As part of addressing LP: #2054103 [1] an update to grub-pc added a feature to be able to ensure that grub-pc
installation can happen noninteractively on cloud images.
This change is equivalent to running
```
debconf-set-selections grub-pc grub-efi/cloud_style_installation boolean true
debconf-set-selections grub-pc grub-pc/cloud_style_installation boolean true
```
These were introduced optionally to determine the install device using
`grub-probe` dynamically instead of having to fill the `grub-pc/install-devices`
debconf entry.
[1] https://bugs.launchpad.net/cloud-images/+bug/2054103
There was a time historically where Launchpad buildd might have relied
on that behaviour, but this shouldn't be the case anymore as it sets
priority manually when building backports.
Meanwhile any other builds using buildd images (e.g. snapcraft)
shouldn't default to backports unless required. (lp: #2009871)
Refs:
- [1] https://git.launchpad.net/launchpad-buildd/commit?id=c2ebcb6752
Per the comments, BASE_SEED was initially used to identify the seed in the
flavor to use for identifying preseeded snaps, and later was also used to
identify which "minimal-remove" seed to apply to an image.
The first usage is now obsolete after a refactor; we now correctly detect
snaps from any of the included seeds without needing an explicit
declaration.
The second usage only applies to installer images that are NOT using layered
squashfs, since for these images 'minimal' is a separate squashfs layer
rather than a list of packages to remove after the fact.
Refactor this code to eliminate pointless definitions of BASE_SEED and
define it only for the subset of flavors today that:
- have a 'minimal-remove' seed
- are not using layered squashfs.
The cloud-images logic is now special case for ubuntu-wsl to not require
ending with project_prefix. Readd it first, which will allow us to
ensure backward compability on cloud-images.ubuntu.com
Also Use Signed-By: /etc/apt/keyrings/preinstalled-pool.gpg and
make sure we only update from that .sources file as we did before.
This code may all be dead, who can say.
FIXME: We should figure out how to do an armored export of that key
and then embed it in the signed-by field instead of using a keyring
file.
Template is based on the specification with some rewording for
Ubuntu Pro as agreed.
v2:
- Enabled backports by default (I did not see that!)
- Enabled restricted, multiverse security updates
- Replaced tweaked with adjusted
v3:
- Insert an explanatory sources.list
LP: #2048129
The publisher for cloud-images.ubuntu.com expects that artefacts
finishes with: file_url.endswith(project_prefix + suffix).
Now that we integrate app_id to the image name, we need thus to put it
before project_prefix and not between project_prefix and suffix.
The StarFive VisionFive 2 board can boot from SPI flash or SD-card.
Install U-Boot to the SD card.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Microsoft offically support systemd now and our Pro service relies on
it. This option is enabled by default via our launcher (Windows-side) on
first run for quite a while.
Remve this file creation from it, don’t ship it in a package as the
file may be altered by the user to add additional options and ship it as
part of the rootfs.
Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
On WSL, we have multiple applications with the same rootfs, but
different upgrade policy:
Ubuntu: should always track latest LTS and offer upgrade.
Ubuntu-<Version>: should never offer upgrade and will stick to Version
Ubuntu-Preview: current in development version.
Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
If the previous if statement checking if PASSES_TO_LAYERS is true,
then the last return code be non-zero and a return statement with no
argument will return the error code of the if statement thus exiting
the script. This is not our intent. So we need to return 0 here when
layer name as already been registered
The unminimize script will try to install the lxd snap using the shim script
`/usr/sbin/lxd` from the lxd-installer package.
Previously `unminimize` was using `snap`
to install `lxd` directly which was being diverted by diverting the `snap` command.
This is no longer the case so we can remove `/usr/sbin/lxd` from the lxd-installer package
if it exists and then redirect any calls to `/usr/sbin/lxd` to `/bin/true`
This is a cherry pick forward port from Jammy livecd-rootfs version 2.765.37.
(cherry picked from commit 8b83212372)
mount_disk_image function expects root partition to be at number 1. But
some images require the root partition to be at other some other number.
For example, EKS Anywhere images for bare metal are used with Tinkerbell
deployment with a default configuration that expects the root device to
be found at /dev/sda2. The knowledge of the root device path is needed
to modify certain files in the root filesystem (e.g. cloud-init configs)
for the machine to join Kubernetes cluster control plane.
The partition number can be changed in the hook by "sgidsk --transpose".
Allow the hook to use mount_disk_image with custom root partition number
by making it an optional third parameter that defaults to 1.
Noble moved to the 6.6 kernel now and the preseeding optimization
doesn't work anymore given that the apparmor features used during
preseeding do not match the apparmor features used on a running system
with kernel 6.6 .
By invoking LXD, lxd-installer will install LXD from the right
place, thereby make it simpler for us to not hardcode the
channel and manually snap install it.
This makes the hook ok to use cross-flavor.
We could also move glib-compile-schemas to a separate hook, to ensure we never
silently fail because glib-compile-schemas is broken/missing.
When the files we're creating in the live layer have static content, ship
them in live-build/ubuntu/includes.chroot.minimal.standard.live instead of
generating them from live-build/ubuntu/hooks/020-ubuntu-live.chroot_early.
Also fixes the fact that
live-build/ubuntu/hooks/020-ubuntu-live.chroot_early was incorrectly writing
to /root in the previous upload instead of /usr.
Without casper in the minimal.standard.live seed for flavors using the
new ubuntu-desktop-installer (or derivitives thereof), casper cannot
create a live user. Without this live user, Ubuntu Studio has been
experiencing the inability to login automatically from either the GUI or
manually from a TTY. This leaves the boot at a black screen with a mouse
cursor. This commit is an attempt to avoid the same situation. Previous
assessments of omitting casper from this line appear to have been
incorrect.
Somewhere along the line, we started trying to add packages to the live
environment of flavor "preinstalled" images. But:
- we don't build preinstalled images for any flavors
- the preinstalled images for projects like cloud images and wsl are
explicitly excepted from this code
- the only desktop project we do produce preinstalled images for, Ubuntu
on Raspberry Pi, uses ubuntu-image for building so this code is never
reached
ppc64el still uses /boot/vmlinux so we need to determine the boot file name as non ppc64el use /boot/vmlinuz. This
is then used to determine the kernel major minor version installed so that the correct apparmor features can be used
during snap preseeding. This preseeding was failing for ppc64el for the mantic 6.5 kernel as the /boot/vmlinuz
being checked did not exist.
On armhf and arm64 the QEMU virt machine provides the serial console as an
emulated AMBA PrimeCell UART which the kernel refers to as /dev/ttyAMA0.
Consider this when constructing GRUB_CMDLINE_LINUX_DEFAULT in file
/etc/default/grub.d/50-cloudimg-settings.cfg (LP: #2036730).
Reviewed-by: Gauthier Jolly <gauthier.jolly@canonical.com>
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
lp: #2037567. starting in kernel 6.5.0.1006, there's been an update to
apparmor features. Creates the 6.5 kernel directory, fully populates
with feats checked from a machine running 6.5.0.1006 installed from
proposed (as of 20230927).
Now that kernel names use expected -generic flavour, and kernels are
installed in the live layer, we can go back to stock behaviour of
auto/build noticing that binary hooks are called on a live layer and
executing the extraction & rename of the kernel flavours.
BTW we can even later expand that to support 2 generic abis, and
calling the bigger one the hwe generic such that can also remove
./live-build/ubuntu-server/hooks/04-kernel-bits.binary.
This fixes ubuntu arm64+x13s that is unable to find
ubuntu-x13s.kernel-laptop as due to this hook, which currently
produces ubuntu.kernel-generic in error which is not at all expected
by ubuntu-cdimage. Also this unbreaks producing oem & intel-iot
images, although we will build these in 24.04 only next.
This reverts ubuntu daily-live to use `--linux-flavours
laptop-generic-hwe-22.04` instead of `--linux-flavours none
--linux-packages=none --initramfs=none`, like it did in lunar and
pre-canary-image or images that install kernel in live layer.
Fixes: c00bbf3fb3 ("desktop: place kernel in the live layer")
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
With the migration from linux-kvm to linux-virtual/generic for the mantic minimal
images we can now start building arm64 minimal cloud images.
When building initial test images we noticed that the flash-kernel package was being
installed. This is not required for EFI images.
This commit removes the flash-kernel package from the cloud images arm installs
The only images built using the livecd-rootfs ubuntu-cpc project for arm64 and armhf
which are not cloud images (which therefore do not require flash-kernel) are the
raspi images. raspi does require flash-kernel. But the raspi images use the
`ubuntu-server-raspi` task to install the flash-kernel. As such this non raspi
flash-kernel package install can be completely removed.
It also means that initramfs-tools and dracut-install are installed as these are dependencies
of flash-kernel package.
Add mapping to use laptop-23.10 kernel. Ensure that
enhanced-secureboot is only setup on amd64 arch.
LP: #2037099
Signed-off-by: Dimitri John Ledkov <dimitri.ledkov@canonical.com>
minimized cloud image policy, introduced in version 23.10.16, is to not install recommends for any package
installs during build. This is to keep the image as small as possible. This also extends to
the grub related packages.
This solves the problems detailed in LP: #2037075 and aligns other arches more with amd64 install of
grub/shim packages for both minimized and non minimized ubuntu-cpc cloud image builds.
Fix use of variable declared in conditional branch and used in parent
scope in snap_validate_seed. This would affect binary for images without
kernel and using "set -u". (LP: #2037338)
When trying to make changes to refactor livecd-rootfs, it is difficult to
know what side effects a change may have because of the use of globs on
arch/subarch and the lack of an authoritative list of supported arch
combinations.
This assembles a list of all possible values for $ARCH:$SUBARCH by looking at
all existing uses of $SUBARCH in live-build/auto/config and combining with
etc/default-arches from ubuntu-cdimage:
$ grep + etc/default-arches |grep -vE '(trusty|xenial|bionic|focal)[[:space:]]|appliance'
It also includes a special-case *appliance* glob, because there are many
Ubuntu Core appliance builds and there may be more in the future, and we
don't want to have to update livecd-rootfs with a hard-coded list.
Otherwise, this includes all currently used / supported combinations. The
amd64+kassel subarch is referenced in the code, but stopped being built a
while ago because "end of contract"; and there are some older no-longer-used
subarchs for particular raspi variants, which there is work to clean up
separately. So this should be a no-op wrt buildability of any existing
images on mantic - and if not, that's important for us to know!
In the past, we'd directly snap install lxd which defaults to
the latest/stable channel. However, whilst working on enhancing
unminimize, it was observed that we install this snap from
the stable/ubuntu-<version> channel instead.
This was also noted as a failure when running the CTF tests:
`lxd installed from latest/stable, not stable/ubuntu-23.10`
With the introduction of the 6.5 kernel for mantic on 13th September ago we are seeing image build failures
on the armhf builds. The build failure was `No kernel output for generic-lpae!`.
Introduced in the 6.4 kernel and therefore now also in 6.5 there is no generic-lpae flavor anymore. it's just generic now.
As such this commit updates the expected flavour for armhf to generic.
This is needed following the addition of the new boot partition. This
also gives us the opportunity to refactor the logic and use a case
statement instead of ifs
In order to support better support Full Disk Encryption on the clouds,
the boot assets have to sit on an un-encrypted partition. We've tried
mounting the ESP on /boot before but it didn't work as /boot has to
support linking for DPKG to work and the ESP has to be FAT.
In a minimized image, the linux headers are stripped, so when
unminimizing it, we should restore those stripped headers
by installing the linux-virtual package.
The unminimize script previously just restored the system documentation
and translations, man pages, and installed ubuntu-minimal and ubuntu-standard
packages to provide the familiar Ubuntu minimal system. But such an image
never became an equivalent of base image.
Upon investigation and looking at how the base image is constructed -
https://git.launchpad.net/livecd-rootfs/tree/live-build/auto/config#n1108 -
we use the following things:
- minimal task
- standard task
- cloud-image task (which involves ubuntu-server)
- ubuntu-minimal package
- server task if arch != amd64
OTOH, in the unminimize script, we use the following:
(https://git.launchpad.net/livecd-rootfs/tree/live-build/auto/build#n286)
- ubuntu-minimal package
- ubuntu-standard package
So upon running some tests, it was found that if we install ubuntu-server
(with --fix-policy flag), we get the resulting image equivalent to that
of a base image.
cf: https://warthogs.atlassian.net/browse/CPC-3033
The pi images contain redundant copies of cmdline.txt and config.txt in
the boot partition mount-point (which get hidden by the *actual* boot
partition). This commit removes those and simplifies the subarch check
(again, +raspi is the only subarch in use at this point on the Raspberry
Pi images)
/etc/hosts in an installed system comes from one of several places:
- the netbase package which ships a sane default
- scripts/casper-bottom/18hostname, which is mostly identical to the netbase
one but sets a hostname to the flavor name
- the installer which writes one to the target fs
- chroot includes in livecd-rootfs
A chroot include is only needed for images that don't include netbase (so
don't inherit from the minimal seed), don't boot casper, and don't run an
installer.
NONE of these conditions are true for the ubuntu-server live image. And in
addition, the /etc/hosts here differs from the others.
So, remove it.
Jess Jang
Chad Smith
Łukasz 'sil2100' Zemczak
Philip Roche
Sean Davis
Simon Poirier
Steve Langasek
Julian Andres Klode
Didier Roche
Michael Hudson-Doyle
Erich Eickmeyer
Sebastien Bacher
Simon Quigley
Heinrich Schuchardt
dann frazier
Utkarsh Gupta
Tomáš Virtus
Thomas Bechtold
Dave Jones
Ankush Pathak
Yao Wei (魏銘廷)
Brian Murray
Paride Legovini
John Chittum
Dan Bungert
Dimitri John Ledkov
Gauthier Jolly