Lubuntu/livecd-rootfs
3
0
Fork 0
mirror of https://git.launchpad.net/livecd-rootfs synced 2025-12-16 00:23:29 +00:00
Code Issues Packages Projects Releases Wiki Activity
livecd-rootfs/live-build/ubuntu/hooks/030-ubuntu-live-system-seed.binary
Olivier Gayot caf4f1030a ubuntu: when building stable image, don't take pc-kernel from beta 
The pc-kernel version in 26.04/beta is kernel 6.17, which uses different
components from what is currently declared in the model.

This used to be necessary when there was no kernel in 26.04/stable, but now
there is a 6.8 version in 26.04/stable. The available components match what's
in the model.

Signed-off-by: Olivier Gayot <olivier.gayot@canonical.com>
2025-12-11 17:24:40 -07:00

130 lines
4.4 KiB
Bash
Raw Blame History

#!/bin/bash
# create the system seed for TPM-backed FDE in the live layer of the installer.
set -eux
case ${PASS:-} in
*.live)
;;
*)
exit 0
;;
esac
. config/binary
. config/functions
# Naive conversion from YAML to JSON. This is needed because yq is in universe
# (but jq is not).
yaml_to_json()
{
python3 -c '
import json
import sys
import yaml
json.dump(yaml.safe_load(sys.stdin), sys.stdout, default=str)
'
}
# Use jq to retrieve a list of --snap options from a given *signed* model.
get_snaps_args()
{
local model=$1
# The model is signed and is not valid YAML unless we get rid of the
# signature. Here we assume the only blank line is before the signature.
sed '/^$/,$d' -- "$model" \
| yaml_to_json \
| jq --raw-output '.snaps[] | "--snap=" + .name + "=" + .["default-channel"]'
}
get_all_components()
{
# Get list of all components in every snaps
local model=$1
local jq_filter='
# Find all snaps that have components
.snaps[] | select(.components)
# Then save the name of each snap in a variable
| .name as $snap
# Then for each entry that has "optional"
| .components | to_entries | map(select(.value.presence == "optional"))
# Output its name with the snap name prepended
| "\($snap)" + "+" + .[].key'
sed '/^$/,$d' -- "$model" \
| yaml_to_json \
| jq --raw-output "$jq_filter"
}
# Generation of the model:
# * At https://github.com/canonical/models one can find a repo of raw,
# unsigned, input .json files, and their signed .model equivalents.
# * At least once per cycle, update the json for the new Ubuntu version.
# To do this, take the previous cycle ubuntu-classic-$ver-amd64.json file,
# rename for the new version, and do any necessary updates including fixing
# the versions of tracks.
# * When this is done, the json needs to be signed. This needs to be done by
# a Canonical employee - try asking someone who has recently opened PRs on
# https://github.com/canonical/models with the signed models.
# * Ensure the signed and unsigned version of the models are updated in the
# models repo.
# * The signed model can then be placed here in livecd-rootfs at
# live-build/${PROJECT}/ubuntu-classic-amd64.model
# env SNAPPY_STORE_NO_CDN=1 snap known --remote model series=16 brand-id=canonical model=ubuntu-classic-2410-amd64 > config/classic-model.model
#
# model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64.model
# Normally we use the non-dangerous model here. Use the dangerous one for now
# until we get snaps on stable 26.04 tracks and channels.
model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
prepare_args=()
# for the dangerous subproject, we need the dangerous model!
if [ "$SUBPROJECT" = "dangerous" ]; then
# As with the "classically" seeded snaps, snaps from the edge channel may
# require different content snaps to be installed, so they must be
# included in the system as well. We just use the same list as was
# computed in snap_validate_seed.
model=/usr/share/livecd-rootfs/live-build/${PROJECT}/ubuntu-classic-amd64-dangerous.model
while read snap; do
prepare_args+=("--snap=${snap}=edge")
done < config/missing-providers
else
# We're currently using the dangerous model for the non-dangerous ISO
# because it allows us to override snaps. But we don't want all snaps from
# edge like the dangerous model has, we want most of them from stable
# excluding:
# * snapd (for TPM/FDE)
# * firmware-updater (for TPM/FDE)
# * desktop-security-center (for TPM/FDE)
while read -r snap_arg; do
prepare_args+=("$snap_arg")
done < <(get_snaps_args /usr/share/livecd-rootfs/live-build/"${PROJECT}"/ubuntu-classic-amd64.model \
| grep -v -F -e snapd -e firmware-updater -e desktop-security-center)
fi
for comp in $(get_all_components "$model"); do
prepare_args+=(--comp "$comp")
done
channel=""
if [ -n "${CHANNEL:-}" ]; then
channel="--channel $CHANNEL"
fi
# Set UBUNTU_STORE_COHORT_KEY="+" to force prepare-image to fetch the latest
# snap versions regardless of phasing status
env SNAPPY_STORE_NO_CDN=1 UBUNTU_STORE_COHORT_KEY="+" snap prepare-image \
--classic $model $channel "${prepare_args[@]}" chroot
mv chroot/system-seed/systems/* chroot/system-seed/systems/enhanced-secureboot-desktop
rsync -av chroot/system-seed/{systems,snaps} chroot/var/lib/snapd/seed
rm -rf chroot/system-seed/
Reference in New Issue View Git Blame Copy Permalink