fix: Mark grub-pc-bin as manual install to avoid autoremoval (LP: #2045418)
With amd64 build target calling `update-grub` no longer works and fails build with error
```
grub-install: error: /usr/lib/grub/i386-pc/modinfo.sh doesn't exist. Please specify --target or --directory.
```
`/usr/lib/grub/i386-pc/modinfo.sh` is part of the grub-pc-bin package.
We are seeing this now on xenial as grub-pc-bin is now removed during build as part of fixing
bug https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2036195.
To resolve this we mark grub-pc-bin as manually installed so it is not autoremoved.
As we are running grub-install ourselves for a specific target we need to make sure to install that
target first which means this will not be solved by changing dependencies of the grub packages.
MP: https://code.launchpad.net/~philroche/livecd-rootfs/+git/livecd-rootfs/+merge/456775
With amd64 build target calling `update-grub` no longer works and fails build with error
```
grub-install: error: /usr/lib/grub/i386-pc/modinfo.sh doesn't exist. Please specify --target or --directory.
```
`/usr/lib/grub/i386-pc/modinfo.sh` is part of the grub-pc-bin package.
We are seeing this now on xenial as grub-pc-bin is now removed during build as part of fixing
bug https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2036195.
To resolve this we mark grub-pc-bin as manually installed so it is not autoremoved.
As we are running grub-install ourselves for a specific target we need to make sure to install that
target first which means this will not be solved by changing dependencies of the grub packages.
Change mount option for ubuntu-cpc images from "defaults" to
"umask=0077". ESP partitions might contain sensitive data and
non-root users shouldn't have read access on it.
One can call divert_grub; replace_kernel; undivert_grub. And
replace_kernel will call into force_boot_without_initramfs, which
under certain conditions can call divert_grub &
undivert_grub. Resulting in undivert_grub called twice in a row.
When undivert_grub is called twice in a row it wipes
systemd-detect-virt binary from disk, as the rm call is unguarded to
check that there is something to divert if systemd package is
installed. And if the systemd package is not installed, it does not
check that systemd-detect-virt file is in-fact what divert_grub has
created.
Add a guard to check that systemd-detect-virt is the placeholder one,
before removing it.
LP: #1902260
(cherry picked from commit 096a00f404)
Do not use removable uefi bootloader path in the cloud-images by
default, as that prevents upgrades of the bootloader.
LP: #1912830
(cherry picked from commit 7c760864fd)
Multipass on Mac OS X requires standalone kernel and initrd artifacts
to boot.
Also call update-initramfs on all installed kernels. We only have one
kernel installed, so we don't need to specify an explicit version.
amd64: revert all grub changes for xenial
For LP: #1901906, on other releases we ensured that grub-pc is always
installed with shim-signed. However, xenial has different behavior that
does not work the same. This reverts those changes back to what
livecd-rootfs was before any of those changes were made, keeping only
the autoremove packages work.
LP: #1901906
MP: https://code.launchpad.net/~powersj/livecd-rootfs/+git/livecd-rootfs-1/+merge/394910
For LP: #1901906, on other releases we ensured that grub-pc is always
installed with shim-signed. However, xenial has different behavior that
does not work the same. This reverts those changes back to what
livecd-rootfs was before any of those changes were made, keeping only
the autoremove packages work.
LP: #1901906
amd64: always install grub-efi-amd64-signed
shim-signed does not depend on grub-efi-amd64-signed in Xenial.
Historically, Xenial did not always ship with signatures. This is
different than LTSes after Xenial where this is the case. A future SRU
for grub should change this, but for now ensure to install the signed
package so that secure boot systems can actually boot.
MP: https://code.launchpad.net/~powersj/livecd-rootfs/+git/livecd-rootfs-1/+merge/394769
shim-signed does not depend on grub-efi-amd64-signed in Xenial.
Historically, Xenial did not always ship with signatures. This is
different than LTSes after Xenial where this is the case. A future SRU
for grub should change this, but for now ensure to install the signed
package so that secure boot systems can actually boot.
LP: #1901906
Backport vmtools version in vmdk (LP: #1893898)
Backport
LP: #1893898 describes missing vmtools version from the vmdk headers.
The version should be added as ddb.toolsVersion = "2147483647" however
the sed was no longer replacing a ddb.comment field with the tools
version. Rather than subbing ddb.comment with toolsVersion, this commit
deletes ddb.comment (which the comment mentions could cause errors),
and adds the correct value. There was no visibility into the descriptor
during hook creation, so debug statements were added. This allows us to
quickly verify in the logs that bad statements are removed (the possibly
offending comments), as well as ensuring that the toolsVersion is added
MP: https://code.launchpad.net/~jchittum/livecd-rootfs/+git/livecd-rootfs/+merge/394145
Make Ubuntu Vagrant box 40G. (LP: #1580596)
Vagrant images were previously put at 10G, but this was a regression
from Trusty, in which they were 40G. This made it a tough sell for
users to upgrade if they were using a Ubuntu desktop experience.
This change does not impact disk usage as Vagrant with the virtualbox
provider dynamically allocates space with the VMDK. On a test system,
the VMDK took up 1.1G of disk space according to df, and after
creating a 2G file in Vagrant, the VMDK grew to 3.1G.
Therefore, users who are running on a system with little free space will
not see adverse effects if they upgrade to a new vagrant image
MP: https://code.launchpad.net/~patviafore/livecd-rootfs/+git/livecd-rootfs/+merge/384636
Older version of vmdk-stream-converter has an incorrect header. The
original sed command replaced the incorrect "Description File" comment
with the correct "Disk DescriptorFile".
Backport
LP: #1893898 describes missing vmtools version from the vmdk headers.
The version should be added as ddb.toolsVersion = "2147483647" however
the sed was no longer replacing a ddb.comment field with the tools
version. Rather than subbing ddb.comment with toolsVersion, this commit
deletes ddb.comment (which the comment mentions could cause errors),
and adds the correct value. There was no visibility into the descriptor
during hook creation, so debug statements were added. This allows us to
quickly verify in the logs that bad statements are removed (the possibly
offending comments), as well as ensuring that the toolsVersion is added
shim-signed depends on grub-efi-amd64-signed, which in turn has
alternative depends on either `grub-efi-amd64 | grub-pc`. However to
support booting with either via shim&signed-grub and BIOS, the choice
must be made to install grub-pc, not grub-efi-amd64.
This makes images consistent with Ubuntu Deskop, Live Server, buildd
bootable images; all of which already do install grub-pc and
shim-signed.
Additionally, this will ensure that autoremove is run after installing
anything in the CPC build hooks. This is done to avoid shipping images
that include packages that are autoremovable. This will clean-up as
packages are installed and detect any breakage at build time.
LP: #1901906
In the buildd image chroot, /etc/resolv.conf is a symbolic link to
a configuration file in the /run directory. A call to truncate will
modify that file, which we should not do. Instead, we want to remove
the symbolic link and replace it with an empty file.
Philip Roche
Steve Langasek
Robert C Jennings
Gauthier Jolly
Dimitri John Ledkov
David Krauser
Joshua Powers
Cody Shepherd
John Chittum