Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-07-31 02:24:06 +00:00
Code Issues Packages Projects Releases Wiki Activity
livecd-rootfs/live-build/ubuntu/hooks/020-ubuntu-enhanced-sb.binary
Dan Bungert a0d948f17b desktop: TPMFDE snapd from latest/edge
2025-05-28 10:03:56 -06:00

70 lines
2.4 KiB
Bash
Executable File
Raw Blame History

#! /bin/sh
set -eux
case ${PASS:-} in
minimal.standard.enhanced-secureboot)
;;
minimal.enhanced-secureboot)
;;
*)
exit 0
;;
esac
if [ -n "${SUBPROJECT:-}" ]; then
echo "We don't run Ubuntu Desktop hooks for this project."
exit 0
fi
. config/binary
. config/functions
# Generation of the model:
# * At https://github.com/canonical/models one can find a repo of raw,
# unsigned, input .json files, and their signed .model equivalents.
# * At least once per cycle, update the json for the new Ubuntu version.
# To do this, take the previous cycle ubuntu-classic-$ver-amd64.json file,
# rename for the new version, and do any necessary updates including fixing
# the versions of tracks.
# * When this is done, the json needs to be signed. This needs to be done by
# a Canonical employee - try asking someone who has recently opened PRs on
# https://github.com/canonical/models with the signed models.
# * Ensure the signed and unsigned version of the models are updated in the
# models repo.
# * The signed model can then be placed here in livecd-rootfs at
# live-build/${PROJECT}/ubuntu-classic-amd64.model
# env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
# see below note about "dangerous" model
CHANNEL=${CHANNEL:-stable}
channel=""
if [ -n "${CHANNEL:-}" ]; then
channel="--channel $CHANNEL"
fi
reset_snapd_state chroot
# Set UBUNTU_STORE_COHORT_KEY="+" to force prepare-image to fetch the latest
# snap versions regardless of phasing status
# this is the normal prepare-image invocation. This is not used right now as
# the model in question is the "dangerous" model so that we can override the
# channel of pc-kernel to get a matching set of snaps.
# env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
# --classic $model $channel chroot
# so instead we're doing this, including forcing channel to stable for
# everything but pc-kernel.
env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
--classic $model $channel \
--snap=pc-kernel=25.10/candidate \
--snap=snapd=latest/edge \
chroot
mv chroot/system-seed/systems/* chroot/system-seed/systems/enhanced-secureboot-desktop
rm -rf chroot/var/lib/snapd/seed
mv chroot/system-seed chroot/var/lib/snapd/seed
Reference in New Issue View Git Blame Copy Permalink