mirror of
https://git.launchpad.net/livecd-rootfs
synced 2025-10-24 05:24:07 +00:00
With that, the Dockerfile modifications[0] currently done externally are done now here. That means that the created rootfs tarball can be directly used within a Dockerfile to create a container from scratch: FROM scratch ADD livecd.ubuntu-oci.rootfs.tar.gz / CMD ["/bin/bash"] [0] https://github.com/tianon/docker-brew-ubuntu-core/blob/master/update.sh (cherry picked from commit a81972a58b004897bf3e5c14ff371bc2f6b5e4b8)
933 lines
30 KiB
Bash
Executable File
933 lines
30 KiB
Bash
Executable File
#! /bin/sh
|
|
set -e
|
|
|
|
export LC_ALL=C
|
|
|
|
( . "${LIVE_BUILD}/scripts/build.sh" > /dev/null 2>&1 || true ) || . /usr/lib/live/build.sh
|
|
|
|
Arguments "${@}"
|
|
|
|
Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
|
|
Set_defaults
|
|
|
|
if [ -z "${PROJECT:-}" ]; then
|
|
echo "PROJECT environment variable has to be set" >&2
|
|
exit 1
|
|
fi
|
|
|
|
. config/functions
|
|
|
|
# New nf_tables-based versions of iptables don't work well on old kernels.
|
|
# We aren't sure exactly how old is a problem: 4.15 works, but with 4.4 new
|
|
# rules are added to all chains in the requested table rather than just one,
|
|
# and the new rules seem to have no useful effect. In such cases,
|
|
# iptables-legacy works better.
|
|
#
|
|
# We can simplify this once livecd-rootfs no longer needs to support running
|
|
# on Ubuntu 16.04 (that is, once Launchpad's build VMs are upgraded to
|
|
# Ubuntu 18.04).
|
|
run_iptables () {
|
|
local kver kver_major kver_minor
|
|
|
|
kver="$(uname -r)"
|
|
kver="${kver%%-*}"
|
|
kver_major="${kver%%.*}"
|
|
kver="${kver#*.}"
|
|
kver_minor="${kver%%.*}"
|
|
|
|
if [ "$kver_major" -lt 4 ] || \
|
|
([ "$kver_major" = 4 ] && [ "$kver_minor" -lt 15 ]); then
|
|
iptables-legacy "$@"
|
|
else
|
|
iptables "$@"
|
|
fi
|
|
}
|
|
|
|
if [ -n "$REPO_SNAPSHOT_STAMP" ]; then
|
|
if [ "`whoami`" != "root" ]; then
|
|
echo "Magic repo snapshots only work when running as root." >&2
|
|
exit 1
|
|
fi
|
|
|
|
apt-get -qyy install iptables
|
|
|
|
# Redirect all outgoing traffic to port 80 to proxy instead.
|
|
run_iptables -t nat -A OUTPUT -p tcp --dport 80 \
|
|
-m owner ! --uid-owner daemon -j REDIRECT --to 8080
|
|
|
|
# Run proxy as "daemon" to avoid infinite loop.
|
|
/usr/share/livecd-rootfs/magic-proxy \
|
|
--address="127.0.0.1" \
|
|
--port=8080 \
|
|
--run-as=daemon \
|
|
--cutoff-time="$REPO_SNAPSHOT_STAMP" \
|
|
--log-file=/build/livecd.magic-proxy.log \
|
|
--pid-file=config/magic-proxy.pid \
|
|
--background \
|
|
--setsid
|
|
fi
|
|
|
|
# Link output files somewhere launchpad-buildd will be able to find them.
|
|
PREFIX="livecd.$PROJECT${SUBARCH:+-$SUBARCH}"
|
|
|
|
if [ "${IMAGEFORMAT:-}" = "ubuntu-image" ]; then
|
|
# Use ubuntu-image instead of live-build
|
|
|
|
if [ "$PROJECT" = "ubuntu-core" ]; then
|
|
env SNAPPY_STORE_NO_CDN=1 \
|
|
ubuntu-image snap $UBUNTU_IMAGE_ARGS \
|
|
-O output "$PREFIX".model-assertion
|
|
# XXX: currently we only have one image generated, but really
|
|
# we should be supporting more than one for models that
|
|
# define those.
|
|
mv output/*.img "$PREFIX".img
|
|
xz -0 -T4 "$PREFIX".img
|
|
mv output/seed.manifest "$PREFIX".manifest
|
|
else
|
|
# First we need to build the gadget tree
|
|
make -C "config/$PREFIX-gadget" ARCH=$ARCH SERIES=$SUITE
|
|
ubuntu-image classic $UBUNTU_IMAGE_ARGS \
|
|
-s $SUITE -p $PROJECT -a $ARCH --subarch $SUBARCH \
|
|
-O output config/$PREFIX-gadget/install
|
|
# XXX: currently we only have one image generated, but really
|
|
# we should be supporting more than one for models that
|
|
# define those.
|
|
mv output/*.img "$PREFIX".img
|
|
xz -0 -T4 "$PREFIX".img
|
|
# Also link the output image to a filename that cdimage expects
|
|
ln "$PREFIX".img.xz livecd.ubuntu-cpc.disk1.img.xz
|
|
mv output/filesystem.manifest "$PREFIX".manifest
|
|
fi
|
|
|
|
exit 0
|
|
fi
|
|
|
|
# Setup cleanup function
|
|
Setup_cleanup
|
|
|
|
preinstall_snaps() {
|
|
setup_mountpoint chroot
|
|
|
|
snap_prepare chroot
|
|
|
|
for snap in "$@"; do
|
|
SNAP_NO_VALIDATE_SEED=1 snap_preseed chroot "${snap}"
|
|
done
|
|
|
|
snap_validate_seed chroot
|
|
|
|
teardown_mountpoint chroot
|
|
}
|
|
|
|
rm -f binary.success
|
|
(
|
|
if [ -d config/gnupg ]; then
|
|
cat << @@EOF > config/gnupg/NEWKEY
|
|
Key-Type: DSA
|
|
Key-Length: 1024
|
|
Key-Usage: sign
|
|
Name-Real: Ubuntu Local Archive One-Time Signing Key
|
|
Name-Email: cdimage@ubuntu.com
|
|
Expire-Date: 0
|
|
@@EOF
|
|
gpg --home config/gnupg --gen-key --batch < config/gnupg/NEWKEY \
|
|
> config/gnupg/generate.log 2>&1 &
|
|
GPG_PROCESS=$!
|
|
fi
|
|
|
|
lb bootstrap "$@"
|
|
|
|
case $PROJECT:${SUBPROJECT:-} in
|
|
ubuntu-server:*|ubuntu-cpc:*|ubuntu:desktop-preinstalled)
|
|
# Set locale to C.UTF-8 by default. We should
|
|
# probably do this for all images early in the
|
|
# 18.10 cycle but for now just do it for
|
|
# server and cpc products.
|
|
echo "LANG=C.UTF-8" > chroot/etc/default/locale
|
|
;;
|
|
esac
|
|
|
|
if [ "${SUBPROJECT:-}" = minimized ] \
|
|
&& ! Chroot chroot dpkg -l tzdata 2>&1 |grep -q ^ii; then
|
|
# workaround for tzdata purge not removing these files
|
|
rm -f chroot/etc/localtime chroot/etc/timezone
|
|
fi
|
|
|
|
if [ "${SUBPROJECT:-}" = minimized ]; then
|
|
# set up dpkg filters to skip installing docs on minimized system
|
|
mkdir -p chroot/etc/dpkg/dpkg.cfg.d
|
|
cat > chroot/etc/dpkg/dpkg.cfg.d/excludes <<EOF
|
|
# Drop all man pages
|
|
path-exclude=/usr/share/man/*
|
|
|
|
# Drop all translations
|
|
path-exclude=/usr/share/locale/*/LC_MESSAGES/*.mo
|
|
|
|
# Drop all documentation ...
|
|
path-exclude=/usr/share/doc/*
|
|
|
|
# ... except copyright files ...
|
|
path-include=/usr/share/doc/*/copyright
|
|
|
|
# ... and Debian changelogs
|
|
path-include=/usr/share/doc/*/changelog.Debian.*
|
|
EOF
|
|
|
|
# Remove docs installed by bootstrap
|
|
Chroot chroot dpkg-query -f '${binary:Package}\n' -W | Chroot chroot xargs -L1 apt-get install --reinstall
|
|
|
|
# Add unminimizer script which restores default image behavior
|
|
mkdir -p chroot/usr/local/sbin
|
|
cat > chroot/usr/local/sbin/unminimize <<'EOF'
|
|
#!/bin/sh
|
|
|
|
set -e
|
|
|
|
echo "This system has been minimized by removing packages and content that are"
|
|
echo "not required on a system that users do not log into."
|
|
echo ""
|
|
echo "This script restores content and packages that are found on a default"
|
|
echo "Ubuntu server system in order to make this system more suitable for"
|
|
echo "interactive use."
|
|
echo ""
|
|
echo "Reinstallation of packages may fail due to changes to the system"
|
|
echo "configuration, the presence of third-party packages, or for other"
|
|
echo "reasons."
|
|
echo ""
|
|
echo "This operation may take some time."
|
|
echo ""
|
|
read -p "Would you like to continue? [y/N] " REPLY
|
|
echo # (optional) move to a new line
|
|
if [ "$REPLY" != "y" ] && [ "$REPLY" != "Y" ]
|
|
then
|
|
exit 1
|
|
fi
|
|
|
|
if [ -f /etc/dpkg/dpkg.cfg.d/excludes ] || [ -f /etc/dpkg/dpkg.cfg.d/excludes.dpkg-tmp ]; then
|
|
echo "Re-enabling installation of all documentation in dpkg..."
|
|
if [ -f /etc/dpkg/dpkg.cfg.d/excludes ]; then
|
|
mv /etc/dpkg/dpkg.cfg.d/excludes /etc/dpkg/dpkg.cfg.d/excludes.dpkg-tmp
|
|
fi
|
|
echo "Updating package list and upgrading packages..."
|
|
apt-get update
|
|
# apt-get upgrade asks for confirmation before upgrading packages to let the user stop here
|
|
apt-get upgrade
|
|
echo "Restoring system documentation..."
|
|
echo "Reinstalling packages with files in /usr/share/man/ ..."
|
|
# Reinstallation takes place in two steps because a single dpkg --verified
|
|
# command generates very long parameter list for "xargs dpkg -S" and may go
|
|
# over ARG_MAX. Since many packages have man pages the second download
|
|
# handles a much smaller amount of packages.
|
|
dpkg -S /usr/share/man/ |sed 's|, |\n|g;s|: [^:]*$||' | DEBIAN_FRONTEND=noninteractive xargs apt-get install --reinstall -y
|
|
echo "Reinstalling packages with system documentation in /usr/share/doc/ .."
|
|
# This step processes the packages which still have missing documentation
|
|
dpkg --verify --verify-format rpm | awk '/..5...... \/usr\/share\/doc/ {print $2}' | sed 's|/[^/]*$||' | sort |uniq \
|
|
| xargs dpkg -S | sed 's|, |\n|g;s|: [^:]*$||' | uniq | DEBIAN_FRONTEND=noninteractive xargs apt-get install --reinstall -y
|
|
echo "Restoring system translations..."
|
|
# This step processes the packages which still have missing translations
|
|
dpkg --verify --verify-format rpm | awk '/..5...... \/usr\/share\/locale/ {print $2}' | sed 's|/[^/]*$||' | sort |uniq \
|
|
| xargs dpkg -S | sed 's|, |\n|g;s|: [^:]*$||' | uniq | DEBIAN_FRONTEND=noninteractive xargs apt-get install --reinstall -y
|
|
if dpkg --verify --verify-format rpm | awk '/..5...... \/usr\/share\/doc/ {exit 1}'; then
|
|
echo "Documentation has been restored successfully."
|
|
rm /etc/dpkg/dpkg.cfg.d/excludes.dpkg-tmp
|
|
else
|
|
echo "There are still files missing from /usr/share/doc/:"
|
|
dpkg --verify --verify-format rpm | awk '/..5...... \/usr\/share\/doc/ {print " " $2}'
|
|
echo "You may want to try running this script again or you can remove"
|
|
echo "/etc/dpkg/dpkg.cfg.d/excludes.dpkg-tmp and restore the files manually."
|
|
fi
|
|
fi
|
|
|
|
if [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then
|
|
# Remove diverted man binary
|
|
rm -f /usr/bin/man
|
|
dpkg-divert --quiet --remove --rename /usr/bin/man
|
|
fi
|
|
EOF
|
|
|
|
if [ "$PROJECT" != "ubuntu-base" ] && [ "$PROJECT" != "ubuntu-oci" ]; then
|
|
# ubuntu-minimal is too much for a docker container (it contains
|
|
# systemd and other things)
|
|
cat >> chroot/usr/local/sbin/unminimize <<'EOF'
|
|
|
|
if ! dpkg-query --show --showformat='${db:Status-Status}\n' ubuntu-minimal 2> /dev/null | grep -q '^installed$'; then
|
|
echo "Installing ubuntu-minimal package to provide the familiar Ubuntu minimal system..."
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y ubuntu-minimal ubuntu-standard
|
|
fi
|
|
|
|
if dpkg-query --show --showformat='${db:Status-Status}\n' ubuntu-server 2> /dev/null | grep -q '^installed$' \
|
|
&& ! dpkg-query --show --showformat='${db:Status-Status}\n' landscape-common 2> /dev/null | grep -q '^installed$'; then
|
|
echo "Installing ubuntu-server recommends..."
|
|
DEBIAN_FRONTEND=noninteractive apt-get install -y landscape-common
|
|
fi
|
|
EOF
|
|
fi
|
|
if [ "$PROJECT" = "ubuntu-cpc" ]; then
|
|
cat >> chroot/usr/local/sbin/unminimize <<'EOF'
|
|
|
|
echo "Removing lxd installer package..."
|
|
apt-get purge -y lxd-installer
|
|
|
|
echo "Installing lxd from snap..."
|
|
snap install lxd
|
|
EOF
|
|
fi
|
|
cat >> chroot/usr/local/sbin/unminimize <<'EOF'
|
|
|
|
# unminimization succeeded, there is no need to mention it in motd
|
|
rm -f /etc/update-motd.d/60-unminimize
|
|
EOF
|
|
chmod +x chroot/usr/local/sbin/unminimize
|
|
|
|
# inform users about the unminimize script
|
|
cat > "chroot/etc/update-motd.d/60-unminimize" << EOF
|
|
#!/bin/sh
|
|
#
|
|
# This file is not managed by a package. If you no longer want to
|
|
# see this message you can safely remove the file.
|
|
echo ""
|
|
echo "This system has been minimized by removing packages and content that are"
|
|
echo "not required on a system that users do not log into."
|
|
echo ""
|
|
echo "To restore this content, you can run the 'unminimize' command."
|
|
EOF
|
|
|
|
chmod +x chroot/etc/update-motd.d/60-unminimize
|
|
Chroot chroot "dpkg-divert --quiet --add \
|
|
--divert /usr/bin/man.REAL --rename \
|
|
/usr/bin/man"
|
|
cat > chroot/usr/bin/man << EOF
|
|
#!/bin/sh
|
|
echo "This system has been minimized by removing packages and content that are"
|
|
echo "not required on a system that users do not log into."
|
|
echo ""
|
|
echo "To restore this content, including manpages, you can run the 'unminimize'"
|
|
echo "command. You will still need to ensure the 'man-db' package is installed."
|
|
EOF
|
|
chmod +x chroot/usr/bin/man
|
|
fi
|
|
|
|
if [ -n "${PASSES}" ]; then
|
|
PATH="config/:$PATH" lb chroot_layered "$@"
|
|
else
|
|
divert_grub chroot
|
|
divert_update_initramfs
|
|
lb chroot "$@"
|
|
undivert_update_initramfs
|
|
undivert_grub chroot
|
|
fi
|
|
|
|
if [ -d chroot/etc/apt/preferences.d.save ]; then
|
|
# https://twitter.com/infinite_scream
|
|
mv chroot/etc/apt/preferences.d.save/* chroot/etc/apt/preferences.d/
|
|
rmdir chroot/etc/apt/preferences.d.save
|
|
fi
|
|
|
|
# Let all configuration non multi-layered project here.
|
|
# If those are moving to a multi-layer layout, this needs to be
|
|
# done in chroot hooks.
|
|
if [ -z "$PASSES" ]; then
|
|
if [ "${SUBPROJECT:-}" = minimized ]; then
|
|
# force removal of initramfs-tools, which we assert is not
|
|
# required for any minimized images but is still pulled in by
|
|
# default
|
|
# also remove landscape-common, which is heavyweight and
|
|
# in the server seed only to provide /etc/motd content which
|
|
# would only be seen by humans
|
|
Chroot chroot "env DEBIAN_FRONTEND=noninteractive \
|
|
apt-get -y purge initramfs-tools busybox-initramfs \
|
|
landscape-common"
|
|
# and if initramfs-tools was configured before our kernel,
|
|
# /etc/kernel/postinst.d/initramfs-tools will have created
|
|
# an initramfs despite the generic dpkg-divert; so remove it
|
|
# here.
|
|
rm -f chroot/boot/initrd.img-*
|
|
|
|
# temporary workaround: don't remove linux-base which
|
|
# may have no other reverse-depends currently
|
|
Chroot chroot "env DEBIAN_FRONTEND=noninteractive \
|
|
apt-mark manual linux-base"
|
|
Chroot chroot "env DEBIAN_FRONTEND=noninteractive \
|
|
apt-get -y --purge autoremove"
|
|
fi
|
|
|
|
configure_universe
|
|
|
|
if [ -d chroot/var/lib/preinstalled-pool ]; then
|
|
cat > config/indices/apt.conf <<-EOF
|
|
Dir {
|
|
ArchiveDir "chroot/var/lib/preinstalled-pool";
|
|
OverrideDir "config/indices";
|
|
CacheDir "config/indices";
|
|
}
|
|
Default { Packages::Compress ". bzip2"; }
|
|
TreeDefault { Directory "pool"; }
|
|
Tree "dists/$LB_DISTRIBUTION"
|
|
{
|
|
Sections "$LB_PARENT_ARCHIVE_AREAS";
|
|
Architectures "$LB_ARCHITECTURES";
|
|
BinOverride "override.$LB_DISTRIBUTION.\$(SECTION)";
|
|
ExtraOverride "override.$LB_DISTRIBUTION.extra.\$(SECTION)";
|
|
Contents " ";
|
|
}
|
|
EOF
|
|
for component in $LB_PARENT_ARCHIVE_AREAS; do
|
|
mkdir -p chroot/var/lib/preinstalled-pool/dists/$LB_DISTRIBUTION/$component/binary-$LB_ARCHITECTURES
|
|
done
|
|
apt-ftparchive generate config/indices/apt.conf
|
|
cat << @@EOF > chroot/etc/apt/sources.list.preinstall
|
|
# This is a sources.list entry for a small pool of packages
|
|
# provided on your preinstalled filesystem for your convenience.
|
|
#
|
|
# It is perfectly safe to delete both this entry and the directory
|
|
# it references, should you want to save disk space and fetch the
|
|
# packages remotely instead.
|
|
#
|
|
deb file:/var/lib/preinstalled-pool/ $LB_DISTRIBUTION $LB_PARENT_ARCHIVE_AREAS
|
|
#
|
|
@@EOF
|
|
|
|
cp chroot/etc/apt/sources.list chroot/etc/apt/sources.list.orig
|
|
cp chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list
|
|
|
|
echo "Waiting on gnupg ("$GPG_PROCESS") to finish generating a key."
|
|
wait $GPG_PROCESS
|
|
|
|
R_ORIGIN=$(lsb_release -i -s)
|
|
R_CODENAME=$(lsb_release -c -s)
|
|
R_VERSION=$(lsb_release -r -s)
|
|
R_PRETTYNAME=$(echo $R_CODENAME | sed -e 's/^\(.\)/\U\1/')
|
|
|
|
apt-ftparchive -o APT::FTPArchive::Release::Origin=$R_ORIGIN \
|
|
-o APT::FTPArchive::Release::Label=$R_ORIGIN \
|
|
-o APT::FTPArchive::Release::Suite=$R_CODENAME-local \
|
|
-o APT::FTPArchive::Release::Version=$R_VERSION \
|
|
-o APT::FTPArchive::Release::Codename=$R_CODENAME \
|
|
-o APT::FTPArchive::Release::Description="$R_ORIGIN $R_PRETTYNAME Local" \
|
|
release chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/ \
|
|
> config/gnupg/Release
|
|
|
|
gpg --home config/gnupg --detach-sign --armor config/gnupg/Release
|
|
mv config/gnupg/Release \
|
|
chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release
|
|
mv config/gnupg/Release.asc \
|
|
chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release.gpg
|
|
apt-key --keyring chroot/etc/apt/trusted.gpg add config/gnupg/pubring.gpg
|
|
find chroot/var/lib/preinstalled-pool/ -name Packages | xargs rm
|
|
|
|
Chroot chroot "apt-get update"
|
|
cat chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig \
|
|
> chroot/etc/apt/sources.list
|
|
rm chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig
|
|
fi
|
|
case $PROJECT:$SUBPROJECT in
|
|
*)
|
|
if [ -e "config/seeded-snaps" ]; then
|
|
snap_list=$(cat config/seeded-snaps)
|
|
preinstall_snaps $snap_list
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
if [ "$PROJECT" = "ubuntu-cpc" ]; then
|
|
if [ "${SUBPROJECT:-}" = minimized ]; then
|
|
BUILD_NAME=minimal
|
|
else
|
|
BUILD_NAME=server
|
|
fi
|
|
cat > chroot/etc/cloud/build.info << EOF
|
|
build_name: $BUILD_NAME
|
|
serial: $BUILDSTAMP
|
|
EOF
|
|
fi
|
|
|
|
if [ "$PROJECT" = "ubuntu-oci" ]; then
|
|
configure_oci chroot
|
|
fi
|
|
|
|
configure_network_manager
|
|
|
|
echo "===== Checking size of /usr/share/doc ====="
|
|
echo BEGIN docdirs
|
|
(cd chroot && find usr/share/doc -maxdepth 1 -type d | xargs du -s | sort -nr)
|
|
echo END docdirs
|
|
|
|
/usr/share/livecd-rootfs/minimize-manual chroot
|
|
|
|
clean_debian_chroot
|
|
fi
|
|
|
|
if [ -n "${PASSES}" ]; then
|
|
PATH="config/:$PATH" lb binary_layered "$@"
|
|
else
|
|
lb binary "$@"
|
|
fi
|
|
|
|
touch binary.success
|
|
) 2>&1 | tee binary.log
|
|
|
|
# bash has trouble with the build.sh sourcing arrangement at the top of this
|
|
# file, so we use this cheap-and-cheerful approach rather than the more
|
|
# correct 'set -o pipefail'.
|
|
if [ -e binary.success ]; then
|
|
rm -f binary.success
|
|
else
|
|
# Dump the magic-proxy log to stdout on failure to aid debugging
|
|
if [ -f /build/livecd.magic-proxy.log ] ; then
|
|
echo "================= Magic proxy log (start) ================="
|
|
cat /build/livecd.magic-proxy.log
|
|
echo "================== Magic proxy log (end) =================="
|
|
fi
|
|
exit 1
|
|
fi
|
|
|
|
case $LB_INITRAMFS in
|
|
casper)
|
|
INITFS="casper"
|
|
;;
|
|
|
|
live-boot)
|
|
INITFS="live"
|
|
;;
|
|
|
|
*)
|
|
INITFS="boot"
|
|
;;
|
|
esac
|
|
|
|
for OUTPUT in ext2 ext3 ext4 manifest manifest-remove size squashfs; do
|
|
[ -e "binary/$INITFS/filesystem.$OUTPUT" ] || continue
|
|
ln "binary/$INITFS/filesystem.$OUTPUT" "$PREFIX.$OUTPUT"
|
|
chmod 644 "$PREFIX.$OUTPUT"
|
|
done
|
|
|
|
# we don't need a manifest-remove for a layered-aware installer
|
|
if [ "$PROJECT" = "ubuntu" ] && [ "$SUBPROJECT" = "canary" ]; then
|
|
rm -f livecd.${PROJECT}-manifest-remove
|
|
rm -f config/manifest-minimal-remove
|
|
fi
|
|
|
|
if [ -e config/manifest-minimal-remove ]; then
|
|
cp config/manifest-minimal-remove "$PREFIX.manifest-minimal-remove"
|
|
fi
|
|
|
|
for ISO in binary.iso binary.hybrid.iso; do
|
|
[ -e "$ISO" ] || continue
|
|
ln "$ISO" "$PREFIX.iso"
|
|
chmod 644 "$PREFIX.iso"
|
|
break
|
|
done
|
|
|
|
if [ -e "binary/$INITFS/filesystem.dir" ]; then
|
|
(cd "binary/$INITFS/filesystem.dir/" && tar -c --sort=name --xattrs *) | \
|
|
gzip -9 --rsyncable > "$PREFIX.rootfs.tar.gz"
|
|
chmod 644 "$PREFIX.rootfs.tar.gz"
|
|
elif [ -e binary-tar.tar.gz ]; then
|
|
cp -a binary-tar.tar.gz "$PREFIX.rootfs.tar.gz"
|
|
fi
|
|
|
|
if [ "$PROJECT:${SUBPROJECT:-}" = "ubuntu-core:system-image" ]; then
|
|
if [ -e "binary/$INITFS/filesystem.dir" ]; then
|
|
rootfs="binary/$INITFS/filesystem.dir"
|
|
|
|
for dir in lib/modules lib/firmware writable meta; do
|
|
mkdir -p $rootfs/$dir
|
|
done
|
|
|
|
# get a proper version from the chroot
|
|
. $rootfs/etc/os-release
|
|
VERSION="$(echo $PRETTY_NAME | sed 's/[^0-9.]*//g')"
|
|
|
|
CORENAME="ubuntu-core"
|
|
cat > $rootfs/meta/snap.yaml <<EOF
|
|
name: $CORENAME
|
|
version: $VERSION
|
|
summary: The core runtime environment for snapd
|
|
architectures: [$ARCH]
|
|
type: os
|
|
EOF
|
|
|
|
apt-get -y install snapcraft
|
|
snapcraft snap $rootfs
|
|
|
|
snapfile="$(ls ${CORENAME}*.snap)"
|
|
cp -a $snapfile $PREFIX.os.snap
|
|
fi
|
|
fi
|
|
|
|
# '--initramfs none' produces different manifest names.
|
|
if [ -e "binary/$INITFS/filesystem.packages" ]; then
|
|
ln "binary/$INITFS/filesystem.packages" "$PREFIX.manifest"
|
|
chmod 644 "$PREFIX.manifest"
|
|
fi
|
|
if [ -e "binary/$INITFS/filesystem.packages-remove" ]; then
|
|
# Not a typo, empty manifest-remove has a single LF in it. :/
|
|
if [ $(cat binary/$INITFS/filesystem.packages-remove | wc -c) -gt 1 ]; then
|
|
ln "binary/$INITFS/filesystem.packages-remove" "$PREFIX.manifest-remove"
|
|
chmod 644 "$PREFIX.manifest-remove"
|
|
fi
|
|
fi
|
|
|
|
# Since snaps are now Ubuntu first-class citizen, so always try fetching the
|
|
# list of seeded snaps into the manifest. In case of layered images we skip
|
|
# this step, as we assume they're doing it on their own at some earlier stage.
|
|
if [ -z "$PASSES" ] && [ -e "$PREFIX.manifest" ]; then
|
|
./config/snap-seed-parse "chroot/" "$PREFIX.manifest"
|
|
fi
|
|
|
|
# ubuntu-core splits kernel stuff into a "device" tarball so
|
|
# at this point we reset it to "none" as all the work to extract it was done already
|
|
# in a binary hook
|
|
case $PROJECT:${SUBPROJECT:-} in
|
|
ubuntu-core:system-image)
|
|
|
|
# create device tarball (for snappy only atm)
|
|
if [ "$PROJECT:$SUBPROJECT" = "ubuntu-core:system-image" ]; then
|
|
case $ARCH in
|
|
armhf)
|
|
subarches="generic raspi2"
|
|
;;
|
|
arm64)
|
|
subarches="generic dragonboard"
|
|
;;
|
|
i386|amd64|powerpc|ppc64el|s390x)
|
|
subarches="generic"
|
|
;;
|
|
esac
|
|
|
|
# create a clean chroot
|
|
debootstrap --variant=minbase $LB_DISTRIBUTION chroot-device $LB_PARENT_MIRROR_BOOTSTRAP
|
|
|
|
# ... but keep the PPA setup
|
|
cp -a chroot/etc/apt/* chroot-device/etc/apt/
|
|
|
|
# ... and move it in place
|
|
rm -rf chroot
|
|
mv chroot-device chroot
|
|
|
|
for devarch in $subarches; do
|
|
(echo "I: creating $devarch device tarball for $ARCH"
|
|
HERE="$(pwd)"
|
|
set -x
|
|
|
|
linux_package="linux-image-$devarch"
|
|
case $ARCH in
|
|
amd64)
|
|
linux_package="linux-image-generic"
|
|
;;
|
|
arm64)
|
|
if [ "$devarch" = "dragonboard" ]; then
|
|
linux_package="linux-image-snapdragon linux-firmware-snapdragon"
|
|
fi
|
|
;;
|
|
armhf)
|
|
if [ "$devarch" = "raspi2" ]; then
|
|
linux_package="linux-image-raspi2"
|
|
fi
|
|
;;
|
|
ppc64el|s390x)
|
|
echo "I: skipping kernel and device tarball for $ARCH"
|
|
return
|
|
;;
|
|
esac
|
|
|
|
# make sure all virtual filesystems are available
|
|
lb chroot_proc install "$@"
|
|
lb chroot_sysfs install "$@"
|
|
lb chroot_devpts install "$@"
|
|
|
|
# prepare the env
|
|
Chroot chroot "apt-get -y update"
|
|
Chroot chroot "apt-get -y purge linux-image-*"
|
|
Chroot chroot "apt-get -y autoremove"
|
|
rm -rf chroot/boot/initrd.img* chroot/boot/vmlinu?-* chroot/lib/modules/* \
|
|
chroot/boot/abi-* chroot/boot/System.map-* chroot/boot/config-*
|
|
|
|
# install needed packages and the kernel itself
|
|
Chroot chroot "apt-get -y install initramfs-tools-ubuntu-core linux-firmware xz-utils"
|
|
Chroot chroot "apt-get -y install $linux_package"
|
|
|
|
Chroot chroot "dpkg -l" > chroot/dpkg.list
|
|
|
|
# clean up
|
|
lb chroot_devpts remove "$@"
|
|
lb chroot_sysfs remove "$@"
|
|
lb chroot_proc remove "$@"
|
|
|
|
# now build the actual device tarball
|
|
TMPDIR="$(mktemp -d)"
|
|
mkdir -p $TMPDIR/system/
|
|
mkdir -p $TMPDIR/assets/
|
|
|
|
cd chroot
|
|
cp -ar lib/modules/ $TMPDIR/system/
|
|
cp -ar lib/firmware/ $TMPDIR/system/
|
|
# FIXME: compat with the old kernel spec/old initramfs that
|
|
# expects lib/{modules,firmware}
|
|
#
|
|
# FIXME2: update the initramfs-tools-ubuntu-core scripts/ubuntu-core
|
|
# to look at the new location
|
|
mkdir $TMPDIR/system/lib
|
|
ln -s $TMPDIR/system/modules $TMPDIR/system/lib
|
|
ln -s $TMPDIR/system/firmware $TMPDIR/system/lib
|
|
|
|
# new assets handling
|
|
if [ -f boot/vmlinu?-*.signed ]; then
|
|
kernel=boot/vmlinu?-*.signed
|
|
else
|
|
kernel=boot/vmlinu?-*
|
|
fi
|
|
|
|
initrd=boot/initrd.img-*
|
|
|
|
cp -ar $initrd $TMPDIR/assets/
|
|
cp -ar $kernel $TMPDIR/assets/
|
|
cp -ar boot/abi-* boot/System.map-* boot/config-* $TMPDIR/assets/
|
|
|
|
dtbs=$(find lib/firmware -type d -name 'device-tree' -print0)
|
|
if [ -n "$dtbs" ]; then
|
|
mv "$dtbs" $TMPDIR/assets/dtbs
|
|
case $devarch in
|
|
raspi2)
|
|
# ubuntu-device-flash does not like subdirs here, we need to tar it up
|
|
if [ -e $TMPDIR/assets/dtbs/overlays ]; then
|
|
tar --sort=name -C $TMPDIR/assets/dtbs -f $TMPDIR/assets/dtbs/overlays.tgz -czv overlays
|
|
rm -rf $TMPDIR/assets/dtbs/overlays
|
|
fi
|
|
;;
|
|
dragonboard)
|
|
cp $TMPDIR/assets/dtbs/qcom/apq8016-sbc-snappy.dtb $TMPDIR/assets/dtbs/apq8016-sbc.dtb
|
|
# add special link needed by the dragonboard wifi driver
|
|
mkdir -p $TMPDIR/system/lib/firmware/wlan/
|
|
ln -s /run/macaddr0 $TMPDIR/system/lib/firmware/wlan/
|
|
;;
|
|
esac
|
|
fi
|
|
|
|
# copy dpkg manifest
|
|
cp -ar dpkg.list $TMPDIR/assets
|
|
|
|
# create hardware.yaml
|
|
# this assumes armhf == u-boot
|
|
# and all others grub
|
|
# common bits
|
|
cat > $TMPDIR/hardware.yaml << EOF
|
|
kernel: assets/$(basename $kernel)
|
|
initrd: assets/$(basename $initrd)
|
|
partition-layout: system-AB
|
|
EOF
|
|
# arch specific ones
|
|
if [ "$ARCH" = "armhf" ]; then
|
|
cat >> $TMPDIR/hardware.yaml << EOF
|
|
dtbs: assets/dtbs
|
|
bootloader: u-boot
|
|
EOF
|
|
else
|
|
cat >> $TMPDIR/hardware.yaml << EOF
|
|
bootloader: grub
|
|
EOF
|
|
fi
|
|
|
|
# compress everything
|
|
cd $TMPDIR
|
|
tarname="device.tar.gz"
|
|
manifestname="device.manifest"
|
|
if [ "$devarch" = "raspi2" ];then
|
|
tarname="raspi2.$tarname"
|
|
manifestname="$devarch.$manifestname"
|
|
elif [ "$devarch" = "dragonboard" ];then
|
|
tarname="$devarch.$tarname"
|
|
manifestname="$devarch.$manifestname"
|
|
fi
|
|
# create tarfile
|
|
tar -c --sort=name -z -f $HERE/$PREFIX.$tarname system assets hardware.yaml
|
|
|
|
# create device specific manifest to track kernel dpkg version
|
|
cp assets/dpkg.list $HERE/$PREFIX.$manifestname
|
|
|
|
# show size of initrd and kernel in the log
|
|
ls -lh assets/
|
|
|
|
# dump the content list into the log
|
|
echo "I: device tarball contents for $PREFIX.$tarname:"
|
|
find . -type f
|
|
|
|
# azure wants its own device tarball
|
|
if [ "$ARCH" = "amd64" ]; then
|
|
cp $HERE/$PREFIX.$tarname $HERE/$PREFIX.azure.$tarname
|
|
fi
|
|
|
|
# create snap
|
|
snapname="kernel.snap"
|
|
metaname=canonical-pc-linux
|
|
|
|
if [ "$devarch" = "raspi2" ];then
|
|
metaname=canonical-pi2-linux
|
|
snapname="$devarch.kernel.snap"
|
|
elif [ "$devarch" = "generic" ] && [ "$ARCH" = "armhf" ];then
|
|
metaname=canonical-bbb-linux
|
|
elif [ "$devarch" = "dragonboard" ] && [ "$ARCH" = "arm64" ];then
|
|
metaname=canonical-snapdragon-linux
|
|
snapname="$devarch.kernel.snap"
|
|
fi
|
|
|
|
rm -rf $HERE/snap || true
|
|
mkdir -p $HERE/snap/meta
|
|
cp -a $TMPDIR/assets/* $HERE/snap
|
|
cp -a $TMPDIR/system/* $HERE/snap
|
|
|
|
cd $HERE/snap
|
|
kernel="$(ls vmlinuz-*)"
|
|
initrd="$(ls initrd.img-*)"
|
|
# old kernel spec
|
|
ln -s $kernel vmlinuz
|
|
ln -s $initrd initrd.img
|
|
# new kernel spec
|
|
ln -s $kernel kernel.img
|
|
kvers="$(ls vmlinuz-*|sed 's/^.*vmlinuz-//;s/-[a-z.]*$//')"
|
|
|
|
VERSION=$kvers
|
|
|
|
cat > meta/kernel.yaml <<EOF
|
|
version: $kvers
|
|
EOF
|
|
|
|
cat > meta/snap.yaml <<EOF
|
|
name: $metaname
|
|
version: $VERSION
|
|
architectures: [$ARCH]
|
|
summary: The canonical $devarch $ARCH kernel
|
|
type: kernel
|
|
|
|
kernel: $(ls vmlinuz-*)
|
|
initrd: $(ls initrd.img-*)
|
|
modules: $(ls -d lib/modules/*)
|
|
firmware: lib/firmware
|
|
EOF
|
|
if [ -d dtbs ]; then
|
|
printf "dtbs: dtbs/ \n" >> meta/snap.yaml
|
|
fi
|
|
cd $HERE
|
|
|
|
apt-get -y install snapcraft
|
|
snapcraft snap snap
|
|
|
|
snapfile="$(ls $metaname*.snap)"
|
|
cp -a $snapfile $PREFIX.$snapname
|
|
)
|
|
done
|
|
fi
|
|
|
|
LB_LINUX_FLAVOURS=none
|
|
;;
|
|
esac
|
|
|
|
for FLAVOUR in $LB_LINUX_FLAVOURS; do
|
|
if [ -z "$LB_LINUX_FLAVOURS" ] || [ "$LB_LINUX_FLAVOURS" = "none" ]; then
|
|
continue
|
|
fi
|
|
case $FLAVOUR in
|
|
virtual|generic-hwe-*)
|
|
FLAVOUR="generic"
|
|
;;
|
|
lowlatency-hwe-*)
|
|
FLAVOUR="lowlatency"
|
|
;;
|
|
oem-*)
|
|
FLAVOUR="oem"
|
|
;;
|
|
esac
|
|
KVERS="$( (cd "binary/$INITFS"; ls vmlinu?-* 2>/dev/null || true) | (fgrep -v .efi || true) | sed -n "s/^vmlinu.-\\([^-]*-[^-]*-$FLAVOUR\\)$/\\1/p" )"
|
|
if [ -z "$KVERS" ]; then
|
|
if [ -e "binary/$INITFS/vmlinuz" ]; then
|
|
# already renamed by ubuntu-defaults-image
|
|
break
|
|
fi
|
|
echo "No kernel output for $FLAVOUR!" >&2
|
|
exit 1
|
|
fi
|
|
NUMKVERS="$(set -- $KVERS; echo $#)"
|
|
if [ "$NUMKVERS" -gt 1 ]; then
|
|
echo "Cannot handle more than one kernel for $FLAVOUR ($KVERS)!" >&2
|
|
exit 1
|
|
fi
|
|
ln "binary/$INITFS/"vmlinu?-"$KVERS" "$PREFIX.kernel-$FLAVOUR"
|
|
if [ -e "binary/$INITFS/"vmlinu?-"$KVERS.efi.signed" ]; then
|
|
ln "binary/$INITFS/"vmlinu?-"$KVERS.efi.signed" "$PREFIX.kernel-$FLAVOUR.efi.signed"
|
|
chmod 644 "$PREFIX.kernel-$FLAVOUR.efi.signed"
|
|
fi
|
|
chmod 644 "$PREFIX.kernel-$FLAVOUR"
|
|
if [ -e "binary/$INITFS/initrd.img-$KVERS" ]; then
|
|
ln "binary/$INITFS/initrd.img-$KVERS" "$PREFIX.initrd-$FLAVOUR"
|
|
chmod 644 "$PREFIX.initrd-$FLAVOUR"
|
|
fi
|
|
done
|
|
|
|
NUMFLAVOURS="$(set -- $LB_LINUX_FLAVOURS; echo $#)"
|
|
if [ "$NUMFLAVOURS" = 1 ] && [ "$LB_LINUX_FLAVOURS" != "none" ]; then
|
|
# only one kernel flavour
|
|
if [ -f "binary/$INITFS/vmlinuz" ] && ! [ -h "binary/$INITFS/vmlinuz" ]; then
|
|
ln "binary/$INITFS/vmlinuz" "$PREFIX.kernel"
|
|
chmod 644 "$PREFIX.kernel"
|
|
else
|
|
ln -sf "$PREFIX.kernel-$LB_LINUX_FLAVOURS" "$PREFIX.kernel"
|
|
fi
|
|
if [ -f "binary/$INITFS/initrd.lz" ] && ! [ -h "binary/$INITFS/initrd.lz" ]; then
|
|
ln "binary/$INITFS/initrd.lz" "$PREFIX.initrd"
|
|
chmod 644 "$PREFIX.initrd"
|
|
else
|
|
ln -sf "$PREFIX.initrd-$LB_LINUX_FLAVOURS" "$PREFIX.initrd"
|
|
fi
|
|
fi
|
|
|
|
case $SUBARCH in
|
|
raspi|raspi2)
|
|
# copy the kernel and initrd to a predictable directory for
|
|
# ubuntu-image consumption. In some cases, like in pi2/3
|
|
# u-boot, the bootloader needs to contain the kernel and initrd,
|
|
# so during rootfs build we copy it over to a directory that
|
|
# ubuntu-image looks for and shoves into the bootloader
|
|
# partition.
|
|
UBOOT_BOOT="image/boot/uboot"
|
|
|
|
mkdir -p $UBOOT_BOOT
|
|
|
|
cp $PREFIX.initrd $UBOOT_BOOT/initrd.img || true
|
|
cp $PREFIX.kernel $UBOOT_BOOT/vmlinuz || true
|
|
;;
|
|
esac
|
|
|
|
# LTSP chroot building (only in 32bit and for Edubuntu (DVD))
|
|
case $PROJECT in
|
|
edubuntu-dvd)
|
|
if [ "$ARCH" = i386 ]; then
|
|
echo "Building LTSP chroot"
|
|
ltsp-build-client --base $(pwd) --mirror $LB_PARENT_MIRROR_BOOTSTRAP --arch $ARCH --dist $LB_PARENT_DISTRIBUTION --chroot ltsp-live --late-packages ldm-edubuntu-theme,plymouth-theme-edubuntu --purge-chroot --skipimage
|
|
mkdir -p images
|
|
mksquashfs ltsp-live images/ltsp-live.img -e cdrom
|
|
rm -Rf ltsp-live
|
|
if [ -f images/ltsp-live.img ]; then
|
|
mv images/ltsp-live.img livecd.$PROJECT-ltsp.squashfs
|
|
chmod 0644 livecd.$PROJECT-ltsp.squashfs
|
|
rmdir --ignore-fail-on-non-empty images
|
|
else
|
|
echo "LTSP: Unable to build the chroot, see above for details."
|
|
fi
|
|
fi
|
|
;;
|
|
esac
|
|
|
|
if [ -f "config/magic-proxy.pid" ]; then
|
|
kill -TERM $(cat config/magic-proxy.pid)
|
|
rm -f config/magic-proxy.pid
|
|
|
|
# Remove previously-inserted iptables rule.
|
|
run_iptables -t nat -D OUTPUT -p tcp --dport 80 \
|
|
-m owner ! --uid-owner daemon -j REDIRECT --to 8080
|
|
fi
|
|
|
|
case $PROJECT in
|
|
ubuntu-cpc)
|
|
config/hooks.d/remove-implicit-artifacts
|
|
esac
|