releasing package livecd-rootfs version 26.04.12

Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>

debian/changelog

@@ -1,3 +1,31 @@
+livecd-rootfs (26.04.12) resolute; urgency=medium
+
+  * desktop: add variables pointing to the different models (stable & dangerous).
+  * desktop: fix snap components taken from original model when overriding a
+    snap with another model.
+    - if we decide to override the definition of a snap (i.e., by taking in
+      from a different model), we also need to override the definition of its
+      components.
+  * desktop: refactor how we filter the snaps when overriding
+  * desktop: update the dangerous model so that it includes core26 and the 6.17
+    kernel and components.
+
+ -- Olivier Gayot <olivier.gayot@canonical.com>  Tue, 16 Dec 2025 14:54:17 +0100
+
+livecd-rootfs (26.04.11) resolute; urgency=medium
+
+  [ Valentin Haudiquet ]
+  * refactor: added a function to generate grub config for netboot
+  * riscv/server: add grub efi bootloader in netboot tarballs
+
+  [ Olivier Gayot ]
+  * desktop: build with optional components included
+  * desktop: don't build the stable image with pc-kernel from 26.04/beta
+    - This was needed before because there was pc-kernel in 26.04/stable but
+      now there is one and it matches the components definition from the model.
+
+ -- Valentin Haudiquet <valentin.haudiquet@canonical.com>  Thu, 11 Dec 2025 09:28:37 +0100
+
 livecd-rootfs (26.04.10) resolute; urgency=medium
 
   [ Olivier Gayot ]

live-build/auto/config

@@ -1097,6 +1097,9 @@ case $PROJECT in
 					arm64)
 						add_package ubuntu-server-minimal.ubuntu-server.installer.$flavor.netboot shim-signed
 						;;
+					riscv64)
+						add_package ubuntu-server-minimal.ubuntu-server.installer.$flavor.netboot grub-efi-riscv64 grub-efi-riscv64-unsigned
+						;;
 					*)
 						add_package ubuntu-server-minimal.ubuntu-server.installer.$flavor.netboot
 						;;

live-build/ubuntu-server/hooks/05-netboot-tarball.binary

@@ -1,5 +1,18 @@
 #!/bin/sh
 
+generate_grub_config ()
+{
+    # Generate the grub config file for netboot tarballs
+    # $1 Generated file path
+    cat > "${1}" <<EOF
+menuentry "Install Ubuntu Server" {
+        set gfxpayload=keep
+        linux   linux iso-url=#ISOURL# ip=dhcp ---
+        initrd  initrd
+}
+EOF
+}
+
 case $PASS in
     ubuntu-server-minimal.ubuntu-server.installer.generic*.netboot)
         ;;
@@ -46,13 +59,7 @@ case $ARCH in
         mv chroot/usr/lib/grub/x86_64-efi-signed/grubnetx64.efi.signed tarball/amd64/grubx64.efi
 
         mkdir tarball/amd64/grub tarball/amd64/pxelinux.cfg
-        cat > tarball/amd64/grub/grub.cfg.in <<EOF
-menuentry "Install Ubuntu Server" {
-        set gfxpayload=keep
-        linux   linux iso-url=#ISOURL# ip=dhcp ---
-        initrd  initrd
-}
-EOF
+        generate_grub_config tarball/amd64/grub/grub.cfg.in
         cat > tarball/amd64/pxelinux.cfg/default.in <<EOF
 DEFAULT install
 LABEL install
@@ -72,13 +79,7 @@ EOF
         mv chroot/usr/lib/grub/arm64-efi-signed/grubnetaa64.efi.signed tarball/arm64/grubaa64.efi
 
         mkdir tarball/arm64/grub
-        cat > tarball/arm64/grub/grub.cfg.in <<EOF
-menuentry "Install Ubuntu Server" {
-        set gfxpayload=keep
-        linux   linux iso-url=#ISOURL# ip=dhcp ---
-        initrd  initrd
-}
-EOF
+        generate_grub_config tarball/arm64/grub/grub.cfg.in
         ;;
 
     s390x)
@@ -125,6 +126,13 @@ LABEL install
   append=ip=dhcp iso-url=#ISOURL# ---
 EOF
         ;;
+
+    riscv64)
+        mv chroot/usr/lib/grub/riscv64-efi/monolithic/grubnetriscv64.efi tarball/riscv64/grubriscv64.efi
+
+        mkdir tarball/riscv64/grub
+        generate_grub_config tarball/riscv64/grub/grub.cfg.in
+        ;;
 esac
 
 tar -C tarball -czf livecd.${PROJECT}.netboot.tar.gz .

live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary

@@ -31,15 +31,82 @@ json.dump(yaml.safe_load(sys.stdin), sys.stdout, default=str)
 
 
 # Use jq to retrieve a list of --snap options from a given *signed* model.
-get_snaps_args()
+get_snaps_args_excluding()
 {
-    model=$1
+    local model=$1
+    local jq_filter='
+# Find all snaps that are not filtered out.
+# The filtered out snaps are passed as positional arguments so they end up in
+# the $ARGS.positional array.
+.snaps[] | select(.name | IN($ARGS.positional[]) | not)
+# Then forge the --snap option.
+ | "--snap=" + .name + "=" + .["default-channel"]'
+
+    shift
 
     # The model is signed and is not valid YAML unless we get rid of the
     # signature. Here we assume the only blank line is before the signature.
     sed '/^$/,$d' -- "$model" \
      | yaml_to_json \
-     | jq --raw-output '.snaps[] | "--snap=" + .name + "=" + .["default-channel"]'
+     | jq --raw-output "$jq_filter" --args "$@"
+}
+
+# Use jq to retrieve a list of --snap options from a given *signed* model.
+get_snaps_args()
+{
+    local model=$1
+    get_snaps_args_excluding "$model"
+}
+
+_get_components_filtered()
+{
+    local excluded=$1
+    local model=$2
+    local jq_filter='
+# Find all snaps that are either filtered in or filtered out
+# The filtered in (or out) snaps are passed as positional arguments so they end up in
+# the $ARGS.positional array.  The excluded variable is passed separately and
+# tells if we want to filter in (i.e., excluded=false) or filter out (i.e.,
+# excluded=true).
+ .snaps[] | select(.name | IN($ARGS.positional[]) | if $excluded then not else . end)
+# and have components
+ | select(.components)
+# Then save the name of each snap in a variable
+ | .name as $snap
+# Then for each entry that has "optional"
+ | .components | to_entries | map(select(.value.presence == "optional"))
+# Output its name with the snap name prepended
+ | "\($snap)" + "+" + .[].key'
+
+    shift 2
+
+    sed '/^$/,$d' -- "$model" \
+     | yaml_to_json \
+     | jq --raw-output "$jq_filter" --argjson excluded "$excluded" --args "$@"
+}
+
+# Get list of all components for all snaps
+get_all_components()
+{
+    local model=$1
+    # Provide an exclusion list but empty
+    _get_components_filtered true "$model"
+}
+
+# Get list of all components for all snaps except the ones specified.
+get_components_excluding()
+{
+    local model=$1
+    shift
+    _get_components_filtered true "$model" "$@"
+}
+
+# Get list of all components for the snaps specified.
+get_components()
+{
+    local model=$1
+    shift
+    _get_components_filtered false "$model" "$@"
 }
 
 # Generation of the model:
@@ -59,38 +126,56 @@ get_snaps_args()
 
 # env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
 #
-# model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
-# Normally we use the non-dangerous model here.  Use the dangerous one for now
-# until we get snaps on stable 26.04 tracks and channels.
-model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
+dangerous_model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
+stable_model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
 
 prepare_args=()
 
+components=()
+
 # for the dangerous subproject, we need the dangerous model!
 if [ "$SUBPROJECT" = "dangerous" ]; then
     # As with the "classically" seeded snaps, snaps from the edge channel may
     # require different content snaps to be installed, so they must be
     # included in the system as well. We just use the same list as was
     # computed in snap_validate_seed.
-    model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
+    model="${dangerous_model}"
     while read snap; do
         prepare_args+=("--snap=${snap}=edge")
     done < config/missing-providers
+
+    for comp in $(get_all_components "$model"); do
+        components+=("$comp")
+    done
 else
-    # We're currently using the dangerous model for the non-dangerous ISO
-    # because it allows us to override snaps. But we don't want all snaps from
-    # edge like the dangerous model has, we want most of them from stable
-    # excluding:
-    # * pc-kernel - which currently does not exist on stable
+    # Normally we use the stable model here.  Use the dangerous one for now
+    # until we get snaps on stable 26.04 tracks and channels.
+    #model="${stable_model}"
+    model="${dangerous_model}"
+    # We're currently using the dangerous model for the stable image because it
+    # allows us to override snaps. But we don't want all snaps from edge like
+    # the dangerous model has, we want most of them from stable excluding:
     # * snapd (for TPM/FDE)
+    # * snapd-desktop-integration (for TPM/FDE)
     # * firmware-updater (for TPM/FDE)
     # * desktop-security-center (for TPM/FDE)
-    while read -r snap_arg; do
+    snaps_from_dangerous=(snapd snapd-desktop-integration firmware-updater desktop-security-center)
+    for snap_arg in $(get_snaps_args_excluding "$stable_model" "${snaps_from_dangerous[@]}"); do
         prepare_args+=("$snap_arg")
-    done < <(get_snaps_args /usr/share/livecd-rootfs/live-build/"${PROJECT}"/ubuntu-classic-amd64.model \
-    | grep -v -F -e pc-kernel -e snapd -e firmware-updater -e desktop-security-center)
+    done
+
+    for comp in $(get_components_excluding "$stable_model" "${snaps_from_dangerous[@]}"); do
+        components+=("$comp")
+    done
+    for comp in $(get_components "$dangerous_model" "${snaps_from_dangerous[@]}"); do
+        components+=("$comp")
+    done
 fi
 
+for comp in "${components[@]}"; do
+    prepare_args+=(--comp "$comp")
+done
+
 channel=""
 if [ -n "${CHANNEL:-}" ]; then
     channel="--channel $CHANNEL"

live-build/ubuntu/ubuntu-classic-amd64-dangerous.model

@@ -16,13 +16,9 @@ snaps:
     type: gadget
   -
     components:
-      nvidia-550-erd-ko:
+      nvidia-580-uda-ko:
         presence: optional
-      nvidia-550-erd-user:
-        presence: optional
-      nvidia-570-erd-ko:
-        presence: optional
-      nvidia-570-erd-user:
+      nvidia-580-uda-user:
         presence: optional
     default-channel: 26.04/beta
     id: pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza
@@ -38,6 +34,11 @@ snaps:
     id: dwTAh7MZZ01zyriOZErqd1JynQLiOGvM
     name: core24
     type: base
+  -
+    default-channel: latest/edge
+    id: cUqM61hRuZAJYmIS898Ux66VY61gBbZf
+    name: core26
+    type: base
   -
     default-channel: latest/edge
     id: PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4
@@ -93,16 +94,16 @@ snaps:
     id: IrwRHakqtzhFRHJOOPxKVPU0Kk7Erhcu
     name: snapd-desktop-integration
     type: app
-timestamp: 2025-11-06T12:00:00.0Z
+timestamp: 2025-12-09T12:00:00.0Z
 sign-key-sha3-384: 9tydnLa6MTJ-jaQTFUXEwHl1yRx7ZS4K5cyFDhYDcPzhS7uyEkDxdUjg9g08BtNn
 
-AcLBXAQAAQoABgUCaSatwAAKCRDgT5vottzAEtItEACX3Ks4EJiFMUFAilxJNGL1SK02OdxOMJZ9
-78FYP/pANI37Y+sPOrybHFkcbI21S6VaeFJTfJxE/tl7TbzYA9KBbi6MUKu7/r5mYIO/ylOFBGKI
-iqI0gFOl0KovUiG2PtgfJiy+qnFBsPy47z6rADGUJYya5sKyrjll9hCriqxrQhBCYIkVlryheryk
-Uy48RuEDCjbqeqnyOWCCGRFzsV4wl+u6VeDNgAR4rYHfX1ObwkktyTb6rd2Pt0yW9XijnAVwA9Dw
-scAXsoGtkXoAl2lGed0xOE//n7MQVk/2420tHw6KR84k/oB2uuMSkEEFh0grKOw0zPTzMEkQupLN
-jjqJileKkZFmCPo/ArTTSGIhFDjv3DDuRX5UbwIKlShyRGwjbjAhKz4GdiZ9TWyvzYV/+Tv9dlCo
-+a1kX9aE4hy1wkxkGmYWH0sAgQfG1btLr2dc0YHTPZH4z2j5ExbxJ+sP+6vEJX6lINZlFyHyna3+
-yU34ERrohYe6LWLwT9LwUzjN+ejZOqO2oJ/DPAnT0TaseTqDt3j1S1/37PzoULFml7YZPl7qlgf4
-y8zFGye5yINN8z0WaofuDT22g+up2aRVs39cCCQ/7VhPiMXGtT1Z5j0kND234KbvMLsNesPfV64b
-kFDviVkYhU7JFCaeLZAh1hbFHX2gSggV1zvCq/6Tsw==
+AcLBXAQAAQoABgUCaUFt7QAKCRDgT5vottzAEhdnD/92LBcQm3iw/kPao4KqGE0OhfXDFd7Z6+Qv
+A1Dlzz6Cw0tuj0r5aZH7vJQCx4kC1Eaoi8apg3XhqAyhr74/MsIwMhPPL8qcSNv8ZWruoGwFp/rx
+M6NSBKc6hrYqACYfEkBwfq9SgmIDQKFeBVudwswLK2SN58wrDNJjuWz/eJ5hUIIe3ga5ScfzO4Jr
+jTWS4kh5lpttCPFX8ouLkMgLUxijQpxFbHoF1trXJndFvavStT0yuC0y5TXzb3wJbbiF/MXZWyjV
+/4U+oQLodO77MhaD01kk2y5bZ62YuQ3MPL0fQGypon12GPHeNNcEcYWRZlFv+JkWAduWlnuefj1D
+dVWV8dQQmSZGZNiGTsIJxkY9+4B+t/OhosGDc6jEmEZcKNVi9fnl0+awkzK6scNNmupZ8NwJl8ZR
+mJSsfaBcH4paYV1x31y4uTELv+OuDWAJ3D0RoCR8H0djTBxRhsF2/JpSJasxVmSbzWHPSeM3f1aO
+ChZGwbD6J2SpzsrdogUP/9z6o8YuVnJkOxoBYuXhT1pEYTd93/hE++j3MpOqey/xw8UDbYmq5oJf
+uKaYLOMphqDm5hUCZmxQp8gTzDleZGjxYS2fOS4qFUJlvyVwsSoJMXU+6YfA6tgEQ4Dbh6zp6r78
+MjEqfWn4lL16xW2Zzr6e8xWwUrM7T3Gp4WTA7/xOeA==