Merge branch 'master' into arraybolt3/mmdebstrap

debian/gitlab-ci.yml

@@ -47,6 +47,8 @@ ISO amd64:
 ISO arm64:
   extends:
     - .lb-build
+  rules:
+    - if: $CI_PROJECT_ROOT_NAMESPACE != "rclobus-guest"
   variables:
     BUILD_ARCH: 'arm64'
   tags:

debian/tests/build-default-image

@@ -4,6 +4,12 @@ set -eu
 set -o pipefail
 
 cd "${AUTOPKGTEST_TMP}"
-lb config --verbose --updates false --security false
+# Use the default values
+lb config --verbose
+# Verify some values
+lb config --dump | grep 'LB_DISTRIBUTION="testing"'
+lb config --dump | grep 'LB_UPDATES="true"'
+lb config --dump | grep 'LB_SECURITY="true"'
+lb config --dump | grep 'LB_PROPOSED_UPDATES="false"'
 lb build --verbose
 ls -l

debian/tests/build-stable-image

@@ -4,6 +4,11 @@ set -eu
 set -o pipefail
 
 cd "${AUTOPKGTEST_TMP}"
-lb config --verbose --updates true --security true --distribution buster
+# A minimal command line
+lb config --verbose --distribution stable
+# Verify some default values
+lb config --dump | grep 'LB_UPDATES="true"'
+lb config --dump | grep 'LB_SECURITY="true"'
+lb config --dump | grep 'LB_PROPOSED_UPDATES="false"'
 lb build --verbose
 ls -l

examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot

@@ -0,0 +1,38 @@
+#!/bin/sh
+set -e
+
+# /etc/ssl/certs/java/cacerts is a keystore
+# When (re)generated, it embeds 'now' timestamps
+
+# Don't run if ca-certificates-java is not installed
+if [ ! -e /etc/ssl/certs/java/cacerts ];
+then
+  exit 0
+fi
+
+# Use faketime to enforce a timestamp
+# NB: hooks don't know about the apt/aptitude selection, so use 'apt-get'
+export FAKETIME_ALREADY_INSTALLED=1
+if [ ! -e /usr/bin/faketime ];
+then
+  FAKETIME_ALREADY_INSTALLED=0
+  apt-get install faketime --yes -o Acquire::Check-Valid-Until=false
+fi
+
+# Remove the file
+rm -f /etc/ssl/certs/java/cacerts
+
+# Generate it again
+touch /var/lib/ca-certificates-java/fresh
+# Java uses timestamps with millisecond resolution
+# -f is required, otherwise the milliseconds are non-zero (due to relative timestamps)
+faketime -f "$(date --utc -d@${SOURCE_DATE_EPOCH} +'%Y-%m-%d %H:%M:%SZ')" dpkg-reconfigure ca-certificates-java
+
+if [ ${FAKETIME_ALREADY_INSTALLED} -eq 0 ];
+then
+  apt-get remove --purge --yes faketime
+  apt-get autoremove --yes
+fi
+
+echo "P: $(basename $0) Reproducible hook has been applied"
+

functions/configuration.sh

@@ -41,7 +41,7 @@ Prepare_config ()
 
 	LB_MODE="${LB_MODE:-debian}"
 	LB_DERIVATIVE="false"
-	LB_DISTRIBUTION="${LB_DISTRIBUTION:-bullseye}"
+	LB_DISTRIBUTION="${LB_DISTRIBUTION:-testing}"
 	LB_DISTRIBUTION_CHROOT="${LB_DISTRIBUTION_CHROOT:-${LB_DISTRIBUTION}}"
 	LB_DISTRIBUTION_BINARY="${LB_DISTRIBUTION_BINARY:-${LB_DISTRIBUTION_CHROOT}}"
 
@@ -929,7 +929,7 @@ Validate_http_proxy ()
 	Validate_http_proxy_source "environment variable http_proxy" "${http_proxy}"
 	Validate_http_proxy_source "command line option --apt-http-proxy" "${LB_APT_HTTP_PROXY}"
 
-	# This is the value to use for the the other scripts in live-build
+	# This is the value to use for the other scripts in live-build
 	export http_proxy="${LAST_SEEN_PROXY_VALUE}"
 	if [ ! -z "${http_proxy}" ]; then
 		Echo_message "Using http proxy: ${http_proxy}"

functions/man.sh

@@ -12,7 +12,11 @@
 Man ()
 {
 	if command -v man >/dev/null; then
-		man ${PROGRAM}
+		if [ -n "${LIVE_BUILD}" -a -e "${LIVE_BUILD}/manpages/en/lb_${PROGRAM#lb }.1" ]; then
+			man ${LIVE_BUILD}/manpages/en/lb_${PROGRAM#lb }.1
+		else
+			man ${PROGRAM}
+		fi
 	else
 		Echo_warning "man is not installed, falling back to usage output."
 		Usage

manpages/en/lb_config.1

@@ -335,7 +335,7 @@ tells debootstrap to use an alternate bootstrap script (last parameter to deboot
 .IP "\fB\-\-debug\fR" 4
 turns on debugging informational messages.
 .IP "\fB\-d\fR|\fB\-\-distribution\fR \fICODENAME\fR" 4
-defines the distribution of the resulting live system. This currently defaults to 'buster'. The value 'sid' can be used for Debian unstable.
+defines the distribution of the resulting live system. This defaults to 'testing'. The value 'sid' can be used for Debian unstable.
 .IP "\fB\-\-distribution\-binary\fR \fICODENAME\fR" 4
 defines the distribution enabled in the resulting live system (defaults to the value set in \fB\-\-distribution\fR)
 .IP "\fB\-\-distribution\-chroot\fR \fICODENAME\fR" 4

scripts/build/binary_grub_cfg

@@ -121,9 +121,22 @@ DEFAULT_INITRD="initrd.img-$(echo ${DEFAULT_KERNEL} | sed -e 's|vmlinuz-||')"
 
 KERNEL_LIVE="/${INITFS}/${DEFAULT_KERNEL}"
 INITRD_LIVE="/${INITFS}/${DEFAULT_INITRD}"
-APPEND_LIVE="${LB_BOOTAPPEND_LIVE} findiso=\${iso_path}"
 FLAVOUR_LIVE="${DEFAULT_FLAVOUR}"
 
+# live-boot and dracut use different kernel parameters for loopback
+# booting
+case "${LB_INITRAMFS}" in
+	live-boot)
+		APPEND_LIVE="${LB_BOOTAPPEND_LIVE} findiso=\${iso_path}"
+		;;
+	dracut-live)
+		APPEND_LIVE="${LB_BOOTAPPEND_LIVE} iso-scan/filename=\${iso_path}"
+		;;
+	none)
+		APPEND_LIVE="${LB_BOOTAPPEND_LIVE}"
+		;;
+esac
+
 # Ensure fresh live entries
 LIVE_ENTRIES_TMP="${_TARGET}/live.cfg.tmp"
 rm -f "${LIVE_ENTRIES_TMP}"

scripts/build/installer_debian-installer

@@ -278,7 +278,7 @@ case "${LB_DERIVATIVE}" in
 
 				# These variables do not need to be passed inside the chroot, they can be resolved earlier:
 				#   SOURCE_DATE_EPOCH, _QUIET, LB_PARENT_MIRROR_CHROOT, LB_PARENT_DISTRIBUTION_CHROOT
-				#   TARGETS
+				#   TARGETS, http_proxy
 				cat << EOF > chroot/buildit.sh
 #!/bin/sh
 # Get the version of the git repo that matches SOURCE_DATE_EPOCH
@@ -331,7 +331,7 @@ fi
 # USE_UDEBS_FROM -> use the same distribution as the chroot
 # ROOTCMD -> Workaround for #1058994. Fakeroot is not present in the chroot (and not required)
 export LINUX_KERNEL_ABI=\$(dpkg-query --showformat "\\\${db:Status-Abbrev} \\\${Package}\n" --show linux-image-* | awk '\$1=="ii" { c = split(\$2, a, "-"); if (c>3) { if (a[4] ~ /^[0-9]+/) { print a[3] "-" a[4] } else { print a[3] } } }' | sort | tail -1)
-MIRROR="[check-valid-until=no] ${LB_PARENT_MIRROR_CHROOT}" TARGETS="${TARGETS}" USE_UDEBS_FROM=${LB_PARENT_DISTRIBUTION_CHROOT} ROOTCMD=" " bash ./daily-build build-only
+http_proxy=${http_proxy} MIRROR="[check-valid-until=no] ${LB_PARENT_MIRROR_CHROOT}" TARGETS="${TARGETS}" USE_UDEBS_FROM=${LB_PARENT_DISTRIBUTION_CHROOT} ROOTCMD=" " bash ./daily-build build-only
 EOF
 				Chroot chroot "sh buildit.sh"
 				# Place the files in the cache. Download_file will use the cache instead of downloading

share/hooks/normal/5050-dracut.hook.chroot

@@ -29,17 +29,17 @@ apt-get autoremove --yes
 # Adjust the path for Calamares
 if [ -e /etc/calamares/modules/unpackfs.conf ]
 then
-	sed -i -e 's|/run/live/medium|/run/initramfs/live|' /etc/calamares/modules/unpackfs.conf
+	sed --follow-symlinks -i -e 's|/run/live/medium|/run/initramfs/live|' /etc/calamares/modules/unpackfs.conf
 fi
 # Use dracut instead of initramfs-tools
 if [ -e /etc/calamares/settings.conf ]
 then
-	sed -i -e '/initramfscfg/d;s/initramfs/dracut/' /etc/calamares/settings.conf
+	sed --follow-symlinks -i -e '/initramfscfg/d;s/initramfs/dracut/' /etc/calamares/settings.conf
 fi
 # Add dracut-live to the list of packages to uninstall
 if [ -e /etc/calamares/modules/packages.conf ]
 then
-	sed -i -e "s/'live-boot'/'dracut-live'/" /etc/calamares/modules/packages.conf
+	sed --follow-symlinks -i -e "s/'live-boot'/'dracut-live'/" /etc/calamares/modules/packages.conf
 fi
 # Calamares script for /etc/apt/sources.list during the installation
 SOURCES_MEDIA=/usr/share/calamares/helpers/calamares-sources-media