Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-11-20 10:44:08 +00:00
Code Issues Packages Projects Releases Wiki Activity
livecd-rootfs/live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary
Olivier Gayot 001aed3b3b ubuntu: use an array for prepare_args 
Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
2025-11-18 18:24:09 +01:00

103 lines
3.6 KiB
Bash
Raw Blame History

#!/bin/bash
# create the system seed for TPM-backed FDE in the live layer of the installer.
set -eux
case ${PASS:-} in
*.live)
;;
*)
exit 0
;;
esac
. config/binary
. config/functions
# Naive conversion from YAML to JSON. This is needed because yq is in universe
# (but jq is not).
yaml_to_json()
{
python3 -c '
import json
import sys
import yaml
json.dump(yaml.safe_load(sys.stdin), sys.stdout, default=str)
'
}
# Use jq to retrieve a list of --snap options from a given *signed* model.
get_snaps_args()
{
model=$1
# The model is signed and is not valid YAML unless we get rid of the
# signature. Here we assume the only blank line is before the signature.
sed '/^$/,$d' -- "$model" \
| yaml_to_json \
| jq --raw-output '.snaps[] | "--snap=" + .name + "=" + .["default-channel"]'
}
# Generation of the model:
# * At https://github.com/canonical/models one can find a repo of raw,
# unsigned, input .json files, and their signed .model equivalents.
# * At least once per cycle, update the json for the new Ubuntu version.
# To do this, take the previous cycle ubuntu-classic-$ver-amd64.json file,
# rename for the new version, and do any necessary updates including fixing
# the versions of tracks.
# * When this is done, the json needs to be signed. This needs to be done by
# a Canonical employee - try asking someone who has recently opened PRs on
# https://github.com/canonical/models with the signed models.
# * Ensure the signed and unsigned version of the models are updated in the
# models repo.
# * The signed model can then be placed here in livecd-rootfs at
# live-build/${PROJECT}/ubuntu-classic-amd64.model
# env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
#
# model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
# Normally we use the non-dangerous model here. Use the dangerous one for now
# until we get snaps on stable 26.04 tracks and channels.
model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
prepare_args=()
# for the dangerous subproject, we need the dangerous model!
if [ "$SUBPROJECT" = "dangerous" ]; then
# As with the "classically" seeded snaps, snaps from the edge channel may
# require different content snaps to be installed, so they must be
# included in the system as well. We just use the same list as was
# computed in snap_validate_seed.
model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
while read snap; do
prepare_args+=("--snap=${snap}=edge")
done < config/missing-providers
else
# We're currently using the dangerous model for the non-dangerous ISO
# because it allows us to override snaps. But we don't want all snaps from
# edge like the dangerous model has, we want most of them from stable
# (excluding pc-kernel).
while read -r snap_arg; do
prepare_args+=("$snap_arg")
done < <(get_snaps_args /usr/share/livecd-rootfs/live-build/"${PROJECT}"/ubuntu-classic-amd64.model | grep -v -F pc-kernel)
fi
channel=""
if [ -n "${CHANNEL:-}" ]; then
channel="--channel $CHANNEL"
fi
# Set UBUNTU_STORE_COHORT_KEY="+" to force prepare-image to fetch the latest
# snap versions regardless of phasing status
env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
--classic $model $channel "${prepare_args[@]}" chroot
mv chroot/system-seed/systems/* chroot/system-seed/systems/enhanced-secureboot-desktop
rsync -av chroot/system-seed/{systems,snaps} chroot/var/lib/snapd/seed
rm -rf chroot/system-seed/
Reference in New Issue View Git Blame Copy Permalink