8 @@ if [ -z "${PROJECT:-}" ]; then exit 1 fi +. config/functions + # Link output files somewhere BuildLiveCD will be able to find them. PREFIX="livecd.$PROJECT${SUBARCH:+-$SUBARCH}" @@ -35,45 +37,14 @@ Setup_cleanup preinstall_snaps() { lb chroot_resolv install + snap_prepare chroot + snap_channel="stable/ubuntu-$(distro-info --series="$LB_DISTRIBUTION" \ -r | awk '{ print $1 }')" - chroot chroot sh -c ' - set -x; - cd /var/lib/snapd/seed; - SNAPPY_STORE_NO_CDN=1 snap download core' for snap in "$@"; do - chroot chroot sh -c " - set -x; - cd /var/lib/snapd/seed; - SNAPPY_STORE_NO_CDN=1 snap download --channel=$snap_channel \"${snap%/*}\"" + snap_preseed chroot "${snap}" "$snap_channel" done lb chroot_resolv remove - - CORE_SNAP=$(cd chroot/var/lib/snapd/seed; ls -1 core_*.snap) - - cat < chroot/var/lib/snapd/seed/seed.yaml -snaps: - - name: core - channel: stable - file: ${CORE_SNAP} -EOF - for snap in "$@"; do - snap_name=${snap%/*} - cat <> chroot/var/lib/snapd/seed/seed.yaml - - name: ${snap_name} - channel: $snap_channel -EOF - case ${snap} in */classic) echo " classic: true" >> chroot/var/lib/snapd/seed/seed.yaml;; esac - echo -n " file: " >> chroot/var/lib/snapd/seed/seed.yaml - (cd chroot/var/lib/snapd/seed; ls -1 ${snap_name}_*.snap) \ - >> chroot/var/lib/snapd/seed/seed.yaml - done - - mkdir -p chroot/var/lib/snapd/seed/snaps \ - chroot/var/lib/snapd/seed/assertions - mv chroot/var/lib/snapd/seed/*.assert \ - chroot/var/lib/snapd/seed/assertions/ - mv chroot/var/lib/snapd/seed/*.snap chroot/var/lib/snapd/seed/snaps/ } rm -f binary.success @@ -384,26 +355,6 @@ deb file:/var/lib/preinstalled-pool/ $LB_DISTRIBUTION $LB_PARENT_ARCHIVE_AREAS case $PROJECT:$SUBPROJECT in *) if [ -e "config/seeded-snaps" ]; then - assertions_dir="chroot/var/lib/snapd/seed/assertions" - model_assertion="$assertions_dir/generic-classic.model" - account_key_assertion="$assertions_dir/generic.account-key" - account_assertion="$assertions_dir/generic.account" - - mkdir -p "$assertions_dir" - snap known --remote model series=16 \ - model=generic-classic brand-id=generic \ - > "$model_assertion" - account_key=$(sed -n -e's/sign-key-sha3-384: //p' \ - < "$model_assertion") - - snap known --remote account-key \ - public-key-sha3-384="$account_key" \ - > "$account_key_assertion" - account=$(sed -n -e's/account-id: //p' \ - < "$account_key_assertion") - - snap known --remote account account-id=generic \ - > "$account_assertion" snap_list=$(cat config/seeded-snaps) preinstall_snaps $snap_list fi From 829716a6d72a794a90639e28f62cbc2fe73dcf6e Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Fri, 6 Apr 2018 17:03:27 -0500 Subject: [PATCH 04/10] live-build/functions: Change arithmetic to make the file 'sh' friendly --- live-build/functions | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/live-build/functions b/live-build/functions index ceef5d78..dc78b953 100644 --- a/live-build/functions +++ b/live-build/functions @@ -1,6 +1,7 @@ # vi: ts=4 expandtab syntax=sh -imagesize=${IMAGE_SIZE:-$((2252*1024**2))} # 2.2G (the current size we ship) +#imagesize=${IMAGE_SIZE:-$((2252*1024**2))} # 2.2G (the current size we ship) +imagesize=${IMAGE_SIZE:-2361393152} # 2.2G (the current size we ship) fs_label="${FS_LABEL:-rootfs}" rootfs_dev_mapper= From 936c3dbc797345a31b879b248bb701d2ec72503c Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Fri, 6 Apr 2018 17:05:15 -0500 Subject: [PATCH 05/10] live-build/functions: Update snap seed.yaml format to comply with yaml spec --- live-build/functions | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/live-build/functions b/live-build/functions index dc78b953..298f7f08 100644 --- a/live-build/functions +++ b/live-build/functions @@ -386,13 +386,14 @@ _snap_preseed() { # Add the snap to the seed.yaml ! [ -e $seed_yaml ] && echo "snaps:" > $seed_yaml cat <> $seed_yaml -- name: ${SNAP_NAME} - channel: ${CHANNEL} + - + name: ${SNAP_NAME} + channel: ${CHANNEL} EOF - case ${SNAP} in */classic) echo " classic: true" >> $seed_yaml;; esac + case ${SNAP} in */classic) echo " classic: true" >> $seed_yaml;; esac - echo -n " file: " >> $seed_yaml + echo -n " file: " >> $seed_yaml (cd $snaps_dir; ls -1 ${SNAP_NAME}_*.snap) >> $seed_yaml } From 0dbaf4cc9d7f638b74f7b50a81b97bff2a7d0a83 Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Fri, 6 Apr 2018 20:14:23 -0500 Subject: [PATCH 06/10] live-build/functions: Drop spurious backslash --- live-build/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/live-build/functions b/live-build/functions index 298f7f08..5af5c293 100644 --- a/live-build/functions +++ b/live-build/functions @@ -425,7 +425,7 @@ snap_prepare() { > "$account_key_assertion" fi - account=$(sed -n -e's/account-id: //p' \ < "$account_key_assertion") + account=$(sed -n -e's/account-id: //p' < "$account_key_assertion") if ! [ -e "$account_assertion" ] ; then snap known --remote account account-id=$account \ From cbcb5d3ed80278e202ddf5fed31cc4f320b6c703 Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Tue, 10 Apr 2018 10:09:26 -0500 Subject: [PATCH 07/10] live-build/functions: reduce scope of snap account variable * Only shell out to set $account when we need to use it. * Reduce scope of $account to make it local to the function * Fix indenting within an 'if' block --- live-build/functions | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/live-build/functions b/live-build/functions index 5af5c293..6f97592d 100644 --- a/live-build/functions +++ b/live-build/functions @@ -425,11 +425,11 @@ snap_prepare() { > "$account_key_assertion" fi - account=$(sed -n -e's/account-id: //p' < "$account_key_assertion") if ! [ -e "$account_assertion" ] ; then - snap known --remote account account-id=$account \ - > "$account_assertion" + local account=$(sed -n -e's/account-id: //p' < "$account_key_assertion") + snap known --remote account account-id=$account \ + > "$account_assertion" fi # Download the core snap From 73dba1f31a3bf78488f3b6083dde9f585d6e0b23 Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Tue, 10 Apr 2018 11:59:19 -0500 Subject: [PATCH 08/10] snap preseeding: capture Ubuntu snap seeding policy in code When no channel is given for a pre-seeded snap, the channel should be stable/ubuntu-XX.YY to match Ubuntu policy. This patch adds the LB_DISTRIBUTION var to config/{binary,chroot} to have a common way of determining the Ubuntu XX.YY version number between hooks and auto/build. --- live-build/auto/build | 4 +--- live-build/auto/config | 2 ++ live-build/functions | 9 ++++++++- 3 files changed, 11 insertions(+), 4 deletions(-) diff --git a/live-build/auto/build b/live-build/auto/build index 6a8f58f3..8689bcf1 100755 --- a/live-build/auto/build +++ b/live-build/auto/build @@ -39,10 +39,8 @@ preinstall_snaps() { lb chroot_resolv install snap_prepare chroot - snap_channel="stable/ubuntu-$(distro-info --series="$LB_DISTRIBUTION" \ - -r | awk '{ print $1 }')" for snap in "$@"; do - snap_preseed chroot "${snap}" "$snap_channel" + snap_preseed chroot "${snap}" done lb chroot_resolv remove } diff --git a/live-build/auto/config b/live-build/auto/config index e02f0512..b0c6f7f6 100755 --- a/live-build/auto/config +++ b/live-build/auto/config @@ -825,9 +825,11 @@ lb config noauto \ echo "LB_CHROOT_HOOKS=\"$CHROOT_HOOKS\"" >> config/chroot echo "SUBPROJECT=\"${SUBPROJECT:-}\"" >> config/chroot +echo "LB_DISTRIBUTION=\"$SUITE\"" >> config/chroot echo "LB_BINARY_HOOKS=\"$BINARY_HOOKS\"" >> config/binary echo "BUILDSTAMP=\"$NOW\"" >> config/binary echo "SUBPROJECT=\"${SUBPROJECT:-}\"" >> config/binary +echo "LB_DISTRIBUTION=\"$SUITE\"" >> config/binary case $ARCH+$SUBARCH in armhf+raspi2) diff --git a/live-build/functions b/live-build/functions index 6f97592d..04fc25dd 100644 --- a/live-build/functions +++ b/live-build/functions @@ -362,6 +362,11 @@ recreate_initramfs() { mv "$CHROOT"/boot/initrd.img-* $DESTDIR } +release_ver() { + # Return the release version number + distro-info --series="$LB_DISTRIBUTION" -r | awk '{ print $1 }' +} + _snap_preseed() { # Download the snap/assertion and add to the preseed local CHROOT_ROOT=$1 @@ -442,7 +447,9 @@ snap_preseed() { # Preseeed a snap in the image local CHROOT_ROOT=$1 local SNAP=$2 - local CHANNEL=${3:-stable} + # Per Ubuntu policy, all seeded snaps (with the exception of the core + # snap) must pull from stable/ubuntu-$(release_ver) as their channel. + local CHANNEL=${3:-"stable/ubuntu-$(release_ver)"} snap_prepare $CHROOT_ROOT _snap_preseed $CHROOT_ROOT $SNAP $CHANNEL From 5f12253791c98898477d20d04b6ef4e13493eb90 Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Tue, 10 Apr 2018 15:03:23 -0500 Subject: [PATCH 09/10] live-build/functions: Help developers resolve snap download issues --- live-build/functions | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/live-build/functions b/live-build/functions index 04fc25dd..cea6e042 100644 --- a/live-build/functions +++ b/live-build/functions @@ -380,11 +380,21 @@ _snap_preseed() { local assertions_dir="$seed_dir/assertions" # Download the snap & assertion + local snap_download_failed=0 chroot $CHROOT_ROOT sh -c " set -x; cd /var/lib/snapd/seed; SNAPPY_STORE_NO_CDN=1 snap download \ - --channel=$CHANNEL \"$SNAP_NAME\"" + --channel=$CHANNEL \"$SNAP_NAME\"" || snap_download_failed=1 + if [ $snap_download_failed = 1 ] ; then + echo "If the channel ($CHANNEL) includes '*/ubuntu-##.##' track per " + echo "Ubuntu policy (ex. stable/ubuntu-18.04) the publisher will need " + echo "to temporarily create the channel/track to allow fallback during" + echo "download (ex. stable/ubuntu-18.04 falls back to stable if the" + echo "prior had been created in the past)." + exit 1 + fi + mv -v $seed_dir/*.assert $assertions_dir mv -v $seed_dir/*.snap $snaps_dir From 26f31fbd9cfef2c2c43e7b906427b1fee987064e Mon Sep 17 00:00:00 2001 From: Robert C Jennings Date: Tue, 10 Apr 2018 16:33:22 -0500 Subject: [PATCH 10/10] live-build/functions: spelling fix --- live-build/functions | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/live-build/functions b/live-build/functions index cea6e042..f3e1df0b 100644 --- a/live-build/functions +++ b/live-build/functions @@ -454,7 +454,7 @@ snap_prepare() { } snap_preseed() { - # Preseeed a snap in the image + # Preseed a snap in the image local CHROOT_ROOT=$1 local SNAP=$2 # Per Ubuntu policy, all seeded snaps (with the exception of the core