diff --git a/debian/gitlab-ci.yml b/debian/gitlab-ci.yml index 0b2d3d5d3..b0ea4f03b 100644 --- a/debian/gitlab-ci.yml +++ b/debian/gitlab-ci.yml @@ -47,6 +47,8 @@ ISO amd64: ISO arm64: extends: - .lb-build + rules: + - if: $CI_PROJECT_ROOT_NAMESPACE != "rclobus-guest" variables: BUILD_ARCH: 'arm64' tags: diff --git a/debian/tests/build-default-image b/debian/tests/build-default-image index a8824605c..10053e02e 100755 --- a/debian/tests/build-default-image +++ b/debian/tests/build-default-image @@ -4,6 +4,12 @@ set -eu set -o pipefail cd "${AUTOPKGTEST_TMP}" -lb config --verbose --updates false --security false +# Use the default values +lb config --verbose +# Verify some values +lb config --dump | grep 'LB_DISTRIBUTION="testing"' +lb config --dump | grep 'LB_UPDATES="true"' +lb config --dump | grep 'LB_SECURITY="true"' +lb config --dump | grep 'LB_PROPOSED_UPDATES="false"' lb build --verbose ls -l diff --git a/debian/tests/build-stable-image b/debian/tests/build-stable-image index 59b03a7da..68651582c 100755 --- a/debian/tests/build-stable-image +++ b/debian/tests/build-stable-image @@ -4,6 +4,11 @@ set -eu set -o pipefail cd "${AUTOPKGTEST_TMP}" -lb config --verbose --updates true --security true --distribution buster +# A minimal command line +lb config --verbose --distribution stable +# Verify some default values +lb config --dump | grep 'LB_UPDATES="true"' +lb config --dump | grep 'LB_SECURITY="true"' +lb config --dump | grep 'LB_PROPOSED_UPDATES="false"' lb build --verbose ls -l diff --git a/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot b/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot new file mode 100755 index 000000000..9f068b7e4 --- /dev/null +++ b/examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot @@ -0,0 +1,38 @@ +#!/bin/sh +set -e + +# /etc/ssl/certs/java/cacerts is a keystore +# When (re)generated, it embeds 'now' timestamps + +# Don't run if ca-certificates-java is not installed +if [ ! -e /etc/ssl/certs/java/cacerts ]; +then + exit 0 +fi + +# Use faketime to enforce a timestamp +# NB: hooks don't know about the apt/aptitude selection, so use 'apt-get' +export FAKETIME_ALREADY_INSTALLED=1 +if [ ! -e /usr/bin/faketime ]; +then + FAKETIME_ALREADY_INSTALLED=0 + apt-get install faketime --yes -o Acquire::Check-Valid-Until=false +fi + +# Remove the file +rm -f /etc/ssl/certs/java/cacerts + +# Generate it again +touch /var/lib/ca-certificates-java/fresh +# Java uses timestamps with millisecond resolution +# -f is required, otherwise the milliseconds are non-zero (due to relative timestamps) +faketime -f "$(date --utc -d@${SOURCE_DATE_EPOCH} +'%Y-%m-%d %H:%M:%SZ')" dpkg-reconfigure ca-certificates-java + +if [ ${FAKETIME_ALREADY_INSTALLED} -eq 0 ]; +then + apt-get remove --purge --yes faketime + apt-get autoremove --yes +fi + +echo "P: $(basename $0) Reproducible hook has been applied" + diff --git a/functions/configuration.sh b/functions/configuration.sh index aff830b78..54b182811 100755 --- a/functions/configuration.sh +++ b/functions/configuration.sh @@ -41,7 +41,7 @@ Prepare_config () LB_MODE="${LB_MODE:-debian}" LB_DERIVATIVE="false" - LB_DISTRIBUTION="${LB_DISTRIBUTION:-bullseye}" + LB_DISTRIBUTION="${LB_DISTRIBUTION:-testing}" LB_DISTRIBUTION_CHROOT="${LB_DISTRIBUTION_CHROOT:-${LB_DISTRIBUTION}}" LB_DISTRIBUTION_BINARY="${LB_DISTRIBUTION_BINARY:-${LB_DISTRIBUTION_CHROOT}}" @@ -929,7 +929,7 @@ Validate_http_proxy () Validate_http_proxy_source "environment variable http_proxy" "${http_proxy}" Validate_http_proxy_source "command line option --apt-http-proxy" "${LB_APT_HTTP_PROXY}" - # This is the value to use for the the other scripts in live-build + # This is the value to use for the other scripts in live-build export http_proxy="${LAST_SEEN_PROXY_VALUE}" if [ ! -z "${http_proxy}" ]; then Echo_message "Using http proxy: ${http_proxy}" diff --git a/functions/man.sh b/functions/man.sh index f14858b97..701b4279f 100755 --- a/functions/man.sh +++ b/functions/man.sh @@ -12,7 +12,11 @@ Man () { if command -v man >/dev/null; then - man ${PROGRAM} + if [ -n "${LIVE_BUILD}" -a -e "${LIVE_BUILD}/manpages/en/lb_${PROGRAM#lb }.1" ]; then + man ${LIVE_BUILD}/manpages/en/lb_${PROGRAM#lb }.1 + else + man ${PROGRAM} + fi else Echo_warning "man is not installed, falling back to usage output." Usage diff --git a/manpages/en/lb_config.1 b/manpages/en/lb_config.1 index 54c64b34b..40b48a29c 100644 --- a/manpages/en/lb_config.1 +++ b/manpages/en/lb_config.1 @@ -335,7 +335,7 @@ tells debootstrap to use an alternate bootstrap script (last parameter to deboot .IP "\fB\-\-debug\fR" 4 turns on debugging informational messages. .IP "\fB\-d\fR|\fB\-\-distribution\fR \fICODENAME\fR" 4 -defines the distribution of the resulting live system. This currently defaults to 'buster'. The value 'sid' can be used for Debian unstable. +defines the distribution of the resulting live system. This defaults to 'testing'. The value 'sid' can be used for Debian unstable. .IP "\fB\-\-distribution\-binary\fR \fICODENAME\fR" 4 defines the distribution enabled in the resulting live system (defaults to the value set in \fB\-\-distribution\fR) .IP "\fB\-\-distribution\-chroot\fR \fICODENAME\fR" 4 diff --git a/scripts/build/binary_grub_cfg b/scripts/build/binary_grub_cfg index 087ca3595..71929839d 100755 --- a/scripts/build/binary_grub_cfg +++ b/scripts/build/binary_grub_cfg @@ -121,9 +121,22 @@ DEFAULT_INITRD="initrd.img-$(echo ${DEFAULT_KERNEL} | sed -e 's|vmlinuz-||')" KERNEL_LIVE="/${INITFS}/${DEFAULT_KERNEL}" INITRD_LIVE="/${INITFS}/${DEFAULT_INITRD}" -APPEND_LIVE="${LB_BOOTAPPEND_LIVE} findiso=\${iso_path}" FLAVOUR_LIVE="${DEFAULT_FLAVOUR}" +# live-boot and dracut use different kernel parameters for loopback +# booting +case "${LB_INITRAMFS}" in + live-boot) + APPEND_LIVE="${LB_BOOTAPPEND_LIVE} findiso=\${iso_path}" + ;; + dracut-live) + APPEND_LIVE="${LB_BOOTAPPEND_LIVE} iso-scan/filename=\${iso_path}" + ;; + none) + APPEND_LIVE="${LB_BOOTAPPEND_LIVE}" + ;; +esac + # Ensure fresh live entries LIVE_ENTRIES_TMP="${_TARGET}/live.cfg.tmp" rm -f "${LIVE_ENTRIES_TMP}" diff --git a/scripts/build/installer_debian-installer b/scripts/build/installer_debian-installer index 03edf72b8..96ee4a4c5 100755 --- a/scripts/build/installer_debian-installer +++ b/scripts/build/installer_debian-installer @@ -278,7 +278,7 @@ case "${LB_DERIVATIVE}" in # These variables do not need to be passed inside the chroot, they can be resolved earlier: # SOURCE_DATE_EPOCH, _QUIET, LB_PARENT_MIRROR_CHROOT, LB_PARENT_DISTRIBUTION_CHROOT - # TARGETS + # TARGETS, http_proxy cat << EOF > chroot/buildit.sh #!/bin/sh # Get the version of the git repo that matches SOURCE_DATE_EPOCH @@ -331,7 +331,7 @@ fi # USE_UDEBS_FROM -> use the same distribution as the chroot # ROOTCMD -> Workaround for #1058994. Fakeroot is not present in the chroot (and not required) export LINUX_KERNEL_ABI=\$(dpkg-query --showformat "\\\${db:Status-Abbrev} \\\${Package}\n" --show linux-image-* | awk '\$1=="ii" { c = split(\$2, a, "-"); if (c>3) { if (a[4] ~ /^[0-9]+/) { print a[3] "-" a[4] } else { print a[3] } } }' | sort | tail -1) -MIRROR="[check-valid-until=no] ${LB_PARENT_MIRROR_CHROOT}" TARGETS="${TARGETS}" USE_UDEBS_FROM=${LB_PARENT_DISTRIBUTION_CHROOT} ROOTCMD=" " bash ./daily-build build-only +http_proxy=${http_proxy} MIRROR="[check-valid-until=no] ${LB_PARENT_MIRROR_CHROOT}" TARGETS="${TARGETS}" USE_UDEBS_FROM=${LB_PARENT_DISTRIBUTION_CHROOT} ROOTCMD=" " bash ./daily-build build-only EOF Chroot chroot "sh buildit.sh" # Place the files in the cache. Download_file will use the cache instead of downloading diff --git a/share/hooks/normal/5050-dracut.hook.chroot b/share/hooks/normal/5050-dracut.hook.chroot index 22065094e..60acd1676 100755 --- a/share/hooks/normal/5050-dracut.hook.chroot +++ b/share/hooks/normal/5050-dracut.hook.chroot @@ -29,17 +29,17 @@ apt-get autoremove --yes # Adjust the path for Calamares if [ -e /etc/calamares/modules/unpackfs.conf ] then - sed -i -e 's|/run/live/medium|/run/initramfs/live|' /etc/calamares/modules/unpackfs.conf + sed --follow-symlinks -i -e 's|/run/live/medium|/run/initramfs/live|' /etc/calamares/modules/unpackfs.conf fi # Use dracut instead of initramfs-tools if [ -e /etc/calamares/settings.conf ] then - sed -i -e '/initramfscfg/d;s/initramfs/dracut/' /etc/calamares/settings.conf + sed --follow-symlinks -i -e '/initramfscfg/d;s/initramfs/dracut/' /etc/calamares/settings.conf fi # Add dracut-live to the list of packages to uninstall if [ -e /etc/calamares/modules/packages.conf ] then - sed -i -e "s/'live-boot'/'dracut-live'/" /etc/calamares/modules/packages.conf + sed --follow-symlinks -i -e "s/'live-boot'/'dracut-live'/" /etc/calamares/modules/packages.conf fi # Calamares script for /etc/apt/sources.list during the installation SOURCES_MEDIA=/usr/share/calamares/helpers/calamares-sources-media