debian/.gitignore

@@ -1 +0,0 @@
-files

debian/changelog

@@ -1,241 +1,3 @@
-livecd-rootfs (25.10.16) questing; urgency=medium
-
-  * Put the uc20-style system seed for TPM backed FDE in the live layer.
-
- -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Wed, 13 Aug 2025 10:34:39 +1200
-
-livecd-rootfs (25.10.15) questing; urgency=medium
-
-  * Add missing components to 6.14 kernel apparmor features' preseeds.
-    (LP: #2116199)
-
- -- Bryan Alexander <bryan.alexander@canonical.com>  Thu, 17 Jul 2025 13:27:17 -0700
-
-livecd-rootfs (25.10.14) questing; urgency=medium
-
-  [ Didier Roche-Tolomelli ]
-  [ Tim Andersson ]
-  [ Daniel Bungert ]
-  * desktop TPMFDE: move snaps back to stable channels
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Thu, 07 Aug 2025 16:21:32 -0600
-
-livecd-rootfs (25.10.13) questing; urgency=medium
-
-  [ Olivier Gayot ]
-  * Build ubuntu-server with multipath-tools-boot installed, so that the
-    multipath stack ends up present in the initramfs.
-    The LVM stack is already present in the initramfs of the installer. And
-    since kinetic, the /dev/mapper entries for LVM devices are created during
-    the initramfs phase. This is a problem when we have LVM on top of a
-    multipath disk because LVM ends up creating /dev/mapper entries out of
-    /dev/sdX (or /dev/sdXpY) devices, not out of /dev/mapper/mpatha as it
-    should. Adding the multipath stack in the initramfs gives multipath a
-    chance to take ownership of /dev/sdX (or /dev/sdXpY) devices before LVM
-    does (LP: #2080474).
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Thu, 24 Jul 2025 17:37:33 -0600
-
-livecd-rootfs (25.10.12) questing; urgency=medium
-
-  [ Zygmunt Krynicki ]
-  * Use snap wait system seed.loaded to wait for snapd (LP: #2114923)
-
-  [ Dennis Loose ]
-  [ Didier Roche-Tolomelli ]
-  * Allow the ubuntu-desktop-installer to request snap seeding state
-
- -- Didier Roche-Tolomelli <didrocks@ubuntu.com>  Tue, 15 Jul 2025 16:30:41 +0200
-
-livecd-rootfs (25.10.11) questing; urgency=medium
-
-  * Fix installer startup to wait for snapd to be preseeded first
-    (LP: #2114923)
-
- -- Didier Roche-Tolomelli <didrocks@ubuntu.com>  Fri, 11 Jul 2025 14:57:56 +0200
-
-livecd-rootfs (25.10.10) questing; urgency=medium
-
-  * risc-v cloud images: enable cpc fixes for riscv64
-
- -- Adriano Cordova <adriano.cordova@canonical.com>  Tue, 01 Jul 2025 09:11:16 -0400
-
-livecd-rootfs (25.10.9) questing; urgency=medium
-
-  * desktop and server: read $SUBARCH to allow the use of nvidia's kernel
-    instead of generic (LP: #2109822)
-
- -- Antoine Lassagne <antoine.lassagne@canonical.com>  Tue, 17 Jun 2025 22:23:11 +1200
-
-livecd-rootfs (25.10.8) questing; urgency=medium
-
-  [ Didier Roche-Tolomelli ]
-  * desktop: use snapd from edge
-  * desktop: tpmfde image use desktop-security-center and firmware-updater
-    from edge
-
-  [ Dan Bungert ]
-  * lb_binary_layered: try #2 to fix mtimes in layered squashfses. (LP2107332)
-    Constrain mtime sync to the current upperdir so that files in lower layers
-    are not redundantly included.
-  * server: fix failure to process the hwe kernel layer due to multiple
-    kernels being present (LP: #2112501)
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Fri, 13 Jun 2025 12:00:20 -0600
-
-livecd-rootfs (25.10.7) questing; urgency=medium
-
-  * revert 25.10.6 due to duplicated snaps
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Tue, 10 Jun 2025 07:55:40 -0600
-
-livecd-rootfs (25.10.6) questing; urgency=medium
-
-  * lb_binary_layered: fix mtimes in layered squashfses. (LP: #2107332)
-    Failing to preserve mtime causes unnecessary python pyc rebuilds due to
-    mtime mismatch, and it's generally strange that reinstalling a package
-    that is already installed changes the files on the system (minus
-    intentional differences such as what's going on in the minimized install
-    source).
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Fri, 30 May 2025 17:05:15 -0600
-
-livecd-rootfs (25.10.5) questing; urgency=medium
-
-  * desktop: TPMFDE snapd from latest/edge
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Wed, 28 May 2025 10:27:47 -0600
-
-livecd-rootfs (25.10.4) questing; urgency=medium
-
-  * desktop: TPMFDE kernel from 25.10/candidate
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Sun, 25 May 2025 23:18:59 -0600
-
-livecd-rootfs (25.10.3) questing; urgency=medium
-
-  * desktop: update TPMFDE model and don't skip 020-ubuntu-enhanced-sb.binary.
-    (LP: #2110195)  Temporarily use the model that allows overriding snap
-    channels so we can get matching snaps.
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Fri, 23 May 2025 12:59:40 -0600
-
-livecd-rootfs (25.10.2) questing; urgency=medium
-
-  * desktop: skip 020-ubuntu-enhanced-sb.binary until a matching kernel is
-    ready for snapd 2.68.x
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Tue, 06 May 2025 08:24:10 +0200
-
-livecd-rootfs (25.10.1) questing; urgency=medium
-
-  * desktop: no longer involve cloud-init in early networking (LP: #2107225)
-  * server: provide network config direct to netplan
-  * server: update default netplan config for IPv6 autoconfiguration &
-    connectivity
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Mon, 28 Apr 2025 09:53:34 -0600
-
-livecd-rootfs (25.04.26) plucky; urgency=medium
-
-  * cpc: Restore UseDomains=true in cloud images (LP: #2106729)
-
- -- Tomáš Virtus <tomas.virtus@canonical.com>  Thu, 10 Apr 2025 13:07:25 +0000
-
-livecd-rootfs (25.04.25) plucky; urgency=medium
-
-  * live-build/auto/build: Use --workdir in ubuntu-image to avoid filling
-    tmpfs-based /tmp (LP: #2103735)
-
- -- Dave Jones <dave.jones@canonical.com>  Thu, 20 Mar 2025 17:22:47 +0000
-
-livecd-rootfs (25.04.24) plucky; urgency=medium
-
-  * desktop: update TPMFDE model to move pc-kernel to channel 25.04/stable.
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Thu, 13 Mar 2025 17:17:30 -0600
-
-livecd-rootfs (25.04.23) plucky; urgency=medium
-
-  * Add 6.14 kernel apparmor features' preseeds. (LP: #2102120)
-
- -- Jess Jang <jess.jang@canonical.com>  Wed, 12 Mar 2025 21:08:31 -0500
-
-livecd-rootfs (25.04.22) plucky; urgency=medium
-
-  * server: leave the initrd.img symlink, we want that later for probably
-    several reasons but at least for LP: #2101831
-  * desktop: update TPMFDE model for 25.04.
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Tue, 11 Mar 2025 09:16:03 -0600
-
-livecd-rootfs (25.04.21) plucky; urgency=medium
-
-  * With subiquity builds, setup install-sources to offer bridge kernel.
-  * Add USE_BRIDGE_KERNEL to make it easier to control in the future.
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Wed, 05 Mar 2025 08:18:54 -0700
-
-livecd-rootfs (25.04.20) plucky; urgency=medium
-
-  [ Adriano Cordova ]
-  * riscv: add SUBARCH 'jh7110'. (LP: #2099993)
-
-  [ Michael Hudson-Doyle ]
-  * In ubuntu-server builds, install the first kernel in the base layer, not
-    the "ga" kernel (which may not be installed at all, as is the case in e.g.
-    the arm64+largemem builds).
-  * Again in ubuntu-server builds, configure LAYERFS_PATH in the kernel layer
-    and ensure the initrd is freshly regenerated in that layer. LAYERFS_PATH
-    was being set to the layer below the kernel layer, which meant that the
-    live session did not get access to all the modules in the case that the
-    kernel had not been installed in the base layer, which in turn means that
-    installs fail. (LP: #2100148)
-  * While we're at it, delete any initrd from any other layer than a kernel
-    layer, as they just waste space on the ISO.
-
- -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 27 Feb 2025 20:34:01 +1300
-
-livecd-rootfs (25.04.19) plucky; urgency=medium
-
-  * add cpc-sbom to create_manifest calls to generate sboms (LP: #2077105)
-
- -- Thomas Bechtold <thomasbechtold@jpberlin.de>  Tue, 25 Feb 2025 13:20:49 +0100
-
-livecd-rootfs (25.04.18) plucky; urgency=medium
-
-  [ Michael Hudson-Doyle ]
-  * Pre-emptively include the override to not try to build HWE kernel layer in
-    post .2 server riscv64 ISOs.
-
-  [ Simon Quigley ]
-  * Move from http://ppa.launchpad.net to https://ppa.launchpadcontent.net
-    when specifying EXTRA_PPAS.
-  * Update debhelper compat to 13, no changes needed.
-  * Make the package completely Lintian-clean except for no-dep5-copyright.
-  * Update Standards-Version to 4.7.0, no changes needed.
-  * Add support for multiple pools (/var/lib/{livefs,preinstalled}-pool/).
-
-  [ Simon Poirier ]
-  * increase ubuntu-cpc ppc64el disk size to 2.4G
-
- -- Michael Hudson-Doyle <michael.hudson@ubuntu.com>  Thu, 20 Feb 2025 10:24:04 +1300
-
-livecd-rootfs (25.04.17) plucky; urgency=medium
-
-  [ Dan Bungert ]
-  * Fix build failure when using lowlatency-hwe-24.04, as ubuntustudio does.
-    (LP: #2098105)
-
-  [ Michael Hudson-Doyle ]
-  * live-build/ubuntu-mini-iso/hooks/01-mini-iso.binary: Drop the
-    assumption that the uncompressed part of the initrd is unpacked to a
-    directory called "main".
-  * live-build/ubuntu-mini-iso/hooks/01-mini-iso.chroot_early: Fix paths that
-    should have been adjusted when code moved from binary to chroot hook.
-
- -- Dan Bungert <daniel.bungert@canonical.com>  Fri, 14 Feb 2025 17:25:29 +1300
-
 livecd-rootfs (25.04.16) plucky; urgency=medium
 
   * buildd: add udev to buildd images to fix networking issue. (LP: #2092196)

debian/compat

@@ -0,0 +1 @@
+7

debian/control

@@ -1,12 +1,10 @@
 Source: livecd-rootfs
 Section: devel
 Priority: optional
-Build-Depends: debhelper-compat (= 13)
+Build-Depends: debhelper (>= 7)
 Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
-Standards-Version: 4.7.0
+Standards-Version: 3.9.6
 Vcs-Git: https://git.launchpad.net/livecd-rootfs -b ubuntu/master
-Vcs-Browser: https://git.launchpad.net/livecd-rootfs
-Rules-Requires-Root: no
 
 Package: livecd-rootfs
 Architecture: any

debian/copyright

@@ -11,7 +11,7 @@ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 General Public License for more details.
 
 You should have received a copy of the GNU General Public License with
-your Ubuntu system, in /usr/share/common-licenses/GPL-2, or with the
+your Ubuntu system, in /usr/share/common-licenses/GPL, or with the
 livecd-rootfs source package as the file COPYING.  If not, write to
 the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor,
 Boston, MA 02110-1301 USA.

debian/install

@@ -4,4 +4,3 @@ get-ppa-fingerprint usr/share/livecd-rootfs
 minimize-manual usr/share/livecd-rootfs
 checkout-translations-branch usr/share/livecd-rootfs
 update-source-catalog usr/share/livecd-rootfs
-sync-mtime usr/share/livecd-rootfs

debian/livecd-rootfs.lintian-overrides

@@ -1,10 +0,0 @@
-# This is expected and okay
-livecd-rootfs: service-file-is-not-a-file [usr/share/livecd-rootfs/*.service]
-livecd-rootfs: uses-dpkg-database-directly [usr/share/livecd-rootfs/live-build/lb_chroot_layered]
-livecd-rootfs: package-contains-no-arch-dependent-files
-
-# Developer documentation in an already-expected spot
-livecd-rootfs: package-contains-documentation-outside-usr-share-doc [usr/share/livecd-rootfs/live-build/ubuntu-cpc/README.cpc.md]
-
-# This is going to occur quite a bit; we're making a livefs
-livecd-rootfs: repeated-path-segment * [*]

debian/source/lintian-overrides

@@ -1,5 +0,0 @@
-# This is expected and okay
-livecd-rootfs source: absolute-symbolic-link-target-in-source * [live-build/*]
-
-# The description indicates that it's not required in debhelper >= 13, which we have
-livecd-rootfs source: override_dh_auto_test-does-not-check-DEB_BUILD_OPTIONS [debian/rules:*]

live-build/apparmor/6.14/capability

@@ -1 +0,0 @@
-0xffffff

live-build/apparmor/6.14/caps/extended

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/caps/mask

@@ -1 +0,0 @@
-chown dac_override dac_read_search fowner fsetid kill setgid setuid setpcap linux_immutable net_bind_service net_broadcast net_admin net_raw ipc_lock ipc_owner sys_module sys_rawio sys_chroot sys_ptrace sys_pacct sys_admin sys_boot sys_nice sys_resource sys_time sys_tty_config mknod lease audit_write audit_control setfcap mac_override mac_admin syslog wake_alarm block_suspend audit_read perfmon bpf checkpoint_restore

live-build/apparmor/6.14/dbus/mask

@@ -1 +0,0 @@
-acquire send receive

live-build/apparmor/6.14/domain/attach_conditions/xattr

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/change_hat

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/change_hatv

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/change_onexec

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/change_profile

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/computed_longest_left

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/disconnected.ipc

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/disconnected.path

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/fix_binfmt_elf_mmap

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/interruptible

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/kill.signal

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/post_nnp_subset

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/stack

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/unconfined_allowed_children

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/domain/version

@@ -1 +0,0 @@
-1.2

live-build/apparmor/6.14/file/mask

@@ -1 +0,0 @@
-create read write exec append mmap_exec link lock

live-build/apparmor/6.14/io_uring/mask

@@ -1 +0,0 @@
-sqpoll override_creds

live-build/apparmor/6.14/ipc/posix_mqueue

@@ -1 +0,0 @@
-create read write open delete setattr getattr

live-build/apparmor/6.14/mount/mask

@@ -1 +0,0 @@
-mount umount pivot_root

live-build/apparmor/6.14/mount/move_mount

@@ -1 +0,0 @@
-detached

live-build/apparmor/6.14/namespaces/mask

@@ -1 +0,0 @@
-userns_create

live-build/apparmor/6.14/namespaces/pivot_root

@@ -1 +0,0 @@
-no

live-build/apparmor/6.14/namespaces/profile

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/namespaces/userns_create

@@ -1 +0,0 @@
-pciu&

live-build/apparmor/6.14/network/af_mask

@@ -1 +0,0 @@
-unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp

live-build/apparmor/6.14/network/af_unix

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/network_v8/af_inet

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/network_v8/af_mask

@@ -1 +0,0 @@
-unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp

live-build/apparmor/6.14/network_v9/af_mask

@@ -1,2 +0,0 @@
-unspec unix inet ax25 ipx appletalk netrom bridge atmpvc x25 inet6 rose netbeui security key netlink packet ash econet atmsvc rds sna irda pppox wanpipe llc ib mpls can tipc bluetooth iucv rxrpc isdn phonet ieee802154 caif alg nfc vsock kcm qipcrtr smc xdp mctp
-

live-build/apparmor/6.14/network_v9/af_unix

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/policy/notify/user

@@ -1 +0,0 @@
-file

live-build/apparmor/6.14/policy/outofband

@@ -1 +0,0 @@
-0x000001

live-build/apparmor/6.14/policy/permstable32

@@ -1 +0,0 @@
-allow deny subtree cond kill complain prompt audit quiet hide xindex tag label

live-build/apparmor/6.14/policy/permstable32_version

@@ -1 +0,0 @@
-0x000003

live-build/apparmor/6.14/policy/set_load

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/policy/state32

@@ -1 +0,0 @@
-0x000001

live-build/apparmor/6.14/policy/unconfined_restrictions/change_profile

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/policy/unconfined_restrictions/io_uring

@@ -1 +0,0 @@
-1

live-build/apparmor/6.14/policy/unconfined_restrictions/userns

@@ -1 +0,0 @@
-1

live-build/apparmor/6.14/policy/versions/v5

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/policy/versions/v6

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/policy/versions/v7

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/policy/versions/v8

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/policy/versions/v9

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/ptrace/mask

@@ -1 +0,0 @@
-read trace

live-build/apparmor/6.14/query/label/data

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/query/label/multi_transaction

@@ -1 +0,0 @@
-yes

live-build/apparmor/6.14/query/label/perms

@@ -1 +0,0 @@
-allow deny audit quiet

live-build/apparmor/6.14/rlimit/mask

@@ -1 +0,0 @@
-cpu fsize data stack core rss nproc nofile memlock as locks sigpending msgqueue nice rtprio rttime

live-build/apparmor/6.14/signal/mask

@@ -1 +0,0 @@
-hup int quit ill trap abrt bus fpe kill usr1 segv usr2 pipe alrm term stkflt chld cont stop stp ttin ttou urg xcpu xfsz vtalrm prof winch io pwr sys emt lost

live-build/auto/build

@@ -48,9 +48,8 @@ if [ "${IMAGEFORMAT:-}" = "ubuntu-image" ]; then
 		exit 0
 	else
 		# Ubuntu classic preinstalled images
-		# --workdir is specified to avoid filling /tmp which is now a tmpfs
 		/snap/bin/ubuntu-image classic --verbose $UBUNTU_IMAGE_ARGS \
-			--workdir work -O output "$IMAGE_DEFINITION"
+			-O output "$IMAGE_DEFINITION"
 		# Since the output of the ubuntu-image call can vary based on what
 		# kind of an image we build, the safest bet is to 'export' all the
 		# artifacts from the output directory. The image definition file
@@ -242,11 +241,10 @@ EOF
 
 		configure_universe
 
-		for POOL_DIR in preinstalled-pool livefs-pool; do
-			if [ -d chroot/var/lib/$POOL_DIR ]; then
-				cat > config/indices/apt.conf <<-EOF
+		if [ -d chroot/var/lib/preinstalled-pool ]; then
+			cat > config/indices/apt.conf <<-EOF
 Dir {
- ArchiveDir "chroot/var/lib/$POOL_DIR";
+ ArchiveDir "chroot/var/lib/preinstalled-pool";
  OverrideDir "config/indices";
  CacheDir "config/indices";
 }
@@ -261,11 +259,11 @@ Tree "dists/$LB_DISTRIBUTION"
  Contents " ";
 }
 EOF
-				for component in $LB_PARENT_ARCHIVE_AREAS; do
-					mkdir -p chroot/var/lib/$POOL_DIR/dists/$LB_DISTRIBUTION/$component/binary-$LB_ARCHITECTURES
-				done
-				apt-ftparchive generate config/indices/apt.conf
-				cat << @@EOF > chroot/etc/apt/sources.list.d/$POOL_DIR.sources
+			for component in $LB_PARENT_ARCHIVE_AREAS; do
+				mkdir -p chroot/var/lib/preinstalled-pool/dists/$LB_DISTRIBUTION/$component/binary-$LB_ARCHITECTURES
+			done
+			apt-ftparchive generate config/indices/apt.conf
+			cat << @@EOF > chroot/etc/apt/sources.list.d/preinstalled-pool.sources
 # This is a sources.list entry for a small pool of packages
 # provided on your preinstalled filesystem for your convenience.
 #
@@ -274,41 +272,40 @@ EOF
 # packages remotely instead.
 #
 Types: deb
-URIs: file:/var/lib/$POOL_DIR/
+URIs: file:/var/lib/preinstalled-pool/
 Suites: $LB_DISTRIBUTION
 Components: $LB_PARENT_ARCHIVE_AREAS
-Signed-By: /etc/apt/keyrings/$POOL_DIR.gpg
+Signed-By: /etc/apt/keyrings/preinstalled-pool.gpg
 @@EOF
 
 
-				echo "Waiting on gnupg ("$GPG_PROCESS") to finish generating a key."
-				wait $GPG_PROCESS
+			echo "Waiting on gnupg ("$GPG_PROCESS") to finish generating a key."
+			wait $GPG_PROCESS
 
-				R_ORIGIN=$(lsb_release -i -s)
-				R_CODENAME=$(lsb_release -c -s)
-				R_VERSION=$(lsb_release -r -s)
-				R_PRETTYNAME=$(echo $R_CODENAME | sed -e 's/^\(.\)/\U\1/')
+			R_ORIGIN=$(lsb_release -i -s)
+			R_CODENAME=$(lsb_release -c -s)
+			R_VERSION=$(lsb_release -r -s)
+			R_PRETTYNAME=$(echo $R_CODENAME | sed -e 's/^\(.\)/\U\1/')
 
-				apt-ftparchive -o APT::FTPArchive::Release::Origin=$R_ORIGIN \
-					-o APT::FTPArchive::Release::Label=$R_ORIGIN \
-					-o APT::FTPArchive::Release::Suite=$R_CODENAME-local \
-					-o APT::FTPArchive::Release::Version=$R_VERSION \
-					-o APT::FTPArchive::Release::Codename=$R_CODENAME \
-					-o APT::FTPArchive::Release::Description="$R_ORIGIN $R_PRETTYNAME Local" \
-					release chroot/var/lib/$POOL_DIR/dists/$R_CODENAME/ \
-						> config/gnupg/Release
+			apt-ftparchive -o APT::FTPArchive::Release::Origin=$R_ORIGIN \
+				-o APT::FTPArchive::Release::Label=$R_ORIGIN \
+				-o APT::FTPArchive::Release::Suite=$R_CODENAME-local \
+				-o APT::FTPArchive::Release::Version=$R_VERSION \
+				-o APT::FTPArchive::Release::Codename=$R_CODENAME \
+				-o APT::FTPArchive::Release::Description="$R_ORIGIN $R_PRETTYNAME Local" \
+				release chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/ \
+					> config/gnupg/Release
 
-				gpg --home config/gnupg --detach-sign --armor config/gnupg/Release
-				mv config/gnupg/Release \
-					chroot/var/lib/$POOL_DIR/dists/$R_CODENAME/Release
-				mv config/gnupg/Release.asc \
-					chroot/var/lib/$POOL_DIR/dists/$R_CODENAME/Release.gpg
-				cp config/gnupg/pubring.gpg chroot/etc/apt/keyrings/$POOL_DIR.gpg
-				find chroot/var/lib/$POOL_DIR/ -name Packages | xargs rm
-				# We only want to have a cache for the pre-installed pool at this point
-				Chroot chroot "apt-get update -o Dir::Etc::SourceParts=/dev/null -oDir::Etc::SourceList=etc/apt/sources.list.d/$POOL_DIR.sources"
-			fi
-		done
+			gpg --home config/gnupg --detach-sign --armor config/gnupg/Release
+			mv config/gnupg/Release \
+				chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release
+			mv config/gnupg/Release.asc \
+				chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release.gpg
+			cp config/gnupg/pubring.gpg chroot/etc/apt/keyrings/preinstalled-pool.gpg
+			find chroot/var/lib/preinstalled-pool/ -name Packages | xargs rm
+			# We only want to have a cache for the pre-installed pool at this point
+			Chroot chroot "apt-get update -o Dir::Etc::SourceParts=/dev/null -oDir::Etc::SourceList=etc/apt/sources.list.d/preinstalled-pool.sources"
+		fi
 		case $PROJECT:$SUBPROJECT in
 			*)
 				if [ -e "config/seeded-snaps" ]; then
@@ -481,12 +478,6 @@ for FLAVOUR in $LB_LINUX_FLAVOURS; do
 		intel-iotg*)
 			FLAVOUR="intel-iotg"
 			;;
-		lowlatency-hwe-*)
-			FLAVOUR="lowlatency"
-			;;
-		nvidia-hwe-*)
-			FLAVOUR="nvidia"
-			;;
 	esac
 	KVERS="$( (cd "binary/$INITFS"; ls vmlinu?-* 2>/dev/null || true) | (fgrep -v .efi || true) | sed -n "s/^vmlinu.-\\([^-]*-[^-]*-$FLAVOUR\\)$/\\1/p" )"
 	if [ -z "$KVERS" ]; then

live-build/auto/config

@@ -1,15 +1,15 @@
-#!/bin/bash
+#! /bin/sh
 set -e
 
 case $ARCH:$SUBARCH in
 	amd64:|amd64:generic|amd64:intel-iot|\
-	arm64:|arm64:generic|arm64:raspi|arm64:snapdragon|arm64:nvidia|\
+	arm64:|arm64:generic|arm64:raspi|arm64:snapdragon|\
 	arm64:tegra|arm64:tegra-igx|arm64:tegra-jetson|arm64:x13s|\
 	arm64:largemem|\
 	armhf:|\
 	i386:|\
 	ppc64el:|\
-	riscv64:|riscv64:generic|riscv64:icicle|riscv64:jh7110|riscv64:licheerv|\
+	riscv64:|riscv64:generic|riscv64:icicle|riscv64:licheerv|\
 	riscv64:milkvmars|riscv64:nezha|riscv64:pic64gx|riscv64:unmatched|\
 	riscv64:visionfive|riscv64:visionfive2|\
 	s390x:|\
@@ -78,14 +78,6 @@ BINARY_HOOKS=
 
 APT_OPTIONS=" --yes -oDebug::pkgDepCache::AutoInstall=yes "
 
-# Should we attempt to offer both the bridge and default kernel?
-USE_BRIDGE_KERNEL=false
-# Why are we using bridge kernel?  Value is ignored for USE_BRIDGE_KERNEL=false.
-# Possible reasons are zfs, drivers.
-BRIDGE_KERNEL_REASONS="zfs,drivers"
-# When building install-sources, what kernel is the default?
-DEFAULT_KERNEL=
-
 PASSES_TO_LAYERS=false
 _PASSES_TO_LAYERS=		# Stores the initial value of PASSES_TO_LAYERS
 PASSES=
@@ -248,6 +240,28 @@ add_snap ()
 	done
 }
 
+write_kernel_yaml () {
+	# Generate the kernel.yaml fragment used as input for
+	# update-source-catalog.  Handles default kernel specification.
+	# $1 kernel metapackage name
+	local metapkg="$1"
+	cat <<-EOF > config/kernel.yaml
+		kernel:
+		  default: "$metapkg"
+	EOF
+
+	# To specify fallback to a bridge kernel, construct a kernel.yaml
+	# with the following:
+	#
+	# kernel:
+	#   default: foo
+	#   bridge: bar
+	#   bridge_reasons: [zfs, drivers]
+	#
+	# If an install is using zfs or "drivers", use the bridge kernel, else
+	# use the default kernel.
+}
+
 get_seeded_languages () {
 	# We assume any seed name of the form ${no_lang_seed}-${foo} where
 	# ${foo} is only two or three characters long is a default language
@@ -402,7 +416,6 @@ fi
 if [ "$IMAGEFORMAT" = "ext4" ] && [ "$PROJECT" = "ubuntu-cpc" ]; then
 	case $ARCH:$SUBARCH in
 		riscv64:icicle | \
-		riscv64:jh7110 | \
 		riscv64:licheerv | \
 		riscv64:milkvmars | \
 		riscv64:nezha | \
@@ -798,7 +811,7 @@ do_layered_desktop_image() {
 		EOF
 	fi
 
-	DEFAULT_KERNEL="linux-$KERNEL_FLAVOURS"
+	write_kernel_yaml "linux-$KERNEL_FLAVOURS"
 
 	if [ "$LOCALE_SUPPORT" != none ]; then
 		/usr/share/livecd-rootfs/checkout-translations-branch \
@@ -844,16 +857,6 @@ case $PROJECT in
 				HAS_DEFAULT_LANGUAGES=yes
 				LANGUAGE_BASE=desktop
 				KERNEL_FLAVOURS='generic-hwe-24.04'
-
-				case $SUBARCH in
-					nvidia)
-						KERNEL_FLAVOURS="nvidia-hwe-24.04"
-						;;
-					*)
-						# nothing to do here.
-						;;
-				esac
-				
 				do_layered_desktop_image
 
 				# Enchanced secureboot stuff
@@ -1009,14 +1012,6 @@ case $PROJECT in
 				add_package ubuntu-server-minimal lxd-installer
 				add_task ubuntu-server-minimal.ubuntu-server minimal standard server
 				add_package ubuntu-server-minimal.ubuntu-server cloud-init
-				# If we have a multipath disk with LVM on top, we want to give
-				# multipath a chance to create the /dev/mapper/mpatha entry
-				# during the initramfs phase. Otherwise LVM will "steal" the
-				# device (e.g., /dev/sda2) and prevent multipath from using it
-				# after pivoting to the root filesystem of the live
-				# environment.
-				# See LP: #2080474 and LP: #1480399.
-				add_package ubuntu-server-minimal.ubuntu-server.installer multipath-tools-boot
 
 				add_task ubuntu-server-minimal.ubuntu-server.installer server-live
 
@@ -1041,21 +1036,12 @@ case $PROJECT in
 						# variants='ga-64k hwe-64k'
 						variants='ga-64k'
 						;;
-					nvidia)
-						variants='nvidia'
-						;;
 					*)
 						# variants='ga hwe'
 						variants='ga'
 						;;
 				esac
 
-				if [ $ARCH = "riscv64" ]; then
-					# For RISC-V we only offer one kernel
-					variants='ga'
-				fi
-
-				first_kernel=y
 				for variant in $variants; do
 					if [ "$variant" = "ga" ]; then
 						kernel_metapkg=linux-generic
@@ -1081,20 +1067,18 @@ case $PROJECT in
 					elif [ "$variant" = "tegra-jetson" ]; then
 						kernel_metapkg=linux-nvidia-tegra-jetson
 						flavor=nvidia-tegra-jetson
-					elif [ "$variant" = "nvidia" ]; then
-						kernel_metapkg=linux-nvidia-hwe-$(lsb_release -sr)
-						flavor=nvidia
 					else
 						echo "bogus variant: $variant"
 						exit 1
 					fi
 
-					if [ "$first_kernel" = "y" ]; then
-						# Put the first kernel offered into the base layer
-						first_kernel=n
-						add_package ubuntu-server-minimal $kernel_metapkg
+					add_pass ubuntu-server-minimal.ubuntu-server.installer.$flavor
+					if [ "$variant" = "ga" ]; then
+						kernel_layer=ubuntu-server-minimal
+					else
+						kernel_layer=ubuntu-server-minimal.ubuntu-server.installer.$flavor
 					fi
-					add_package ubuntu-server-minimal.ubuntu-server.installer.$flavor $kernel_metapkg
+					add_package $kernel_layer $kernel_metapkg
 
 					LIVE_PASSES="${LIVE_PASSES:+$LIVE_PASSES }ubuntu-server-minimal.ubuntu-server.installer.$flavor"
 				done
@@ -1111,7 +1095,7 @@ case $PROJECT in
 				esac
 				NO_SQUASHFS_PASSES=ubuntu-server-minimal.ubuntu-server.installer.$flavor.netboot
 
-				DEFAULT_KERNEL="$kernel_metapkg"
+				write_kernel_yaml $kernel_metapkg
 				/usr/share/livecd-rootfs/checkout-translations-branch \
 					https://git.launchpad.net/subiquity po config/catalog-translations
 				;;
@@ -1139,8 +1123,7 @@ case $PROJECT in
 	    add_package base.live linux-image-generic
 
 	    # Core installer images use the pc-kernel snap for its kernel
-	    USE_BRIDGE_KERNEL=false
-	    DEFAULT_KERNEL="snap:pc-kernel"
+	    write_kernel_yaml "snap:pc-kernel"
 
 	    /usr/share/livecd-rootfs/checkout-translations-branch \
 		https://git.launchpad.net/subiquity po config/catalog-translations
@@ -1406,9 +1389,6 @@ echo "BUILDSTAMP=\"$NOW\"" >> config/binary
 echo "SUBPROJECT=\"${SUBPROJECT:-}\"" >> config/binary
 echo "LB_DISTRIBUTION=\"$SUITE\"" >> config/binary
 echo "CHANNEL=\"${CHANNEL:-}\"" >> config/binary
-echo "USE_BRIDGE_KERNEL=\"${USE_BRIDGE_KERNEL:-}\"" >> config/binary
-echo "BRIDGE_KERNEL_REASONS=\"${BRIDGE_KERNEL_REASONS:-}\"" >> config/binary
-echo "DEFAULT_KERNEL=\"${DEFAULT_KERNEL:-}\"" >> config/binary
 
 if [ "${IMAGE_HAS_HARDCODED_PASSWORD:-}" = "1" ]; then
 	echo IMAGE_HAS_HARDCODED_PASSWORD=1 >> config/binary
@@ -1604,8 +1584,8 @@ if [ "$EXTRA_PPAS" ]; then
 		extra_ppa_fingerprint="$(/usr/share/livecd-rootfs/get-ppa-fingerprint "$extra_ppa")"
 
 		cat >> config/archives/extra-ppas.list.chroot <<EOF
-deb https://ppa.launchpadcontent.net/$extra_ppa/ubuntu @DISTRIBUTION@ main
-deb-src https://ppa.launchpadcontent.net/$extra_ppa/ubuntu @DISTRIBUTION@ main
+deb http://ppa.launchpad.net/$extra_ppa/ubuntu @DISTRIBUTION@ main
+deb-src http://ppa.launchpad.net/$extra_ppa/ubuntu @DISTRIBUTION@ main
 EOF
 
 		if [ -n "$extra_ppa_pin" ]; then

live-build/functions

@@ -39,10 +39,6 @@ create_empty_disk_image() {
 create_manifest() {
     local chroot_root=${1}
     local target_file=${2}
-    local base_default_sbom_name="ubuntu-cloud-image-$(grep "VERSION_ID" $chroot_root/etc/os-release | cut --delimiter "=" --field 2 | tr -d '"')-${ARCH}-$(date +%Y%m%dT%H:%M:%S)"
-    local sbom_file_name=${3:-"${base_default_sbom_name}.spdx"}
-    local sbom_document_name=${4:-"${base_default_sbom_name}"}
-    local sbom_log=${sbom_document_name}.log
     echo "create_manifest chroot_root: ${chroot_root}"
     dpkg-query --show --admindir="${chroot_root}/var/lib/dpkg" > ${target_file}
     echo "create_manifest call to dpkg-query finished."
@@ -52,22 +48,6 @@ create_manifest() {
         echo "create_manifest creating file listing."
         local target_filelist=${2%.manifest}.filelist
         (cd "${chroot_root}" && find -xdev) | sort > "${target_filelist}"
-        # only creating sboms for CPC project at this time
-        if [[ ! $(which cpc-sbom) ]]; then
-            # ensure the tool is installed
-            sudo snap install --classic --edge cpc-sbom
-        fi
-        # generate the SBOM
-        cpc-sbom --rootdir ${chroot_root} --ignore-copyright-parsing-errors --ignore-copyright-file-not-found-errors --document-name ${sbom_document_name} >"${sbom_file_name}" 2>"${sbom_log}"
-        SBOM_GENERATION_EXIT_CODE=$?
-        if [[ ${SBOM_GENERATION_EXIT_CODE} !=  "0" ]]; then
-        # check for failure and print log
-            echo "ERROR: SBOM generation failed. See ${sbom_log}"
-            cat "$sbom_log"
-            exit 1
-        else
-            echo "SBOM generation succeeded. see ${sbom_log} for details"
-        fi    
     fi
     echo "create_manifest finished"
 }
@@ -565,14 +545,8 @@ _snap_post_process() {
         core[0-9]*)
             # If the 'core' snap is not present, assume we are coreXX-only and
             # install the snapd snap.
-            channel=stable
-            # FIXME: This can be commented and uncommented to enable snaps from
-            # edge for development spikes.
-            # if [ $PROJECT = "ubuntu" ]; then
-            #     channel=edge
-            # fi
             if [ ! -f ${snaps_dir}/core_[0-9]*.snap ]; then
-                _snap_preseed $CHROOT_ROOT snapd "$channel"
+                _snap_preseed $CHROOT_ROOT snapd stable
             fi
             ;;
         core)
@@ -1343,39 +1317,3 @@ reset_snapd_state() {
     chroot "$rootdir" apt-get install --reinstall -y snapd
     teardown_mountpoint "$rootdir"
 }
-
-write_kernel_yaml() {
-    # Generate the kernel.yaml fragment used as input for
-    # update-source-catalog.
-    #
-    # the newer kernel is the default kernel!
-    # bridge is the older, fallback kernel.
-    # $1 string, default kernel, such as "linux-generic"
-    # $2 string with comma seperated list of bridge reasons,
-    #    usually "zfs,drivers"
-    local default="$1"
-    local reasons="$2"
-
-    cat <<EOF > config/kernel.yaml
-kernel:
-  default: "$default"
-EOF
-
-    # To specify fallback to a bridge kernel, construct a kernel.yaml
-    # with the following:
-    #
-    # kernel:
-    #   default: linux-foo
-    #   bridge: linux-foo-brg-YY.MM
-    #   bridge_reasons: [zfs, drivers]
-    #
-    # If an install is using zfs or "drivers", use the bridge kernel, else
-    # use the default kernel.
-
-    if $USE_BRIDGE_KERNEL ; then
-        cat <<EOF >> config/kernel.yaml
-  bridge: "${default}-brg-$(release_ver)"
-  bridge_reasons: [$reasons]
-EOF
-    fi
-}

live-build/lb_binary_layered

@@ -163,24 +163,15 @@ build_layered_squashfs () {
 			#    (rather than the default which is to skip copies based
 			#    on size + mtime)
 			#  --no-times to not copy mtimes from source to dest (we
-			#    do care about mtime in the image but want to
+			#    don't care about mtime in the image and want to
 			#    deduplicate files that have indentical contents but
-			#    different mtimes, and mtime will be fixed below)
+			#    different mtimes)
 			#  --del because we want to remove files that have been
 			#    deleted in this layer.
 			rsync -aXHAS --checksum --no-times --del chroot/ chroot-2/
 			umount chroot-2
 			rmdir chroot-2
 			overlay_dir="$overlay_dir-2"
-			# We use rsync with --no-times rsync (see above)
-			# for the absolute best size reduction.  But there are
-			# cases where we want mtime preservation to match what
-			# was found in the original archive packages, such as
-			# keeping .py mtime in sync with the matching .pyc.
-			# Operate on the upperdir directly, so that we are only
-			# modifying mtime on files that are actually changed in
-			# this layer. LP: #2107332
-			/usr/share/livecd-rootfs/sync-mtime chroot "$overlay_dir"
 		fi
 
 		create_squashfs "${overlay_dir}" ${squashfs_f}
@@ -213,8 +204,7 @@ do
 	build_layered_squashfs "${_PASS}" ${*}
 done
 
-if [ -n "$DEFAULT_KERNEL" -a -f livecd.${PROJECT_FULL}.install-sources.yaml ]; then
-	write_kernel_yaml "$DEFAULT_KERNEL" "$BRIDGE_KERNEL_REASONS"
+if [ -f config/kernel.yaml ]; then
 	/usr/share/livecd-rootfs/update-source-catalog merge \
 		--output livecd.${PROJECT_FULL}.install-sources.yaml \
 		--template config/kernel.yaml

live-build/ubuntu-core-installer/includes.chroot.base.live/etc/cloud/cloud.cfg

@@ -18,6 +18,20 @@ ssh_pwauth: yes
 chpasswd:
     expire: false
 
+# This is the initial network config.
+# It can be overwritten by cloud-init or subiquity.
+network:
+    version: 2
+    ethernets:
+        zz-all-en:
+            match:
+                name: "en*"
+            dhcp4: true
+        zz-all-eth:
+            match:
+                name: "eth*"
+            dhcp4: true
+
 # We used to have a custom final_message here.  Just use the default instead.
 
 # Example datasource config

live-build/ubuntu-cpc/hooks.d/base/create-root-dir.binary

@@ -24,6 +24,6 @@ rm -rf $rootfs_dir/boot/grub
 # Keep this as some derivatives mount a tempfs here
 mkdir -p $rootfs_dir/lib/modules
 
-create_manifest $rootfs_dir "livecd.ubuntu-cpc.rootfs.manifest" "livecd.ubuntu-cpc.rootfs.spdx"  "cloud-image-rootfs-$ARCH-$(date +%Y%m%dT%H:%M:%S)"
-
 teardown_mountpoint $rootfs_dir
+
+create_manifest "${rootfs_dir}" "${rootfs_dir}.manifest"

live-build/ubuntu-cpc/hooks.d/base/disk-image-ppc64el.binary

@@ -9,9 +9,6 @@ esac
 
 IMAGE_STR="# CLOUD_IMG: This file was created/modified by the Cloud Image build process"
 FS_LABEL="cloudimg-rootfs"
-# 2.4G GiB
-# Since Plucky, ppc64el need more than the default 2.2GiB
-IMAGE_SIZE=2576980378
 
 . config/binary
 
@@ -83,8 +80,6 @@ cp -a chroot/* mountpoint/
 chroot mountpoint dpkg-query -W > binary/boot/filesystem.packages
 (cd mountpoint && find -xdev) | sort > binary/boot/filesystem.filelist
 
-create_manifest  "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-image.manifest" "$PWD/livecd.ubuntu-cpc.disk-image.spdx"  "cloud-image-$ARCH-$(date +Y%m%dT%H:%M:%S)"
-
 umount mountpoint
 rmdir mountpoint
 

live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi-non-cloud.binary

@@ -133,8 +133,8 @@ create_partitions() {
                         --change-name=3:uEnv \
                         --new=1:: \
                         --attributes=1:set:2
-            elif [ "${SUBARCH:-}" = "visionfive2" ] || [ "${SUBARCH:-}" = "milkvmars" ] || [ "${SUBARCH:-}" = "jh7110" ]; then
-                # JH7110 chips: VisionFive 2, Milk-V Mars
+            elif [ "${SUBARCH:-}" = "visionfive2" ] || [ "${SUBARCH:-}" = "milkvmars" ]; then
+                # VisionFive 2, Milk-V Mars
                 sgdisk "${disk_image}" \
                         --set-alignment=4096 \
 			--new=13:4096:8191 \
@@ -338,7 +338,7 @@ EOF
                         umount "${uenv_mnt_dir}"
                         rmdir "${uenv_mnt_dir}"
                         ;;
-                    "visionfive2"|"milkvmars"|"jh7110")
+                    "visionfive2"|"milkvmars")
                         cp ${my_d}/riscv64/grub/90_watchdog-thresh.cfg mountpoint/etc/default/grub.d/
                         chroot mountpoint apt-get install -qqy u-boot-starfive
                         # U-Boot SPL

live-build/ubuntu-cpc/hooks.d/base/disk-image-uefi.binary

@@ -184,8 +184,7 @@ install_grub() {
     mount
 
     # create sorted filelist as the very last step before unmounting
-    # explicitly generate manifest and sbom
-    create_manifest  "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-uefi.manifest" "$PWD/livecd.ubuntu-cpc.disk-uefi.spdx"  "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)"
+    (cd mountpoint && find -xdev) | sort > binary/boot/filesystem.filelist
 
     umount_partition mountpoint
     rmdir mountpoint
@@ -202,7 +201,6 @@ make_ext4_partition "${rootfs_dev_mapper}"
 mkdir mountpoint
 mount "${rootfs_dev_mapper}" mountpoint
 cp -a chroot/* mountpoint/
-
 umount mountpoint
 rmdir mountpoint
 

live-build/ubuntu-cpc/hooks.d/base/disk-image.binary

@@ -158,8 +158,6 @@ EOF
         $ZIPL_EXTRA_PARAMS
 fi
 
-create_manifest  "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-image.manifest" "$PWD/livecd.ubuntu-cpc.disk-image.spdx"  "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)"
-
 if [ -n "$BOOT_MOUNTPOINT" ]; then
 	umount "mountpoint/$BOOT_MOUNTPOINT"
 fi

live-build/ubuntu-cpc/hooks.d/base/qcow2-image.binary

@@ -2,17 +2,8 @@
 
 . config/functions
 
-qcow_file=${PWD}/livecd.ubuntu-cpc.qcow
 if [ -f binary/boot/disk-uefi.ext4 ]; then
     convert_to_qcow2 binary/boot/disk-uefi.ext4 livecd.ubuntu-cpc.img
-    uefi_file="livecd.ubuntu-cpc.disk-uefi"
-    cp ${uefi_file}.manifest ${qcow_file}.manifest
-    cp ${uefi_file}.filelist ${qcow_file}.filelist
-    cp ${uefi_file}.spdx ${qcow_file}.spdx
 elif [ -f binary/boot/disk.ext4 ]; then
     convert_to_qcow2 binary/boot/disk.ext4 livecd.ubuntu-cpc.img
-    disk_file="livecd.ubuntu-cpc.disk-image"
-    cp ${disk_file}.manifest ${qcow_file}.manifest
-    cp ${disk_file}.filelist ${qcow_file}.filelist
-    cp ${disk_file}.spdx ${qcow_file}.spdx
 fi

live-build/ubuntu-cpc/hooks.d/base/root-squashfs.binary

@@ -15,11 +15,8 @@ rootfs_dir=rootfs.dir
 
 squashfs_f="$PWD/livecd.ubuntu-cpc.squashfs"
 
-cp livecd.ubuntu-cpc.rootfs.manifest ${squashfs_f}.manifest
-cp livecd.ubuntu-cpc.rootfs.filelist ${squashfs_f}.filelist
-cp livecd.ubuntu-cpc.rootfs.spdx ${squashfs_f}.spdx
-
+cp $rootfs_dir.manifest $squashfs_f.manifest
 # fstab is omitted from the squashfs
-grep -v '^/etc/fstab$' livecd.ubuntu-cpc.rootfs.filelist >$squashfs_f.filelist
+grep -v '^/etc/fstab$' $rootfs_dir.filelist >$squashfs_f.filelist
 
 create_squashfs $rootfs_dir $squashfs_f

live-build/ubuntu-cpc/hooks.d/base/root-xz.binary

@@ -11,4 +11,6 @@ fi
 # This is the directory created by create-root-dir.binary
 rootfs_dir=rootfs.dir
 
+cp $rootfs_dir.manifest livecd.ubuntu-cpc.rootfs.manifest
+cp $rootfs_dir.filelist livecd.ubuntu-cpc.rootfs.filelist
 (cd $rootfs_dir/ && tar -c --sort=name --xattrs *) | xz > livecd.ubuntu-cpc.rootfs.tar.xz

live-build/ubuntu-cpc/hooks.d/base/series/disk-image

@@ -6,6 +6,3 @@ provides livecd.ubuntu-cpc.initrd-generic
 provides livecd.ubuntu-cpc.kernel-generic
 provides livecd.ubuntu-cpc.manifest
 provides livecd.ubuntu-cpc.filelist
-provides livecd.ubuntu-cpc.disk-image.manifest
-provides livecd.ubuntu-cpc.disk-image.filelist
-provides livecd.ubuntu-cpc.disk-image.spdx

live-build/ubuntu-cpc/hooks.d/base/series/disk-image-uefi

@@ -4,6 +4,3 @@ provides livecd.ubuntu-cpc.initrd-generic
 provides livecd.ubuntu-cpc.kernel-generic
 provides livecd.ubuntu-cpc.manifest
 provides livecd.ubuntu-cpc.filelist
-provides livecd.ubuntu-cpc.disk-uefi.manifest
-provides livecd.ubuntu-cpc.disk-uefi.filelist
-provides livecd.ubuntu-cpc.disk-uefi.spdx

live-build/ubuntu-cpc/hooks.d/base/series/qcow2

@@ -1,6 +1,3 @@
 depends disk-image
 base/qcow2-image.binary
 provides livecd.ubuntu-cpc.img
-provides livecd.ubuntu-cpc.qcow.manifest
-provides livecd.ubuntu-cpc.qcow.filelist
-provides livecd.ubuntu-cpc.qcow.spdx

live-build/ubuntu-cpc/hooks.d/base/series/squashfs

@@ -3,4 +3,3 @@ base/root-squashfs.binary
 provides livecd.ubuntu-cpc.squashfs
 provides livecd.ubuntu-cpc.squashfs.manifest
 provides livecd.ubuntu-cpc.squashfs.filelist
-provides livecd.ubuntu-cpc.squashfs.spdx

live-build/ubuntu-cpc/hooks.d/base/series/tarball

@@ -3,4 +3,3 @@ base/root-xz.binary
 provides livecd.ubuntu-cpc.rootfs.tar.xz
 provides livecd.ubuntu-cpc.rootfs.manifest
 provides livecd.ubuntu-cpc.rootfs.filelist
-provides livecd.ubuntu-cpc.rootfs.spdx

live-build/ubuntu-cpc/hooks.d/base/series/vagrant

@@ -1,6 +1,3 @@
 depends disk-image
 base/vagrant.binary
 provides livecd.ubuntu-cpc.vagrant.box
-provides livecd.ubuntu-cpc.vagrant.manifest
-provides livecd.ubuntu-cpc.vagrant.filelist
-provides livecd.ubuntu-cpc.vagrant.spdx

live-build/ubuntu-cpc/hooks.d/base/series/vmdk

@@ -3,6 +3,3 @@ base/vmdk-image.binary
 base/vmdk-ova-image.binary
 provides livecd.ubuntu-cpc.vmdk
 provides livecd.ubuntu-cpc.ova
-provides livecd.ubuntu-cpc.vmdk.manifest
-provides livecd.ubuntu-cpc.vmdk.filelist
-provides livecd.ubuntu-cpc.vmdk.spdx

live-build/ubuntu-cpc/hooks.d/base/vagrant.binary

@@ -93,8 +93,6 @@ EOF
 chroot ${mount_d} chown -R vagrant:vagrant /home/vagrant/.ssh
 chroot ${mount_d} chmod 700 /home/vagrant/.ssh
 
-create_manifest $mount_d "livecd.ubuntu-cpc.vagrant.manifest" "livecd.ubuntu-cpc.vagrant.spdx"  "cloud-image-vagrant-$ARCH-$(date +%Y%m%dT%H:%M:%S)"
-
 umount_disk_image "$mount_d"
 rmdir "$mount_d"
 

live-build/ubuntu-cpc/hooks.d/base/vmdk-image.binary

@@ -20,18 +20,8 @@ esac
 
 . config/functions
 
-vmdk_file="$PWD/livecd.ubuntu-cpc.vmdk"
-
 if [ -e binary/boot/disk-uefi.ext4 ]; then
     create_vmdk binary/boot/disk-uefi.ext4 livecd.ubuntu-cpc.vmdk
-    uefi_file="livecd.ubuntu-cpc.disk-uefi"
-    cp ${uefi_file}.manifest ${vmdk_file}.manifest
-    cp ${uefi_file}.filelist ${vmdk_file}.filelist
-    cp ${uefi_file}.spdx ${vmdk_file}.spdx
 elif [ -f binary/boot/disk.ext4 ]; then
     create_vmdk binary/boot/disk.ext4 livecd.ubuntu-cpc.vmdk
-    disk_file="livecd.ubuntu-cpc.disk-image"
-    cp ${disk_file}.manifest ${vmdk_file}.manifest
-    cp ${disk_file}.filelist ${vmdk_file}.filelist
-    cp ${disk_file}.spdx ${vmdk_file}.spdx
 fi

live-build/ubuntu-cpc/hooks.d/chroot/060-use-domains.chroot

@@ -1,9 +0,0 @@
-#!/bin/bash
- 
-# See https://bugs.launchpad.net/cloud-images/+bug/2106729
-
-mkdir -p /etc/systemd/networkd.conf.d/
-cat >/etc/systemd/networkd.conf.d/50-cloudimg-settings.conf <<EOF
-[Network]
-UseDomains=true
-EOF

live-build/ubuntu-cpc/hooks.d/chroot/999-cpc-fixes.chroot

@@ -100,7 +100,7 @@ fi
 
 case $arch in
 	# ppc, riscv64 and s390x images are special
-	powerpc|ppc64el|s390x)
+	powerpc|ppc64el|s390x|riscv64)
 		exit 0
 		;;
 esac

live-build/ubuntu-mini-iso/hooks/01-mini-iso.binary

@@ -46,15 +46,15 @@ touch ubuntu-mini-iso/$ARCH/tree/.disk/base_installable
 
 tmpdir=$(mktemp -d)
 unmkinitramfs $INITRD $tmpdir
-if [ -e $tmpdir/*/conf/uuid.conf ]; then
-    uuid_conf=$tmpdir/*/conf/uuid.conf
+if [ -e "$tmpdir/main/conf/uuid.conf" ]; then
+    uuid_conf="$tmpdir/main/conf/uuid.conf"
 elif [ -e "$tmpdir/conf/uuid.conf" ]; then
     uuid_conf="$tmpdir/conf/uuid.conf"
 else
     echo "uuid.conf not found"
     exit 1
 fi
-cp $uuid_conf ubuntu-mini-iso/$ARCH/tree/.disk/casper-uuid-generic
+cp "$uuid_conf" ubuntu-mini-iso/$ARCH/tree/.disk/casper-uuid-generic
 rm -fr $tmpdir
 
 cat > ubuntu-mini-iso/$ARCH/tree/.disk/cd_type <<EOF

live-build/ubuntu-mini-iso/hooks/01-mini-iso.chroot_early

@@ -2,7 +2,7 @@
 
 set -eu
 
-mkdir -p "etc/initramfs-tools/conf.d"
-cat > etc/initramfs-tools/conf.d/casperize.conf <<EOF
+mkdir -p "chroot/etc/initramfs-tools/conf.d"
+cat > chroot/etc/initramfs-tools/conf.d/casperize.conf <<EOF
 export CASPER_GENERATE_UUID=1
 EOF

live-build/ubuntu-server/hooks/02-hwe-kernel.chroot_early

@@ -1,18 +0,0 @@
-#!/bin/bash -eux
-# vi: ts=4 noexpandtab
-
-case $PASS in
-    ubuntu-server-minimal.ubuntu-server.installer.*.*)
-        exit 0
-        ;;
-    ubuntu-server-minimal.ubuntu-server.installer.*)
-        ;;
-    *)
-        exit 0
-        ;;
-esac
-
-# remove excess kernels.  auto/config arranges for the correct one to be
-# installed.
-
-apt-get --yes remove --purge 'linux-image*'

live-build/ubuntu-server/hooks/02-installer-bits.chroot_early

@@ -0,0 +1,21 @@
+#!/bin/bash -ex
+# vi: ts=4 noexpandtab
+
+case $PASS in
+    ubuntu-server-minimal.ubuntu-server.installer.*)
+        exit 0
+        ;;
+    ubuntu-server-minimal.ubuntu-server.installer)
+        ;;
+    *)
+        exit 0
+        ;;
+esac
+
+cat <<EOF > /etc/initramfs-tools/conf.d/casperize.conf
+export CASPER_GENERATE_UUID=1
+EOF
+
+cat <<EOF > /etc/initramfs-tools/conf.d/default-layer.conf
+LAYERFS_PATH=${PASS}.squashfs
+EOF

live-build/ubuntu-server/hooks/03-initramfs-enforcement.chroot

@@ -1,37 +0,0 @@
-#!/bin/bash -ex
-# vi: ts=4 noexpandtab
-
-# In a kernel layer, we need a freshly updated initrd (to ensure it
-# has been casperized with an appropriate config). A binary hook will
-# pull this out to be a separate build artifact to eventually end up
-# in /casper on the generated ISO.
-
-# In all lower layers, having an initrd just wastes space, as curtin
-# will always call update-initramfs after the layer has been copied to
-# the target system.
-
-# The netboot "layers" are not made into squashfses so there's no need
-# to do anything in those.
-
-case $PASS in
-    ubuntu-server-minimal.ubuntu-server.installer.*.*)
-        exit 0
-        ;;
-    ubuntu-server-minimal.ubuntu-server.installer.*)
-        ;;
-    *)
-        rm -f /boot/initrd.img-*
-        exit 0
-        ;;
-esac
-
-
-cat <<EOF > /etc/initramfs-tools/conf.d/casperize.conf
-export CASPER_GENERATE_UUID=1
-EOF
-cat <<EOF > /etc/initramfs-tools/conf.d/default-layer.conf
-LAYERFS_PATH=${PASS}.squashfs
-EOF
-# As this hook has deleted the initrds from lower layers we need to
-# pass -c -k all to update-initramfs here (-u will do nothing)
-update-initramfs -c -k all

live-build/ubuntu-server/includes.chroot.ubuntu-server-minimal.ubuntu-server.installer/etc/cloud/cloud.cfg

@@ -18,6 +18,20 @@ ssh_pwauth: yes
 chpasswd:
     expire: false
 
+# This is the initial network config.
+# It can be overwritten by cloud-init or subiquity.
+network:
+    version: 2
+    ethernets:
+        zz-all-en:
+            match:
+                name: "en*"
+            dhcp4: true
+        zz-all-eth:
+            match:
+                name: "eth*"
+            dhcp4: true
+
 # We used to have a custom final_message here.  Just use the default instead.
 
 # Example datasource config

live-build/ubuntu-server/includes.chroot.ubuntu-server-minimal.ubuntu-server.installer/etc/netplan/00-installer-config.yaml

@@ -1,19 +0,0 @@
-# This is the initial network config.
-# It can be overwritten by cloud-init or subiquity.
-# For more information, see netplan(5)
-
-network:
-    version: 2
-    ethernets:
-        zz-all-en:
-            match:
-                name: "en*"
-            dhcp4: true
-            dhcp6: true
-            accept-ra: true
-        zz-all-eth:
-            match:
-                name: "eth*"
-            dhcp4: true
-            dhcp6: true
-            accept-ra: true

live-build/ubuntu/hooks/020-ubuntu-enhanced-sb.binary

@@ -1,24 +1,129 @@
 #! /bin/sh
 
-# We need to remove the snapd seed configuration for the layers that
-# will be the installation source for a TPM-backed FDE install or
-# snapd gets very confused on the boot of the target system.
-
 set -eux
 
 case ${PASS:-} in
-    *.enhanced-secureboot)
+    minimal.standard.enhanced-secureboot)
+        ;;
+    minimal.enhanced-secureboot)
         ;;
     *)
         exit 0
         ;;
 esac
 
-. config/functions
-
 if [ -n "${SUBPROJECT:-}" ]; then
     echo "We don't run Ubuntu Desktop hooks for this project."
     exit 0
 fi
 
+. config/binary
+. config/functions
+
+# env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
+cat <<EOF > config/classic-model.model
+type: model
+authority-id: canonical
+series: 16
+brand-id: canonical
+model: ubuntu-classic-2410-amd64
+architecture: amd64
+base: core22
+classic: true
+distribution: ubuntu
+grade: signed
+snaps:
+  -
+    default-channel: classic-24.10/stable
+    id: UqFziVZDHLSyO3TqSWgNBoAdHbLI4dAH
+    name: pc
+    type: gadget
+  -
+    default-channel: 24.10/stable
+    id: pYVQrBcKmBa0mZ4CCN7ExT6jH8rY1hza
+    name: pc-kernel
+    type: kernel
+  -
+    default-channel: latest/stable
+    id: amcUKQILKXHHTlmSa7NMdnXSx02dNeeT
+    name: core22
+    type: base
+  -
+    default-channel: latest/stable
+    id: PMrrV4ml8uWuEUDBT8dSGnKUYbevVhc4
+    name: snapd
+    type: snapd
+  -
+    default-channel: latest/stable
+    id: EISPgh06mRh1vordZY9OZ34QHdd7OrdR
+    name: bare
+    type: base
+  -
+    default-channel: latest/stable/ubuntu-24.10
+    id: 3wdHCAVyZEmYsCMFDE9qt92UV8rC8Wdk
+    name: firefox
+    type: app
+  -
+    default-channel: latest/stable/ubuntu-24.10
+    id: lATO8HzwVvrAPrlZRAWpfyrJKlAJrZS3
+    name: gnome-42-2204
+    type: app
+  -
+    default-channel: latest/stable/ubuntu-24.10
+    id: jZLfBRzf1cYlYysIjD2bwSzNtngY0qit
+    name: gtk-common-themes
+    type: app
+  -
+    default-channel: latest/stable/ubuntu-24.10
+    id: IrwRHakqtzhFRHJOOPxKVPU0Kk7Erhcu
+    name: snapd-desktop-integration
+    type: app
+  -
+    default-channel: 1/stable/ubuntu-24.10
+    id: EI0D1KHjP8XiwMZKqSjuh6W8zvcowUVP
+    name: firmware-updater
+    type: app
+  -
+    default-channel: 1/stable/ubuntu-24.10
+    id: FppXWunWzuRT2NUT9CwoBPNJNZBYOCk0
+    name: desktop-security-center
+    type: app
+  -
+    default-channel: 1/stable/ubuntu-24.10
+    id: aoc5lfC8aUd2VL8VpvynUJJhGXp5K6Dj
+    name: prompting-client
+    type: app
+  -
+    default-channel: 2/stable/ubuntu-24.10
+    id: gjf3IPXoRiipCu9K0kVu52f0H56fIksg
+    name: snap-store
+    type: app
+timestamp: 2024-06-18T12:00:00.0Z
+sign-key-sha3-384: 9tydnLa6MTJ-jaQTFUXEwHl1yRx7ZS4K5cyFDhYDcPzhS7uyEkDxdUjg9g08BtNn
+
+AcLBXAQAAQoABgUCZv8eAQAKCRDgT5vottzAEu4rD/9UbdQMAYBD9kJnKZpgDQLK6WCV4DU4vBF0
+exKeVREhjGlcGNTKZDBTu/thVu9xCbGdKFxucoBr3y5kGmRkFaHXqzCGUcGOIRnGqlLHAwskcsHY
+LJYvPcUl6+UJhLHEN+kz50iPuEOe2qdmwAYyOTpkhWatFI8gjOyUN79aiMIPvbuKxmz6reozxi92
+bPhr0emR20Moc23x8ANNc04FY062eJI1gXBWfakk8whQvUk+++sJZDUXcd6yfR7HtIhZaBlgLSOG
+wIO74vlTaGNqbnOik2LhI/75Rpmelb3H2qukcBl6x847Pt588hERQHvy7LwrLTiqDFoWC2QaRa5U
+VCoV0QOjmoPbc3SESLyQbjbC01I1rYgPnsVOZ6jiI8lx6ODH5But3ziA4Z2ikosQoc4EwpkJa/yk
+1ca6/MgHxSD4A4TDn031zs4hPQxF33xPB3/4AJHmNwae+9yeoLF9Fen/NaE6GsNA9JsXvTt4qplu
+U6oiKIBuRj6MyyIf1RALSF1jZUQblif5exbkp+q0mdbaTvLCOEBuVzildhtpmS3ZbNYgwp7VPSjM
+KNwBBQiu4Ewdlhn0801ruI+eGwR5KVhIrSFdcjsU39jLG7SkWM5NO74t1x75gvUXsmti3WswbIPO
+JlxI5Z1CQv+Uqbg5qZkt/v4EuptvA1CzEcoBzTa05w==
+EOF
+
+channel=""
+if [ -n "${CHANNEL:-}" ]; then
+    channel="--channel $CHANNEL"
+fi
+
 reset_snapd_state chroot
+
+# Set UBUNTU_STORE_COHORT_KEY="+" to force prepare-image to fetch the latest
+# snap versions regardless of phasing status
+env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
+    --classic config/classic-model.model $channel chroot
+mv chroot/system-seed/systems/* chroot/system-seed/systems/enhanced-secureboot-desktop
+rm -rf chroot/var/lib/snapd/seed
+mv chroot/system-seed chroot/var/lib/snapd/seed

live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary

@@ -1,74 +0,0 @@
-#!/bin/bash
-
-# create the system seed for TPM-backed FDE in the live layer of the installer.
-
-set -eux
-
-case ${PASS:-} in
-    *.live)
-        ;;
-    *)
-        exit 0
-        ;;
-esac
-
-if [ -n "${SUBPROJECT:-}" ]; then
-    echo "We don't run Ubuntu Desktop hooks for this project."
-    exit 0
-fi
-
-. config/binary
-. config/functions
-
-# Generation of the model:
-# * At https://github.com/canonical/models one can find a repo of raw,
-#   unsigned, input .json files, and their signed .model equivalents.
-# * At least once per cycle, update the json for the new Ubuntu version.
-#   To do this, take the previous cycle ubuntu-classic-$ver-amd64.json file,
-#   rename for the new version, and do any necessary updates including fixing
-#   the versions of tracks.
-# * When this is done, the json needs to be signed.  This needs to be done by
-#   a Canonical employee - try asking someone who has recently opened PRs on
-#   https://github.com/canonical/models with the signed models.
-# * Ensure the signed and unsigned version of the models are updated in the
-#   models repo.
-# * The signed model can then be placed here in livecd-rootfs at
-#   live-build/${PROJECT}/ubuntu-classic-amd64.model
-
-# env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
-model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
-
-# see below note about "dangerous" model
-CHANNEL=${CHANNEL:-stable}
-
-channel=""
-if [ -n "${CHANNEL:-}" ]; then
-    channel="--channel $CHANNEL"
-fi
-
-# Set UBUNTU_STORE_COHORT_KEY="+" to force prepare-image to fetch the latest
-# snap versions regardless of phasing status
-
-# this is the normal prepare-image invocation.  This is not used right now as
-# the model in question is the "dangerous" model so that we can override the
-# channel of pc-kernel and others to get a matching set of snaps.
-#   env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
-#       --classic $model $channel chroot
-# FIXME - go back to the stable model and remove all the `--snap` overrides
-env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
-    --classic $model $channel \
-    --snap=pc=classic-25.10/stable \
-    --snap=pc-kernel=25.10/candidate \
-    --snap=firmware-updater=1/stable/ubuntu-25.10 \
-    --snap=desktop-security-center=1/stable/ubuntu-25.10 \
-    --snap=prompting-client=1/stable/ubuntu-25.10 \
-    --snap=snap-store=2/stable/ubuntu-25.10 \
-    --snap=gtk-common-themes=latest/stable/ubuntu-25.10 \
-    --snap=firefox=latest/stable/ubuntu-25.10 \
-    --snap=gnome-42-2204=latest/stable/ubuntu-25.10 \
-    --snap=snapd-desktop-integration=latest/stable/ubuntu-25.10 \
-    chroot
-
-mv chroot/system-seed/systems/* chroot/system-seed/systems/enhanced-secureboot-desktop
-rsync -av chroot/system-seed/{systems,snaps} chroot/var/lib/snapd/seed
-rm -rf chroot/system-seed/

live-build/ubuntu/includes.chroot.minimal.standard.live/etc/cloud/cloud.cfg

@@ -18,6 +18,20 @@ ssh_pwauth: yes
 chpasswd:
     expire: false
 
+# This is the initial network config.
+# It can be overwritten by cloud-init or subiquity.
+network:
+    version: 2
+    ethernets:
+        zz-all-en:
+            match:
+                name: "en*"
+            dhcp4: true
+        zz-all-eth:
+            match:
+                name: "eth*"
+            dhcp4: true
+
 # We used to have a custom final_message here.  Just use the default instead.
 
 # Example datasource config

live-build/ubuntu/includes.chroot.minimal.standard.live/etc/polkit-1/rules.d/10-allow-installer-wait-on-snap.rules

@@ -1,13 +0,0 @@
-// -*- mode: js; js-indent-level: 4; indent-tabs-mode: nil -*-
-//
-// THIS FILE IS ONLY AVAILABLE ON THE LIVE SYSTEM
-//
-// Allow the ubuntu-desktop-installer to request snap seeding state
-// used before starting.
-
-polkit.addRule(function(action, subject) {
-    if (action.id == "io.snapcraft.snapd.manage-configuration") {
-            return polkit.Result.YES;
-    }
-});
-