Merge bugfix/add_apparmor515_validate_seed into ubuntu/focal [a=philroche] [r=catred,jchittum]

fix: Update d/ch for 2.664.53 to include references to seed validation (LP: #2059730)

Add missing references to LP: #2059730.

MP: https://code.launchpad.net/~philroche/livecd-rootfs/+git/livecd-rootfs/+merge/463488

checkout-translations-branch

@@ -1,23 +0,0 @@
-#!/bin/sh
-
-set -eux
-
-branch=$1
-dir=$2
-target="$(readlink -f "${3}")"
-
-tmpdir="$(mktemp -d)"
-cd "${tmpdir}"
-
-cleanup () {
-    rm -rf "${tmpdir}"
-}
-
-trap cleanup EXIT
-
-mkdir -p $target
-
-git clone $branch checkout
-for po in checkout/$dir/*.po; do
-    msgfmt "${po}" -o "${target}/$(basename "${po}" .po).mo"
-done

debian/.gitignore

@@ -1 +0,0 @@
-files

debian/compat

@@ -0,0 +1 @@
+7

debian/control

@@ -1,12 +1,10 @@
 Source: livecd-rootfs
 Section: devel
 Priority: optional
-Build-Depends: debhelper-compat (= 13)
+Build-Depends: debhelper (>= 7)
 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-Standards-Version: 4.7.0
+Standards-Version: 3.9.6
 Vcs-Git: https://git.launchpad.net/livecd-rootfs -b ubuntu/master
-Vcs-Browser: https://git.launchpad.net/livecd-rootfs
-Rules-Requires-Root: no
 
 Package: livecd-rootfs
 Architecture: any
@@ -14,14 +12,12 @@ Depends: ${misc:Depends},
          apt-utils,
          attr,
          debootstrap,
-         devscripts,
          distro-info,
          dosfstools,
          e2fsprogs,
          gdisk,
          genisoimage,
          germinate (>= 1.25.1),
-         gettext,
          git,
          gnupg,
          grep-dctrl,
@@ -30,25 +26,22 @@ Depends: ${misc:Depends},
          lsb-release,
          lzma,
          make,
-         mount,
-         mtools [!i386],
          parted,
          procps,
          python3,
          python3-apt,
-         python3-launchpadlib [!i386],
+         python3-software-properties,
          python3-yaml,
          qemu-utils [!i386],
-         rsync [!i386],
+         rsync,
          snapd (>= 2.39) [!i386],
          squashfs-tools (>= 1:3.3-1),
          sudo,
-         u-boot-tools [arm64 armhf],
+         u-boot-tools [armhf arm64],
+         ubuntu-image [!i386 !riscv64],
          python3-vmdkstream [amd64 i386],
-         xorriso [!i386],
          xz-utils,
-         zerofree,
-         zstd
+         zerofree
 Breaks: ubuntu-defaults-builder (<< 0.32)
 Description: construction script for the livecd rootfs
  livecd-rootfs provides the script used to create the root filesystem

debian/copyright

@@ -11,7 +11,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 General Public License for more details.
 
 You should have received a copy of the GNU General Public License with
-your Ubuntu system, in /usr/share/common-licenses/GPL-2, or with the
+your Ubuntu system, in /usr/share/common-licenses/GPL, or with the
 livecd-rootfs source package as the file COPYING.  If not, write to
 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 Boston, MA 02110-1301 USA.

debian/gbp.conf

@@ -1,4 +0,0 @@
-[DEFAULT]
-debian-branch=ubuntu/master
-debian-tag = %(version)s
-dch-opt = --vendor=debian

debian/install

@@ -2,6 +2,5 @@ auto-markable-pkgs usr/share/livecd-rootfs
 live-build usr/share/livecd-rootfs
 get-ppa-fingerprint usr/share/livecd-rootfs
 minimize-manual usr/share/livecd-rootfs
-checkout-translations-branch usr/share/livecd-rootfs
-update-source-catalog usr/share/livecd-rootfs
-sync-mtime usr/share/livecd-rootfs
+magic-proxy usr/share/livecd-rootfs
+lp-in-release usr/share/livecd-rootfs

debian/livecd-rootfs.lintian-overrides

@@ -1,10 +0,0 @@
-# This is expected and okay
-livecd-rootfs: service-file-is-not-a-file [usr/share/livecd-rootfs/*.service]
-livecd-rootfs: uses-dpkg-database-directly [usr/share/livecd-rootfs/live-build/lb_chroot_layered]
-livecd-rootfs: package-contains-no-arch-dependent-files
-
-# Developer documentation in an already-expected spot
-livecd-rootfs: package-contains-documentation-outside-usr-share-doc [usr/share/livecd-rootfs/live-build/ubuntu-cpc/README.cpc.md]
-
-# This is going to occur quite a bit; we're making a livefs
-livecd-rootfs: repeated-path-segment * [*]

debian/source/lintian-overrides

@@ -1,5 +0,0 @@
-# This is expected and okay
-livecd-rootfs source: absolute-symbolic-link-target-in-source * [live-build/*]
-
-# The description indicates that it's not required in debhelper >= 13, which we have
-livecd-rootfs source: override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS [debian/rules:*]

debian/tests/control

@@ -1,7 +1,7 @@
 Tests: default-bootstraps
 Depends: @, lsb-release
-Restrictions: needs-root isolation-machine allow-stderr
+Restrictions: needs-root isolation-machine
 
 Tests: minimized
 Depends: @, lsb-release
-Restrictions: needs-root isolation-machine allow-stderr
+Restrictions: needs-root isolation-machine

debian/tests/default-bootstraps

@@ -13,41 +13,41 @@ fi
 # Listed subprojects can be combined with other projects as well,
 # but this list gives reasonable coverage.
 ALL_TRIPLETS="
+ base::
  edubuntu::
+ edubuntu-dvd::
  kubuntu::
+ kubuntu-active::
+ kubuntu-dvd::
+ kubuntu-plasma5::
  lubuntu::
- ubuntu-unity::
+ mythbuntu::
  ubuntu::
+ ubuntu:canary:
  ubuntu-base::
  ubuntu-base:buildd:
  ubuntu-budgie::
  ubuntu-budgie-desktop::
  ubuntu-budgie-live::
- ubuntucinnamon::
  ubuntu-core:system-image:ubuntu-core
  ubuntu-cpc::ubuntu-cpc
  ubuntu-cpc:minimized:ubuntu-cpc
  ubuntu-dvd::
+ ubuntu-gnome::
  ubuntukylin::
  ubuntu-mate::
  ubuntu-mate-core::
  ubuntu-mate-desktop::
  ubuntu-mate-live::
- ubuntu-server:live:ubuntu-server
- xubuntu::
- xubuntu:minimal:"
-
-ARCH=$(dpkg --print-architecture)
+ ubuntu-netbook::
+ ubuntu-server::
+ xubuntu::"
 
 if [ -z "$SELECTED_TRIPLETS" ]; then
     SELECTED_TRIPLETS="
  ubuntu-base::
  ubuntu-cpc::ubuntu-cpc
 "
-    if [ "$ARCH" = amd64 ]; then
-        SELECTED_TRIPLETS="$SELECTED_TRIPLETS
-ubuntu::"
-    fi
 fi
 
 live_build_rootfs() {
@@ -55,6 +55,7 @@ live_build_rootfs() {
     local SUBPROJECT_TMP=${1%:*}
     SUBPROJECT=${SUBPROJECT_TMP#*:}
     TEMPLATE=${1##*:}
+    ARCH=$(dpkg --print-architecture)
     echo "Building rootfs for project: '$PROJECT' subproject: '$SUBPROJECT' template: '$TEMPLATE' in $PWD"
     cp -a /usr/share/livecd-rootfs/live-build/auto .
     if [ -n "$TEMPLATE" ]; then
@@ -64,22 +65,19 @@ live_build_rootfs() {
          SUBPROJECT=$SUBPROJECT \
          SUITE=$SUITE \
          ARCH=$ARCH \
-         NOW=$(date '+%Y%m%d') \
          lb config
     mkdir chroot
     # this part needs root rights, but right now the whole script ran as root by autopkgtest
     env PROJECT=$PROJECT \
          SUBPROJECT=$SUBPROJECT \
          ARCH=$ARCH \
-         NOW=$(date '+%Y%m%d') \
          lb build
     echo "Build results for project: '$PROJECT' subproject: '$SUBPROJECT' template: '$TEMPLATE' in $PWD"
     du -sh *
     echo ""
 }
 
-[ -d /adt ] || mkdir /adt
-WORKDIR=$(mktemp -d -p /adt)
+WORKDIR=$(mktemp -d)
 trap "RET=\$?; rm -rf $WORKDIR; exit \$RET" 0 INT QUIT ABRT PIPE TERM
 cd $WORKDIR
 

get-ppa-fingerprint

@@ -2,14 +2,16 @@
 
 from __future__ import print_function
 
-from launchpadlib.launchpad import Launchpad
 from optparse import OptionParser
 
+from softwareproperties import ppa
+
 
 parser = OptionParser(usage="%prog OWNER/NAME")
 _, args = parser.parse_args()
 if not args:
     parser.error("must provide a PPA owner/name")
 owner_name, ppa_name = args[0].split("/", 1)
-lp = Launchpad.login_anonymously('livecd-rootfs', 'production', version='devel')
-print(lp.people(owner_name).getPPAByName(name=ppa_name).signing_key_fingerprint)
+owner_name = "~%s" % owner_name
+ppa_info = ppa.get_ppa_info_from_lp(owner_name, ppa_name)
+print(ppa_info["signing_key_fingerprint"])

live-build/apparmor/5.15/caps/mask

@@ -1 +1 @@
-chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore
+chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read

live-build/apparmor/5.15/network/af_mask

@@ -1,2 +1 @@
-unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
-
+unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp

live-build/apparmor/5.15/network_v8/af_mask

@@ -1 +1 @@
-unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
+unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp

live-build/apparmor/6.11/caps/extended

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.11/domain/disconnected.path

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.11/domain/interruptible

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.11/domain/kill.signal

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.11/domain/unconfined_allowed_children

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.11/io_uring/mask

@@ -1 +0,0 @@
-sqpoll override_creds

live-build/apparmor/6.11/mount/move_mount

@@ -1 +0,0 @@
-detached

live-build/apparmor/6.11/namespaces/mask

@@ -1 +0,0 @@
-userns_create

live-build/apparmor/6.11/namespaces/userns_create

@@ -1 +0,0 @@
-pciu&

live-build/apparmor/6.11/network/af_mask

@@ -1 +0,0 @@
-unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp

live-build/apparmor/6.11/network_v8/af_inet

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.11/network_v8/af_mask

@@ -1 +0,0 @@
-unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp

live-build/apparmor/6.11/policy/notify/user

@@ -1 +0,0 @@
-file

live-build/apparmor/6.11/policy/outofband

@@ -1 +0,0 @@
-0x000001

live-build/apparmor/6.11/policy/permstable32

@@ -1 +0,0 @@
-allow deny subtree cond kill complain prompt audit quiet hide xindex tag label

live-build/apparmor/6.11/policy/permstable32_version

@@ -1 +0,0 @@
-0x000003

live-build/apparmor/6.11/policy/state32

@@ -1 +0,0 @@
-0x000001

live-build/apparmor/6.11/policy/unconfined_restrictions/change_profile

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.11/policy/unconfined_restrictions/io_uring

@@ -1 +0,0 @@
-0

live-build/apparmor/6.11/policy/unconfined_restrictions/userns

@@ -1 +0,0 @@
-1

live-build/apparmor/6.11/policy/versions/v9

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/capability

@@ -1 +0,0 @@
-0xffffff

live-build/apparmor/6.12/caps/extended

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/caps/mask

@@ -1 +0,0 @@
-chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore

live-build/apparmor/6.12/dbus/mask

@@ -1 +0,0 @@
-acquire send receive

live-build/apparmor/6.12/domain/attach_conditions/xattr

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/change_hat

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/change_hatv

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/change_onexec

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/change_profile

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/computed_longest_left

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/disconnected.path

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/fix_binfmt_elf_mmap

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/interruptible

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/kill.signal

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/post_nnp_subset

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/stack

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/unconfined_allowed_children

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/domain/version

@@ -1 +0,0 @@
-1.2

live-build/apparmor/6.12/file/mask

@@ -1 +0,0 @@
-create read write exec append mmap_exec link lock

live-build/apparmor/6.12/io_uring/mask

@@ -1 +0,0 @@
-sqpoll override_creds

live-build/apparmor/6.12/ipc/posix_mqueue

@@ -1 +0,0 @@
-create read write open delete setattr getattr

live-build/apparmor/6.12/mount/mask

@@ -1 +0,0 @@
-mount umount pivot_root

live-build/apparmor/6.12/mount/move_mount

@@ -1 +0,0 @@
-detached

live-build/apparmor/6.12/namespaces/mask

@@ -1 +0,0 @@
-userns_create

live-build/apparmor/6.12/namespaces/pivot_root

@@ -1 +0,0 @@
-no

live-build/apparmor/6.12/namespaces/profile

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/namespaces/userns_create

@@ -1 +0,0 @@
-pciu&

live-build/apparmor/6.12/network/af_mask

@@ -1 +0,0 @@
-unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp

live-build/apparmor/6.12/network/af_unix

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/network_v8/af_inet

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.12/policy/notify/user

@@ -1 +0,0 @@
-file

live-build/apparmor/6.12/policy/outofband

@@ -1 +0,0 @@
-0x000001

live-build/apparmor/6.12/policy/permstable32

@@ -1 +0,0 @@
-allow deny subtree cond kill complain prompt audit quiet hide xindex tag label

live-build/apparmor/6.12/policy/permstable32_version

@@ -1 +0,0 @@
-0x000003