The base image is built with packages from the release pocket; however,
we want the latest from updates and security. Those pockets are already
enabled, we just need to perform an upgrade to pull in the latest
packages.
Instead of injecting an empty resolv.conf with an includes.chroot, we'll
inject it in late with a hook. The empty resolv.conf breaks DNS early in
the build, and causes some binary hooks to fail.
Installing policyrcd-script-zg2 doesn't quite do this because of the way
that live-build installs its own temporary version of policy-rc.d. The
only remotely sensible way I can see to deal with this is to create the
symlink manually.
We don't want the symlink to /run/systemd/resolve/stub-resolv.conf, and
launchpad-buildd will inject its own version if it doesn't get confused by a
symlink.
