From dde90dfb793e6d0568d56b464d45400487b859a0 Mon Sep 17 00:00:00 2001
From: Dan Bungert <daniel.bungert@canonical.com>
Date: Fri, 23 May 2025 09:20:24 -0600
Subject: [PATCH] desktop: cherry-pick pc-kernel from different channel

To get 25.10 Desktop ISOs with TPMFDE bits, we need matching pc-kernel
and snapd otherwise we get errors like so when running
`snap prepare-image`:

WARNING: the kernel for the specified UC20+ model does not carry
assertion max formats information, assuming possibly incorrectly the
kernel revision can use the same formats as snapd
error: snapd 2.68+ is not compatible with a kernel containing snapd
prior to 2.68

Use the "dangerous" model, which allows overriding the channel, and pick
up the matching pc-kernel which is not yet on 25.10/stable, where the
non-dangerous model would expect to find it.
---
 .../hooks/020-ubuntu-enhanced-sb.binary       | 14 ++++-
 live-build/ubuntu/ubuntu-classic-amd64.model  | 55 +++++++++----------
 2 files changed, 38 insertions(+), 31 deletions(-)

diff --git a/live-build/ubuntu/hooks/020-ubuntu-enhanced-sb.binary b/live-build/ubuntu/hooks/020-ubuntu-enhanced-sb.binary
index 07840fe4..228ec6ab 100755
--- a/live-build/ubuntu/hooks/020-ubuntu-enhanced-sb.binary
+++ b/live-build/ubuntu/hooks/020-ubuntu-enhanced-sb.binary
@@ -38,6 +38,9 @@ fi
 # env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
 model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
 
+# see below note about "dangerous" model
+CHANNEL=${CHANNEL:-stable}
+
 channel=""
 if [ -n "${CHANNEL:-}" ]; then
     channel="--channel $CHANNEL"
@@ -47,8 +50,17 @@ reset_snapd_state chroot
 
 # Set UBUNTU_STORE_COHORT_KEY="+" to force prepare-image to fetch the latest
 # snap versions regardless of phasing status
+
+# this is the normal prepare-image invocation.  This is not used right now as
+# the model in question is the "dangerous" model so that we can override the
+# channel of pc-kernel to get a matching set of snaps.
+#   env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
+#       --classic $model $channel chroot
+# so instead we're doing this, including forcing channel to stable for
+# everything but pc-kernel.
 env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
-    --classic $model $channel chroot
+    --classic $model $channel --snap=pc-kernel=25.04/edge chroot
+
 mv chroot/system-seed/systems/* chroot/system-seed/systems/enhanced-secureboot-desktop
 rm -rf chroot/var/lib/snapd/seed
 mv chroot/system-seed chroot/var/lib/snapd/seed
diff --git a/live-build/ubuntu/ubuntu-classic-amd64.model b/live-build/ubuntu/ubuntu-classic-amd64.model
index 443b0251..51c6296d 100644
--- a/live-build/ubuntu/ubuntu-classic-amd64.model
+++ b/live-build/ubuntu/ubuntu-classic-amd64.model
@@ -2,93 +2,88 @@ type: model
 authority-id: canonical
 series: 16
 brand-id: canonical
-model: ubuntu-classic-2510-amd64
+model: ubuntu-classic-2510-amd64-dangerous
 architecture: amd64
 base: core24
 classic: true
 distribution: ubuntu
-grade: signed
+grade: dangerous
 snaps:
   -
-    default-channel: classic-25.10/stable
+    default-channel: classic-25.10/edge
     id: UqFziVZDHLSyO3TqSWgNBoAdHbLI4dAH
     name: pc
     type: gadget
   -
-    default-channel: 25.10/stable
+    default-channel: 25.10/edge
     id: pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza
     name: pc-kernel
     type: kernel
   -
-    default-channel: latest/stable
+    default-channel: latest/edge
     id: amcUKQILKXHHTlmSa7NMdnXSx02dNeeT
     name: core22
     type: base
   -
-    default-channel: latest/stable
-    id: dwTAh7MZZ01zyriOZErqd1JynQLiOGvM
-    name: core24
-    type: base
-  -
-    default-channel: latest/stable
+    default-channel: latest/edge
     id: PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4
     name: snapd
     type: snapd
   -
-    default-channel: latest/stable
+    default-channel: latest/edge
     id: EISPgh06mRh1vordZY9OZ34QHdd7OrdR
     name: bare
     type: base
   -
-    default-channel: 1/stable/ubuntu-25.04
+    default-channel: latest/edge
     id: EI0D1KHjP8XiwMZKqSjuh6W8zvcowUVP
     name: firmware-updater
     type: app
   -
-    default-channel: 1/stable/ubuntu-25.04
+    default-channel: latest/edge
     id: FppXWunWzuRT2NUT9CwoBPNJNZBYOCk0
     name: desktop-security-center
     type: app
   -
-    default-channel: 1/stable/ubuntu-25.04
+    default-channel: latest/edge
     id: aoc5lfC8aUd2VL8VpvynUJJhGXp5K6Dj
     name: prompting-client
     type: app
   -
-    default-channel: 2/stable/ubuntu-25.04
+    default-channel: latest/edge
     id: gjf3IPXoRiipCu9K0kVu52f0H56fIksg
     name: snap-store
     type: app
   -
-    default-channel: latest/stable/ubuntu-25.10
+    default-channel: latest/edge
     id: jZLfBRzf1cYlYysIjD2bwSzNtngY0qit
     name: gtk-common-themes
     type: app
   -
-    default-channel: latest/stable/ubuntu-25.10
+    default-channel: latest/edge
     id: 3wdHCAVyZEmYsCMFDE9qt92UV8rC8Wdk
     name: firefox
     type: app
   -
-    default-channel: latest/stable/ubuntu-25.10
+    default-channel: latest/edge
     id: lATO8HzwVvrAPrlZRAWpfyrJKlAJrZS3
     name: gnome-42-2204
     type: app
   -
-    default-channel: latest/stable/ubuntu-25.10
+    default-channel: latest/edge
     id: IrwRHakqtzhFRHJOOPxKVPU0Kk7Erhcu
     name: snapd-desktop-integration
     type: app
 timestamp: 2025-05-01T12:00:00.0Z
 sign-key-sha3-384: 9tydnLa6MTJ-jaQTFUXEwHl1yRx7ZS4K5cyFDhYDcPzhS7uyEkDxdUjg9g08BtNn
 
-AcLBXAQAAQoABgUCaBpC0wAKCRDgT5vottzAEhmlD/49Qh9xR4d9mC5cdfoj4jZDZ/IS8y2x8PSt
-gnFUWXE9Gm0PgPfa6R550d3WZwzgHfNgyLLbMzLeIJHbaJDizEj3ouEBsDj66/w4vEcHe0rkpayb
-iPiWcDb8nHT5CgdpOlW35B6FJ/++XGE5ag3OAamz2kIEWdBgwYk2XhkLErVQOg+VBxG0xsra5HTb
-fuTBfKZ8j2S13CsTuwZLY6GgrgoQUgCPAvAPfJJnezGG90/M0gjCE1PRrh9TPDYMiGOSuRhez0aj
-SryjzCINe6BBzFKbjSVLktxtlt+7rNZmFrqr/Wkg5qUoo+NH5damKJjL1HN8sBD3oyUaCxqGai/b
-0cDv1MJnglQXG1iLPvFmcG7eqaSLOtwe/Vr0HgMtrmPhOdJsv50uA7NtxDz56ojjOYHvQ85wZz9n
-b2JPCLmOk6GaPVmbOZtgyaQ+ICFcoqIHdpncm+gNZzYVTkR+OfItRIKPFr5+zlg5zRHHnPbWTlxM
-4WddnQbSPzY7sQp7+hT2E+Io95fD0El8Nvztztby7l5IAJ2ddhAQmYIRfuPKhYdUR7ULa8Q+tSUv
-tsRANKsdM4geHpfoyrVgNckVSM/pli0xDvJJ0nbQWcYmxxzKLyNWtn/4HsLYxj8illI9CtqVg8sv
-fka6dXDM0p3yrN4TlT1HVzxlN4MyekoLRu2+zm7TWg==
+AcLBXAQAAQoABgUCaBpC0wAKCRDgT5vottzAEmTaD/4+m7UJU64O0/Nu5OimYd5aSYoi1PSH5nq6
+HK9F3vJnL0xpJRtnNgmUi1STghVa8ej2TOMvcTmgNcB+XG7xTadUEJIOu+GP7Q1WChnDQJjEFf0v
+9rL9/KI80ij00BHupRq3NZrru24TP72Rccd1I9Y1g0v6Y7eZODj6DLrIId9iIoYUqy3/jLAjoNq/
+Njm2+tlfC219gkyHQxYDtXRg5gPLpw58y9TkcaPj90WZAL1S3u/O6WvC3TSm8x1ESCx0HEfuHke8
+KcccjoTGshHKUsNHrdAs09SmJRS5m+JtgmO3yA1Fi/DiHHf6MAqxfTxao9vcu1yZlH/x710shOYS
+ySDMLllIKpU0p69Oo23uRgl/4fmuxiK/tGEYusMPTGmcy7jmnfRha6iYt4Dj3fWbZn88kkcwzheb
+RAzDItXBX/xcyqnBYt9821hDrGAgtpgNPWXx0l944VcYBoSEMx3LS+XITdiPwg08A9UZIgYBbc6z
+Pc02I4+7ObGmyxBpfFSNUxApkhph9fq97OfVe6LSnXR2p8m8EQ7tFBlIO+Wco9AeTxf6aS+vRjgd
+nhxfIfE7qlhzFEFV6BOQMPtR0zovramo3QYfig57erCLzt6YQvs/bUmdlIB5M7W6cdwC9X+jqV/f
+LHe4yOQIv4zZzcTxZeSVrlkIo2FcqpD6ishUecThqw==