releasing package livecd-rootfs version 26.04.12

Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>

debian/changelog

@@ -1,3 +1,17 @@
+livecd-rootfs (26.04.12) resolute; urgency=medium
+
+  * desktop: add variables pointing to the different models (stable & dangerous).
+  * desktop: fix snap components taken from original model when overriding a
+    snap with another model.
+    - if we decide to override the definition of a snap (i.e., by taking in
+      from a different model), we also need to override the definition of its
+      components.
+  * desktop: refactor how we filter the snaps when overriding
+  * desktop: update the dangerous model so that it includes core26 and the 6.17
+    kernel and components.
+
+ -- Olivier Gayot <olivier.gayot@canonical.com>  Tue, 16 Dec 2025 14:54:17 +0100
+
 livecd-rootfs (26.04.11) resolute; urgency=medium
 
   [ Valentin Haudiquet ]

live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary

@@ -31,24 +31,46 @@ json.dump(yaml.safe_load(sys.stdin), sys.stdout, default=str)
 
 
 # Use jq to retrieve a list of --snap options from a given *signed* model.
-get_snaps_args()
+get_snaps_args_excluding()
 {
     local model=$1
+    local jq_filter='
+# Find all snaps that are not filtered out.
+# The filtered out snaps are passed as positional arguments so they end up in
+# the $ARGS.positional array.
+.snaps[] | select(.name | IN($ARGS.positional[]) | not)
+# Then forge the --snap option.
+ | "--snap=" + .name + "=" + .["default-channel"]'
+
+    shift
 
     # The model is signed and is not valid YAML unless we get rid of the
     # signature. Here we assume the only blank line is before the signature.
     sed '/^$/,$d' -- "$model" \
      | yaml_to_json \
-     | jq --raw-output '.snaps[] | "--snap=" + .name + "=" + .["default-channel"]'
+     | jq --raw-output "$jq_filter" --args "$@"
 }
 
-get_all_components()
+# Use jq to retrieve a list of --snap options from a given *signed* model.
+get_snaps_args()
 {
-    # Get list of all components in every snaps
     local model=$1
+    get_snaps_args_excluding "$model"
+}
+
+_get_components_filtered()
+{
+    local excluded=$1
+    local model=$2
     local jq_filter='
-# Find all snaps that have components
+# Find all snaps that are either filtered in or filtered out
- .snaps[] | select(.components)
+# The filtered in (or out) snaps are passed as positional arguments so they end up in
+# the $ARGS.positional array.  The excluded variable is passed separately and
+# tells if we want to filter in (i.e., excluded=false) or filter out (i.e.,
+# excluded=true).
+ .snaps[] | select(.name | IN($ARGS.positional[]) | if $excluded then not else . end)
+# and have components
+ | select(.components)
 # Then save the name of each snap in a variable
  | .name as $snap
 # Then for each entry that has "optional"
@@ -56,9 +78,35 @@ get_all_components()
 # Output its name with the snap name prepended
  | "\($snap)" + "+" + .[].key'
 
+    shift 2
+
     sed '/^$/,$d' -- "$model" \
      | yaml_to_json \
-     | jq --raw-output "$jq_filter"
+     | jq --raw-output "$jq_filter" --argjson excluded "$excluded" --args "$@"
+}
+
+# Get list of all components for all snaps
+get_all_components()
+{
+    local model=$1
+    # Provide an exclusion list but empty
+    _get_components_filtered true "$model"
+}
+
+# Get list of all components for all snaps except the ones specified.
+get_components_excluding()
+{
+    local model=$1
+    shift
+    _get_components_filtered true "$model" "$@"
+}
+
+# Get list of all components for the snaps specified.
+get_components()
+{
+    local model=$1
+    shift
+    _get_components_filtered false "$model" "$@"
 }
 
 # Generation of the model:
@@ -78,38 +126,53 @@ get_all_components()
 
 # env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
 #
-# model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
+dangerous_model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
-# Normally we use the non-dangerous model here.  Use the dangerous one for now
+stable_model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
-# until we get snaps on stable 26.04 tracks and channels.
-model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
 
 prepare_args=()
 
+components=()
+
 # for the dangerous subproject, we need the dangerous model!
 if [ "$SUBPROJECT" = "dangerous" ]; then
     # As with the "classically" seeded snaps, snaps from the edge channel may
     # require different content snaps to be installed, so they must be
     # included in the system as well. We just use the same list as was
     # computed in snap_validate_seed.
-    model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
+    model="${dangerous_model}"
     while read snap; do
         prepare_args+=("--snap=${snap}=edge")
     done < config/missing-providers
-else
-    # We're currently using the dangerous model for the non-dangerous ISO
-    # because it allows us to override snaps. But we don't want all snaps from
-    # edge like the dangerous model has, we want most of them from stable
-    # excluding:
-    # * snapd (for TPM/FDE)
-    # * firmware-updater (for TPM/FDE)
-    # * desktop-security-center (for TPM/FDE)
-    while read -r snap_arg; do
-        prepare_args+=("$snap_arg")
-    done < <(get_snaps_args /usr/share/livecd-rootfs/live-build/"${PROJECT}"/ubuntu-classic-amd64.model \
-    | grep -v -F -e snapd -e firmware-updater -e desktop-security-center)
-fi
 
     for comp in $(get_all_components "$model"); do
+        components+=("$comp")
+    done
+else
+    # Normally we use the stable model here.  Use the dangerous one for now
+    # until we get snaps on stable 26.04 tracks and channels.
+    #model="${stable_model}"
+    model="${dangerous_model}"
+    # We're currently using the dangerous model for the stable image because it
+    # allows us to override snaps. But we don't want all snaps from edge like
+    # the dangerous model has, we want most of them from stable excluding:
+    # * snapd (for TPM/FDE)
+    # * snapd-desktop-integration (for TPM/FDE)
+    # * firmware-updater (for TPM/FDE)
+    # * desktop-security-center (for TPM/FDE)
+    snaps_from_dangerous=(snapd snapd-desktop-integration firmware-updater desktop-security-center)
+    for snap_arg in $(get_snaps_args_excluding "$stable_model" "${snaps_from_dangerous[@]}"); do
+        prepare_args+=("$snap_arg")
+    done
+
+    for comp in $(get_components_excluding "$stable_model" "${snaps_from_dangerous[@]}"); do
+        components+=("$comp")
+    done
+    for comp in $(get_components "$dangerous_model" "${snaps_from_dangerous[@]}"); do
+        components+=("$comp")
+    done
+fi
+
+for comp in "${components[@]}"; do
     prepare_args+=(--comp "$comp")
 done
 

live-build/ubuntu/ubuntu-classic-amd64-dangerous.model

@@ -16,13 +16,9 @@ snaps:
     type: gadget
   -
     components:
-      nvidia-550-erd-ko:
+      nvidia-580-uda-ko:
         presence: optional
-      nvidia-550-erd-user:
+      nvidia-580-uda-user:
-        presence: optional
-      nvidia-570-erd-ko:
-        presence: optional
-      nvidia-570-erd-user:
         presence: optional
     default-channel: 26.04/beta
     id: pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza
@@ -38,6 +34,11 @@ snaps:
     id: dwTAh7MZZ01zyriOZErqd1JynQLiOGvM
     name: core24
     type: base
+  -
+    default-channel: latest/edge
+    id: cUqM61hRuZAJYmIS898Ux66VY61gBbZf
+    name: core26
+    type: base
   -
     default-channel: latest/edge
     id: PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4
@@ -93,16 +94,16 @@ snaps:
     id: IrwRHakqtzhFRHJOOPxKVPU0Kk7Erhcu
     name: snapd-desktop-integration
     type: app
-timestamp: 2025-11-06T12:00:00.0Z
+timestamp: 2025-12-09T12:00:00.0Z
 sign-key-sha3-384: 9tydnLa6MTJ-jaQTFUXEwHl1yRx7ZS4K5cyFDhYDcPzhS7uyEkDxdUjg9g08BtNn
 
-AcLBXAQAAQoABgUCaSatwAAKCRDgT5vottzAEtItEACX3Ks4EJiFMUFAilxJNGL1SK02OdxOMJZ9
+AcLBXAQAAQoABgUCaUFt7QAKCRDgT5vottzAEhdnD/92LBcQm3iw/kPao4KqGE0OhfXDFd7Z6+Qv
-78FYP/pANI37Y+sPOrybHFkcbI21S6VaeFJTfJxE/tl7TbzYA9KBbi6MUKu7/r5mYIO/ylOFBGKI
+A1Dlzz6Cw0tuj0r5aZH7vJQCx4kC1Eaoi8apg3XhqAyhr74/MsIwMhPPL8qcSNv8ZWruoGwFp/rx
-iqI0gFOl0KovUiG2PtgfJiy+qnFBsPy47z6rADGUJYya5sKyrjll9hCriqxrQhBCYIkVlryheryk
+M6NSBKc6hrYqACYfEkBwfq9SgmIDQKFeBVudwswLK2SN58wrDNJjuWz/eJ5hUIIe3ga5ScfzO4Jr
-Uy48RuEDCjbqeqnyOWCCGRFzsV4wl+u6VeDNgAR4rYHfX1ObwkktyTb6rd2Pt0yW9XijnAVwA9Dw
+jTWS4kh5lpttCPFX8ouLkMgLUxijQpxFbHoF1trXJndFvavStT0yuC0y5TXzb3wJbbiF/MXZWyjV
-scAXsoGtkXoAl2lGed0xOE//n7MQVk/2420tHw6KR84k/oB2uuMSkEEFh0grKOw0zPTzMEkQupLN
+/4U+oQLodO77MhaD01kk2y5bZ62YuQ3MPL0fQGypon12GPHeNNcEcYWRZlFv+JkWAduWlnuefj1D
-jjqJileKkZFmCPo/ArTTSGIhFDjv3DDuRX5UbwIKlShyRGwjbjAhKz4GdiZ9TWyvzYV/+Tv9dlCo
+dVWV8dQQmSZGZNiGTsIJxkY9+4B+t/OhosGDc6jEmEZcKNVi9fnl0+awkzK6scNNmupZ8NwJl8ZR
-+a1kX9aE4hy1wkxkGmYWH0sAgQfG1btLr2dc0YHTPZH4z2j5ExbxJ+sP+6vEJX6lINZlFyHyna3+
+mJSsfaBcH4paYV1x31y4uTELv+OuDWAJ3D0RoCR8H0djTBxRhsF2/JpSJasxVmSbzWHPSeM3f1aO
-yU34ERrohYe6LWLwT9LwUzjN+ejZOqO2oJ/DPAnT0TaseTqDt3j1S1/37PzoULFml7YZPl7qlgf4
+ChZGwbD6J2SpzsrdogUP/9z6o8YuVnJkOxoBYuXhT1pEYTd93/hE++j3MpOqey/xw8UDbYmq5oJf
-y8zFGye5yINN8z0WaofuDT22g+up2aRVs39cCCQ/7VhPiMXGtT1Z5j0kND234KbvMLsNesPfV64b
+uKaYLOMphqDm5hUCZmxQp8gTzDleZGjxYS2fOS4qFUJlvyVwsSoJMXU+6YfA6tgEQ4Dbh6zp6r78
-kFDviVkYhU7JFCaeLZAh1hbFHX2gSggV1zvCq/6Tsw==
+MjEqfWn4lL16xW2Zzr6e8xWwUrM7T3Gp4WTA7/xOeA==