Work together with Emanuele Rocca during MiniDebCamp Hamburg 2024
* rebuild: New command line option: --architecture
* installer: Enable the GTK installer
* bootloader: Set a default bootloader
* no qemu-binary in chroot
When grub-efi-amd64-signed and grub-common have mismatched
dependencies (e.g. due to binNMUs), allow a shim-only secure boot.
The user has to enroll the hash of the EFI/boot/grub*.efi file and then
secure booting can continue.
Shim-only is supported only for '--uefi-secure-boot=auto'
This fixes the last non-reproducible file for KDE (bookworm):
* install-info has an unstable sort when a new section is started
Newer versions (not yet released) have been fixed
* The backup file (dir.old) does not need to be in the live image
For bookworm, live-config does not contain the fix for #1037295
With the patched policykit file, many password prompts will not show up
any more, e.g. with Calamares
* source_tar: The order of the files in the tarball are now predictable.
This has been verified with 'disorderfs'
* rebuild.sh: The timestamp of the directory of theme.txt must also be
adjusted.
The test 'if [ x$grub_platform == xefi -a x$lockdown != xy ]' is meant
to be done by GRUB at runtime, so this line should appear verbatim in
the grub.cfg file.
However the variables are expanded at build-time by the script, because
the dollar symbol is not escaped.
Here's the result on a 12.1.0 live image:
$ cat <<debian-live-12.1.0>>/boot/grub/x86_64-efi/grub.cfg
if [ x == xefi -a x != xy ] ; then
insmod part_acorn
insmod part_amiga
insmod part_apple
insmod part_bsd
insmod part_dfly
insmod part_dvh
insmod part_gpt
insmod part_msdos
insmod part_plan
insmod part_sun
insmod part_sunpc
fi
source /boot/grub/grub.cfg
Note that this mistake would have been caught if only the nounset option
had been used (ie. 'set -u').
Fixes commit: 7b36f5b0ad
Setting the value of PARTITIONLIST in a sub-shell is scoped to the
sub-shell, it will not change the value of the variable in the parent
shell.
In other words:
#!/bin/sh
FOOBAR=
(FOOBAR=foo)
echo FOOBAR=$FOOBAR
gives the output:
FOOBAR=
As a consequence, PARTITIONLIST being empty, there are no part_*
modules embedded in the boot<platform>.efi binary. This is clearly a
regression, introduced in 7b36f5b0ad.
Somehow, Debian doesn't seem to be impacted. Kali Linux is impacted, but
only under very special conditions, leading to this bug report:
<https://bugs.kali.org/view.php?id=8441>
This commit fixes it, by setting the PARTITIONLIST variable first, and
then using it where needs be. As a consequence it greatly simplifies the
next part of the code, as we can just use a heredoc to create the grub
config.
As noted in https://lists.debian.org/debian-live/2023/08/msg00008.html,
the timestamp of theme.txt for bookworm images is not reproducible.
Additionally the splash image is now matching the resolution of the boot
menu, which makes it more crisp.
because it doesn't end on ".hook.chroot", so it wouldn't be linked from
the `lb config` stage. Probably to the better, as it does not seem very
useful to indiscriminately raze all apt sources lists.
The shim EFI file on Ubuntu can be a symlink, as it may be in the alternatives system, so
previously, when calculating the size of the FAT32 partition, we would measure the size of the
symlink instead of the actual file and get "Disk full" errors when trying to copy the files into
the new FAT32 partition.
If we dereference the file on copy, we get the actual file and can calculate the size accurately.
```
lrwxrwxrwx. 1 root root 36 Jul 12 20:04 bootx64.efi -> /etc/alternatives/shimx64.efi.signed
```
* The ISO volume is constructed similar to Debian 11
* The file .disk/info can be overridden
* The file .disk/info does not contain 'Official' per default
* Overrides that are required for live-setup are now explicit in
rebuild.sh
* New .disk/generator contains tracable information to the rebuild.sh
script
* The ISO volume is unique for each desktop environment
When building the Debian installer from git, ignore any configured
kernel version, and use the kernel version that is present in the chroot
environment.
This fixes a build error on Trixie/testing, which occurred after a new
kernel became available when the freeze was lifted.
Follow-up for 18ad612b72.
The availability of 'firmware-linux' must be checked inside the chroot
instead of on the host.
This fixes building Bullseye without 'non-free' available (as discovered
by autopkgtest)
The font size was reduced to fully capture the long live-build version.
Exported without Inkscape information.
Manually adjusted the coordinates to use integers instead of fractional
coordinates (for sharper conversion to png).
Roland Clobus
Marcel Partap
Patrick Schleizer
Unit 193
Emanuele Rocca
Arnaud Rebillout
jfliu
David Hewitt
Thore Sommer
Jonathan Carter