Failing CPC tests show that the preseeded apparmor features don't
include policy:unconfined_restrictions for the 6.8 kernel. This
change adds the feature preseed with values based on a successfully
booted instance.
Fixes: LP: #2060558
ubuntu/include.* are the master location for these files.
Copy them over for projects with similar needs, while skipping ones that
are incorrect.
LP: #2055077
Ubuntu MATE is switching to a layered image in preparation to
use ubuntu-desktop-provision. Luckily, their seed structure is
already well-structured for layering, so this is easily done.
This has become moot now that the code block has been
moved out from live-build/functions to live-build/auto/build
so passing the argument is not needed anymore.
Presence of this field helps in determining if the image is an
unminimized image, which then can be leveraged in the unminimize
script to easily determine the image type.
As part of addressing LP: #2054103 [1] an update to grub-pc added a feature to be able to ensure that grub-pc
installation can happen noninteractively on cloud images.
This change is equivalent to running
```
debconf-set-selections grub-pc grub-efi/cloud_style_installation boolean true
debconf-set-selections grub-pc grub-pc/cloud_style_installation boolean true
```
These were introduced optionally to determine the install device using
`grub-probe` dynamically instead of having to fill the `grub-pc/install-devices`
debconf entry.
[1] https://bugs.launchpad.net/cloud-images/+bug/2054103
There was a time historically where Launchpad buildd might have relied
on that behaviour, but this shouldn't be the case anymore as it sets
priority manually when building backports.
Meanwhile any other builds using buildd images (e.g. snapcraft)
shouldn't default to backports unless required. (lp: #2009871)
Refs:
- [1] https://git.launchpad.net/launchpad-buildd/commit?id=c2ebcb6752
Per the comments, BASE_SEED was initially used to identify the seed in the
flavor to use for identifying preseeded snaps, and later was also used to
identify which "minimal-remove" seed to apply to an image.
The first usage is now obsolete after a refactor; we now correctly detect
snaps from any of the included seeds without needing an explicit
declaration.
The second usage only applies to installer images that are NOT using layered
squashfs, since for these images 'minimal' is a separate squashfs layer
rather than a list of packages to remove after the fact.
Refactor this code to eliminate pointless definitions of BASE_SEED and
define it only for the subset of flavors today that:
- have a 'minimal-remove' seed
- are not using layered squashfs.
The cloud-images logic is now special case for ubuntu-wsl to not require
ending with project_prefix. Readd it first, which will allow us to
ensure backward compability on cloud-images.ubuntu.com
Also Use Signed-By: /etc/apt/keyrings/preinstalled-pool.gpg and
make sure we only update from that .sources file as we did before.
This code may all be dead, who can say.
FIXME: We should figure out how to do an armored export of that key
and then embed it in the signed-by field instead of using a keyring
file.
Template is based on the specification with some rewording for
Ubuntu Pro as agreed.
v2:
- Enabled backports by default (I did not see that!)
- Enabled restricted, multiverse security updates
- Replaced tweaked with adjusted
v3:
- Insert an explanatory sources.list
LP: #2048129
The publisher for cloud-images.ubuntu.com expects that artefacts
finishes with: file_url.endswith(project_prefix + suffix).
Now that we integrate app_id to the image name, we need thus to put it
before project_prefix and not between project_prefix and suffix.
The StarFive VisionFive 2 board can boot from SPI flash or SD-card.
Install U-Boot to the SD card.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Microsoft offically support systemd now and our Pro service relies on
it. This option is enabled by default via our launcher (Windows-side) on
first run for quite a while.
Remve this file creation from it, don’t ship it in a package as the
file may be altered by the user to add additional options and ship it as
part of the rootfs.
Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
On WSL, we have multiple applications with the same rootfs, but
different upgrade policy:
Ubuntu: should always track latest LTS and offer upgrade.
Ubuntu-<Version>: should never offer upgrade and will stick to Version
Ubuntu-Preview: current in development version.
Co-authored-by: Jean-Baptiste Lallement <jean-baptiste@ubuntu.com>
If the previous if statement checking if PASSES_TO_LAYERS is true,
then the last return code be non-zero and a return statement with no
argument will return the error code of the if statement thus exiting
the script. This is not our intent. So we need to return 0 here when
layer name as already been registered
The unminimize script will try to install the lxd snap using the shim script
`/usr/sbin/lxd` from the lxd-installer package.
Previously `unminimize` was using `snap`
to install `lxd` directly which was being diverted by diverting the `snap` command.
This is no longer the case so we can remove `/usr/sbin/lxd` from the lxd-installer package
if it exists and then redirect any calls to `/usr/sbin/lxd` to `/bin/true`
This is a cherry pick forward port from Jammy livecd-rootfs version 2.765.37.
(cherry picked from commit 8b83212372)
mount_disk_image function expects root partition to be at number 1. But
some images require the root partition to be at other some other number.
For example, EKS Anywhere images for bare metal are used with Tinkerbell
deployment with a default configuration that expects the root device to
be found at /dev/sda2. The knowledge of the root device path is needed
to modify certain files in the root filesystem (e.g. cloud-init configs)
for the machine to join Kubernetes cluster control plane.
The partition number can be changed in the hook by "sgidsk --transpose".
Allow the hook to use mount_disk_image with custom root partition number
by making it an optional third parameter that defaults to 1.
Noble moved to the 6.6 kernel now and the preseeding optimization
doesn't work anymore given that the apparmor features used during
preseeding do not match the apparmor features used on a running system
with kernel 6.6 .
By invoking LXD, lxd-installer will install LXD from the right
place, thereby make it simpler for us to not hardcode the
channel and manually snap install it.
This makes the hook ok to use cross-flavor.
We could also move glib-compile-schemas to a separate hook, to ensure we never
silently fail because glib-compile-schemas is broken/missing.
When the files we're creating in the live layer have static content, ship
them in live-build/ubuntu/includes.chroot.minimal.standard.live instead of
generating them from live-build/ubuntu/hooks/020-ubuntu-live.chroot_early.
Also fixes the fact that
live-build/ubuntu/hooks/020-ubuntu-live.chroot_early was incorrectly writing
to /root in the previous upload instead of /usr.
Without casper in the minimal.standard.live seed for flavors using the
new ubuntu-desktop-installer (or derivitives thereof), casper cannot
create a live user. Without this live user, Ubuntu Studio has been
experiencing the inability to login automatically from either the GUI or
manually from a TTY. This leaves the boot at a black screen with a mouse
cursor. This commit is an attempt to avoid the same situation. Previous
assessments of omitting casper from this line appear to have been
incorrect.