mirror of
				https://git.launchpad.net/livecd-rootfs
				synced 2025-10-25 05:54:16 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			736 lines
		
	
	
		
			25 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
			
		
		
	
	
			736 lines
		
	
	
		
			25 KiB
		
	
	
	
		
			Bash
		
	
	
		
			Executable File
		
	
	
	
	
| #! /bin/sh
 | |
| set -e
 | |
| 
 | |
| export LC_ALL=C
 | |
| 
 | |
| ( . "${LIVE_BUILD}/scripts/build.sh" > /dev/null 2>&1 || true ) || . /usr/lib/live/build.sh
 | |
| 
 | |
| Arguments "${@}"
 | |
| 
 | |
| Read_conffiles config/all config/common config/bootstrap config/chroot config/binary config/source
 | |
| Set_defaults
 | |
| 
 | |
| if [ -z "${PROJECT:-}" ]; then
 | |
|     echo "PROJECT environment variable has to be set" >&2
 | |
|     exit 1
 | |
| fi
 | |
| 
 | |
| . config/functions
 | |
| 
 | |
| # New nf_tables-based versions of iptables don't work well on old kernels.
 | |
| # We aren't sure exactly how old is a problem: 4.15 works, but with 4.4 new
 | |
| # rules are added to all chains in the requested table rather than just one,
 | |
| # and the new rules seem to have no useful effect.  In such cases,
 | |
| # iptables-legacy works better.
 | |
| #
 | |
| # We can simplify this once livecd-rootfs no longer needs to support running
 | |
| # on Ubuntu 16.04 (that is, once Launchpad's build VMs are upgraded to
 | |
| # Ubuntu 18.04).
 | |
| run_iptables () {
 | |
|     local kver kver_major kver_minor
 | |
| 
 | |
|     kver="$(uname -r)"
 | |
|     kver="${kver%%-*}"
 | |
|     kver_major="${kver%%.*}"
 | |
|     kver="${kver#*.}"
 | |
|     kver_minor="${kver%%.*}"
 | |
| 
 | |
| 
 | |
|     # LP: #1917920
 | |
|     # I'm seeing issues after iptables got upgraded from 1.8.5 to
 | |
|     # 1.8.7 Somehow installing our nat rule doesn't get activated, and
 | |
|     # no networking is happening at all.
 | |
| 
 | |
|     # But somehow calling both iptables -S makes things start working.
 | |
|     # Maybe no default chains are installed in our network namespace?!
 | |
|     # Or 1.8.7 is somehow broken?
 | |
|     iptables -v -t nat -S
 | |
|     iptables-legacy -v -t nat -S
 | |
| 
 | |
|     if [ "$kver_major" -lt 4 ] || \
 | |
|        ([ "$kver_major" = 4 ] && [ "$kver_minor" -lt 15 ]); then
 | |
|         iptables-legacy "$@"
 | |
|     else
 | |
|         iptables "$@"
 | |
|     fi
 | |
| }
 | |
| 
 | |
| if [ -n "$REPO_SNAPSHOT_STAMP" ]; then
 | |
|     if [ "`whoami`" != "root" ]; then
 | |
|         echo "Magic repo snapshots only work when running as root." >&2
 | |
|         exit 1
 | |
|     fi
 | |
| 
 | |
|     apt-get -qyy install iptables
 | |
| 
 | |
|     # Redirect all outgoing traffic to port 80 to proxy instead.
 | |
|     run_iptables -v -t nat -A OUTPUT -p tcp --dport 80 \
 | |
|         -m owner ! --uid-owner daemon -j REDIRECT --to 8080
 | |
| 
 | |
|     # Run proxy as "daemon" to avoid infinite loop.
 | |
|     LB_PARENT_MIRROR_BOOTSTRAP=$LB_PARENT_MIRROR_BOOTSTRAP \
 | |
|     /usr/share/livecd-rootfs/magic-proxy \
 | |
|         --address="127.0.0.1" \
 | |
|         --port=8080 \
 | |
|         --run-as=daemon \
 | |
|         --cutoff-time="$REPO_SNAPSHOT_STAMP" \
 | |
|         --log-file=/build/livecd.magic-proxy.log \
 | |
|         --pid-file=config/magic-proxy.pid \
 | |
|         --background \
 | |
|         --setsid
 | |
| 
 | |
|     # Quick check that magic proxy & iptables chains are working
 | |
|     timeout 3m apt-get update
 | |
| fi
 | |
| 
 | |
| # Link output files somewhere launchpad-buildd will be able to find them.
 | |
| PREFIX="livecd.$PROJECT${SUBARCH:+-$SUBARCH}"
 | |
| 
 | |
| if [ "${IMAGEFORMAT:-}" = "ubuntu-image" ]; then
 | |
| 	# Use ubuntu-image instead of live-build
 | |
| 
 | |
| 	export SNAPPY_STORE_NO_CDN=1
 | |
| 	LB_UBUNTU_IMAGE_CHANNEL="${LB_UBUNTU_IMAGE_CHANNEL:-stable}"
 | |
| 	snap install \
 | |
|             --classic --channel="$LB_UBUNTU_IMAGE_CHANNEL" ubuntu-image
 | |
| 
 | |
| 	# TODO: eventually, this should be handled by a single ubuntu-image
 | |
| 	#  call without having to do a conditional on ubuntu-core/classic.
 | |
| 	#  We could already do that, but then we'd still have to do the
 | |
| 	#  compressing for the core images.
 | |
| 	if [ "$PROJECT" = "ubuntu-core" ]; then
 | |
| 		/snap/bin/ubuntu-image snap $UBUNTU_IMAGE_ARGS \
 | |
| 			-O output "$PREFIX".model-assertion
 | |
| 		# XXX: currently we only have one image generated, but really
 | |
| 		#  we should be supporting more than one for models that
 | |
| 		#  define those.
 | |
| 		mv output/*.img "$PREFIX".img
 | |
| 		xz -0 -T4 "$PREFIX".img
 | |
| 		mv output/seed.manifest "$PREFIX".manifest
 | |
| 	else
 | |
| 		/snap/bin/ubuntu-image classic --verbose $UBUNTU_IMAGE_ARGS \
 | |
| 			-O output "$IMAGE_DEFINITION"
 | |
| 		# Since the output of the ubuntu-image call can vary based on what
 | |
| 		# kind of an image we build, the safest bet is to 'export' all the
 | |
| 		# artifacts from the output directory. The image definition file
 | |
| 		# should be what defines what is expected, so that we don't have
 | |
| 		# to tweak livecd-rootfs everytime a different type of artifact
 | |
| 		# is needed.
 | |
| 		for artifact in output/*; do
 | |
| 			# We want to be dynamic, and want to support even
 | |
| 			# two-part extensions.
 | |
| 			filename=$(basename $artifact)
 | |
| 			noversion=$(echo $filename | sed 's/[0-9][0-9]\.[0-9][0-9]//')
 | |
| 			extension=${noversion#*.}
 | |
| 			mv $artifact "$PREFIX".$extension
 | |
| 		done
 | |
| 		[ -f $PREFIX.img ] && xz -0 -T4 "$PREFIX".img
 | |
| 	fi
 | |
| 
 | |
| 	exit 0
 | |
| fi
 | |
| 
 | |
| # Setup cleanup function
 | |
| Setup_cleanup
 | |
| 
 | |
| preinstall_snaps() {
 | |
| 	setup_mountpoint chroot
 | |
| 
 | |
| 	snap_prepare chroot
 | |
| 
 | |
| 	for snap in "$@"; do
 | |
| 		SNAP_NO_VALIDATE_SEED=1 snap_preseed chroot "${snap}"
 | |
| 	done
 | |
| 
 | |
| 	snap_validate_seed chroot
 | |
| 
 | |
| 	teardown_mountpoint chroot
 | |
| }
 | |
| 
 | |
| rm -f binary.success
 | |
| (
 | |
| 	if [ -d config/gnupg ]; then
 | |
| 		cat << @@EOF > config/gnupg/NEWKEY
 | |
| Key-Type: DSA
 | |
| Key-Length: 1024
 | |
| Key-Usage: sign
 | |
| Name-Real: Ubuntu Local Archive One-Time Signing Key
 | |
| Name-Email: cdimage@ubuntu.com
 | |
| Expire-Date: 0
 | |
| @@EOF
 | |
| 		gpg --home config/gnupg --gen-key --batch < config/gnupg/NEWKEY \
 | |
| 			> config/gnupg/generate.log 2>&1 &
 | |
| 		GPG_PROCESS=$!
 | |
| 	fi
 | |
| 
 | |
| 	lb bootstrap "$@"
 | |
| 
 | |
|         case $PROJECT:${SUBPROJECT:-} in
 | |
| 		ubuntu-server:*|ubuntu-cpc:*|ubuntu:desktop-preinstalled|ubuntu-wsl:*)
 | |
| 			# Set locale to C.UTF-8 by default. We should
 | |
| 			# probably do this for all images early in the
 | |
| 			# 18.10 cycle but for now just do it for
 | |
| 			# server and cpc products.
 | |
| 			echo "LANG=C.UTF-8" > chroot/etc/default/locale
 | |
| 			;;
 | |
| 	esac
 | |
| 
 | |
| 	if [ "${SUBPROJECT:-}" = minimized ] \
 | |
| 	   && ! Chroot chroot dpkg -l tzdata 2>&1 |grep -q ^ii; then
 | |
| 		# workaround for tzdata purge not removing these files
 | |
| 		rm -f chroot/etc/localtime chroot/etc/timezone
 | |
| 	fi
 | |
| 
 | |
| 	if [ "${SUBPROJECT:-}" = minimized ] || [ "${PROJECT}" = "ubuntu-server" ]; then
 | |
| 		# ubuntu-server has a minimized base layer so needs
 | |
| 		# minimizations applied to the chroot
 | |
| 
 | |
| 		# set up dpkg filters to skip installing docs on minimized system
 | |
| 		mkdir -p chroot/etc/dpkg/dpkg.cfg.d
 | |
| 		cat > chroot/etc/dpkg/dpkg.cfg.d/excludes <<EOF
 | |
| # Drop all man pages
 | |
| path-exclude=/usr/share/man/*
 | |
| 
 | |
| # Drop all translations
 | |
| path-exclude=/usr/share/locale/*/LC_MESSAGES/*.mo
 | |
| 
 | |
| # Drop all documentation ...
 | |
| path-exclude=/usr/share/doc/*
 | |
| 
 | |
| # ... except copyright files ...
 | |
| path-include=/usr/share/doc/*/copyright
 | |
| 
 | |
| # ... and Debian changelogs for native & non-native packages
 | |
| path-include=/usr/share/doc/*/changelog.*
 | |
| EOF
 | |
| 
 | |
| 		# Remove docs installed by bootstrap
 | |
| 		Chroot chroot dpkg-query -f '${binary:Package}\n' -W | Chroot chroot xargs -L1 apt-get install --reinstall
 | |
| 
 | |
|                 # Add unminimizer script which restores default image behavior
 | |
|                 mkdir -p chroot/usr/local/sbin
 | |
|                 cat > chroot/usr/local/sbin/unminimize <<'EOF'
 | |
| #!/bin/sh
 | |
| 
 | |
| set -e
 | |
| 
 | |
| echo "This system has been minimized by removing packages and content that are"
 | |
| echo "not required on a system that users do not log into."
 | |
| echo ""
 | |
| echo "This script restores content and packages that are found on a default"
 | |
| echo "Ubuntu server system in order to make this system more suitable for"
 | |
| echo "interactive use."
 | |
| echo ""
 | |
| echo "Reinstallation of packages may fail due to changes to the system"
 | |
| echo "configuration, the presence of third-party packages, or for other"
 | |
| echo "reasons."
 | |
| echo ""
 | |
| echo "This operation may take some time."
 | |
| echo ""
 | |
| read -p "Would you like to continue? [y/N] " REPLY
 | |
| echo    # (optional) move to a new line
 | |
| if [ "$REPLY" != "y" ] && [ "$REPLY" != "Y" ]
 | |
| then
 | |
|     exit 1
 | |
| fi
 | |
| 
 | |
| if [ -f /etc/dpkg/dpkg.cfg.d/excludes ] || [ -f /etc/dpkg/dpkg.cfg.d/excludes.dpkg-tmp ]; then
 | |
|     echo "Re-enabling installation of all documentation in dpkg..."
 | |
|     if [ -f /etc/dpkg/dpkg.cfg.d/excludes ]; then
 | |
|         mv /etc/dpkg/dpkg.cfg.d/excludes /etc/dpkg/dpkg.cfg.d/excludes.dpkg-tmp
 | |
|     fi
 | |
|     echo "Updating package list and upgrading packages..."
 | |
|     apt-get update
 | |
|     # apt-get upgrade asks for confirmation before upgrading packages to let the user stop here
 | |
|     apt-get upgrade
 | |
|     echo "Restoring system documentation..."
 | |
|     echo "Reinstalling packages with files in /usr/share/man/ ..."
 | |
|     # Reinstallation takes place in two steps because a single dpkg --verified
 | |
|     # command generates very long parameter list for "xargs dpkg -S" and may go
 | |
|     # over ARG_MAX. Since many packages have man pages the second download
 | |
|     # handles a much smaller amount of packages.
 | |
|     dpkg -S /usr/share/man/ |sed 's|, |\n|g;s|: [^:]*$||' | DEBIAN_FRONTEND=noninteractive xargs apt-get install --reinstall -y
 | |
|     echo "Reinstalling packages with system documentation in /usr/share/doc/ .."
 | |
|     # This step processes the packages which still have missing documentation
 | |
|     dpkg --verify --verify-format rpm | awk '$2 ~ /\/usr\/share\/doc/ {print $2}' | sed 's|/[^/]*$||' | sort | uniq \
 | |
|          | xargs dpkg -S | sed 's|, |\n|g;s|: [^:]*$||' | uniq | DEBIAN_FRONTEND=noninteractive xargs apt-get install --reinstall -y
 | |
|     echo "Restoring system translations..."
 | |
|     # This step processes the packages which still have missing translations
 | |
|     dpkg --verify --verify-format rpm | awk '$2 ~ /\/usr\/share\/locale/ {print $2}' | sed 's|/[^/]*$||' | sort | uniq \
 | |
|          | xargs dpkg -S | sed 's|, |\n|g;s|: [^:]*$||' | uniq | DEBIAN_FRONTEND=noninteractive xargs apt-get install --reinstall -y
 | |
|     if dpkg --verify --verify-format rpm | awk '$2 ~ /\/usr\/share\/doc/ {exit 1}'; then
 | |
|         echo "Documentation has been restored successfully."
 | |
|         rm /etc/dpkg/dpkg.cfg.d/excludes.dpkg-tmp
 | |
|     else
 | |
|         echo "There are still files missing from /usr/share/doc/:"
 | |
|         dpkg --verify --verify-format rpm | awk '$2 ~ /\/usr\/share\/doc/ {print " " $2}'
 | |
|         echo "You may want to try running this script again or you can remove"
 | |
|         echo "/etc/dpkg/dpkg.cfg.d/excludes.dpkg-tmp and restore the files manually."
 | |
|     fi
 | |
| fi
 | |
| 
 | |
| if  [ "$(dpkg-divert --truename /usr/bin/man)" = "/usr/bin/man.REAL" ]; then
 | |
|     # Remove diverted man binary
 | |
|     rm -f /usr/bin/man
 | |
|     dpkg-divert --quiet --remove --rename /usr/bin/man
 | |
| fi
 | |
| EOF
 | |
| 
 | |
|                 if [ "$PROJECT" != "ubuntu-base" ] && [ "$PROJECT" != "ubuntu-oci" ]; then
 | |
|                     	# ubuntu-minimal is too much for a docker container (it contains
 | |
|                     	# systemd and other things)
 | |
| 	                cat >> chroot/usr/local/sbin/unminimize <<'EOF'
 | |
| 
 | |
| if ! dpkg-query --show --showformat='${db:Status-Status}\n' ubuntu-minimal 2> /dev/null | grep -q '^installed$'; then
 | |
|     echo "Installing ubuntu-minimal package to provide the familiar Ubuntu minimal system..."
 | |
|     DEBIAN_FRONTEND=noninteractive apt-get install -y ubuntu-minimal ubuntu-standard
 | |
| fi
 | |
| 
 | |
| if dpkg-query --show --showformat='${db:Status-Status}\n' ubuntu-server 2> /dev/null | grep -q '^installed$' \
 | |
|    && ! dpkg-query --show --showformat='${db:Status-Status}\n' landscape-common 2> /dev/null | grep -q '^installed$'; then
 | |
|     echo "Installing ubuntu-server recommends..."
 | |
|     DEBIAN_FRONTEND=noninteractive apt-get install -y landscape-common
 | |
| fi
 | |
| EOF
 | |
|                 fi
 | |
| 
 | |
|                 if [ "$PROJECT" = "ubuntu-cpc" ]; then
 | |
|                   # we'd like to transform a minimized image to a base image
 | |
|                   # when unminimize is run.
 | |
|                   cat >> chroot/usr/local/sbin/unminimize <<'EOF'
 | |
| 
 | |
| # even if ubuntu-server is installed, we should re-install it with --fix-policy --install-recommends
 | |
| # to ensure all the Recommends of dependencies of ubuntu-server are installed, which aids in transforming
 | |
| # this minimized image to an equivalent base image.
 | |
| DEBIAN_FRONTEND=noninteractive apt-get --reinstall --fix-policy --install-recommends install -y ubuntu-server
 | |
| 
 | |
| if dpkg-query --show --showformat='${db:Status-Status}\n' linux-image-virtual 2> /dev/null | grep -q '^installed$'; then
 | |
|     echo "Installing linux-virtual for installing the headers which were stripped in a minimized image"
 | |
|     DEBIAN_FRONTEND=noninteractive apt-get install -y linux-virtual
 | |
| fi
 | |
| EOF
 | |
| 
 | |
| fi
 | |
| 		if [ "$PROJECT" = "ubuntu-cpc" ] || [ "$PROJECT" = "ubuntu-server" ]; then
 | |
| 			cat >> chroot/usr/local/sbin/unminimize <<'EOF'
 | |
| 
 | |
| echo "Removing lxd installer package..."
 | |
| apt-get purge -y lxd-installer
 | |
| 
 | |
| . /etc/os-release
 | |
| echo "Installing lxd from snap from stable/ubuntu-$VERSION_ID channel"
 | |
| snap install --channel="stable/ubuntu-$VERSION_ID" lxd
 | |
| EOF
 | |
| 		fi
 | |
| 		cat >> chroot/usr/local/sbin/unminimize <<'EOF'
 | |
| 
 | |
| # unminimization succeeded, there is no need to mention it in motd
 | |
| rm -f /etc/update-motd.d/60-unminimize
 | |
| EOF
 | |
|                 chmod +x chroot/usr/local/sbin/unminimize
 | |
| 
 | |
| 		# inform users about the unminimize script
 | |
| 		cat > "chroot/etc/update-motd.d/60-unminimize" << EOF
 | |
| #!/bin/sh
 | |
| #
 | |
| # This file is not managed by a package.  If you no longer want to
 | |
| # see this message you can safely remove the file.
 | |
| echo ""
 | |
| echo "This system has been minimized by removing packages and content that are"
 | |
| echo "not required on a system that users do not log into."
 | |
| echo ""
 | |
| echo "To restore this content, you can run the 'unminimize' command."
 | |
| EOF
 | |
| 
 | |
| 		chmod +x chroot/etc/update-motd.d/60-unminimize
 | |
| 		Chroot chroot "dpkg-divert --quiet --add \
 | |
| 			--divert /usr/bin/man.REAL --rename \
 | |
| 			/usr/bin/man"
 | |
| 		cat > chroot/usr/bin/man << EOF
 | |
| #!/bin/sh
 | |
| echo "This system has been minimized by removing packages and content that are"
 | |
| echo "not required on a system that users do not log into."
 | |
| echo ""
 | |
| echo "To restore this content, including manpages, you can run the 'unminimize'"
 | |
| echo "command. You will still need to ensure the 'man-db' package is installed."
 | |
| EOF
 | |
|                 chmod +x chroot/usr/bin/man
 | |
| 	fi
 | |
| 
 | |
| 	if [ "${SUBPROJECT:-}" != minimized ] \
 | |
| 	   && [ "${PROJECT}" != "ubuntu-server" ]
 | |
| 	then
 | |
| 		# debootstrap doesn't handle Recommends and fixing this is
 | |
| 		# non-trivial, so install missing Recommends here
 | |
| 		echo "Installing any missing recommends"
 | |
| 		Chroot chroot "env DEBIAN_FRONTEND=noninteractive \
 | |
| 			apt-get -y --fix-policy install"
 | |
| 	fi
 | |
| 
 | |
| 	if [ -n "${PASSES}" ]; then
 | |
| 		PATH="config/:$PATH" lb chroot_layered "$@"
 | |
| 	else
 | |
| 		divert_grub chroot
 | |
| 		divert_update_initramfs
 | |
| 		lb chroot "$@"
 | |
| 		undivert_update_initramfs
 | |
| 		undivert_grub chroot
 | |
| 	fi
 | |
| 
 | |
| 	if [ -d chroot/etc/apt/preferences.d.save ]; then
 | |
| 		# https://mastodon.social/@scream@botsin.space
 | |
| 		mv chroot/etc/apt/preferences.d.save/* chroot/etc/apt/preferences.d/
 | |
| 		rmdir chroot/etc/apt/preferences.d.save
 | |
| 	fi
 | |
| 
 | |
| 	# Let all configuration non multi-layered project here.
 | |
| 	# If those are moving to a multi-layer layout, this needs to be
 | |
| 	# done in chroot hooks.
 | |
| 	if [ -z "$PASSES" ]; then
 | |
| 		if [ "${SUBPROJECT:-}" = minimized ]; then
 | |
| 			# ubuntu-cpc has moved to using ubuntu-cloud-minimal seed
 | |
| 			# for minimized images, so don't need these purges anymore.
 | |
| 			if [ "$PROJECT" != ubuntu-cpc ]; then
 | |
| 				# force removal of initramfs-tools, which we assert is not
 | |
| 				# required for any minimized images but is still pulled in by
 | |
| 				# default
 | |
| 				# also remove landscape-common, which is heavyweight and
 | |
| 				# in the server seed only to provide /etc/motd content which
 | |
| 				# would only be seen by humans
 | |
| 				Chroot chroot "env DEBIAN_FRONTEND=noninteractive \
 | |
| 					apt-get -y purge initramfs-tools busybox-initramfs \
 | |
| 						landscape-common"
 | |
| 				# and if initramfs-tools was configured before our kernel,
 | |
| 				# /etc/kernel/postinst.d/initramfs-tools will have created
 | |
| 				# an initramfs despite the generic dpkg-divert; so remove it
 | |
| 				# here.
 | |
| 				rm -f chroot/boot/initrd.img-*
 | |
| 			fi
 | |
| 			# temporary workaround: don't remove linux-base which
 | |
| 			# may have no other reverse-depends currently
 | |
| 			Chroot chroot "env DEBIAN_FRONTEND=noninteractive \
 | |
| 				apt-mark manual linux-base"
 | |
| 			Chroot chroot "env DEBIAN_FRONTEND=noninteractive \
 | |
| 				apt-get -y --purge autoremove"
 | |
| 		fi
 | |
| 
 | |
| 		configure_universe
 | |
| 
 | |
| 		if [ -d chroot/var/lib/preinstalled-pool ]; then
 | |
| 			cat > config/indices/apt.conf <<-EOF
 | |
| Dir {
 | |
|  ArchiveDir "chroot/var/lib/preinstalled-pool";
 | |
|  OverrideDir "config/indices";
 | |
|  CacheDir "config/indices";
 | |
| }
 | |
| Default { Packages::Compress ". bzip2"; }
 | |
| TreeDefault { Directory "pool"; }
 | |
| Tree "dists/$LB_DISTRIBUTION"
 | |
| {
 | |
|  Sections "$LB_PARENT_ARCHIVE_AREAS";
 | |
|  Architectures "$LB_ARCHITECTURES";
 | |
|  BinOverride "override.$LB_DISTRIBUTION.\$(SECTION)";
 | |
|  ExtraOverride "override.$LB_DISTRIBUTION.extra.\$(SECTION)";
 | |
|  Contents " ";
 | |
| }
 | |
| EOF
 | |
| 			for component in $LB_PARENT_ARCHIVE_AREAS; do
 | |
| 				mkdir -p chroot/var/lib/preinstalled-pool/dists/$LB_DISTRIBUTION/$component/binary-$LB_ARCHITECTURES
 | |
| 			done
 | |
| 			apt-ftparchive generate config/indices/apt.conf
 | |
| 			cat << @@EOF > chroot/etc/apt/sources.list.preinstall
 | |
| # This is a sources.list entry for a small pool of packages
 | |
| # provided on your preinstalled filesystem for your convenience.
 | |
| #
 | |
| # It is perfectly safe to delete both this entry and the directory
 | |
| # it references, should you want to save disk space and fetch the
 | |
| # packages remotely instead.
 | |
| #
 | |
| deb file:/var/lib/preinstalled-pool/ $LB_DISTRIBUTION $LB_PARENT_ARCHIVE_AREAS
 | |
| #
 | |
| @@EOF
 | |
| 
 | |
| 			cp chroot/etc/apt/sources.list chroot/etc/apt/sources.list.orig
 | |
| 			cp chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list
 | |
| 
 | |
| 			echo "Waiting on gnupg ("$GPG_PROCESS") to finish generating a key."
 | |
| 			wait $GPG_PROCESS
 | |
| 
 | |
| 			R_ORIGIN=$(lsb_release -i -s)
 | |
| 			R_CODENAME=$(lsb_release -c -s)
 | |
| 			R_VERSION=$(lsb_release -r -s)
 | |
| 			R_PRETTYNAME=$(echo $R_CODENAME | sed -e 's/^\(.\)/\U\1/')
 | |
| 
 | |
| 			apt-ftparchive -o APT::FTPArchive::Release::Origin=$R_ORIGIN \
 | |
| 				-o APT::FTPArchive::Release::Label=$R_ORIGIN \
 | |
| 				-o APT::FTPArchive::Release::Suite=$R_CODENAME-local \
 | |
| 				-o APT::FTPArchive::Release::Version=$R_VERSION \
 | |
| 				-o APT::FTPArchive::Release::Codename=$R_CODENAME \
 | |
| 				-o APT::FTPArchive::Release::Description="$R_ORIGIN $R_PRETTYNAME Local" \
 | |
| 				release chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/ \
 | |
| 					> config/gnupg/Release
 | |
| 
 | |
| 			gpg --home config/gnupg --detach-sign --armor config/gnupg/Release
 | |
| 			mv config/gnupg/Release \
 | |
| 				chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release
 | |
| 			mv config/gnupg/Release.asc \
 | |
| 				chroot/var/lib/preinstalled-pool/dists/$R_CODENAME/Release.gpg
 | |
| 			cp config/gnupg/pubring.gpg chroot/etc/apt/trusted.gpg.d/livecd-rootfs.gpg
 | |
| 			find chroot/var/lib/preinstalled-pool/ -name Packages | xargs rm
 | |
| 
 | |
| 			Chroot chroot "apt-get update"
 | |
| 			cat chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig \
 | |
| 				> chroot/etc/apt/sources.list
 | |
| 			rm chroot/etc/apt/sources.list.preinstall chroot/etc/apt/sources.list.orig
 | |
| 		fi
 | |
| 		case $PROJECT:$SUBPROJECT in
 | |
| 			*)
 | |
| 				if [ -e "config/seeded-snaps" ]; then
 | |
| 					snap_list=$(cat config/seeded-snaps)
 | |
| 					preinstall_snaps $snap_list
 | |
| 				fi
 | |
| 				;;
 | |
| 		esac
 | |
| 
 | |
| 		if [ "$PROJECT" = "ubuntu-cpc" ]; then
 | |
| 			if [ "${SUBPROJECT:-}" = minimized ]; then
 | |
| 				BUILD_NAME=minimal
 | |
| 			else
 | |
| 				BUILD_NAME=server
 | |
| 			fi
 | |
| 			cat > chroot/etc/cloud/build.info << EOF
 | |
| build_name: $BUILD_NAME
 | |
| serial: $BUILDSTAMP
 | |
| EOF
 | |
| 		fi
 | |
| 
 | |
| 		if [ "$PROJECT" = "ubuntu-oci" ]; then
 | |
| 			if [ -n "$BUILDSTAMP" ]; then
 | |
| 				configure_oci chroot "$BUILDSTAMP"
 | |
| 			else
 | |
| 				echo "The \$BUILDSTAMP variable is empty"
 | |
| 				exit 1
 | |
| 			fi
 | |
| 		fi
 | |
| 
 | |
| 		configure_network_manager
 | |
| 
 | |
| 		echo "===== Checking size of /usr/share/doc ====="
 | |
| 		echo BEGIN docdirs
 | |
| 		(cd chroot && find usr/share/doc -maxdepth 1 -type d | xargs du -s | sort -nr)
 | |
| 		echo END docdirs
 | |
| 
 | |
| 		/usr/share/livecd-rootfs/minimize-manual chroot
 | |
| 
 | |
| 		clean_debian_chroot
 | |
| 	fi
 | |
| 
 | |
| 	# XXX: Terrible last-minute hack to work-around issue LP: #2008082 !
 | |
| 	#  This basically needs to be done better, we simply need to make sure
 | |
| 	#  that we don't update the cache after lb cleans up. Since identifying
 | |
| 	#  that might take a moment, for now, for flavors that are generally
 | |
| 	#  affected by this, we manually clear out the archive-related Packages
 | |
| 	#  files in the cache.
 | |
| 	case $PROJECT in
 | |
| 		ubuntu|xubuntu|kubuntu|ubuntu-budgie|ubuntukylin|ubuntu-mate|ubuntucinnamon|ubuntu-unity|edubuntu)
 | |
| 			rm -f chroot/var/lib/apt/lists/*ubuntu.com*_Packages
 | |
| 			;;
 | |
| 	esac
 | |
| 
 | |
| 	if [ -n "${PASSES}" ]; then
 | |
| 		PATH="config/:$PATH" lb binary_layered "$@"
 | |
| 	else
 | |
| 		lb binary "$@"
 | |
| 	fi
 | |
| 
 | |
| 	touch binary.success
 | |
| ) 2>&1 | tee binary.log
 | |
| 
 | |
| # bash has trouble with the build.sh sourcing arrangement at the top of this
 | |
| # file, so we use this cheap-and-cheerful approach rather than the more
 | |
| # correct 'set -o pipefail'.
 | |
| if [ -e binary.success ]; then
 | |
| 	rm -f binary.success
 | |
| else
 | |
| 	# Dump the magic-proxy log to stdout on failure to aid debugging
 | |
| 	if [ -f /build/livecd.magic-proxy.log ] ; then
 | |
| 		echo "================= Magic proxy log (start) ================="
 | |
| 		cat /build/livecd.magic-proxy.log
 | |
| 		echo "================== Magic proxy log (end) =================="
 | |
| 	fi
 | |
| 	exit 1
 | |
| fi
 | |
| 
 | |
| case $LB_INITRAMFS in
 | |
| 	casper)
 | |
| 		INITFS="casper"
 | |
| 		;;
 | |
| 
 | |
| 	live-boot)
 | |
| 		INITFS="live"
 | |
| 		;;
 | |
| 
 | |
| 	*)
 | |
| 		INITFS="boot"
 | |
| 		;;
 | |
| esac
 | |
| 
 | |
| for OUTPUT in ext2 ext3 ext4 manifest manifest-remove size squashfs; do
 | |
| 	[ -e "binary/$INITFS/filesystem.$OUTPUT" ] || continue
 | |
| 	ln "binary/$INITFS/filesystem.$OUTPUT" "$PREFIX.$OUTPUT"
 | |
| 	chmod 644 "$PREFIX.$OUTPUT"
 | |
| done
 | |
| 
 | |
| # we don't need a manifest-remove for a layered-aware installer
 | |
| if [ "$SUBPROJECT" != "legacy" ]; then
 | |
| 	# here we have a list of all new-installer flavors
 | |
| 	case $PROJECT in
 | |
| 		ubuntu|ubuntu-budgie)
 | |
| 			rm -f livecd.${PROJECT}-manifest-remove
 | |
| 			rm -f config/manifest-minimal-remove
 | |
| 			;;
 | |
| 	esac
 | |
| fi
 | |
| 
 | |
| if [ -e config/manifest-minimal-remove ]; then
 | |
|         cp config/manifest-minimal-remove  "$PREFIX.manifest-minimal-remove"
 | |
| fi
 | |
| 
 | |
| for ISO in binary.iso binary.hybrid.iso; do
 | |
| 	[ -e "$ISO" ] || continue
 | |
| 	ln "$ISO" "$PREFIX.iso"
 | |
| 	chmod 644 "$PREFIX.iso"
 | |
| 	break
 | |
| done
 | |
| 
 | |
| if [ -e "binary/$INITFS/filesystem.dir" ]; then
 | |
| 	(cd "binary/$INITFS/filesystem.dir/" && tar -c --sort=name --xattrs *) | \
 | |
| 		gzip -9 --rsyncable > "$PREFIX.rootfs.tar.gz"
 | |
| 	chmod 644 "$PREFIX.rootfs.tar.gz"
 | |
| elif [ -e binary-tar.tar.gz ]; then
 | |
| 	cp -a binary-tar.tar.gz "$PREFIX.rootfs.tar.gz"
 | |
| fi
 | |
| 
 | |
| # '--initramfs none' produces different manifest names.
 | |
| if [ -e "binary/$INITFS/filesystem.packages" ]; then
 | |
| 	ln "binary/$INITFS/filesystem.packages" "$PREFIX.manifest"
 | |
| 	chmod 644 "$PREFIX.manifest"
 | |
| fi
 | |
| 
 | |
| # If a .filelist is present, use it as the filelist for the image by
 | |
| # symlinking with expected name and updating permissions
 | |
| if [ -e "binary/$INITFS/filesystem.filelist" ]; then
 | |
| 	ln "binary/$INITFS/filesystem.filelist" "$PREFIX.filelist"
 | |
| 	chmod 644 "$PREFIX.filelist"
 | |
| fi
 | |
| 
 | |
| if [ -e "binary/$INITFS/filesystem.packages-remove" ]; then
 | |
| 	# Not a typo, empty manifest-remove has a single LF in it. :/
 | |
| 	if [ $(cat binary/$INITFS/filesystem.packages-remove | wc -c) -gt 1 ]; then
 | |
| 		ln "binary/$INITFS/filesystem.packages-remove" "$PREFIX.manifest-remove"
 | |
| 		chmod 644 "$PREFIX.manifest-remove"
 | |
| 	fi
 | |
| fi
 | |
| 
 | |
| # Since snaps are now Ubuntu first-class citizen, so always try fetching the
 | |
| # list of seeded snaps into the manifest.  In case of layered images we skip
 | |
| # this step, as we assume they're doing it on their own at some earlier stage.
 | |
| if [ -z "$PASSES" ] && [ -e "$PREFIX.manifest" ]; then
 | |
| 	./config/snap-seed-parse "chroot/" "$PREFIX.manifest"
 | |
| fi
 | |
| 
 | |
| for FLAVOUR in $LB_LINUX_FLAVOURS; do
 | |
| 	if [ -z "$LB_LINUX_FLAVOURS" ] || [ "$LB_LINUX_FLAVOURS" = "none" ]; then
 | |
| 		continue
 | |
| 	fi
 | |
| 	case $FLAVOUR in
 | |
| 		allwinner|virtual|generic-hwe-*)
 | |
| 			FLAVOUR="generic"
 | |
| 			;;
 | |
| 		oem-*)
 | |
| 			FLAVOUR="oem"
 | |
| 			;;
 | |
| 		laptop-*)
 | |
| 			FLAVOUR="laptop"
 | |
| 			;;
 | |
| 		image-intel)
 | |
| 			FLAVOUR="intel"
 | |
| 			;;
 | |
| 		intel-iotg*)
 | |
| 			FLAVOUR="intel-iotg"
 | |
| 			;;
 | |
| 	esac
 | |
| 	KVERS="$( (cd "binary/$INITFS"; ls vmlinu?-* 2>/dev/null || true) | (fgrep -v .efi || true) | sed -n "s/^vmlinu.-\\([^-]*-[^-]*-$FLAVOUR\\)$/\\1/p" )"
 | |
| 	if [ -z "$KVERS" ]; then
 | |
| 		if [ -e "binary/$INITFS/vmlinuz" ]; then
 | |
| 			# already renamed by ubuntu-defaults-image
 | |
| 			break
 | |
| 		fi
 | |
| 		echo "No kernel output for $FLAVOUR!" >&2
 | |
| 		exit 1
 | |
| 	fi
 | |
| 	NUMKVERS="$(set -- $KVERS; echo $#)"
 | |
| 	if [ "$NUMKVERS" -gt 1 ]; then
 | |
| 		echo "Cannot handle more than one kernel for $FLAVOUR ($KVERS)!" >&2
 | |
| 		exit 1
 | |
| 	fi
 | |
| 	ln "binary/$INITFS/"vmlinu?-"$KVERS" "$PREFIX.kernel-$FLAVOUR"
 | |
| 	if [ -e "binary/$INITFS/"vmlinu?-"$KVERS.efi.signed" ]; then
 | |
| 		ln "binary/$INITFS/"vmlinu?-"$KVERS.efi.signed" "$PREFIX.kernel-$FLAVOUR.efi.signed"
 | |
| 		chmod 644 "$PREFIX.kernel-$FLAVOUR.efi.signed"
 | |
| 	fi
 | |
| 	chmod 644 "$PREFIX.kernel-$FLAVOUR"
 | |
| 	if [ -e "binary/$INITFS/initrd.img-$KVERS" ]; then
 | |
| 		ln "binary/$INITFS/initrd.img-$KVERS" "$PREFIX.initrd-$FLAVOUR"
 | |
| 		chmod 644 "$PREFIX.initrd-$FLAVOUR"
 | |
| 	fi
 | |
| done
 | |
| 
 | |
| NUMFLAVOURS="$(set -- $LB_LINUX_FLAVOURS; echo $#)"
 | |
| if [ "$NUMFLAVOURS" = 1 ] && [ "$LB_LINUX_FLAVOURS" != "none" ]; then
 | |
| 	# only one kernel flavour
 | |
| 	if [ -f "binary/$INITFS/vmlinuz" ] && ! [ -h "binary/$INITFS/vmlinuz" ]; then
 | |
| 		ln "binary/$INITFS/vmlinuz" "$PREFIX.kernel"
 | |
| 		chmod 644 "$PREFIX.kernel"
 | |
| 	else
 | |
| 		ln -sf "$PREFIX.kernel-$LB_LINUX_FLAVOURS" "$PREFIX.kernel"
 | |
| 	fi
 | |
| 	if [ -f "binary/$INITFS/initrd.lz" ] && ! [ -h "binary/$INITFS/initrd.lz" ]; then
 | |
| 		ln "binary/$INITFS/initrd.lz" "$PREFIX.initrd"
 | |
| 		chmod 644 "$PREFIX.initrd"
 | |
| 	else
 | |
| 		ln -sf "$PREFIX.initrd-$LB_LINUX_FLAVOURS" "$PREFIX.initrd"
 | |
| 	fi
 | |
| fi
 | |
| 
 | |
| case $SUBARCH in
 | |
| 	raspi|raspi2)
 | |
| 		# copy the kernel and initrd to a predictable directory for
 | |
| 		# ubuntu-image consumption.  In some cases, like in pi2/3
 | |
| 		# u-boot, the bootloader needs to contain the kernel and initrd,
 | |
| 		# so during rootfs build we copy it over to a directory that
 | |
| 		# ubuntu-image looks for and shoves into the bootloader
 | |
| 		# partition.
 | |
| 		UBOOT_BOOT="image/boot/uboot"
 | |
| 
 | |
| 		mkdir -p $UBOOT_BOOT
 | |
| 
 | |
| 		cp $PREFIX.initrd $UBOOT_BOOT/initrd.img || true
 | |
| 		cp $PREFIX.kernel $UBOOT_BOOT/vmlinuz || true
 | |
| 		;;
 | |
| esac
 | |
| 
 | |
| if [ -f "config/magic-proxy.pid" ]; then
 | |
|     kill -TERM $(cat config/magic-proxy.pid)
 | |
|     rm -f config/magic-proxy.pid
 | |
| 
 | |
|     # Remove previously-inserted iptables rule.
 | |
|     run_iptables -t nat -D OUTPUT -p tcp --dport 80 \
 | |
|         -m owner ! --uid-owner daemon -j REDIRECT --to 8080
 | |
| fi
 | |
| 
 | |
| case $PROJECT in
 | |
|     ubuntu-cpc)
 | |
|         config/hooks.d/remove-implicit-artifacts
 | |
| esac
 |