ppc64el still uses /boot/vmlinux so we need to determine the boot file name as non ppc64el use /boot/vmlinuz. This
is then used to determine the kernel major minor version installed so that the correct apparmor features can be used
during snap preseeding. This preseeding was failing for ppc64el for the mantic 6.5 kernel as the /boot/vmlinuz
being checked did not exist.
(cherry picked from commit 089646a32f927f32e9e8961e231391f0bcb6f66b)
# Conflicts:
# debian/changelog
# live-build/functions
lp: #2037567. starting in kernel 6.5.0.1006, there's been an update to
apparmor features. Creates the 6.5 kernel directory, fully populates
with feats checked from a machine running 6.5.0.1006 installed from
proposed (as of 20230927).
(cherry picked from commit 5427e5ad6c02b2d7c203cc6597aff5518d5b344c)
In the past, we'd directly snap install lxd which defaults to
the latest/stable channel. However, whilst working on enhancing
unminimize, it was observed that we install this snap from
the stable/ubuntu-<version> channel instead.
This was also noted as a failure when running the CTF tests:
`lxd installed from latest/stable, not stable/ubuntu-23.10`
(cherry picked from commit 12a2109c223e261214747d5f98d4b8d7ee9625e3)
Prior to dpkg/1.21.0, there was a bug where dpkg -V/--verify
couldn't list all the correct packages correctly but with
that being fix and in archive since Jammy, this works perfectly
but the syntax to report the missing files have changed. It
just prints 'missing' now. With that new format, we can now
fix the regex to simply list the packages.
With this patch, the unminimize script works flawlessly
on a minimized image.
(cherry picked from commit 78a98c683573a1f7983afae54e2f187eeae127c7)
Modifying directly /etc/ssh/sshd_config creates "problems" when
upgrading eg. from Focal to Jammy because the upgrade will ask the
user what to do with the modified config. To avoid that, put the
custom configuration into /etc/ssh/sshd_config.d/ so the upgrade of
openssh-server can just replace /etc/ssh/sshd_config without asking
the user.
(cherry picked from commit b54d24ff3310f7ace00ab08e0dacfdc89e026f1c)
LP: #2034253 Grub is found to use lsb_release or default to Debian.
buildd does not have lsb_release, so Debian was the GRUB_DISTRIBUTION.
that ends up with issues with the EFI path
LP: 2031943
Same issue as affected 5.19. 6.2 apparmor featureset differs from 5.15.
Identified the same feature as 5.19, so copied over.
populated 6.2 with all of generic directory as well. Compatibility mode for
possible future change
During Realtime kernel image build, there was an error during
validating snap seed which derivative images copied 5.19
apparmor feature and can't validate when Realtime kernel (5.15)
installed [0].
To prevent this, bind correct apparmor feature with kernel
version.
[0] https://bugs.launchpad.net/ubuntu/+source/livecd-rootfs/+bug/2024639
This now matches the cloud images (7c760864fdcb278ca37396f06f5e3f297428d63d)
fixing bootloader updates in the buildd images, but also fixing
compatibility with using devtmpfs for losetup.
live-build/auto/config:
- for Ubuntu Server live images and the arm64+tegra full arch, build a
tegra variant with linux-nvidia-tegra as the flavor and
linux-nvidia-tegra as the kernel meta-package
- default to nvidia-$SUBARCH as the kernel flavor and enable all
components for all images using arm64+tegra as full arch
hooks/03-kernel-metapkg.chroot_early:
- use linux-nvidia-tegra as kernel meta-package for the nvidia-tegra
flavor
the 5.19 kernel added ipc posix_mqueue apparmor features. the generic
set of apparmor features for the 5.15 LTS jammy kernel does not have
this feature. Along with the commit "support kernel with different
apparmor feats", this ensures that the HWE kernel for 5.19 has a
matching set.
note that on the next HWE roll, another directory will need to be added.
For each new HWE kernel roll, checking capabilities, creating the
directory, and adding the correct features will be required.
Jammy HWE is rolling to 5.19. the 5.19 kernel introduced more apparmor
features, specifically ipc. due to the roll, we now must support builds
with 2 different feature sets.
This specifically affects snap-preseeding, where if a snap_preseed is
run with a mismatched apparmor feature set, snap will require a restart
to match the running kernel's feature set. in the clouds, this can add
somehwere between 5-10s (as of checks on 20230404). This is a large boot
time performance hit.
Implementation is done at the `snap_validate_seed` function level. This
function is called in snap scenarios. It checks for an installed kernel
in the chroot, gets the major.min version, and checks for
apparmor/$KERN. If found, it will do a copy of the directory, providing
a naive override mechanism.
For CPC builds, we are adding a call to `snap_validate_seed` at the end
of affected hooks as well. This is a safe procedure to call, as it
reruns the snap_preseed for all snaps. By running at the end of build
processes, it ensures that any kernel changes done during the build are
taken into account.
Add a file build.info on etc/cloud
with the serial information
Signed-off-by: Samir Akarioh <samir.akarioh@canonical.com>
(cherry picked from commit 105acdebc783291f740294b5c317f3e6d2da9de4)
RISC-V boards tend to boot slowly.
We should provide progress information when booting.
Use 'efi=debug earlycon' on the Linux command line via new file
/etc/default/grub.d/cmdline.cfg.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The Nezha and the LicheeRV boards do not have enough memory for an initrd
with most modules. Therefore the number of included modules has to be
reduced.
Create file /etc/initramfs-tools/conf.d/modules_list.conf
to set MODULES=list.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
Remove redirections of type
command &1>2
Executing the command in the background and creating and empty file '2'
was never intended.
As the messages are information only redirecting to stderr would not make
sense either.
Signed-off-by: Heinrich Schuchardt <heinrich.schuchardt@canonical.com>
The LicheeRV Dock board comes with only 512MB of DRAM so the only difference
with a Nezha image is the fact that we have to remove
cryptsetup-initramfs package which makes the initrd too big for the
board to boot.
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
3.5G is not enough for riscv64 preinstalled as the creation of the initrd fails
with the following error:
Creating config file /etc/default/grub with new version
Processing triggers for initramfs-tools (0.140ubuntu13) ...
update-initramfs: Generating /boot/initrd.img-5.15.0-1011-generic
zstd: error 25 : Write error : No space left on device (cannot write compressed block)
E: mkinitramfs failure zstd -q -1 -T0 25
update-initramfs: failed for /boot/initrd.img-5.15.0-1011-generic with 1.
dpkg: error processing package initramfs-tools (--configure):
installed initramfs-tools package post-installation script subprocess returned error exit status 1
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
The image created uses a UEFI bootflow, so we install grub for this board
only. We also need flash-kernel to install the dtb where grub can find
it.
This image is specifically architectured so that it can be installed on
a "factory" board, meaning using the u-boot firmware which was
originally implemented for Fedora, so we need the p3 partition that
embeds a uEnv.txt file to tell u-boot what/where to load next stage.
Signed-off-by: Alexandre Ghiti <alexandre.ghiti@canonical.com>
