There are case in CPC built images where we don't want to create an SBOM.
Add an argument in create_manifest which defaults to creating an SBOM, but can also skip generating an SBOM
A change in 2024 [0] was made to debootstrap in which the keyring is now
switched from ubuntu-archive-keyring.gpg to
ubuntu-archive-removed-keys.gpg after a given release goes EOL. This
means that the Release signature cannot be verified after EOL since the
Release is signed with the ubuntu-archive-keyring.gpg. It is expected
that we can continue to build any release even after the suite is
closed.
This change adds a debootstrap configuration to override this behavior
and ensure all of our images are verified against the main archive key.
Refs: [0] https://git.launchpad.net/ubuntu/+source/debootstrap/commit/?id=4f8b3405097b9f655938528ae7105ec534eb7d1b
Use consistent formatting across all architectures: 4-space indent,
two spaces after "linux", one space after "initrd". Also fix an extra
blank line before "fi" in amd64's UEFI section caused by f-string
interpolation.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Separate config generation from file I/O by having generate_grub_config()
and its helpers return strings. The base class make_bootable() now handles
writing grub.cfg.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
The debian-cd scripts did this game of placing boot-related files in a
separate directory that was then passed to xorriso to include on the
ISO. Stop doing that and just put the files directly into the ISO root
that is already passed to xorriso.
Package contents were being extracted into subdirectories of the boot
tree (grub_dir, shim_dir), which meant the boot tree contained both
the final boot files and the raw package extractions. Extract packages
into scratch directories instead, copying only the needed files into
the boot tree. This also removes the grub_dir/shim_dir instance
variables and the create_dirs overrides, and moves copy_grub_modules
to a standalone function in grub.py.
Set MAKE_ISO=yes so ubuntu-mini-iso uses the standard isobuilder
flow in auto/build. The binary hook is simplified to just creating
kernel/initrd artifacts; isobuilder handles .disk metadata, boot
configuration, and ISO creation.
The mini-iso's custom grub.cfg (single iso-chooser-menu entry) is
generated by a project-specific path in AMD64BootConfigurator.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Replace the debian-cd git clone and shell script invocation in
ISOBuilder with the new Python boot configurators.
Key changes to builder.py:
- make_bootable() creates a boot configurator and calls its
make_bootable() method instead of cloning debian-cd
- make_iso() gets mkisofs_opts directly from the configurator
instead of reading a serialized file
- add_live_filesystem() links kernel/initrd with names expected
by the boot configurators (vmlinuz/initrd, hwe-vmlinuz/hwe-initrd)
- _extract_casper_uuids() updated for the new initrd naming scheme
- Refactor config storage to use a single _config dict
- Add limit_length parameter to Logger for long xorriso commands
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Add architecture-specific boot configurators that translate the
debian-cd boot shell scripts (boot-amd64, boot-arm64, boot-ppc64el,
boot-riscv64, boot-s390x) into Python.
The package uses a class hierarchy:
- BaseBootConfigurator: abstract base with common functionality
- GrubBootConfigurator: shared GRUB config generation
- UEFIBootConfigurator: UEFI-specific shim/ESP handling
- Architecture classes: AMD64, ARM64, PPC64EL, RISCV64, S390X
A factory function make_boot_configurator_for_arch() creates the
appropriate configurator for each architecture.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Extract a download_direct() method from download() to enable downloading
packages to an arbitrary directory with an arbitrary specification string.
This will be used by the boot configuration code to download bootloader
packages.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ubuntukylin's /etc/apt/trusted.gpg.d/ubuntukylin-archive-keyring.gpg
contains a symlink to
"/usr/share/keyrings/ubuntukylin-archive-keyring.gpg" as an absolute
path. This obviously doesn't work when not chrooted into the chroot but
we don't need to copy it over to the apt config used to build the pool
as no package from any archive signed by this key is going to be
included in the pool...
The -map option requires two arguments: the source filesystem path and
the target path in the ISO. Without the "/" target, xorriso fails.
This only affects riscv64, which uses native xorriso mode rather than
mkisofs compatibility mode.
Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This adds a new tool, isobuild, which replaces the ISO-building
functionality previously provided by live-build and cdimage. It is
invoked from auto/build when MAKE_ISO=yes.
The tool supports:
- Layered desktop images (Ubuntu Desktop, flavors)
- Non-layered images (Kubuntu, Ubuntu Unity)
- Images with package pools (most installers)
- Images without pools (Ubuntu Core Installer)
The isobuild command has several subcommands:
- init: Initialize the ISO build directory structure
- setup-apt: Configure APT for package pool generation
- generate-pool: Create the package pool from a seed
- generate-sources: Generate cdrom.sources for the installed system
- add-live-filesystem: Add squashfs and kernel/initrd to the ISO
- make-bootable: Add GRUB and other boot infrastructure
- make-iso: Generate the final ISO image
auto/config is updated to:
- Set MAKE_ISO=yes for relevant image types
- Set POOL_SEED_NAME for images that need a package pool
- Invoke gen-iso-ids to compute ISO metadata
auto/build is updated to:
- Remove old live-build ISO handling code
- Invoke isobuild at appropriate points in the build
lb_binary_layered is updated to create squashfs files with
cdrom.sources included for use in the ISO.
Add a script to compute the values for .disk/info, the ISO volume ID,
and the "capproject" (capitalized project name) used in various places
in the ISO boot configuration.
This replaces the logic that was previously scattered across live-build
and cdimage.
