* source_tar: The order of the files in the tarball are now predictable.
This has been verified with 'disorderfs'
* rebuild.sh: The timestamp of the directory of theme.txt must also be
adjusted.
The test 'if [ x$grub_platform == xefi -a x$lockdown != xy ]' is meant
to be done by GRUB at runtime, so this line should appear verbatim in
the grub.cfg file.
However the variables are expanded at build-time by the script, because
the dollar symbol is not escaped.
Here's the result on a 12.1.0 live image:
$ cat <<debian-live-12.1.0>>/boot/grub/x86_64-efi/grub.cfg
if [ x == xefi -a x != xy ] ; then
insmod part_acorn
insmod part_amiga
insmod part_apple
insmod part_bsd
insmod part_dfly
insmod part_dvh
insmod part_gpt
insmod part_msdos
insmod part_plan
insmod part_sun
insmod part_sunpc
fi
source /boot/grub/grub.cfg
Note that this mistake would have been caught if only the nounset option
had been used (ie. 'set -u').
Fixes commit: 7b36f5b0ad
Setting the value of PARTITIONLIST in a sub-shell is scoped to the
sub-shell, it will not change the value of the variable in the parent
shell.
In other words:
#!/bin/sh
FOOBAR=
(FOOBAR=foo)
echo FOOBAR=$FOOBAR
gives the output:
FOOBAR=
As a consequence, PARTITIONLIST being empty, there are no part_*
modules embedded in the boot<platform>.efi binary. This is clearly a
regression, introduced in 7b36f5b0ad.
Somehow, Debian doesn't seem to be impacted. Kali Linux is impacted, but
only under very special conditions, leading to this bug report:
<https://bugs.kali.org/view.php?id=8441>
This commit fixes it, by setting the PARTITIONLIST variable first, and
then using it where needs be. As a consequence it greatly simplifies the
next part of the code, as we can just use a heredoc to create the grub
config.
The shim EFI file on Ubuntu can be a symlink, as it may be in the alternatives system, so
previously, when calculating the size of the FAT32 partition, we would measure the size of the
symlink instead of the actual file and get "Disk full" errors when trying to copy the files into
the new FAT32 partition.
If we dereference the file on copy, we get the actual file and can calculate the size accurately.
```
lrwxrwxrwx. 1 root root 36 Jul 12 20:04 bootx64.efi -> /etc/alternatives/shimx64.efi.signed
```
* The ISO volume is constructed similar to Debian 11
* The file .disk/info can be overridden
* The file .disk/info does not contain 'Official' per default
* Overrides that are required for live-setup are now explicit in
rebuild.sh
* New .disk/generator contains tracable information to the rebuild.sh
script
* The ISO volume is unique for each desktop environment
When building the Debian installer from git, ignore any configured
kernel version, and use the kernel version that is present in the chroot
environment.
This fixes a build error on Trixie/testing, which occurred after a new
kernel became available when the freeze was lifted.
Follow-up for 18ad612b72.
The availability of 'firmware-linux' must be checked inside the chroot
instead of on the host.
This fixes building Bullseye without 'non-free' available (as discovered
by autopkgtest)
d-i and Calamares select the needed grub packages based on how the
computer is started (BIOS vs UEFI). Because the packages for each
variant conflict, they must be provided as .deb files.
Commit 8403487d introduced in the chroot stage a naming scheme for local
archive keys which distinguishes between ASCII-armored keys and binary
ones, and then adds the appropriate extension (either `.asc` or `.gpg`,
respectively) when copying them to `/etc/apt/trusted.gpg.d`.
However, this change was not applied to the binary stage: ASCII-armored
and binary keys are still both copied with the `.asc` extension, which
introduces a discrepancy between the two stages. This, in turn,
may prevent using the same `.list` file for both stages, as entries
such as
deb [signed-by=/etc/apt/trusted.gpg.d/my-repository.key.asc] ...
will fail in the chroot stage if `config/archives/my-repository.key`
is in binary format (as it will be copied with the `.gpg` extension),
while entries such as
deb [signed-by=/etc/apt/trusted.gpg.d/my-repository.key.gpg] ...
will fail in the binary stage (as the key will this time be copied
with the `.asc` extension).
Previous commits to support Memtest86+ 6.00+ split the files into
"memtest" (backwards compatible / new BIOS name) and "memtest.efi"
(new EFI name). However, the 6.00 non-EFI binaries are now
32/64-bit, and will not work with GRUB's linux16 boot when using GRUB
for BIOS boot.
- Legacy Memtest86+ pre-6.00 will continue to be "memtest", linux16
(continue to support builds on current Debian stable bullseye)
- Change 6.00+ filename to "memtest.bin"
- GRUB memtest.cfg contains logic for legacy / new bios / new EFI
- Change EFI boot from "chainloader" to "linux", which allows for
passing command line options to Memtest86+
- syslinux @MEMTEST@ will conditionally be memtest.bin or memtest
- @MEMTEST_BIN@ will conditionally be memtest.bin or memtest, but is
completely legacy at this point (all internal code paths now check
for @MEMTEST_DIR@/memtest or @MEMTEST_DIR@/memtest.bin)
Getting complicated, but this logic can be simplified again once we
no longer need to support current Debian stable.
- BIOS: Final filename doesn't change (memtest), but now uses a
64-bit version on amd64.
- EFI: Now included as memtest.efi; 32-bit on i386, 64-bit on amd64.
As it's GRUB-only, we can test for the existence of memtest.efi
(6.00+ only) in GRUB itself.
- Add @MEMTEST_DIR@ to facilitate directory-based testing in GRUB.
This expands upon the previous MVP commit
15e78a3eec .
memtest86+ 6.00-1 (in testing as of this date) adds and changes its
available binaries:
- /boot/memtest86+x32.bin
- /boot/memtest86+x32.efi
- /boot/memtest86+x64.bin
- /boot/memtest86+x64.efi
Future live-build functionality would ideally incorporate these new
binaries (x64 for amd64 builds, efi for grub-efi), but in the meantime,
this is an MVP update which supports either old memtest86.bin or new
memtest86+x32.bin.
The request asked for 5 additional variables to be resolved for the SVG
images:
Added: LB_ISO_APPLICATION, LB_ISO_PUBLISHER and LB_LINUX_PACKAGES
Not added: LB_ISO_PREPARER: xorriso recommends not changing this
variable
Not added: LB_ISO_VOLUME: is can contain '@ISOVOLUME_TS@' which resolves
to a timestamp and would need additional handling
Currently it's only supported in the chroot/binary phases. Omitting
bootstrap was an oversight.
Note that config/archives/*.conf are assumed to be apt.conf files,
so the apt_auth files are required to end with .auth and will be renamed
to .conf when copied into the chroot.
With this 'distribution', the installer is built from its git
repository, matching the date in SOURCE_DATE_EPOCH.
Additionally the kernel version is matched to the kernel version in the
chroot (to ensure that the installer can be run).
Rationale: The 'daily' installers are not archived, and therefore cannot
be used for a reproducible build.
Patrick Schleizer
Roland Clobus
Emanuele Rocca
Arnaud Rebillout
jfliu
Marcel Partap
David Hewitt
Thore Sommer
Jonathan Carter
Patrice Duroux
Raphaël Hertzog
snip
Ryan Finnie
Nick Brown
Olivier BLIN