livecd-rootfs/live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary
Tim Andersson 80aa8b71d6
new: changes to enable daily-dangerous image builds
daily-dangerous image builds are standard desktop images for the devel
series, except all of the snaps are set to their respective edge
channels, and the dangerous model is used, hence its inclusion in this
commit.

Goes hand in hand with this MP:
https://code.launchpad.net/~andersson123/ubuntu-cdimage/+git/ubuntu-cdimage/+merge/490708
2025-08-18 10:11:58 +01:00

80 lines
3.0 KiB
Bash

#!/bin/bash
# create the system seed for TPM-backed FDE in the live layer of the installer.
set -eux
case ${PASS:-} in
*.live)
;;
*)
exit 0
;;
esac
if [ -n "${SUBPROJECT:-}" ]; then
echo "We don't run Ubuntu Desktop hooks for this project."
exit 0
fi
. config/binary
. config/functions
# Generation of the model:
# * At https://github.com/canonical/models one can find a repo of raw,
# unsigned, input .json files, and their signed .model equivalents.
# * At least once per cycle, update the json for the new Ubuntu version.
# To do this, take the previous cycle ubuntu-classic-$ver-amd64.json file,
# rename for the new version, and do any necessary updates including fixing
# the versions of tracks.
# * When this is done, the json needs to be signed. This needs to be done by
# a Canonical employee - try asking someone who has recently opened PRs on
# https://github.com/canonical/models with the signed models.
# * Ensure the signed and unsigned version of the models are updated in the
# models repo.
# * The signed model can then be placed here in livecd-rootfs at
# live-build/${PROJECT}/ubuntu-classic-amd64.model
# env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
# see below note about "dangerous" model
CHANNEL=${CHANNEL:-stable}
# for the dangerous subproject, we need the dangerous model!
if [ $SUBPROJECT = "dangerous" ]; then
model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
fi
channel=""
if [ -n "${CHANNEL:-}" ]; then
channel="--channel $CHANNEL"
fi
# Set UBUNTU_STORE_COHORT_KEY="+" to force prepare-image to fetch the latest
# snap versions regardless of phasing status
# this is the normal prepare-image invocation. This is not used right now as
# the model in question is the "dangerous" model so that we can override the
# channel of pc-kernel and others to get a matching set of snaps.
# env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
# --classic $model $channel chroot
# FIXME - go back to the stable model and remove all the `--snap` overrides
env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
--classic $model $channel \
--snap=pc=classic-25.10/stable \
--snap=pc-kernel=25.10/candidate \
--snap=firmware-updater=1/stable/ubuntu-25.10 \
--snap=desktop-security-center=1/stable/ubuntu-25.10 \
--snap=prompting-client=1/stable/ubuntu-25.10 \
--snap=snap-store=2/stable/ubuntu-25.10 \
--snap=gtk-common-themes=latest/stable/ubuntu-25.10 \
--snap=firefox=latest/stable/ubuntu-25.10 \
--snap=gnome-42-2204=latest/stable/ubuntu-25.10 \
--snap=snapd-desktop-integration=latest/stable/ubuntu-25.10 \
chroot
mv chroot/system-seed/systems/* chroot/system-seed/systems/enhanced-secureboot-desktop
rsync -av chroot/system-seed/{systems,snaps} chroot/var/lib/snapd/seed
rm -rf chroot/system-seed/