Persist LB_BOOTLOADERS in lb_binary_* configuration, since
Init_config_data called from lb_binary_* calls Prepare_config which
then overrides LB_BOOTLOADER_BIOS and LB_BOOTLOADER_EFI if
LB_ARCHITECTURE is amd64 or i386, and these can only be restored to
their proper values by the presence of LB_BOOTLOADERS.
This therefore ensures that the value of the "--bootloaders" parameter
to lb_config is respected by the lb_binary_* steps.
Allow APT_AUTH.CONF(5) config files to be used with archives.
Note that config/archives/*.conf are assumed to be apt.conf files,
so the apt_auth files are required to end with .auth and will be renamed
to .conf when copied into the chroot.
Closes: #991065
That prevents potential errors during future Remove_packages calls without APT indices available. In such cases, APT tries to remove packages with unrecognized names, which results in an error and fails the script execution. An example of this would be installing apt-utils in chroot_archives with --apt-indices option set to false.
Similar to iso images, the timestamp of a file/folder inside the binary
image cannot be newer than SOURCE_DATE_EPOCH.
Also set the timestamp of the hdd image.
This previously undocumented value for '--chroot-filesystem' creates the
uncompressed folder 'live/filesystem.dir'.
This will speed up the generation of live images a lot, because the
squashfs compression is skipped.
Example command line:
lb config -b hdd --chroot-filesystem plain --binary-filesystem ext4
The package might be missing when building with a minimal configuration,
as recommended in the Live Manual, the example 'Base image' scenario:
'lb config --apt-recommends false --debootstrap-options "--variant=minbase"'
Notes:
- No bootloader is configured; images must be booted via direct kernel
- Tested via qemu + opensbi fw_jump.elf + kernel/initrd
- As riscv64 is currently in ports, the following options are required:
--distribution unstable
--mirror-bootstrap http://ftp.ports.debian.org/debian-ports/
--security false
--debootstrap-options --keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg
- Normally ports require stacking two dists, unstable and unreleased.
debootstrap does not support doing this, but as of this writing, there
is nothing in riscv64 unreleased which is required to bootstrap.
However, this would not have been possible a year ago.
There are two main scenarios:
1) The host with live-build is configured to use a proxy
This proxy will automatically be used by live-build
2) The user of live-build explicitly specifies a proxy
2A) With the environment variable 'http_proxy' (preferred)
2B) With the command line option --apt-http-proxy
Any inconsistency in the setting of a proxy results in an error message of 'lb config'
All internal tools (apt/apt-get/aptitude, wget and debootstrap) use the environment variables 'http_proxy' and 'no_proxy', which are passed along to the chroot where needed.
Test scenario:
- A virtual machine with all out-going traffic blocked, except for the proxy.
This adds support for dm-vertiy on the root filesystem.
Currently only squashfs is supported.
Three new flags are introduced.
* --dm-verity: Enable basic dm-verity support
* --dm-verity-fec NB_ROOTS: Enable forward error correction. Optional
* --dm-verity-sign SCRIPT: Specify signing script for the root hash. Optional
1) lb config rejected multiple checksum types
2) When using the installer, cdrom-checker requires a md5 checksum file,
use 'Check the integrity of the installation media' in the installer
3) The comments in the first lines of the checksum files caused
cdrom-checker to fail the integrity of the image
If grub/splash.png exists, assume the configuration editor intends
to have a grub-specific splash.png, and do not modify theme.txt.
But if syslinux has the only known splash.png, use it for both
syslinux and grub.
(This allows for a hybrid image where the grub side can have e.g. a
16:9 1920x1080 splash.png which gets grub is capable of automatically
scaling, while the syslinux side has a 640x480 splash.png which
effectively must be this fixed size.)
When a package lists contains only packages protected by a test
that doesn't match for the current run, then Expand_package_list
outputs nothing and the following "grep -v" fails because it
has not filtered anything. Avoid this by protecting the "grep -v"
call with "|| true".
Before commit 9f3e5fe8d (Fix the way the .disk/mkisofs file is created)
all these commands (`mkdir`, write to `binary/.disk/mkisofs` and
`xorriso`) were in the same `binary.sh` script. Since that commit, the
write was extracted, to prevent issues with quoting, but the related
mkdir was left in `binary.sh`. This means that the write is now executed
first, and the `mkdir` only afterwards, making the `mkdir` quite pointless.
In practice, this did not break becaue binary_disk also does the same
`mkdir` and runs before `binary_iso`, but if one runs commands manually
and skips `binary_iso`, then this does break.
Even though this is not really a supported usecase, just move the mkdir
outside of `binary.sh`, so it runs *before* the write again as intended.
