d-i and Calamares select the needed grub packages based on how the
computer is started (BIOS vs UEFI). Because the packages for each
variant conflict, they must be provided as .deb files.
Commit 8403487d introduced in the chroot stage a naming scheme for local
archive keys which distinguishes between ASCII-armored keys and binary
ones, and then adds the appropriate extension (either `.asc` or `.gpg`,
respectively) when copying them to `/etc/apt/trusted.gpg.d`.
However, this change was not applied to the binary stage: ASCII-armored
and binary keys are still both copied with the `.asc` extension, which
introduces a discrepancy between the two stages. This, in turn,
may prevent using the same `.list` file for both stages, as entries
such as
deb [signed-by=/etc/apt/trusted.gpg.d/my-repository.key.asc] ...
will fail in the chroot stage if `config/archives/my-repository.key`
is in binary format (as it will be copied with the `.gpg` extension),
while entries such as
deb [signed-by=/etc/apt/trusted.gpg.d/my-repository.key.gpg] ...
will fail in the binary stage (as the key will this time be copied
with the `.asc` extension).
Previous commits to support Memtest86+ 6.00+ split the files into
"memtest" (backwards compatible / new BIOS name) and "memtest.efi"
(new EFI name). However, the 6.00 non-EFI binaries are now
32/64-bit, and will not work with GRUB's linux16 boot when using GRUB
for BIOS boot.
- Legacy Memtest86+ pre-6.00 will continue to be "memtest", linux16
(continue to support builds on current Debian stable bullseye)
- Change 6.00+ filename to "memtest.bin"
- GRUB memtest.cfg contains logic for legacy / new bios / new EFI
- Change EFI boot from "chainloader" to "linux", which allows for
passing command line options to Memtest86+
- syslinux @MEMTEST@ will conditionally be memtest.bin or memtest
- @MEMTEST_BIN@ will conditionally be memtest.bin or memtest, but is
completely legacy at this point (all internal code paths now check
for @MEMTEST_DIR@/memtest or @MEMTEST_DIR@/memtest.bin)
Getting complicated, but this logic can be simplified again once we
no longer need to support current Debian stable.
- BIOS: Final filename doesn't change (memtest), but now uses a
64-bit version on amd64.
- EFI: Now included as memtest.efi; 32-bit on i386, 64-bit on amd64.
As it's GRUB-only, we can test for the existence of memtest.efi
(6.00+ only) in GRUB itself.
- Add @MEMTEST_DIR@ to facilitate directory-based testing in GRUB.
This expands upon the previous MVP commit
15e78a3eec .
memtest86+ 6.00-1 (in testing as of this date) adds and changes its
available binaries:
- /boot/memtest86+x32.bin
- /boot/memtest86+x32.efi
- /boot/memtest86+x64.bin
- /boot/memtest86+x64.efi
Future live-build functionality would ideally incorporate these new
binaries (x64 for amd64 builds, efi for grub-efi), but in the meantime,
this is an MVP update which supports either old memtest86.bin or new
memtest86+x32.bin.
The request asked for 5 additional variables to be resolved for the SVG
images:
Added: LB_ISO_APPLICATION, LB_ISO_PUBLISHER and LB_LINUX_PACKAGES
Not added: LB_ISO_PREPARER: xorriso recommends not changing this
variable
Not added: LB_ISO_VOLUME: is can contain '@ISOVOLUME_TS@' which resolves
to a timestamp and would need additional handling
For reproducibly building live-images, it turns out that the initial
build does not necessarily have to use a snapshot server.
Within a time slot of 6 hours (the interval between synchronisations of
the Debian archive) the reproducibility of a live image can be checked
by running the rebuild.sh script twice. The resulting ISO files should
be identical.
Currently it's only supported in the chroot/binary phases. Omitting
bootstrap was an oversight.
Note that config/archives/*.conf are assumed to be apt.conf files,
so the apt_auth files are required to end with .auth and will be renamed
to .conf when copied into the chroot.
With this 'distribution', the installer is built from its git
repository, matching the date in SOURCE_DATE_EPOCH.
Additionally the kernel version is matched to the kernel version in the
chroot (to ensure that the installer can be run).
Rationale: The 'daily' installers are not archived, and therefore cannot
be used for a reproducible build.
The installer stage has a clean chroot for its own usage. The chroot
from the chroot stage is available in chroot/chroot (implemented similar
to the binary stage).
This makes the default value of --parent-debian-installer-distribution
the same as --debian-installer-distribution, like the other
--parent-distribution-* options.
The new includes.chroot system implemented in !214 adds the option
to include files in the chroot before and after package installation.
chroot_hostname and chroot_resolv have been updated but not chroot_hosts.
Gbp-Dch: Short
Persist LB_BOOTLOADERS in lb_binary_* configuration, since
Init_config_data called from lb_binary_* calls Prepare_config which
then overrides LB_BOOTLOADER_BIOS and LB_BOOTLOADER_EFI if
LB_ARCHITECTURE is amd64 or i386, and these can only be restored to
their proper values by the presence of LB_BOOTLOADERS.
This therefore ensures that the value of the "--bootloaders" parameter
to lb_config is respected by the lb_binary_* steps.
Allow APT_AUTH.CONF(5) config files to be used with archives.
Note that config/archives/*.conf are assumed to be apt.conf files,
so the apt_auth files are required to end with .auth and will be renamed
to .conf when copied into the chroot.
Closes: #991065
That prevents potential errors during future Remove_packages calls without APT indices available. In such cases, APT tries to remove packages with unrecognized names, which results in an error and fails the script execution. An example of this would be installing apt-utils in chroot_archives with --apt-indices option set to false.
Roland Clobus
Patrice Duroux
Raphaël Hertzog
Luca Boccassi
snip
Ryan Finnie
Nick Brown
Olivier BLIN
Rob Shearman
Philip Hands
Michał Prochera
Sophie Brun