4246 Commits

Author SHA1 Message Date
Dan Bungert
bcf7ded68e releasing package livecd-rootfs version 25.10.14 25.10.14 2025-08-07 16:21:33 -06:00
Dan Bungert
6c2b20e070 desktop TPMFDE: move most snaps to stable channels 2025-08-07 16:18:04 -06:00
Dan Bungert
e46416e873 Revert "Move back ubuntu classic to a standard model"
This reverts commit 1c631c99dc2a8fd5759e9c8f872610b1f2238ddf.

We're unfortunately not ready for the standard model yet.
2025-08-07 16:17:20 -06:00
Didier Roche
1c631c99dc
Move back ubuntu classic to a standard model
We don’t use edge anymore. The model still needs to be signed though.
2025-08-06 07:36:59 +02:00
Tim Andersson
3dd6f72a21
switch snaps back to stable now that the TPM FDE spike is over.
This was enabled for more rapid development on the snaps that go into
the live desktop image. Revert now that the spike is over.
2025-07-30 16:49:10 +01:00
Olivier Gayot
b706c97ac2 releasing package livecd-rootfs version 25.10.13 25.10.13 2025-07-24 17:37:44 -06:00
Olivier Gayot
a54084218f Build with multipath-tools-boot
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
2025-07-24 00:34:44 +02:00
Didier Roche
30107ce354
releasing package livecd-rootfs version 25.10.12 25.10.12 2025-07-15 16:52:14 +02:00
Didier Roche
59e55cb364
Merge branch 'polkit-allow-snap-seeding' into ubuntu/master 2025-07-15 16:30:33 +02:00
Didier Roche
69f6b3795b
Allow the ubuntu-desktop-installer to request snap seeding state
This is used to only start the installer after all snaps have been
seeded.

Co-Authored-By: Dennis Loose <dennis.loose@canonical.com>
2025-07-15 16:24:10 +02:00
Zygmunt Krynicki
c4fbaf5d3b Use snap wait system seed.loaded to wait for snapd
We cannot use After=snapd.service as user services cannot synchronize
with system services. Using `snap system wait seed.loaded` should work,
except for the fact that it requires polkit authentication to perform
this operation.

Signed-off-by: Zygmunt Krynicki <zygmunt.krynicki@canonical.com>
2025-07-14 11:15:50 +02:00
Didier Roche
9fbd9ba71e
releasing package livecd-rootfs version 25.10.11 25.10.11 2025-07-11 14:59:06 +02:00
Didier Roche
e672f5ca4c
Update debian/changelog 2025-07-11 14:58:47 +02:00
Didier Roche
8a70acb1ec
Make sure the system was seeded before starting the installer
The installer is a snap, and as such, the system needs to be seeded
first to avoid a race during live boot.
Fixes https://bugs.launchpad.net/ubuntu-desktop-provision/+bug/2114923
2025-07-11 13:05:08 +02:00
Adriano Cordova
56660131e3
Update changelog
Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
25.10.10
2025-07-01 09:15:22 -04:00
Adriano Cordova
4f0c09311d
ubuntu-cpc: enable cpc fixes for riscv
LXD is going to support launching riscv64 virtual machines,
and for riscv64 virtual machines to be usable the console
needs to be properly set. This and other fixes are currently
done in the hook 999-cpc-fixes.chroot, which was disabled for
riscv64 and which this commit enables.

Signed-off-by: Adriano Cordova <adriano.cordova@canonical.com>
2025-07-01 09:13:38 -04:00
Michael Hudson-Doyle
692f72bcee releasing package livecd-rootfs version 25.10.9 25.10.9 2025-06-17 22:23:21 +12:00
Michael Hudson-Doyle
2ea437c340 Merge branch 'nvidia-kernels' into ubuntu/master 2025-06-17 22:21:14 +12:00
Michael Hudson-Doyle
8ea3c69736 bump number in changelog, add bug ref 2025-06-17 22:21:06 +12:00
Dan Bungert
0c0c93a826 releasing package livecd-rootfs version 25.10.8 25.10.8 2025-06-13 12:00:26 -06:00
Dan Bungert
4c2baf9e58 server: fix hwe kernel layer having multiple kernels
LP: #2112501
2025-06-13 11:22:39 -06:00
Dan Bungert
8679885bc0 changelog 2025-06-13 11:21:32 -06:00
Dan Bungert
f33c8ba809 lb_binary_layered: second take on fixing mtimes 2025-06-13 11:19:18 -06:00
Dan Bungert
20820cc567 changelog 2025-06-13 10:55:31 -06:00
Didier Roche
231ee26831 Switch some TPM FDE components to edge channels
We want the firmware updater and security center pointing to edge too.
The model only allow to select it, but we need to invoke them by
default in snap prepare-image
2025-06-13 10:54:19 -06:00
Dan Bungert
60c2e90746 changelog 2025-06-13 10:39:23 -06:00
Didier Roche
a02700313a
Move snapd to edge for the TPM FDE snaps
We need edge on the live session too so that subiquity knows about
latest and greatest on TPM FDE support. We will revert that once snapd
is released to the stable channel.
2025-06-13 11:47:57 +02:00
Antoine Lassagne
208d53affc Allow to chose nvidia kernel instead of generic 2025-06-13 09:32:08 +02:00
Dan Bungert
08be218c82 releasing package livecd-rootfs version 25.10.7 25.10.7 2025-06-10 07:57:28 -06:00
Dan Bungert
75ad30fe5d Revert "lb_binary_layered: fix mtimes in layered squashfses"
This reverts commit eec13dad681c66f3a318600827f52dde55291f9f.
2025-06-10 07:55:37 -06:00
Dan Bungert
934a269424 releasing package livecd-rootfs version 25.10.6 25.10.6 2025-06-02 12:23:02 -06:00
Dan Bungert
eec13dad68 lb_binary_layered: fix mtimes in layered squashfses
layer construction involves rsync, and that process ignores times to
avoid some of the layers being larger than they would otherwise where
the only difference is times.  This saves a small amount of space,
around 14MiB, but results in files in the layers having non-intended
time values.  Ensure mtime and atime in the source chroot match what is
found in the destination chroot.
2025-06-02 12:23:02 -06:00
Dan Bungert
9092fd30e9 releasing package livecd-rootfs version 25.10.5 25.10.5 2025-05-28 10:27:49 -06:00
Dan Bungert
a0d948f17b desktop: TPMFDE snapd from latest/edge 2025-05-28 10:03:56 -06:00
Dan Bungert
27e3f982e7 releasing package livecd-rootfs version 25.10.4 25.10.4 2025-05-25 23:19:01 -06:00
Dan Bungert
37dd412bfa desktop: TPMFDE kernel from 25.10/candidate 2025-05-23 19:50:34 -06:00
Dan Bungert
d053e12a68 releasing package livecd-rootfs version 25.10.3 25.10.3 2025-05-23 12:59:43 -06:00
Dan Bungert
dde90dfb79 desktop: cherry-pick pc-kernel from different channel
To get 25.10 Desktop ISOs with TPMFDE bits, we need matching pc-kernel
and snapd otherwise we get errors like so when running
`snap prepare-image`:

WARNING: the kernel for the specified UC20+ model does not carry
assertion max formats information, assuming possibly incorrectly the
kernel revision can use the same formats as snapd
error: snapd 2.68+ is not compatible with a kernel containing snapd
prior to 2.68

Use the "dangerous" model, which allows overriding the channel, and pick
up the matching pc-kernel which is not yet on 25.10/stable, where the
non-dangerous model would expect to find it.
2025-05-23 09:53:18 -06:00
Dan Bungert
83022a6ebe desktop: add notes about generation of a signed model 2025-05-22 10:29:05 -06:00
Dan Bungert
237595f90a desktop: no long skip 020-ubuntu-enhanced-sb.binary 2025-05-14 16:14:28 +02:00
Dan Bungert
f472f1e437 desktop: update TPMFDE model for questing 2025-05-14 16:14:28 +02:00
Dan Bungert
d1d6c1b181 releasing package livecd-rootfs version 25.10.2 25.10.2 2025-05-06 08:24:12 +02:00
Dan Bungert
5dc5cd082a desktop: skip 020-ubuntu-enhanced-sb.binary 2025-05-05 15:06:53 +02:00
Dan Bungert
40737df2b1 releasing package livecd-rootfs version 25.10.1 25.10.1 2025-04-28 09:53:36 -06:00
Dan Bungert
8c4996cce7 server: provide network config direct to netplan 2025-04-28 09:26:35 -06:00
Dan Bungert
5f5a686760 desktop: no longer involve cloud-init in early networking
LP: #2107225
2025-04-23 16:23:19 -06:00
Tomáš Virtus
78c855a08c
releasing package livecd-rootfs version 25.04.26 2025-04-10 17:26:04 +02:00
Tomáš Virtus
60641d7411
ubuntu-cpc: Restore UseDomains=true
Also see https://bugs.launchpad.net/cloud-images/+bug/2106729.

Since Oracular[1]:

    Ubuntu’s systemd-networkd no longer sets UseDomains=true for managed
    network interfaces. In effect, this means that search domains
    configured in DHCP leases will not be reflected in /etc/resolv.conf
    by default. This change aligns Ubuntu’s default behavior with that
    of upstream. System administrators may choose to override this
    default on a global, or per-interface basis. See systemd.network 4
    for details.

The default in systemd is UseDomains=false. From systemd.network(5)[2]:

    DHCP=

        Furthermore, note that by default the domain name specified
        through DHCP is not used for name resolution. See option
        UseDomains= below.

    UseDomains=

        It is recommended to enable this option only on trusted
        networks, as setting this affects resolution of all hostnames,
        in particular of single-label names. It is generally safer to
        use the supplied domain only as routing domain, rather than as
        search domain, in order to not have it affect local resolution
        of single-label names.

It has been reported to us by few clouds that this breaks local name
resolution. For instance, in Google Cloud Compute, users can no longer
reach instances in the same zone[3] nor Google Cloud services[4] by
their names.

Arguably, the security concerns for having this option disabled are not
valid in cloud environments. As one of our partners said:

    IIUC, the motivation to disable UseDomains by default is that a
    laptop might be used on an untrusted network where the domains
    provided by DHCP can be a security issue, directing users to places
    they don't intend.

    But it's not possible for a cloud instance to be connected to an
    untrusted network (barring a breached account).

    The way I'm looking at this is that DHCP option 119 exists for the
    express purpose of allowing a network administrator to configure the
    DNS search path for computers on that network. I understand there's
    a security concern if that network isn't a datacenter. But in the
    cloud there's no concern (in some clouds, it's not even possible for
    DHCP response packets to come from anywhere but the cloud's own
    DHCP).

We should restore this setting in cloud images.

[1] https://discourse.ubuntu.com/t/oracular-oriole-release-notes/44878
[2] https://manpages.ubuntu.com/manpages/plucky/en/man5/systemd.network.5.html
[3] https://cloud.google.com/compute/docs/internal-dns
[4] https://cloud.google.com/compute/docs/metadata/overview
2025-04-10 17:25:16 +02:00
Dave Jones
a237a63bf0
releasing package livecd-rootfs version 25.04.25 2025-03-20 17:29:08 +00:00
Dave Jones
8add8daa49
ubuntu-image: Avoid filling tmpfs-based /tmp 2025-03-20 17:22:32 +00:00