#!/bin/bash -eux case $ARCH in amd64|arm64|armhf|riscv64) ;; *) echo "We don't create EFI images for $ARCH." exit 0 ;; esac IMAGE_STR="# CLOUD_IMG: This file was created/modified by the Cloud Image build process" FS_LABEL="cloudimg-rootfs" case "$ARCH" in amd64|arm64|armhf) # 3.5 GiB # Since Kinetic amd64 need more then the default 2.2G # Since Jammy armhf need more then the default 2.2G # Since Mantic arm64 need more then the default 2.2G IMAGE_SIZE=3758096384 # bump to 3.5G (3584*1024**2); ;; riscv64) # 4.5 GiB # initrd creation fails with "No space left" with 3.5G IMAGE_SIZE=4831838208 # bump to 4.5G (4608*1024**2); ;; esac . config/binary . config/functions create_partitions() { disk_image="$1" sgdisk "${disk_image}" --zap-all case $ARCH in arm64|armhf) sgdisk "${disk_image}" \ --new=15:0:204800 \ --typecode=15:ef00 \ --new=16::1G \ --typecode=16:ea00 \ --new=1: ;; riscv64) sgdisk "${disk_image}" \ --set-alignment=2 \ --new=15::+106M \ --typecode=15:ef00 \ --new=16::1G \ --typecode=16:ea00 \ --new=1:: \ --attributes=1:set:2 ;; amd64) sgdisk "${disk_image}" \ --new=14::+4M \ --new=15::+106M \ --new=16::1G \ --typecode=16:ea00 \ --new=1:: sgdisk "${disk_image}" \ -t 14:ef02 \ -t 15:ef00 ;; esac sgdisk "${disk_image}" \ --print } create_and_mount_boot_partitions() { uefi_dev="${loop_device}p15" boot_dev="${loop_device}p16" mountpoint="$1" mkfs.vfat -F 32 -n UEFI "${uefi_dev}" mkfs.ext4 -L BOOT "${boot_dev}" # copying what was on the rootfs to the new boot partition mount "${boot_dev}" "${mountpoint}"/mnt mv "${mountpoint}"/boot/* "${mountpoint}"/mnt umount "${boot_dev}" mount "${boot_dev}" "${mountpoint}"/boot mkdir -p "${mountpoint}"/boot/efi mount "${uefi_dev}" "$mountpoint"/boot/efi cat << EOF >> "mountpoint/etc/fstab" LABEL=BOOT /boot ext4 defaults 0 2 LABEL=UEFI /boot/efi vfat umask=0077 0 1 EOF } install_grub() { mkdir mountpoint mount_partition "${rootfs_dev_mapper}" mountpoint create_and_mount_boot_partitions mountpoint echo "(hd0) ${loop_device}" > mountpoint/tmp/device.map mkdir -p mountpoint/etc/default/grub.d efi_boot_dir="/boot/efi/EFI/BOOT" chroot mountpoint mkdir -p "${efi_boot_dir}" chroot mountpoint apt-get -y update package_install_recommends_option="" # minimized cloud image policy, introduced in version 23.10.16, is to not install recommends for any package # installs during build. This is to keep the image as small as possible. This also extends to # the grub related packages. if [ "${SUBPROJECT:-}" = minimized ]; then package_install_recommends_option="--no-install-recommends" fi # UEFI GRUB modules are meant to be used equally by Secure Boot and # non-Secure Boot systems. If you need an extra module not already # provided or run into "Secure Boot policy forbids loading X" problems, # please file a bug against grub2 to include the affected module. case $ARCH in arm64) chroot mountpoint apt-get -qqy install ${package_install_recommends_option} shim-signed grub-efi-arm64-signed efi_target=arm64-efi ;; armhf) chroot mountpoint apt-get -qqy install ${package_install_recommends_option} grub-efi-arm grub-efi-arm-bin efi_target=arm-efi ;; amd64) chroot mountpoint apt-get install -qqy ${package_install_recommends_option} grub-pc shim-signed efi_target=x86_64-efi # set the required debconf settings to allow for non interactive grub updates in cloud images LP: #2054103 echo "grub-pc grub-efi/cloud_style_installation boolean true" | chroot mountpoint debconf-set-selections echo "grub-pc grub-pc/cloud_style_installation boolean true" | chroot mountpoint debconf-set-selections ;; riscv64) chroot mountpoint apt-get install -qqy ${package_install_recommends_option} u-boot-menu grub-efi-riscv64 efi_target=riscv64-efi chroot mountpoint u-boot-update ;; esac chroot mountpoint apt-get autoremove --purge --assume-yes chroot mountpoint grub-install "${loop_device}" \ --boot-directory=/boot \ --efi-directory=/boot/efi \ --target=${efi_target} \ --uefi-secure-boot \ --no-nvram if [ "$ARCH" = "amd64" ]; then # Install the BIOS/GPT bits. Since GPT boots from the ESP partition, # it means that we just run this simple command and we're done chroot mountpoint grub-install --target=i386-pc "${loop_device}" fi # Use initrdless boot for minimal images if [ "${SUBPROJECT:-}" = "minimized" ]; then force_boot_without_initramfs mountpoint fi # This call to rewrite the debian package manifest is added here to capture # grub-efi packages that otherwise would not make it into the base # manifest. filesystem.packages is moved into place via symlinking to # livecd.ubuntu-cpc.manifest by live-build/auto/build after lb_binary runs # and at that time snaps are added to the manifest (create-manifest is # not called here as it calls snap-seed-parse, resulting in duplicate # snap listings) chroot mountpoint dpkg-query -W > binary/boot/filesystem.packages divert_grub mountpoint track_initramfs_boot_fallback mountpoint chroot mountpoint update-grub replace_grub_root_with_label mountpoint undivert_grub mountpoint chroot mountpoint apt-get -y clean rm mountpoint/tmp/device.map umount -R mountpoint/boot mount # create sorted filelist as the very last step before unmounting # explicitly generate manifest and sbom create_manifest "mountpoint/" "$PWD/livecd.ubuntu-cpc.disk-uefi.manifest" "$PWD/livecd.ubuntu-cpc.disk-uefi.spdx" "cloud-image-$ARCH-$(date +%Y%m%dT%H:%M:%S)" umount_partition mountpoint rmdir mountpoint } disk_image=binary/boot/disk-uefi.ext4 create_empty_disk_image "${disk_image}" create_partitions "${disk_image}" mount_image "${disk_image}" 1 # Copy the chroot in to the disk make_ext4_partition "${rootfs_dev_mapper}" mkdir mountpoint mount "${rootfs_dev_mapper}" mountpoint cp -a chroot/* mountpoint/ umount mountpoint rmdir mountpoint install_grub clean_loops trap - EXIT