Do not use removable uefi bootloader path in the cloud-images by
default, as that prevents upgrades of the bootloader.
LP: #1912830
(cherry picked from commit 7c760864fdcb278ca37396f06f5e3f297428d63d)
For LP: #1901906, on other releases we ensured that grub-pc is always
installed with shim-signed. However, xenial has different behavior that
does not work the same. This reverts those changes back to what
livecd-rootfs was before any of those changes were made, keeping only
the autoremove packages work.
LP: #1901906
shim-signed does not depend on grub-efi-amd64-signed in Xenial.
Historically, Xenial did not always ship with signatures. This is
different than LTSes after Xenial where this is the case. A future SRU
for grub should change this, but for now ensure to install the signed
package so that secure boot systems can actually boot.
LP: #1901906
shim-signed depends on grub-efi-amd64-signed, which in turn has
alternative depends on either `grub-efi-amd64 | grub-pc`. However to
support booting with either via shim&signed-grub and BIOS, the choice
must be made to install grub-pc, not grub-efi-amd64.
This makes images consistent with Ubuntu Deskop, Live Server, buildd
bootable images; all of which already do install grub-pc and
shim-signed.
Additionally, this will ensure that autoremove is run after installing
anything in the CPC build hooks. This is done to avoid shipping images
that include packages that are autoremovable. This will clean-up as
packages are installed and detect any breakage at build time.
LP: #1901906
* Replace "snap download" with tool that uses snap store's coherence feature
This is important for parallel image builds to ensure all pre-seeded snaps
have the same versions across image variants.
* Inject a proxy into the build providing a snapshot view of the package repo.
When the REPO_SNAPSHOT_STAMP variable is set, the auto/build script will attempt
to launch a transparent HTTP proxy on port 8080, and insert an iptables rule to
redirect all outgoing HTTP requests to this proxy.
The proxy, contained in the `magic-proxy` Python script, examines each request
and silently overrides those pointing to InRelease files or files that are
listed in InRelease files. It will instead provide the contents of the requested
file as it was at REPO_SNAPSHOT_STAMP, by downloading the corresponding asset
"by hash".
* Use series files with dependency handling to generate hook symlinks dynamically
This patch currently only applies to the "ubuntu-cpc" project.
More and more logic has been going into the hook scripts to decide
under which conditions they should run or not. As we are moving
to parallelized builds of image sets, this will get even more
complicated. Base hooks will have to know which image sets they
belong to and modification of the dependency chain between scripts
will become more complicated and prone to errors, as the number of
image sets grows.
This patch introduces explicit ordering and dependency handling for
scripts through the use of `series` files and an explicit syntax
for dependency specification.
