For reproducibly building live-images, it turns out that the initial
build does not necessarily have to use a snapshot server.
Within a time slot of 6 hours (the interval between synchronisations of
the Debian archive) the reproducibility of a live image can be checked
by running the rebuild.sh script twice. The resulting ISO files should
be identical.
Currently it's only supported in the chroot/binary phases. Omitting
bootstrap was an oversight.
Note that config/archives/*.conf are assumed to be apt.conf files,
so the apt_auth files are required to end with .auth and will be renamed
to .conf when copied into the chroot.
With this 'distribution', the installer is built from its git
repository, matching the date in SOURCE_DATE_EPOCH.
Additionally the kernel version is matched to the kernel version in the
chroot (to ensure that the installer can be run).
Rationale: The 'daily' installers are not archived, and therefore cannot
be used for a reproducible build.
The installer stage has a clean chroot for its own usage. The chroot
from the chroot stage is available in chroot/chroot (implemented similar
to the binary stage).
This makes the default value of --parent-debian-installer-distribution
the same as --debian-installer-distribution, like the other
--parent-distribution-* options.
The new includes.chroot system implemented in !214 adds the option
to include files in the chroot before and after package installation.
chroot_hostname and chroot_resolv have been updated but not chroot_hosts.
Gbp-Dch: Short
Persist LB_BOOTLOADERS in lb_binary_* configuration, since
Init_config_data called from lb_binary_* calls Prepare_config which
then overrides LB_BOOTLOADER_BIOS and LB_BOOTLOADER_EFI if
LB_ARCHITECTURE is amd64 or i386, and these can only be restored to
their proper values by the presence of LB_BOOTLOADERS.
This therefore ensures that the value of the "--bootloaders" parameter
to lb_config is respected by the lb_binary_* steps.
Allow APT_AUTH.CONF(5) config files to be used with archives.
Note that config/archives/*.conf are assumed to be apt.conf files,
so the apt_auth files are required to end with .auth and will be renamed
to .conf when copied into the chroot.
Closes: #991065
That prevents potential errors during future Remove_packages calls without APT indices available. In such cases, APT tries to remove packages with unrecognized names, which results in an error and fails the script execution. An example of this would be installing apt-utils in chroot_archives with --apt-indices option set to false.
Similar to iso images, the timestamp of a file/folder inside the binary
image cannot be newer than SOURCE_DATE_EPOCH.
Also set the timestamp of the hdd image.
This previously undocumented value for '--chroot-filesystem' creates the
uncompressed folder 'live/filesystem.dir'.
This will speed up the generation of live images a lot, because the
squashfs compression is skipped.
Example command line:
lb config -b hdd --chroot-filesystem plain --binary-filesystem ext4
The package might be missing when building with a minimal configuration,
as recommended in the Live Manual, the example 'Base image' scenario:
'lb config --apt-recommends false --debootstrap-options "--variant=minbase"'
Notes:
- No bootloader is configured; images must be booted via direct kernel
- Tested via qemu + opensbi fw_jump.elf + kernel/initrd
- As riscv64 is currently in ports, the following options are required:
--distribution unstable
--mirror-bootstrap http://ftp.ports.debian.org/debian-ports/
--security false
--debootstrap-options --keyring=/usr/share/keyrings/debian-ports-archive-keyring.gpg
- Normally ports require stacking two dists, unstable and unreleased.
debootstrap does not support doing this, but as of this writing, there
is nothing in riscv64 unreleased which is required to bootstrap.
However, this would not have been possible a year ago.
There are two main scenarios:
1) The host with live-build is configured to use a proxy
This proxy will automatically be used by live-build
2) The user of live-build explicitly specifies a proxy
2A) With the environment variable 'http_proxy' (preferred)
2B) With the command line option --apt-http-proxy
Any inconsistency in the setting of a proxy results in an error message of 'lb config'
All internal tools (apt/apt-get/aptitude, wget and debootstrap) use the environment variables 'http_proxy' and 'no_proxy', which are passed along to the chroot where needed.
Test scenario:
- A virtual machine with all out-going traffic blocked, except for the proxy.
Roland Clobus
Nick Brown
Olivier BLIN
Luca Boccassi
Rob Shearman
Philip Hands
Michał Prochera
Sophie Brun
Ryan Finnie