mirror of
				https://git.launchpad.net/livecd-rootfs
				synced 2025-10-25 05:54:16 +00:00 
			
		
		
		
	* Fix daily-dangerous builds:
  - Copy hooks.
  - Mangle the channel of seeded snaps to use the edge risk of whichever
    track they are taken from.
  - Update the dangerous model to reference tracks that actually exist.
  - Include providers of content plugs when seeding snaps and creating
    TPMFDE system.
  - Do not attempt to build an UEFI boot image or hyperv desktop image for
    this project/subproject combination.
		
	
			
		
			
				
	
	
		
			64 lines
		
	
	
		
			2.4 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
			
		
		
	
	
			64 lines
		
	
	
		
			2.4 KiB
		
	
	
	
		
			Bash
		
	
	
	
	
	
| #!/bin/bash
 | |
| 
 | |
| # create the system seed for TPM-backed FDE in the live layer of the installer.
 | |
| 
 | |
| set -eux
 | |
| 
 | |
| case ${PASS:-} in
 | |
|     *.live)
 | |
|         ;;
 | |
|     *)
 | |
|         exit 0
 | |
|         ;;
 | |
| esac
 | |
| 
 | |
| . config/binary
 | |
| . config/functions
 | |
| 
 | |
| # Generation of the model:
 | |
| # * At https://github.com/canonical/models one can find a repo of raw,
 | |
| #   unsigned, input .json files, and their signed .model equivalents.
 | |
| # * At least once per cycle, update the json for the new Ubuntu version.
 | |
| #   To do this, take the previous cycle ubuntu-classic-$ver-amd64.json file,
 | |
| #   rename for the new version, and do any necessary updates including fixing
 | |
| #   the versions of tracks.
 | |
| # * When this is done, the json needs to be signed.  This needs to be done by
 | |
| #   a Canonical employee - try asking someone who has recently opened PRs on
 | |
| #   https://github.com/canonical/models with the signed models.
 | |
| # * Ensure the signed and unsigned version of the models are updated in the
 | |
| #   models repo.
 | |
| # * The signed model can then be placed here in livecd-rootfs at
 | |
| #   live-build/${PROJECT}/ubuntu-classic-amd64.model
 | |
| 
 | |
| # env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
 | |
| model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
 | |
| 
 | |
| prepare_args=
 | |
| 
 | |
| # for the dangerous subproject, we need the dangerous model!
 | |
| if [ $SUBPROJECT = "dangerous" ]; then
 | |
|     # As with the "classically" seeded snaps, snaps from the edge channel may
 | |
|     # require different content snaps to be installed, so they must be
 | |
|     # included in the system as well. We just use the same list as was
 | |
|     # computed in snap_validate_seed.
 | |
|     model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
 | |
|     while read snap; do
 | |
|         prepare_args="$prepare_args --snap=${snap}=edge"
 | |
|     done < config/missing-providers
 | |
| fi
 | |
| 
 | |
| channel=""
 | |
| if [ -n "${CHANNEL:-}" ]; then
 | |
|     channel="--channel $CHANNEL"
 | |
| fi
 | |
| 
 | |
| # Set UBUNTU_STORE_COHORT_KEY="+" to force prepare-image to fetch the latest
 | |
| # snap versions regardless of phasing status
 | |
| 
 | |
| env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
 | |
|     --classic $model $channel ${prepare_args:+$prepare_args} chroot
 | |
| 
 | |
| mv chroot/system-seed/systems/* chroot/system-seed/systems/enhanced-secureboot-desktop
 | |
| rsync -av chroot/system-seed/{systems,snaps} chroot/var/lib/snapd/seed
 | |
| rm -rf chroot/system-seed/
 |