Compare commits

...

68 Commits

Author SHA1 Message Date
Roland Clobus 3fb606fa75
Apply 'wrap-and-sort' on the debian directory
Contains only whitespace changes
2025-01-10 11:55:11 +01:00
Roland Clobus d5bd2259be
debootstrap: Optionally use 'eatmydata'
If 'eatmydata' is found, use it.
On a CI system calling 'sync' influences the other processes that are
running on the shared host. 'debootstrap' calls 'sync' in its second
stage. For live-build, the synchronisation is not required.
2025-01-10 11:51:25 +01:00
Roland Clobus ddf289332c
test: pre-existing packages 2025-01-08 10:53:14 +01:00
Roland Clobus 64fa84a96b
test: Support reproducible images 2025-01-08 10:52:52 +01:00
Roland Clobus 9d0ed5e5cb
snapshot builds: Add check-valid-until=no in sources.list
When building against the snapshot server, adjust the sources.list entry
such that 'apt-get update' (in the live environment) will not complain
about the expired release file
2025-01-08 10:36:34 +01:00
Roland Clobus 937e5379f2
rebuild.sh: Re-enable snapshot.debian.org 2025-01-07 10:42:56 +01:00
Roland Clobus 3114e202fd
Support for qemu: Use spice-vdagent (Closes: 869569) 2025-01-07 09:59:00 +01:00
Roland Clobus 4b13a602bb
rebuild.sh: Add theme for Trixie
The theme for Trixie is Ceratopsian
https://wiki.debian.org/DebianArt/Themes/Ceratopsian
2025-01-07 09:53:48 +01:00
Roland Clobus 687c6d04e8
Packaging: Add devscripts as build dependency
'make test' calls 'checkbashisms'
2025-01-07 09:52:21 +01:00
Roland Clobus 3542536942
Fix FTBFS for 'make test'
See https://tests.reproducible-builds.org/debian/rb-pkg/bookworm/amd64/live-build.html
2025-01-07 09:43:57 +01:00
Roland Clobus a99e8c3d97
Reproducible: fixes unstable output in dictionaries-common
See #1090981: dictionaries-common: Randomness in emacsen-ispell-dicts.el
(now due to enchant)

This applies the same patch as proposed in the bug report and makes the
output of 'update-dictcommon-aspell' reproducible again.
2024-12-22 15:45:40 +01:00
Roland Clobus 246556b123
Firmwarelist: use POSIX commandline option for awk
Use `-v` instead of `--assign`, which is only supported by gawk
2024-12-16 13:53:21 +01:00
Roland Clobus 137b8e2eed Generate /firmware/Contents-firmware
This file is also present in the netinst image and is used by hw-detect
for efficient lookup of firmware files
2024-12-14 14:32:16 +00:00
Aaron Rainbolt 2bc716193d
Fix memtest support when using dracut-live 2024-12-10 19:34:33 -06:00
Roland Clobus 61d2eb3f30
Installer: fix for arm64 for builds before trixie
The package 'grub-efi-arm64-unsigned' was introduced in trixie
(Closes: #108850)
2024-11-30 21:31:36 +01:00
Roland Clobus 4a8b01df80 Fixes error message for local .deb files in config/packages.chroot.
The error message:
N: Download is performed unsandboxed as root as file '/root/packages/./InRelease' couldn't be accessed by user '_apt'. - pkgAcquire::Run (13: Permission denied)

The _apt user cannot access files in /root/packages, instead /packages
will be used.
2024-11-24 22:41:35 +00:00
Roland Clobus 3e7f5dd851
test: Cached apt indices for local pool is implemented 2024-11-24 17:44:35 +01:00
Roland Clobus 6f6376dd3b
installer: Cached apt indices for local pool
Add the apt indices for the additional source of packages on the live
medium. It allows for installing packages from that source without
running 'apt-get update' first
2024-11-24 17:44:24 +01:00
Roland Clobus f4b19cd8bf
installer: Use UTC timestamps in the Release file
Fixes the "Invalid 'Date' entry in Release File
/var/lib/apt/lists/partial/_run_live_medium_dists_bookworm_Release"
message when running 'apt-get update'
2024-11-24 16:15:08 +01:00
Roland Clobus 5004fe3a15 Reproducible: Regenerate Java cacerts differently
The previous version with faketime can hang Java on some machines. This
solution adds a tiny startup delay when required, but effectively keeps
the image reproducible (because the offending file is not present in the
image, but will be generated on startup)
2024-11-23 16:00:11 +00:00
Roland Clobus f35d546933
test: New test for external deb sources
There are many ways to provide additional .deb packages in the live
images. This regression test helps to ensure that these stay functional.
2024-11-23 15:59:12 +01:00
Roland Clobus cd7b870995
Reproducible: ca-certificates-java
This makes the postinst file from ca-certificates-java
(/etc/ssl/certs/java/cacerts) reproducible.
It contains embedded timestamps for 'now'.
Debian-Junior includes ca-certificates-java and is now reproducible.
2024-11-12 12:26:06 +01:00
Roland Clobus 6374459ad3
Workaround for #1084791 removed.
Source package `rtl8723bt-firmware` was removed from trixie 2024-11-12.
The workaround is no longer required.
2024-11-12 09:34:02 +01:00
Roland Clobus e6efd799fc
Workaround for #1084791 part 3
Package realtek-firmware 20240909-2 migrated to testing/trixie. The
removal of firmware-realtek-rtl8723cs-bt in #1085075 has not taken place
yet, so the workaround needs to be applied to trixie too.
2024-11-06 19:51:10 +01:00
Roland Clobus 0bf71641ef
man: Use $LIVE_BUILD if set
The '--help' option will show the updated manpage if LIVE_BUILD is set
2024-11-06 11:32:23 +01:00
Roland Clobus e4168673d1
autopkgtest: Use 'stable' and 'testing'
Use the stable names instead of the codenames to reduce maintenance of
the autopkgtests.
2024-11-06 11:30:53 +01:00
Roland Clobus 30d39f812e
lb config: --distribution defaults to testing 2024-11-06 11:30:41 +01:00
Roland Clobus 0959dda89f
dracut: Support diverted configuration files of Calamares
When a configuration file for Calamares is diverted by e.g.
`config-package-dev`, it becomes a symlink. The in-place modifications
must be applied on the symlinked file, not on a newly created copy.
After removal of the package, no remainders are left.

See https://salsa.debian.org/live-team/live-build/-/merge_requests/353#note_540394
2024-11-01 17:39:22 +01:00
Roland Clobus 111a6c2c65
Installer: use the http proxy 2024-10-31 17:59:15 +01:00
Aaron Rainbolt 7349ab156f
Handle loopback booting with dracut-live properly
dracut uses the `iso-scan/filename` kernel parameter for loopback
booting with tools like Super Grub Disk, whereas live-boot uses the
`findiso` parameter for this purpose. Conditionally set which one is
used depending on the selected initramfs.
2024-10-31 00:23:01 -05:00
Roland Clobus 399393565c
Workaround for #1084791 part 2
The previous commit did not work properly.
Now output is generated that shows whether the workaround has been
applied or needs to be removed again.
2024-10-28 11:36:06 +01:00
Roland Clobus bb7e9e6368 Workaround for #1084791
There is a file conflict in the non-free-firmware realtek packages,
which prevent the sid live images from being built.

This workaround will be removed a soon as the bug is resolved.
2024-10-26 10:21:55 +00:00
Roland Clobus 48e4864fde
Pipeline: turn off the arm64 pipeline for non-DDs
The default arm64 (and riscv64) runners on Salsa are only available for
DDs. Instead of enabling the runners for the main namespace, they are
only turned off for non-DDs.

See the documentation at
https://salsa.debian.org/salsa-ci-team/pipeline#enable-building-on-arm-and-risc-v
2024-10-26 10:42:57 +02:00
Roland Clobus 5b7e7f5432
Typo: fixed layout for some commandline options 2024-10-25 11:39:41 +02:00
Roland Clobus 567e03034b
Add support for dracut
Mini case:
`lb config --distribution sid --debian-installer none --cache-packages false --archive-areas "main" --initramfs dracut-live`

Support includes debian-installer and Calamares

Closes: #1031903
2024-10-25 11:39:28 +02:00
Nick Brown 9ae2c0105c Add support for proposed-update archives
Can be selected in much the same vain as backports, updates and security
archive sources. Defaults to false like backports.

Closes: #1069045
2024-10-11 14:30:16 +00:00
Emanuele Rocca 719441e744 Add git to Suggests
The git command is needed in a few places, including when using
'--debian-installer-distribution git' and '--config GIT_URL'.
2024-10-11 14:28:40 +00:00
Emanuele Rocca c02973d21a Test ISO building on Salsa
Add two test stage CI jobs that build minimal ISOs on amd64 and arm64 runners
called 'ISO amd64' and 'ISO arm64' respectively.
2024-09-04 16:58:40 +02:00
Emanuele Rocca ccf1f49bb9 lb source: fetch source packages once
Iterate over source package names and call `apt-get source $srcpkg`, instead of
looping over binary package names and calling `apt-get source $binpkg`.

Taking libreoffice as an example, this means calling `apt-get source
libreoffice` once instead of hundreds of times.

Specify --only-source in `apt-get source` to make explicit the fact that the
argument is a source package name. This is necessary to make ambiguous cases
work, such as `libftdi1` which is both a source package name and a binary
package provided by a different source, `libftdi`.

The checksums in source/{live,debian}/sha256sum.txt are identical with and
without this patch.
2024-09-02 16:49:14 +02:00
Roland Clobus 7f28a6dea5
rebuild.sh: Support Debian-Junior 2024-09-02 09:26:11 +02:00
Emanuele Rocca a8cceda195 Add arm64 packages for post-installation 2024-08-30 18:05:11 +00:00
Emanuele Rocca 08d7ddba8b Always add live-installer to udeb_include
We need to ensure that anna always auto-loads live-installer when running d-i
to install a live system, regardless of the presence of a udeb_include to copy.
2024-08-29 18:13:10 +02:00
Roland Clobus 7a094b296d
Fix for #1057853: Missing Calamares icon for KDE on bookworm 2024-08-28 22:43:53 +02:00
Roland Clobus 86078425e2
Installer: fix for bookworm and bullseye
The package 'grub-efi-amd64-unsigned' was introduce in trixie
2024-08-28 22:43:06 +02:00
Roland Clobus c7bc5f311c
Installer: Calamares also needs the unsigned GRUB packages for offline installation 2024-08-23 12:23:50 +02:00
Roland Clobus 2ceebabfa4
Change default for zsync to false
* zsync was orphaned 2021-09-19 #994648
* zsync FTBFS with GCC-14 #1075710
* zsync was only available for iso and iso-hybrid
* zsync output is ignored by the live-setup package which generates the
  official live images
2024-08-14 10:35:04 +02:00
Luca Boccassi ebbb6e0c2c Update changelog for 1:20240810 release 2024-08-10 00:08:48 +01:00
Helmut Grohne 0eb97d9c36 duplicate aliased diversions for DEP17
/bin/hostname and /sbin/start-stop-daemon are being moved from / to /usr
in trixie. Hence, these diversions become ineffective. Temporarily add
both diversions to handle both variants.

Closes: #1064408
2024-08-10 00:07:25 +01:00
Luca Boccassi 24bfe093f8 Create local /etc/os-release with metadata about the live image
Add IMAGE_ID=live and BUILD_ID set to a human-readable SOURCE_DATE_EPOCH.
If building sid, also fix the broken VERSION_CODENAME so that it matches
reality.
2024-08-09 23:48:37 +01:00
Roland Clobus 89556fb77e
arm64: Only add .disk/udeb_include when the source file exists 2024-08-02 10:31:55 +02:00
Roland Clobus a05946d32c
Fix git installer build for arm64 2024-08-02 10:31:42 +02:00
Roland Clobus 22c48e92be
Fixed: select the package name for firmware packages
When the firmware package contains file names with spaces (e.g.
firmware-brcm80211, 20240610-1), pick the correct column for the package
section
2024-07-17 20:31:48 +02:00
Roland Clobus f2e750e6f7
installer: offline installation with calamares
After MR https://salsa.debian.org/live-team/calamares-settings-debian/-/merge_requests/5
was fixed for Calamares, the live installer now needs grub-efi as well
when running the installer in offline mode.
2024-06-24 08:23:40 +02:00
Roland Clobus 06d178aac0
Restore support for bullseye and bookworm
Bullseye and bookworm don't have the t64 packages, so the script checks
the availability of the suitable packages
2024-06-20 22:36:30 +02:00
Luca Boccassi b1247f717c d/control: bump Standards-Version to 4.7.0, no changes 2024-05-25 12:23:13 +01:00
Roland Clobus cf963c36b1
binary_includes: Activate when the directory exists (Closes: #1069349) 2024-05-03 08:16:27 +02:00
Roland Clobus 4f7f59f9e5 installer: Also add the t64 versions of the libraries
Fixes the installer for the standard image on BIOS boot
2024-05-01 05:47:31 +00:00
Roland Clobus a5bd0ed8ce Architecture checking is not required any more
The qemu-static binary on the host runs the foreign binaries
2024-04-29 16:27:41 +00:00
Roland Clobus f290d31960 hooks: Remove /etc/.pwd.lock and /run/mount/utab
When the zero-byte file /etc/.pwd.lock is present in the ISO image,
diffoscope will abort
(https://salsa.debian.org/reproducible-builds/diffoscope/-/issues/367)

This file will be generated when needed, so it can be removed from the
image.

Cleanup /run/mount/utab (and its directory)
2024-04-29 16:27:41 +00:00
Roland Clobus 724f449e0d binary_bootloader_splash: New script
Allows for scenarios without syslinux (e.g. arm64)
Breaking change: custom splash.svg images must be placed in
config/bootloaders
2024-04-29 16:27:41 +00:00
Roland Clobus 2f1acabc41 Cross-build: arm64 support
Work together with Emanuele Rocca during MiniDebCamp Hamburg 2024
* rebuild: New command line option: --architecture
* installer: Enable the GTK installer
* bootloader: Set a default bootloader
* no qemu-binary in chroot
2024-04-29 16:27:41 +00:00
Roland Clobus 4a35ad2954 Rebuild: Always show the active settings 2024-04-29 16:27:41 +00:00
Roland Clobus 39b343fe0c
Remove 'nolapic' from the safe boot options.
This is a work around for #1068515
2024-04-28 22:28:26 +02:00
Roland Clobus 605868e21d
Allow for shim-only secure UEFI boot
When grub-efi-amd64-signed and grub-common have mismatched
dependencies (e.g. due to binNMUs), allow a shim-only secure boot.
The user has to enroll the hash of the EFI/boot/grub*.efi file and then
secure booting can continue.
Shim-only is supported only for '--uefi-secure-boot=auto'
2024-03-24 11:04:02 +01:00
Marcel Partap 518534d352 container hooks: make nspawn work inside nspawn
https://bugs.archlinux.org/task/55082 :
> This is probably caused by the fact that `systemd-nspawn` now registers
> a scope when `--register=no` is specified, unless `--keep-unit` is also
> specified [1].
[1] https://github.com/systemd/systemd/pull/6166
2024-02-23 22:36:50 +01:00
Roland Clobus 0845468303 Reproducible install-info
This fixes the last non-reproducible file for KDE (bookworm):
* install-info has an unstable sort when a new section is started
  Newer versions (not yet released) have been fixed
* The backup file (dir.old) does not need to be in the live image
2024-02-23 16:54:07 +00:00
Roland Clobus 0c3b3905b5 Fixed udeb handling 2024-02-23 16:53:17 +00:00
Roland Clobus 516e8ded70
Reproducible: Fix for vlc (used by the Bookworm KDE image) 2024-02-07 22:40:51 +01:00
60 changed files with 1978 additions and 381 deletions

View File

@ -4,7 +4,7 @@ SHELL := sh -e
LANGUAGES = $(shell cd manpages/po && ls)
SCRIPTS = frontend/* functions/* examples/auto/* examples/hooks/* scripts/*.sh scripts/*/* share/bin/* share/hooks/*/*
SCRIPTS = frontend/* functions/* examples/auto/* examples/hooks/*.chroot examples/hooks/reproducible/*.chroot scripts/*.sh scripts/*/* share/bin/* share/hooks/*/*
all: build

View File

@ -1 +1 @@
squeeze
trixie

1
data/debian-cd/testing Symbolic link
View File

@ -0,0 +1 @@
trixie

View File

@ -0,0 +1,2 @@
This is a manual copy of the exclude lists is debian-cd/data
https://salsa.debian.org/images-team/debian-cd

View File

@ -0,0 +1,4 @@
choose-mirror
netcfg
ethdetect
pcmciautils-udeb

View File

@ -0,0 +1,3 @@
netcfg
ethdetect
pcmciautils-udeb

View File

@ -0,0 +1,3 @@
netcfg
ethdetect
pcmciautils-udeb

View File

@ -0,0 +1,143 @@
# These udebs build the d-i cdrom initrd. As such, there is no reason
# to keep another copy of them on the CD in udeb form.
#
# This duplicates data found in the file build/pkg-lists/kernel, in d-i svn
kernel-image-*
# build/pkg-lists/base in d-i svn
archdetect
rootskel
main-menu
cdebconf-udeb
udpkg
anna
di-utils
di-utils-shell
di-utils-reboot
lowmemcheck
# build/pkg-lists/cdrom/common, in d-i svn (also included in the
# root+cd-drivers floppies)
busybox-udeb
installation-locale
localechooser
iso-3166-udeb
hw-detect
cdrom-detect
cdrom-retriever
load-cdrom
cdrom-checker
bogl-bterm-udeb
di-utils-terminfo
cdebconf-priority
cdebconf-newt-udeb
usb-discover
preseed-common
initrd-preseed
file-preseed
nano-udeb
floppy-retriever
libfribidi0-udeb
# Already on the initrd as dependencies
libdebconfclient0-udeb
libdebian-installer4-udeb
libdebian-installer-extra4-udeb
# These udebs are only useful in building the boot floppy image
busybox-floppy-udeb
rootskel-bootfloppy
# Graphical installer: common udebs included in initrd
rootskel-gtk
cdebconf-gtk-udeb
fontconfig-udeb
gtk2-engines-udeb
libatk1.0-udeb
libexpat1-udeb
libfreetype6-udeb
libglib2.0-udeb
libgtk2-engines-udeb
libpango1.0-udeb
libpcre3-udeb
libpixman-1-0-udeb
libpng*-udeb
libsdl1.2debian-udeb
mouse-modules-*
ttf-*
fbset-udeb
# Graphical installer: udebs for directfb
libdirectfb-*-udeb
libcairo-directfb2-udeb
libgtk-directfb-2.0-0-udeb
# Graphical installer: udebs for X.Org
xserver-xorg-core-udeb
xserver-xorg-input-evdev-udeb
xserver-xorg-video-fbdev-udeb
x11-xkb-utils-udeb
xkb-data-udeb
libcairo2-udeb
libdrm2-udeb
libfontenc1-udeb
libgtk-x11-udeb
libpciaccess0-udeb
libx11-6-udeb
libxau6-udeb
libxcb1-udeb
libxcursor1-udeb
libxdmcp6-udeb
libxext6-udeb
libxfixes3-udeb
libxfont1-udeb
libxft2-udeb
libxi6-udeb
libxinerama1-udeb
libxkbfile1-udeb
libxrender1-udeb
# Graphical installer: terminal support is included in initrd
cdebconf-gtk-terminal
libvte9-udeb
# Not currently used
cdebootstrap-udeb
hdparm-udeb
dhcp-client-udeb
# This package is only useful in the d-i-demo
di-utils-exit-installer
# No need for these loaders.
download-installer
load-floppy
# Only useful in the hd-media initrd
iso-scan
load-iso
# These are not really needed, the regular netcfg subsumes them
netcfg-static
# skolelinux stuff, not for the stock CDs
debian-edu-install-udeb
debian-edu-profile-udeb
debian-edu-archive-keyring-udeb
ltsp-client-builder
autopartkit
# live CD stuff
live-installer
simple-cdd-profiles
# If needed, will be on the initrd already
module-init-tools-udeb
env-preseed
rescue-check
cdebconf-text-udeb
brltty-udeb
klibc-utils-udeb
libklibc-udeb
udev-udeb
udev-gtk-udeb
ai-choosers
auto-install
libslang2-udeb
kbd-chooser
kbd-udeb
console-setup-*
# Currently unused
debian-ports-archive-keyring-udeb
emdebian-archive-keyring-udeb
nbd-client-udeb
pwgen-udeb
# Eh?
gnumach-udeb
# We only support grub these days, drop lilo and elilo
lilo-installer
elilo-installer

View File

@ -0,0 +1,42 @@
# These udebs are in the d-i cdrom initrd and the hd-media initrd.
# As such, there is no reason to keep another copy of them on the CD
# in udeb form.
console-keymaps-at
console-keymaps-usb
kbd-chooser
acpi-modules-*
ata-modules-*
cdrom-core-modules-*
core-modules-*
fat-modules-*
fb-modules-*
ide-core-modules-*
ide-modules-*
input-modules-*
isofs-modules-*
mmc-modules-*
nls-core-modules-*
parport-modules-*
pcmcia-modules-*
sata-modules-*
scsi-common-modules-*
scsi-core-modules-*
scsi-modules-*
serial-modules-*
speakup-modules-*
usb-modules-*
usb-serial-modules-*
usb-storage-modules-*
# Not used on amd64
console-keymaps-acorn
console-keymaps-amiga
console-keymaps-atari
console-keymaps-dec
console-keymaps-sun
# Not needed with the 2.6 kernel on amd64.
userdevfs
# Only needed on arches that use partconf or autopartkit.
partconf-mkfstab
# Not needed on arches that use partman
mdcfg
lvmcfg

View File

@ -0,0 +1 @@
apt-mirror-setup

View File

@ -1 +1 @@
squeeze
sid

105
debian/changelog vendored
View File

@ -1,3 +1,108 @@
live-build (1:20240810) unstable; urgency=medium
[ Roland Clobus ]
* Workaround for #1023472
* Revert previous commit to test/rebuild.sh
[ Thore Sommer ]
* ISO generation: add support for hybrid ISOs with grub-pc
[ Roland Clobus ]
* non-free firmware detection: in chroot, not on host
* If there is more than one kernel for the installer, use the newest
* Installer: ignore the configured kernel version
* Filter the firmware list (Closes: 1035382)
* Set additional meta information
[ David Hewitt ]
* Follow symlinks while copying shim files
[ Roland Clobus ]
* rebuild: update --disk-info
[ Marcel Partap ]
* Create binary_chroot stagefiles when skipping, too
* Remove ancient hook 9030-remove-apt-sources-lists that was never run
[ jfliu ]
* binary_iso: fix iso-hybrid images with EFI bootloader
[ Roland Clobus ]
* Use LC_ALL=C for sort
* Fix and correctly suppress lintian warnings
* Apply predictable timestamps in the source image
* binary_syslinux: Ensure the availability of the font of splash.svg
* binary_rootfs: Fixed test for /etc/mtab (Closes: #1032408)
* binary_disk: Don't create .disk/archive_trace any more
* rebuild.sh: Consistent timestamp of theme.txt
[ Arnaud Rebillout ]
* efi-image: Fix missing part_* modules in boot<platform>.efi
* efi-image: Fix <platform>/grub.cfg, variables must NOT be expanded
[ Roland Clobus ]
* Remove unneeded cached files from appstream
* Reproducible: fixes the last two issues for Debian 12.3
[ Emanuele Rocca ]
* chroot_sysfs: umount efivarfs if mounted
[ Roland Clobus ]
* Apply policykit fix when needed.
* rebuild: Don't use a symlink for the splash screen
[ Unit 193 ]
* firmwarelists.sh: Account for usrmerged firmware packages.
[ Roland Clobus ]
* Workaround for #1058994
* installer: The kernel version does not need to have a Debian-version
* The installer now requires grub-common and dependencies
* Installer: Support trixie
* Installer: fix for previous commit
[ Patrick Schleizer ]
* fix: check correct dependency package grub-common instead of grub-pc
* also check if grub-pc-bin dependency is available
* reproducible builds: use cp -a when copying binary/boot/grub/i386-pc
[ Roland Clobus ]
* Reproducible: Fix for vlc (used by the Bookworm KDE image)
* Fixed udeb handling
* Reproducible install-info
[ Marcel Partap ]
* container hooks: make nspawn work inside nspawn
[ Roland Clobus ]
* Allow for shim-only secure UEFI boot
* Remove 'nolapic' from the safe boot options.
* Rebuild: Always show the active settings
* Cross-build: arm64 support
* binary_bootloader_splash: New script
* hooks: Remove /etc/.pwd.lock and /run/mount/utab
* Architecture checking is not required any more
* installer: Also add the t64 versions of the libraries
* binary_includes: Activate when the directory exists (Closes: #1069349)
[ Luca Boccassi ]
* d/control: bump Standards-Version to 4.7.0, no changes
[ Roland Clobus ]
* Restore support for bullseye and bookworm
* installer: offline installation with calamares
* Fixed: select the package name for firmware packages
* Fix git installer build for arm64
* arm64: Only add .disk/udeb_include when the source file exists
[ Luca Boccassi ]
* Create local /etc/os-release with metadata about the live image
[ Helmut Grohne ]
* duplicate aliased diversions for DEP17 (Closes: #1064408)
-- Luca Boccassi <bluca@debian.org> Sat, 10 Aug 2024 00:08:10 +0100
live-build (1:20230502) unstable; urgency=medium
* Team upload

42
debian/control vendored
View File

@ -3,12 +3,9 @@ Section: misc
Priority: optional
Maintainer: Debian Live <debian-live@lists.debian.org>
Uploaders: Raphaël Hertzog <raphael@offensive-security.com>,
Luca Boccassi <bluca@debian.org>,
Build-Depends:
debhelper-compat (= 13),
po4a,
gettext,
Standards-Version: 4.6.0
Luca Boccassi <bluca@debian.org>
Build-Depends: debhelper-compat (= 13), devscripts, gettext, po4a
Standards-Version: 4.7.0
Rules-Requires-Root: no
Homepage: https://wiki.debian.org/DebianLive
Vcs-Browser: https://salsa.debian.org/live-team/live-build
@ -16,26 +13,19 @@ Vcs-Git: https://salsa.debian.org/live-team/live-build.git
Package: live-build
Architecture: all
Depends:
cpio,
debootstrap,
${misc:Depends},
Recommends:
apt-utils,
bzip2,
cryptsetup,
file,
live-boot-doc,
live-config-doc,
live-manual-html | live-manual,
rsync,
systemd-container,
wget,
xz-utils,
Suggests:
e2fsprogs,
parted,
mtd-utils,
Depends: cpio, debootstrap, ${misc:Depends}
Recommends: apt-utils,
bzip2,
cryptsetup,
file,
live-boot-doc,
live-config-doc,
live-manual-html | live-manual,
rsync,
systemd-container,
wget,
xz-utils
Suggests: e2fsprogs, eatmydata, git, mtd-utils, parted
Description: Live System Build Components
The Debian Live project maintains the components to build Debian based Live
systems and the official Debian Live images themselves.

51
debian/gitlab-ci.yml vendored
View File

@ -2,3 +2,54 @@
include:
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
- https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
variables:
SALSA_CI_DISABLE_BUILD_PACKAGE_ANY: 1
SALSA_CI_DISABLE_BUILD_PACKAGE_I386: 1
.lb-build:
stage: test
script:
- apt-get update
- apt-get install -y "$(find . -type f -name '*.deb')"
- lb --version
# We need to stay within the maximum limit for artifacts on Salsa (250M),
# so disable a few things
- lb config --apt-indices false --apt-recommends false --firmware-chroot false --source false --distribution sid --updates false --debootstrap-options "--variant=minbase" --bootloaders grub-efi
# But do install user-setup and sudo to have a usable image
- echo "user-setup sudo" > config/package-lists/recommends.list.chroot
# xz compresses initrds much better than zstd
- echo xz-utils >> config/package-lists/live.list.chroot
- mkdir -p config/includes.chroot_after_packages/etc/initramfs-tools/conf.d/
- printf 'COMPRESS=xz\nCOMPRESSLEVEL=9\n' > config/includes.chroot_after_packages/etc/initramfs-tools/conf.d/compress
# Remove stuff not really needed to boot
- echo 'rm -rf /usr/share/doc/* /usr/share/i18n/* /usr/share/man/* /usr/share/locale/*' >> config/hooks/normal/9020-remove-man-cache.hook.chroot
# Build the ISO
- lb build
- ls -lh
- cp live-image-${BUILD_ARCH}.contents ${WORKING_DIR}
- cp live-image-${BUILD_ARCH}.hybrid.iso ${WORKING_DIR}
artifacts:
when: always
paths:
- ${WORKING_DIR}/live-image-${BUILD_ARCH}.contents
- ${WORKING_DIR}/live-image-${BUILD_ARCH}.hybrid.iso
needs:
- job: build
artifacts: true
ISO amd64:
extends:
- .lb-build
variables:
BUILD_ARCH: 'amd64'
ISO arm64:
extends:
- .lb-build
rules:
- if: $CI_PROJECT_ROOT_NAMESPACE != "rclobus-guest"
variables:
BUILD_ARCH: 'arm64'
tags:
- $SALSA_CI_ARM_RUNNER_TAG

View File

@ -4,6 +4,12 @@ set -eu
set -o pipefail
cd "${AUTOPKGTEST_TMP}"
lb config --verbose --updates false --security false
# Use the default values
lb config --verbose
# Verify some values
lb config --dump | grep 'LB_DISTRIBUTION="testing"'
lb config --dump | grep 'LB_UPDATES="true"'
lb config --dump | grep 'LB_SECURITY="true"'
lb config --dump | grep 'LB_PROPOSED_UPDATES="false"'
lb build --verbose
ls -l

View File

@ -4,6 +4,11 @@ set -eu
set -o pipefail
cd "${AUTOPKGTEST_TMP}"
lb config --verbose --updates true --security true --distribution buster
# A minimal command line
lb config --verbose --distribution stable
# Verify some default values
lb config --dump | grep 'LB_UPDATES="true"'
lb config --dump | grep 'LB_SECURITY="true"'
lb config --dump | grep 'LB_PROPOSED_UPDATES="false"'
lb build --verbose
ls -l

21
debian/tests/control vendored
View File

@ -1,11 +1,20 @@
Tests: build-default-image
Depends: live-build,
Restrictions: needs-root, allow-stderr, needs-internet
Depends: live-build
Restrictions: allow-stderr, needs-internet, needs-root
Tests: build-stable-image
Depends: live-build,
Restrictions: needs-root, allow-stderr, needs-internet
Depends: live-build
Restrictions: allow-stderr, needs-internet, needs-root
Tests: build-kali-image
Depends: live-build, git, ca-certificates, curl, apt-utils, bzip2, cpio, file, wget, xz-utils
Restrictions: needs-root, allow-stderr, flaky, needs-internet
Depends: apt-utils,
bzip2,
ca-certificates,
cpio,
curl,
file,
git,
live-build,
wget,
xz-utils
Restrictions: allow-stderr, flaky, needs-internet, needs-root

View File

@ -0,0 +1,87 @@
#!/bin/sh
set -e
# vlc-cache-gen uses readdir() which depends on the order in the filesystem
# Don't run if vlc is not installed
if [ ! -x /usr/lib/x86_64-linux-gnu/vlc/vlc-cache-gen ];
then
exit 0
fi
# Don't run if the cache file does not exist
if [ ! -e /usr/lib/x86_64-linux-gnu/vlc/plugins/plugins.dat ];
then
exit 0
fi
# Install disorderfs when needed and mark for removal at the end
_DISORDERFS_PREINSTALLED=yes
if [ ! -x /usr/bin/disorderfs ];
then
_DISORDERFS_PREINSTALLED=no
apt-get install --yes disorderfs
fi
# Install the fuse device (needed by disorderfs) and mark for removal at the end
_FUSE_DEVICE_PRESENT=yes
if [ ! -e /dev/fuse ];
then
_FUSE_DEVICE_PRESENT=no
mknod /dev/fuse c 10 229
fi
# Check for changes in the cache file, for suppressing the output if no change was made
_CHECK_FOR_CHANGES=yes
if [ ! -x /usr/bin/sha256sum ];
then
_CHECK_FOR_CHANGES=no
fi
# Prepare a directory with a stable sorting order
_ORDERED_DIR=$(mktemp --directory)
disorderfs /usr/lib/x86_64-linux-gnu/vlc/plugins ${_ORDERED_DIR} --reverse-dirents=no --sort-dirents=yes --quiet
# The checksum of the original file
if [ "${_CHECK_FOR_CHANGES}" = "yes" ];
then
sha256sum /usr/lib/x86_64-linux-gnu/vlc/plugins/plugins.dat > ${_ORDERED_DIR}/before.sha256sum
fi
# Regenerate the cache file in a directory which guarantees the sorting order of the files
/usr/lib/x86_64-linux-gnu/vlc/vlc-cache-gen ${_ORDERED_DIR}
# Verify the checksum for changes
if [ "${_CHECK_FOR_CHANGES}" = "yes" ];
then
_HOOK_WAS_NEEDED=no
sha256sum --check ${_ORDERED_DIR}/before.sha256sum --status || _HOOK_WAS_NEEDED=yes
rm -f ${_ORDERED_DIR}/before.sha256sum
fi
# Cleanup
fusermount -u ${_ORDERED_DIR}
rmdir ${_ORDERED_DIR}
if [ "${_DISORDERFS_PREINSTALLED}" = "no" ];
then
apt-get remove --yes --purge disorderfs
apt-get autoremove --yes
fi
if [ "${_FUSE_DEVICE_PRESENT}" = "no" ];
then
rm -f /dev/fuse
fi
# Report only when either a change was detected or not detectable (due to missing tools)
if [ "${_CHECK_FOR_CHANGES}" = "yes" ];
then
if [ "${_HOOK_WAS_NEEDED}" = "yes" ];
then
echo "P: $(basename $0) Reproducible hook has been applied"
fi
else
echo "P: $(basename $0) Reproducible hook has been applied"
fi

View File

@ -0,0 +1,42 @@
#!/bin/sh
set -e
# install-info has an unstable sort order when a new section is added
# Fixed by https://git.savannah.gnu.org/cgit/texinfo.git/commit/?id=01b5a4b9c33bef08feae041c221f820a1c76749f
#
# The postinst-hook of install-info depends on the natural order of the
# filesystem and deletes the existing dir file beforehand.
# Installing the same info.gz file again follows a different code path,
# which has a stable sort order
# Don't run if install-info is not installed
if [ ! -x /usr/bin/install-info ];
then
exit 0
fi
# Don't run if install-info is sufficiently new
if dpkg --compare-versions $(dpkg-query --show --showformat '${Version}\n' install-info | head -1) gt 7.2~;
then
exit 0
fi
# Keep the original file
cp /usr/share/info/dir /tmp/before
# dir, dircolors, dirname / pr, printenv, printf / tr, true, truncate / who, whoami
install-info /usr/share/info/coreutils.info.gz /usr/share/info/dir
# diff, diff3
install-info /usr/share/info/diffutils.info.gz /usr/share/info/dir
# dirmngr, dirmngr-client
if [ -e /usr/share/info/gnupg.info.gz ];
then
install-info /usr/share/info/gnupg.info.gz /usr/share/info/dir
fi
# Only report when the hook has made a difference
if ! diff /tmp/before /usr/share/info/dir > /dev/null;
then
echo "P: $(basename $0) Reproducible hook has been applied"
fi
rm -f /tmp/before

View File

@ -0,0 +1,64 @@
#!/bin/sh
set -e
# /etc/ssl/certs/java/cacerts is a keystore
# Due to cryptographic requirements, it will be non-reproducible
# as it embeds timestamps
# It can be re-generated with low overhead
# Don't run if ca-certificates-java is not installed
if [ ! -e /etc/ssl/certs/java/cacerts ];
then
exit 0
fi
# Remove the file
rm -f /etc/ssl/certs/java/cacerts
# Add a hook to live-config to recreate it
cat << EOF > /usr/lib/live/config/5000-ca-certificates-java
#!/bin/sh
. /lib/live/config.sh
## live-config(7) - System Configuration Components
## Copyright (C) 2024 The Debian Live team
##
## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
## This is free software, and you are welcome to redistribute it
## under certain conditions; see COPYING for details.
Init ()
{
# Checking if package is installed
if ! pkg_is_installed "ca-certificates-java" || \\
component_was_executed "ca-certificates-java"
then
exit 0
fi
# If the keystore is embedded in the image, don't touch it
if [ -e /etc/ssl/certs/java/cacerts ]
then
exit 0
fi
echo -n " ca-certificates-java"
}
Config ()
{
# Re-generate the keystore
touch /var/lib/ca-certificates-java/fresh
dpkg-reconfigure ca-certificates-java
# Creating state file
touch /var/lib/live/config/ca-certificates-java
}
Init
Config
EOF
chmod u=rwx,go=rx /usr/lib/live/config/5000-ca-certificates-java
echo "P: $(basename $0) Reproducible hook has been applied"

View File

@ -0,0 +1,25 @@
#!/bin/sh
set -e
# update-dictcommon-aspell creates a file with content depending on PERL_HASH_SEED
# A bug report with patch is available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090981
# This script duplicates that patch
# Don't run if the file is not present
if [ ! -e /usr/share/perl5/Debian/DictionariesCommon.pm ];
then
exit 0
fi
# If DictionariesCommon.pm already contains a sort statement at line 656, there is no need to patch the file
if sed -e '656p;d' /usr/share/perl5/Debian/DictionariesCommon.pm | grep -q "foreach my \$k (sort keys"
then
exit 0
fi
# Patch the Perl script (at line 656)
sed -i -e '656s/keys/sort keys/' /usr/share/perl5/Debian/DictionariesCommon.pm
update-dictcommon-aspell
echo "P: $(basename $0) Reproducible hook has been applied"

View File

@ -1,81 +0,0 @@
#!/bin/sh
## live-build(7) - System Build Scripts
## Copyright (C) 2016-2020 The Debian Live team
## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
##
## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
## This is free software, and you are welcome to redistribute it
## under certain conditions; see COPYING for details.
Check_architectures ()
{
local ARCHITECTURE
for ARCHITECTURE in "${@}"; do
if [ "${ARCHITECTURE}" = "${LB_ARCHITECTURE}" ]; then
return
fi
if [ "${ARCHITECTURE}" = "${LB_BOOTSTRAP_QEMU_ARCHITECTURE}" ]; then
if [ ! -e "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
Echo_warning "skipping %s, qemu-static binary ${LB_BOOTSTRAP_QEMU_ARCHITECTURE} was not found" "${0}"
continue
fi
if [ ! -x "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
Echo_warning "skipping %s, qemu-static binary ${LB_BOOTSTRAP_QEMU_STATIC} is not executable" "${0}"
continue
fi
return
fi
done
Echo_warning "skipping %s, foreign architecture(s)." "${0}"
exit 0
}
Check_crossarchitectures ()
{
local HOST
if command -v dpkg >/dev/null; then
HOST="$(dpkg --print-architecture)"
else
HOST="$(uname -m)"
fi
local CROSS
case "${HOST}" in
amd64|i386|x86_64)
CROSS="amd64 i386"
;;
arm64)
CROSS="arm64 armhf armel"
;;
powerpc|ppc64)
CROSS="powerpc ppc64"
;;
*)
CROSS="${HOST}"
;;
esac
if [ "${LB_ARCHITECTURE}" = "${LB_BOOTSTRAP_QEMU_ARCHITECTURE}" ]; then
if [ ! -e "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
Echo_warning "skipping %s, qemu-static binary ${LB_BOOTSTRAP_QEMU_ARCHITECTURE} was not found" "${0}"
exit 0
fi
if [ ! -x "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
Echo_warning "skipping %s, qemu-static binary ${LB_BOOTSTRAP_QEMU_STATIC} is not executable" "${0}"
exit 0
fi
return
fi
Check_architectures ${CROSS}
}

View File

@ -41,7 +41,7 @@ Prepare_config ()
LB_MODE="${LB_MODE:-debian}"
LB_DERIVATIVE="false"
LB_DISTRIBUTION="${LB_DISTRIBUTION:-bullseye}"
LB_DISTRIBUTION="${LB_DISTRIBUTION:-testing}"
LB_DISTRIBUTION_CHROOT="${LB_DISTRIBUTION_CHROOT:-${LB_DISTRIBUTION}}"
LB_DISTRIBUTION_BINARY="${LB_DISTRIBUTION_BINARY:-${LB_DISTRIBUTION_CHROOT}}"
@ -280,20 +280,14 @@ Prepare_config ()
case "${LB_PARENT_DISTRIBUTION_BINARY}" in
sid|unstable)
LB_SECURITY="${LB_SECURITY:-false}"
LB_UPDATES="${LB_UPDATES:-false}"
LB_PROPOSED_UPDATES="${LB_PROPOSED_UPDATES:-false}"
;;
*)
LB_SECURITY="${LB_SECURITY:-true}"
;;
esac
case "${LB_PARENT_DISTRIBUTION_BINARY}" in
sid|unstable)
LB_UPDATES="${LB_UPDATES:-false}"
;;
*)
LB_UPDATES="${LB_UPDATES:-true}"
LB_PROPOSED_UPDATES="${LB_PROPOSED_UPDATES:-false}"
;;
esac
@ -309,7 +303,16 @@ Prepare_config ()
case "${LB_ARCHITECTURE}" in
amd64|i386)
LB_BOOTLOADER_BIOS="${LB_BOOTLOADER_BIOS:-syslinux}"
if [ "${LB_INITRAMFS}" = "dracut-live" ]; then
LB_BOOTLOADER_BIOS="${LB_BOOTLOADER_BIOS:-grub-pc}"
else
LB_BOOTLOADER_BIOS="${LB_BOOTLOADER_BIOS:-syslinux}"
fi
if ! In_list "${LB_IMAGE_TYPE}" hdd netboot; then
LB_BOOTLOADER_EFI="${LB_BOOTLOADER_EFI:-grub-efi}"
fi
;;
arm64)
if ! In_list "${LB_IMAGE_TYPE}" hdd netboot; then
LB_BOOTLOADER_EFI="${LB_BOOTLOADER_EFI:-grub-efi}"
fi
@ -339,7 +342,7 @@ Prepare_config ()
LB_COMPRESSION="${LB_COMPRESSION:-none}"
LB_ZSYNC="${LB_ZSYNC:-true}"
LB_ZSYNC="${LB_ZSYNC:-false}"
LB_BUILD_WITH_CHROOT="${LB_BUILD_WITH_CHROOT:-true}"
@ -386,15 +389,28 @@ Prepare_config ()
fi
fi
LB_ISO_APPLICATION="${LB_ISO_APPLICATION:-Debian Live}"
LB_ISO_PREPARER="${LB_ISO_PREPARER:-live-build @LB_VERSION@; https://salsa.debian.org/live-team/live-build}"
LB_ISO_PUBLISHER="${LB_ISO_PUBLISHER:-Debian Live project; https://wiki.debian.org/DebianLive; debian-live@lists.debian.org}"
# The string @ISOVOLUME_TS@ must have the same length as the output of `date +%Y%m%d-%H:%M`
LB_ISO_VOLUME="${LB_ISO_VOLUME:-Debian ${LB_DISTRIBUTION} @ISOVOLUME_TS@}"
case "${LB_INITRAMFS}" in
live-boot)
LB_BOOTAPPEND_LIVE="${LB_BOOTAPPEND_LIVE:-boot=live components quiet splash}"
LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-boot=live components memtest noapic noapm nodma nomce nolapic nosmp nosplash vga=788}"
LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-boot=live components memtest noapic noapm nodma nomce nosmp nosplash vga=788}"
;;
dracut-live)
# Replace all spaces with underscore for the CD label
LB_ISO_VOLUME="$(echo "${LB_ISO_VOLUME}" | tr " " "_")"
LB_BOOTAPPEND_LIVE="${LB_BOOTAPPEND_LIVE:-boot=live components quiet splash rd.live.image root=live:CDLABEL=${LB_ISO_VOLUME} rd.live.dir=live rd.live.squashimg=filesystem.squashfs}"
LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-boot=live components memtest noapic noapm nodma nomce nosmp nosplash vga=788 rd.live.image root=live:CDLABEL=${LB_ISO_VOLUME} rd.live.dir=live rd.live.squashimg=filesystem.squashfs}"
;;
none)
LB_BOOTAPPEND_LIVE="${LB_BOOTAPPEND_LIVE:-quiet splash}"
LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-memtest noapic noapm nodma nomce nolapic nosmp nosplash vga=788}"
LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-memtest noapic noapm nodma nomce nosmp nosplash vga=788}"
;;
esac
@ -434,12 +450,6 @@ Prepare_config ()
LB_BOOTAPPEND_INSTALL="$(echo ${LB_BOOTAPPEND_INSTALL} | sed -e 's/[ \t]*$//')"
LB_ISO_APPLICATION="${LB_ISO_APPLICATION:-Debian Live}"
LB_ISO_PREPARER="${LB_ISO_PREPARER:-live-build @LB_VERSION@; https://salsa.debian.org/live-team/live-build}"
LB_ISO_PUBLISHER="${LB_ISO_PUBLISHER:-Debian Live project; https://wiki.debian.org/DebianLive; debian-live@lists.debian.org}"
# The string @ISOVOLUME_TS@ must have the same length as the output of `date +%Y%m%d-%H:%M`
LB_ISO_VOLUME="${LB_ISO_VOLUME:-Debian ${LB_DISTRIBUTION} @ISOVOLUME_TS@}"
LB_HDD_LABEL="${LB_HDD_LABEL:-DEBIAN_LIVE}"
LB_HDD_SIZE="${LB_HDD_SIZE:-auto}"
@ -485,7 +495,7 @@ Prepare_config ()
if [ -n "${LB_BOOTSTRAP_QEMU_ARCHITECTURES}" ]; then
LB_BOOTSTRAP_QEMU_ARCHITECTURE="${LB_BOOTSTRAP_QEMU_ARCHITECTURES}"
unset LB_BOOTSTRAP_QEMU_ARCHITECTURES
Echo_warning "LB_BOOTSTRAP_QEMU_ARCHITECTURES was renamed to LB_BOOTSTRAP_QEMU_ARCHITECTURE, please updated your config."
Echo_warning "LB_BOOTSTRAP_QEMU_ARCHITECTURES was renamed to LB_BOOTSTRAP_QEMU_ARCHITECTURE, please update your config."
fi
LB_BOOTSTRAP_QEMU_ARCHITECTURE="${LB_BOOTSTRAP_QEMU_ARCHITECTURE:-}"
LB_BOOTSTRAP_QEMU_EXCLUDE="${LB_BOOTSTRAP_QEMU_EXCLUDE:-}"
@ -563,6 +573,10 @@ Validate_config_permitted_values ()
Echo_error "Value for LB_ONIE (--onie) can only be 'true' or 'false'!"
exit 1
fi
if [ "${LB_PROPOSED_UPDATES}" != "true" ] && [ "${LB_PROPOSED_UPDATES}" != "false" ]; then
Echo_error "Value for LB_PROPOSED_UPDATES (--proposed-updates) can only be 'true' or 'false'!"
exit 1
fi
if [ "${LB_SECURITY}" != "true" ] && [ "${LB_SECURITY}" != "false" ]; then
Echo_error "Value for LB_SECURITY (--security) can only be 'true' or 'false'!"
exit 1
@ -694,11 +708,43 @@ Validate_config_permitted_values ()
exit 1
fi
if ! In_list "${LB_INITRAMFS}" none live-boot; then
if ! In_list "${LB_INITRAMFS}" none live-boot dracut-live; then
Echo_error "You have specified an invalid value for LB_INITRAMFS (--initramfs)."
exit 1
fi
if [ "${LB_INITRAMFS}" = "dracut-live" ]; then
if [ "${LB_DM_VERITY}" = "true" ]; then
Echo_error "Currently unsupported/untested: dm_verity and dracut."
exit 1
fi
if [ "${LB_BOOTLOADER_BIOS}" = "grub-legacy" ]; then
Echo_error "Currently unsupported/untested: grub-legacy and dracut."
exit 1
fi
if [ "${LB_BOOTLOADER_BIOS}" = "syslinux" ]; then
Echo_error "Currently unsupported/untested: syslinux and dracut."
exit 1
fi
if ! In_list "${LB_IMAGE_TYPE}" iso iso-hybrid; then
# The boot=live:CDLABEL requires a CD medium
Echo_error "Currently unsupported/untested: image type ${LB_IMAGE_TYPE} and dracut."
exit 1
fi
if [ "${LB_INITRAMFS_COMPRESSION}" != "gzip" ]; then
Echo_error "Currently unsupported/untested: compression ${LB_INITRAMFS_COMPRESSION} and dracut."
exit 1
fi
if [ "${LB_CHROOT_FILESYSTEM}" != "squashfs" ]; then
Echo_error "Currently unsupported/untested: chroot filesystem ${LB_CHROOT_FILESYSTEM} and dracut."
exit 1
fi
if [ "${LB_INITSYSTEM}" != systemd ]; then
Echo_error "Currently unsupported/untested: init system ${LB_INITSYSTEM} and dracut."
exit 1
fi
fi
if ! In_list "${LB_INITRAMFS_COMPRESSION}" bzip2 gzip lzma; then
Echo_error "You have specified an invalid value for LB_INITRAMFS_COMPRESSION (--initramfs-compression)."
exit 1
@ -749,6 +795,22 @@ Validate_config_permitted_values ()
Echo_error "You have specified an invalid value for LB_UEFI_SECURE_BOOT (--uefi-secure-boot)."
exit 1
fi
if [ -n "${LB_BOOTSTRAP_QEMU_ARCHITECTURE}" ]; then
if [ -z "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
Echo_error "You have not specified the qemu-static binary for ${LB_BOOTSTRAP_QEMU_ARCHITECTURE} (--bootstrap-qemu-static)"
exit 1
fi
if [ ! -e "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
Echo_error "The qemu-static binary (${LB_BOOTSTRAP_QEMU_STATIC}) for ${LB_BOOTSTRAP_QEMU_ARCHITECTURE} was not found on the host"
exit 1
fi
if [ ! -x "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
Echo_error "The qemu-static binary (${LB_BOOTSTRAP_QEMU_STATIC}) for ${LB_BOOTSTRAP_QEMU_ARCHITECTURE} is not executable on the host"
exit 1
fi
fi
}
# Check option combinations and other extra stuff
@ -848,7 +910,7 @@ Validate_http_proxy ()
Validate_http_proxy_source "environment variable http_proxy" "${http_proxy}"
Validate_http_proxy_source "command line option --apt-http-proxy" "${LB_APT_HTTP_PROXY}"
# This is the value to use for the the other scripts in live-build
# This is the value to use for the other scripts in live-build
export http_proxy="${LAST_SEEN_PROXY_VALUE}"
if [ ! -z "${http_proxy}" ]; then
Echo_message "Using http proxy: ${http_proxy}"

View File

@ -50,8 +50,16 @@ Firmware_List_From_Contents () {
fi
local PACKAGES
PACKAGES="$(gunzip -c "${CONTENTS_FILE}" | awk '/^(usr\/)?lib\/firmware/ { print $2 }' | sort -u )"
PACKAGES="$(gunzip -c "${CONTENTS_FILE}" | awk '/^(usr\/)?lib\/firmware/ { print $NF }' | sort -u )"
FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} ${PACKAGES}"
if [ -n "${FIRMWARE_DETAILS_FILE}" ]
then
# Use similar formatting as tools/make-firmware-image from debian-cd
# Note: for firmware/Contents-firmware (used by check-missing-firmware.sh from hw-detect),
# the second argument must be the filename of the package.
# That information is not available here and will be added by installer_debian-installer
gunzip -c "${CONTENTS_FILE}" | awk -v AREA=${_ARCHIVE_AREA} '/^(usr\/)?lib\/firmware/ { printf "/%-54s %s %s\n", $1, $2, AREA }' >> ${FIRMWARE_DETAILS_FILE}
fi
# Don't waste disk space, if not making use of caching
if [ "${LB_CACHE}" != "true" ]

View File

@ -12,7 +12,11 @@
Man ()
{
if command -v man >/dev/null; then
man ${PROGRAM}
if [ -n "${LIVE_BUILD}" -a -e "${LIVE_BUILD}/manpages/en/lb_${PROGRAM#lb }.1" ]; then
man ${LIVE_BUILD}/manpages/en/lb_${PROGRAM#lb }.1
else
man ${PROGRAM}
fi
else
Echo_warning "man is not installed, falling back to usage output."
Usage

View File

@ -145,3 +145,28 @@ Check_installed ()
fi
}
# $1 = Packagename
# Echoes:
# 1 if the package is available
# 0 otherwise
Check_package_available ()
{
local _PACKAGE="${1}"
if [ "${LB_BUILD_WITH_CHROOT}" = "true" ]
then
if [ $(Chroot chroot apt-cache show "^${_PACKAGE}$" 2> /dev/null | grep "^Package:" | wc -l) -eq 1 ]
then
echo 1
return
fi
else
if [ $(apt-cache show "^${_PACKAGE}$" 2> /dev/null | grep "^Package:" | wc -l) -eq 1 ]
then
echo 1
return
fi
fi
echo 0
}

View File

@ -28,8 +28,8 @@ Create_apt_sources_list ()
DISTRIBUTION=${LB_DISTRIBUTION_CHROOT}
;;
binary)
PARENT_MIRROR=${LB_PARENT_MIRROR_BINARY}
MIRROR=${LB_MIRROR_BINARY}
PARENT_MIRROR="${LB_PARENT_MIRROR_BINARY}"
MIRROR="${LB_MIRROR_BINARY}"
PARENT_MIRROR_SECURITY=${LB_PARENT_MIRROR_BINARY_SECURITY}
MIRROR_SECURITY=${LB_MIRROR_BINARY_SECURITY}
PARENT_DISTRIBUTION=${LB_PARENT_DISTRIBUTION_BINARY}
@ -112,6 +112,17 @@ Create_apt_sources_list ()
fi
fi
# Set proposed-updates repo
if [ "${LB_PROPOSED_UPDATES}" = "true" ]; then
echo "deb ${PARENT_MIRROR} ${PARENT_DISTRIBUTION}-proposed-updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
echo "deb-src ${PARENT_MIRROR} ${PARENT_DISTRIBUTION}-proposed-updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
if [ "${LB_DERIVATIVE}" = "true" ]; then
echo "deb ${MIRROR} ${_DISTRIBUTION}-proposed-updates ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
echo "deb-src ${MIRROR} ${_DISTRIBUTION}-proposed-updates ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
fi
fi
# Set backports repo
if [ "${LB_BACKPORTS}" = "true" ]; then
case "${LB_MODE}" in

View File

@ -130,7 +130,7 @@
.br
[\fB\-\-image\-name\fR \fINAME\fR]
.br
[\fB\-\-initramfs\fR none|live\-boot]
[\fB\-\-initramfs\fR none|live\-boot|dracut\-live]
.br
[\fB\-\-initramfs\-compression\fR bzip2|gzip|lzma]
.br
@ -331,7 +331,7 @@ tells debootstrap to use an alternate bootstrap script (last parameter to deboot
.IP "\fB\-\-debug\fR" 4
turns on debugging informational messages.
.IP "\fB\-d\fR|\fB\-\-distribution\fR \fICODENAME\fR" 4
defines the distribution of the resulting live system. This currently defaults to 'buster'. The value 'sid' can be used for Debian unstable.
defines the distribution of the resulting live system. This defaults to 'testing'. The value 'sid' can be used for Debian unstable.
.IP "\fB\-\-distribution\-binary\fR \fICODENAME\fR" 4
defines the distribution enabled in the resulting live system (defaults to the value set in \fB\-\-distribution\fR)
.IP "\fB\-\-distribution\-chroot\fR \fICODENAME\fR" 4
@ -362,11 +362,11 @@ defines the size for the HDD target. The unit is MiB. Defaults to 'auto', which
\fBlb config\fR by default reads system defaults from \fI/etc/live/build.conf\fR and \fI/etc/live/build/*\fR when generating a new live system config directory. This is useful if you want to set global settings, such as mirror locations, and don't want to specify them all of the time. This option allows you to ignore such global settings.
.IP "\fB\-\-image\-name\fR \fINAME\fR" 4
sets the base name of the image. Defaults to live-image.
.IP "\fB\-\-initramfs\fR none|live\-boot" 4
sets the name of the package that contains the live system specific initramfs modification and defaults to live\-boot. Using 'none' is useful if the resulting system image should not be a live image (experimental).
.IP "\fB\-\-initramfs\-compression\fR bzip2|gzip|lzma]
.IP "\fB\-\-initramfs\fR none|live\-boot|dracut\-live" 4
sets the name of the package that contains the live system specific initramfs modification and defaults to live\-boot. Using 'none' is useful if the resulting system image should not be a live image (experimental). Note that dracut requires the CD label in the kernel command line, so you might want to set \fB\-\-iso\-volume\fR explicitly.
.IP "\fB\-\-initramfs\-compression\fR bzip2|gzip|lzma" 4
defines the compression program to be used to compress the initramfs. Defaults to 'gzip'.
.IP "\fB\-\-initsystem\fR sysvinit|systemd|none]
.IP "\fB\-\-initsystem\fR sysvinit|systemd|none" 4
defines the init system. Defaults to 'systemd'.
.IP "\fB\-\-interactive\fR true|shell|x11|xnest|false" 4
defines if after the chroot stage and before the beginning of the binary stage, an interactive shell login should be spawned in the chroot in order to allow you to do manual customizations, or as an alternative to 'true' and 'false' a specific shell to use (note that 'true' corresponds to a value of 'shell'). Once you close the shell with logout or exit, the build will continue as usual. Note that it's strongly discouraged to use this for anything else than testing. Modifications that should be present in all builds of a live system should be properly made through hooks. Everything else destroys the beauty of being able to completely automate the build process and making it non-interactive. By default, this is of course 'false'.
@ -461,7 +461,7 @@ increases the verbosity of messages output by \fBlb build\fR.
.IP "\fB\-\-win32\-loader\fR true|false" 4
defines if win32\-loader should be included in the binary image or not.
.IP "\fB\-\-zsync\fR true|false" 4
defines whether a file for distributing the image in \fIzsync\fR(1) format will be generated. Defaults to true.
defines whether a file for distributing the image in \fIzsync\fR(1) format will be generated. Defaults to false.
.SH ENVIRONMENT
Currently, command line switches can also be specified through the corresponding environment variable. However, this generally should not be relied upon, as it is an implementation detail that is subject to change in future releases. For options applying directly to live\-build, environment variables are named LB_FOO, meaning, e.g. \fB\-\-apt\-http\-proxy\fR becomes \fBLB_APT_HTTP_PROXY\fR (the exception being internal options such as \fB\-\-debug\fR). For options passed to another program, as in APT_OPTIONS or GZIP_OPTIONS, no LB_ prefix is used.

View File

@ -62,6 +62,7 @@ lb binary_loadlin "${@}"
lb binary_win32-loader "${@}"
lb binary_includes "${@}"
lb binary_grub-efi "${@}"
lb binary_bootloader_splash "${@}"
lb binary_hooks "${@}"
lb binary_checksums "${@}"

View File

@ -0,0 +1,226 @@
#!/bin/sh
## live-build(7) - System Build Scripts
## Copyright (C) 2024 The Debian Live team
##
## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
## This is free software, and you are welcome to redistribute it
## under certain conditions; see COPYING for details.
set -e
# Including common functions
[ -e "${LIVE_BUILD}/scripts/build.sh" ] && . "${LIVE_BUILD}/scripts/build.sh" || . /usr/lib/live/build.sh
# Setting static variables
DESCRIPTION="Prepares the bootloader splash image"
USAGE="${PROGRAM} [--force]"
# Processing arguments and configuration files
Init_config_data "${@}"
if [ -z "${LB_BOOTLOADER_BIOS}" -a -z "${LB_BOOTLOADER_EFI}" ]; then
exit 0
fi
Echo_message "Begin preparing the bootloader splash image..."
# Requiring stage file
Require_stagefiles config bootstrap
# Checking stage file
Check_stagefile
# Acquire lock file
Acquire_lockfile
if [ "${LB_BOOTLOADER_BIOS}" = "syslinux" ]; then
# Assembling image specifics
case "${LB_IMAGE_TYPE}" in
iso|iso-hybrid)
_TARGET="binary/isolinux"
;;
netboot)
_TARGET="tftpboot"
;;
hdd|tar)
case ${LB_BINARY_FILESYSTEM} in
fat*|ntfs)
_TARGET="binary/syslinux"
;;
ext[234]|btrfs)
_TARGET="binary/boot/extlinux"
;;
*)
Echo_error "syslinux/extlinux doesn't support ${LB_BINARY_FILESYSTEM}"
exit 1
;;
esac
;;
esac
else
# If not syslinux, then it is grub
_TARGET="binary/boot/grub"
fi
_TARGETGRUB="binary/boot/grub"
# Checking depends
Check_package chroot /usr/bin/rsvg-convert librsvg2-bin
Check_package chroot /usr/share/fonts/truetype/dejavu/DejaVuSans.ttf fonts-dejavu-core
# Restoring cache
Restore_package_cache binary
# Installing depends
Install_packages
if [ -e chroot/etc/os-release ]
then
_VERSION="$(. chroot/etc/os-release && echo ${VERSION_ID})"
fi
_VERSION="${_VERSION:-none}"
_DISTRIBUTION="${LB_DISTRIBUTION_BINARY}"
_DATE="$(date $DATE_UTC_OPTION -R -d@${SOURCE_DATE_EPOCH})"
_YEAR="$(date $DATE_UTC_OPTION -d "${_DATE}" +%Y)"
_MONTH="$(date $DATE_UTC_OPTION -d "${_DATE}" +%m)"
_DAY="$(date $DATE_UTC_OPTION -d "${_DATE}" +%d)"
_HOUR="$(date $DATE_UTC_OPTION -d "${_DATE}" +%H)"
_MINUTE="$(date $DATE_UTC_OPTION -d "${_DATE}" +%M)"
_SECOND="$(date $DATE_UTC_OPTION -d "${_DATE}" +%S)"
_TIMEZONE="$(date $DATE_UTC_OPTION -d "${_DATE}" +%Z)"
_TIMEZONE_NUM="$(date $DATE_UTC_OPTION -d "${_DATE}" +%z)"
_LINUX_VERSIONS="$(for _LINUX in chroot/boot/vmlinuz-* ; do chroot chroot apt-cache policy $(basename ${_LINUX} | sed -e 's|vmlinuz-|linux-image-|') | awk '/Installed: / { print $2 }' ; done | sort -Vru | tr "\n" " ")"
_LIVE_BOOT_VERSION="$(chroot chroot apt-cache policy live-boot | awk '/Installed: / { print $2 }')"
_LIVE_CONFIG_VERSION="$(chroot chroot apt-cache policy live-config | awk '/Installed: / { print $2 }')"
_LIVE_TOOLS_VERSION="$(chroot chroot apt-cache policy live-tools | awk '/Installed: / { print $2 }')"
_PROJECT="Debian GNU/Linux"
# If there is no SVG file and no PNG file, try to find a suitable SVG file
if [ ! -e "${_TARGET}"/splash.svg -a ! -e "${_TARGET}"/splash.png ]; then
if [ -n "${LIVE_BUILD}" ]; then
_FALLBACK_SPLASH_LOCATION="${LIVE_BUILD}/share/bootloaders/splash.svg"
else
_FALLBACK_SPLASH_LOCATION="/usr/share/live/build/bootloaders/splash.svg"
fi
# In older versions of live-build the SVG file was in share/bootloaders/syslinux_common
_LEGACY_SPLASH_LOCATIONS="config/bootloaders/grub-pc/splash.svg config/bootloaders/syslinux_common/splash.svg"
# The last entry which is found will be used
for _FILE in ${_FALLBACK_SPLASH_LOCATION} ${_LEGACY_SPLASH_LOCATIONS} config/bootloaders/splash.svg
do
if [ -e ${_FILE} ]; then
_SVG_SOURCE=${_FILE}
fi
done
# Tweak the grub theme to remove the title-text for the fallback image
if [ -e binary/boot/grub/live-theme/theme.txt ] && [ "${_SVG_SOURCE}" = "${_FALLBACK_SPLASH_LOCATION}" ]; then
sed -i -e 's|^title-text:.*|title-text: ""|' \
binary/boot/grub/live-theme/theme.txt
fi
cp ${_SVG_SOURCE} ${_TARGET}
cp ${_SVG_SOURCE} ${_TARGETGRUB}
fi
for _FILE in "${_TARGET}"/*.svg "${_TARGETGRUB}"/*.svg
do
if [ -e "${_FILE}" ] && [ ! -d "${_FILE}" ]
then
sed -i -e "s#@APPEND_LIVE@#${LB_BOOTAPPEND_LIVE}#g" \
-e "s#@APPEND_LIVE_FAILSAFE@#${LB_BOOTAPPEND_LIVE_FAILSAFE}#g" \
-e "s#@APPEND_INSTALL@#${LB_BOOTAPPEND_INSTALL}#g" \
-e "s|@PROJECT@|${_PROJECT}|g" \
-e "s|@DISTRIBUTION@|${_DISTRIBUTION}|g" \
-e "s|@PARENT_DISTRIBUTION@|${LB_PARENT_DISTRIBUTION_BINARY}|g" \
-e "s|@VERSION@|${_VERSION}|g" \
-e "s|@ARCHITECTURE@|${LB_ARCHITECTURE}|g" \
-e "s|@DATE@|${_DATE}|g" \
-e "s|@YEAR@|${_YEAR}|g" \
-e "s|@MONTH@|${_MONTH}|g" \
-e "s|@DAY@|${_DAY}|g" \
-e "s|@HOUR@|${_HOUR}|g" \
-e "s|@MINUTE@|${_MINUTE}|g" \
-e "s|@SECOND@|${_SECOND}|g" \
-e "s|@TIMEZONE@|${_TIMEZONE}|g" \
-e "s|@TIMEZONE_NUM@|${_TIMEZONE_NUM}|g" \
-e "s|@LINUX_VERSIONS@|${_LINUX_VERSIONS}|g" \
-e "s|@LIVE_BUILD_VERSION@|${LIVE_BUILD_VERSION}|g" \
-e "s|@LIVE_BOOT_VERSION@|${_LIVE_BOOT_VERSION}|g" \
-e "s|@LIVE_CONFIG_VERSION@|${_LIVE_CONFIG_VERSION}|g" \
-e "s|@LIVE_TOOLS_VERSION@|${_LIVE_TOOLS_VERSION}|g" \
-e "s|@LB_ISO_APPLICATION@|${LB_ISO_APPLICATION}|g" \
-e "s|@LB_ISO_PUBLISHER@|${LB_ISO_PUBLISHER}|g" \
-e "s|@LB_LINUX_PACKAGES@|${LB_LINUX_PACKAGES}|g" \
"${_FILE}"
fi
done
# Scenarios for generated PNG files:
# * BIOS = syslinux EFI = - -> isolinux/splash (640x480)
# * BIOS = grub EFI = - -> boot/grub/splash (800x600)
# * BIOS = syslinux EFI = grub -> isolinux/splash (640x480) && boot/grub/splash (800x600)
# * BIOS = grub EFI = grub -> boot/grub/splash (800x600)
# * BIOS = - EFI = grub -> boot/grub/splash (800x600)
if [ -e "${_TARGET}/splash.svg" -o -e "${_TARGETGRUB}/splash.svg" ]; then
case "${LB_BUILD_WITH_CHROOT}" in
true)
# Non-grub version is required
if [ "${LB_BOOTLOADER_BIOS}" = "syslinux" ]; then
if [ -e "${_TARGET}/splash.svg" -a ! -e "${_TARGET}/splash.png" ]; then
cp "${_TARGET}/splash.svg" chroot
Chroot chroot "rsvg-convert --format png --height 480 --width 640 splash.svg -o splash.png"
mv chroot/splash.png "${_TARGET}"
rm -f chroot/splash.svg
fi
fi
# Grub version is required
if [ "${LB_BOOTLOADER_BIOS}" != "syslinux" -o -n "${LB_BOOTLOADER_EFI}" ]; then
if [ -e "${_TARGETGRUB}/splash.svg" -a ! -e "${_TARGETGRUB}/splash.png" ]; then
cp "${_TARGETGRUB}/splash.svg" chroot
Chroot chroot "rsvg-convert --format png --height 600 --width 800 splash.svg -o splash.png"
mv chroot/splash.png "${_TARGETGRUB}"
rm -f chroot/splash.svg
fi
fi
;;
false)
if [ "${LB_BOOTLOADER_BIOS}" = "syslinux" ]; then
if [ -e "${_TARGET}/splash.svg" -a ! -e "${_TARGET}/splash.png" ]; then
rsvg-convert --format png --height 480 --width 640 "${_TARGET}/splash.svg" -o "${_TARGET}/splash.png"
fi
fi
if [ "${LB_BOOTLOADER_BIOS}" != "syslinux" -o -n "${LB_BOOTLOADER_EFI}" ]; then
if [ -e "${_TARGETGRUB}/splash.svg" -a ! -e "${_TARGETGRUB}/splash.png" ]; then
rsvg-convert --format png --height 600 --width 800 "${_TARGET}/splash.svg" -o "${_TARGETGRUB}/splash.png"
fi
fi
;;
esac
fi
rm -f "${_TARGET}/splash.svg"
rm -f "${_TARGETGRUB}/splash.svg"
case "${LB_BUILD_WITH_CHROOT}" in
true)
# Saving cache
Save_package_cache binary
# Removing depends
Remove_packages
;;
esac
# Creating stage file
Create_stagefile

View File

@ -125,7 +125,10 @@ do
cp -a "${LOCATION}/${LB_PARENT_DISTRIBUTION_BINARY}/${LB_ARCHITECTURE}_udeb_include" binary/.disk/udeb_include
;;
netinst|live)
cp -a "${LOCATION}/${LB_PARENT_DISTRIBUTION_BINARY}/${LB_ARCHITECTURE}_netinst_udeb_include" binary/.disk/udeb_include
if [ -r "${LOCATION}/${LB_PARENT_DISTRIBUTION_BINARY}/${LB_ARCHITECTURE}_netinst_udeb_include" ]
then
cp -a "${LOCATION}/${LB_PARENT_DISTRIBUTION_BINARY}/${LB_ARCHITECTURE}_netinst_udeb_include" binary/.disk/udeb_include
fi
;;
businesscard)
cp -a "${LOCATION}/${LB_PARENT_DISTRIBUTION_BINARY}/${LB_ARCHITECTURE}_businesscard_udeb_include" binary/.disk/udeb_include

View File

@ -42,10 +42,6 @@ Check_stagefile
# Acquire lock file
Acquire_lockfile
# Check architecture
Check_architectures amd64 i386 arm64 armhf
Check_crossarchitectures
# Checking depends
case "${LB_ARCHITECTURE}" in
amd64|i386)
@ -89,23 +85,39 @@ case "${LB_ARCHITECTURE}" in
;;
esac
_PRE_SB_PACKAGES="${_LB_PACKAGES}"
_LB_PACKAGES="shim-signed grub-efi-${_SB_EFI_DEB}-signed"
# Restoring cache
Restore_package_cache binary
# Installing depends
Install_packages
case "${LB_UEFI_SECURE_BOOT}" in
auto)
# Use Check_installed, as Check_package will error out immediately
# Try to install the shim and signed grub package separately,
# as the grub-efi-*-signed package might be uninstallable (e.g. due to binNMUs)
# Uses the (intentionally) undocumented _LB_PACKAGES variable
echo "!!! The following error/warning messages can be ignored !!!"
set +e
_LB_PACKAGES="shim-signed"
Install_packages
_LB_PACKAGES="grub-efi-${_SB_EFI_DEB}-signed"
Install_packages
set -e
# Use Check_installed, as Check_package will error out immediately
Check_installed chroot /usr/lib/grub/${_SB_EFI_PLATFORM}-efi-signed/gcd${_SB_EFI_NAME}.efi.signed \
grub-efi-${_SB_EFI_DEB}-signed
_GRUB_INSTALL_STATUS="${INSTALL_STATUS}"
Check_installed chroot /usr/lib/shim/shim${_SB_EFI_NAME}.efi.signed \
shim-signed
echo "!!! The above error/warning messages can be ignored !!!"
if [ "${INSTALL_STATUS}" -ne 0 -o "${_GRUB_INSTALL_STATUS}" -ne 0 ]
if [ "${INSTALL_STATUS}" -ne 0 ]
then
Echo_warning "UEFI Secure Boot disabled due to missing signed Grub/Shim."
Echo_warning "UEFI Secure Boot disabled due to missing Shim."
elif [ "${_GRUB_INSTALL_STATUS}" -ne 0 ]
then
# Each user needs to enroll the hash for grub*.efi in their UEFI setup
Echo_warning "Limited UEFI Secure Boot support enabled: only the Shim is available."
else
Echo_message "UEFI Secure Boot support enabled."
fi
@ -122,13 +134,6 @@ case "${LB_UEFI_SECURE_BOOT}" in
Echo_message "UEFI Secure Boot support disabled."
;;
esac
_LB_PACKAGES="${_PRE_SB_PACKAGES}"
# Restoring cache
Restore_package_cache binary
# Installing depends
Install_packages
# Cleanup files that we generate
rm -rf binary/boot/efi.img binary/boot/grub/i386-efi/ binary/boot/grub/x86_64-efi binary/boot/grub/arm64-efi binary/boot/grub/arm-efi
@ -194,6 +199,17 @@ gen_efi_boot_img(){
${_CHROOT_DIR}/grub-efi-temp/EFI/boot/grub\$efi_name.efi
cp -a --dereference ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed \
${_CHROOT_DIR}/grub-efi-temp/EFI/boot/boot\$efi_name.efi
elif [ ! -r ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/gcd\$efi_name.efi.signed -a \
-r ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed -a \
"${LB_UEFI_SECURE_BOOT}" = "auto" ]; then
# Allow a shim-only scenario
cp -a --dereference ${_CHROOT_DIR}/usr/lib/shim/shim\$efi_name.efi.signed \
${_CHROOT_DIR}/grub-efi-temp/EFI/boot/boot\$efi_name.efi
cp -a ${_CHROOT_DIR}/usr/lib/grub/\$platform/monolithic/gcd\$efi_name.efi \
${_CHROOT_DIR}/grub-efi-temp/EFI/boot/grub\$efi_name.efi
# Needed to allow the user to enroll the hash of grub*.efi
cp -a ${_CHROOT_DIR}/usr/lib/shim/mm\$efi_name.efi.signed \
${_CHROOT_DIR}/grub-efi-temp/EFI/boot/mm\$efi_name.efi
fi
}
@ -207,8 +223,15 @@ fi
PATH="${PATH}:\${LIVE_BUILD_PATH}" # Make sure grub-cpmodules is used as if it was installed in the system
case "${LB_ARCHITECTURE}" in
amd64|i386)
amd64)
gen_efi_boot_img "x86_64-efi" "x64" "debian-live/amd64"
if [ -r ${_CHROOT_DIR}/usr/lib/grub/\$platform-signed/gcd\$efi_name.efi.signed ]; then
# When a signed grub is available, add 32-bit UEFI support too
gen_efi_boot_img "i386-efi" "ia32" "debian-live/i386"
fi
PATH="\${PRE_EFI_IMAGE_PATH}"
;;
i386)
gen_efi_boot_img "i386-efi" "ia32" "debian-live/i386"
PATH="\${PRE_EFI_IMAGE_PATH}"
;;

View File

@ -40,10 +40,6 @@ Check_stagefile
# Acquire lock file
Acquire_lockfile
# Check architecture
Check_architectures amd64 i386
Check_crossarchitectures
# Checking depends
Check_package chroot /usr/sbin/grub grub-legacy

View File

@ -42,10 +42,6 @@ Check_stagefile
# Acquire lock file
Acquire_lockfile
# Check architecture
Check_architectures amd64 i386
Check_crossarchitectures
# Checking depends
Check_package chroot /usr/bin/grub-mkimage grub-common
Check_package chroot /usr/lib/grub/i386-pc/vga.mod grub-pc-bin

View File

@ -38,10 +38,6 @@ Check_stagefile
# Acquire lock file
Acquire_lockfile
# Check architecture
Check_architectures amd64 i386 arm64
Check_crossarchitectures
_TARGET="binary/boot/grub"
# Local functions
@ -102,6 +98,12 @@ case "${LB_INITRAMFS}" in
INITFS="live"
;;
dracut-live)
INITFS="live"
LB_BOOTAPPEND_LIVE="$(echo "${LB_BOOTAPPEND_LIVE}" | sed "s|@ISOVOLUME_TS@|$(date $DATE_UTC_OPTION -d@${SOURCE_DATE_EPOCH} +%Y%m%d-%H:%M)|")"
LB_BOOTAPPEND_LIVE_FAILSAFE="$(echo "${LB_BOOTAPPEND_LIVE_FAILSAFE}" | sed "s|@ISOVOLUME_TS@|$(date $DATE_UTC_OPTION -d@${SOURCE_DATE_EPOCH} +%Y%m%d-%H:%M)|")"
;;
*)
INITFS="boot"
;;
@ -119,9 +121,22 @@ DEFAULT_INITRD="initrd.img-$(echo ${DEFAULT_KERNEL} | sed -e 's|vmlinuz-||')"
KERNEL_LIVE="/${INITFS}/${DEFAULT_KERNEL}"
INITRD_LIVE="/${INITFS}/${DEFAULT_INITRD}"
APPEND_LIVE="${LB_BOOTAPPEND_LIVE} findiso=\${iso_path}"
FLAVOUR_LIVE="${DEFAULT_FLAVOUR}"
# live-boot and dracut use different kernel parameters for loopback
# booting
case "${LB_INITRAMFS}" in
live-boot)
APPEND_LIVE="${LB_BOOTAPPEND_LIVE} findiso=\${iso_path}"
;;
dracut-live)
APPEND_LIVE="${LB_BOOTAPPEND_LIVE} iso-scan/filename=\${iso_path}"
;;
none)
APPEND_LIVE="${LB_BOOTAPPEND_LIVE}"
;;
esac
# Ensure fresh live entries
LIVE_ENTRIES_TMP="${_TARGET}/live.cfg.tmp"
rm -f "${LIVE_ENTRIES_TMP}"

View File

@ -21,6 +21,11 @@ USAGE="${PROGRAM} [--force]"
# Processing arguments and configuration files
Init_config_data "${@}"
if [ ! -d config/includes.binary ]; then
# Nothing to do
exit 0
fi
Echo_message "Begin copying binary includes..."
# Requiring stage file

View File

@ -38,7 +38,7 @@ Check_stagefile
Acquire_lockfile
case "${LB_INITRAMFS}" in
live-boot)
live-boot|dracut-live)
DESTDIR="binary/live"
;;
@ -71,6 +71,12 @@ case "${LB_INITRAMFS}" in
cp chroot/usr/share/doc/live-boot/parameters.txt "${DESTDIR}"/parameters
fi
;;
dracut-live)
if [ -e chroot/usr/share/doc/live-boot/parameters.txt ]
then
Echo_message "The file parameters.txt will be ignored"
fi
;;
esac
# Creating stage file

View File

@ -38,7 +38,7 @@ Check_stagefile
Acquire_lockfile
case "${LB_INITRAMFS}" in
live-boot)
live-boot|dracut-live)
INITFS="live"
SUFFIX="packages"
;;

View File

@ -95,7 +95,7 @@ esac
# Setting destination directory
case "${LB_INITRAMFS}" in
live-boot)
live-boot|dracut-live)
DESTDIR="binary/live"
;;

View File

@ -43,7 +43,7 @@ case "${LB_ARCHITECTURE}" in
esac
case "${LB_INITRAMFS}" in
live-boot)
live-boot|dracut-live)
INITFS="live"
;;

View File

@ -36,10 +36,6 @@ Check_stagefile
# Acquire lock file
Acquire_lockfile
# Check architecture
Check_architectures amd64 i386
Check_crossarchitectures
case "${LB_INITRAMFS}" in
live-boot)
_INITRAMFS="live"
@ -95,8 +91,6 @@ fi
# Checking depends
Check_package chroot /usr/lib/$(echo ${_BOOTLOADER} | tr '[a-z]' '[A-Z]') ${_BOOTLOADER}
Check_package chroot /usr/lib/syslinux syslinux-common
Check_package chroot /usr/bin/rsvg-convert librsvg2-bin
Check_package chroot /usr/share/fonts/truetype/dejavu/DejaVuSans.ttf fonts-dejavu-core
# Restoring cache
Restore_package_cache binary
@ -236,7 +230,7 @@ _LIVE_TOOLS_VERSION="$(chroot chroot apt-cache policy live-tools | awk '/Install
_PROJECT="Debian GNU/Linux"
for _FILE in "${_TARGET}"/*.cfg ${_TARGET}/*.svg
for _FILE in "${_TARGET}"/*.cfg
do
if [ -e "${_FILE}" ] && [ ! -d "${_FILE}" ]
then
@ -305,33 +299,6 @@ else
sed -i -e "s#@OPTIONAL_MEMTEST_INCLUDE@#include memtest.cfg#g" "${_TARGET}"/utilities.cfg
fi
if [ -e "${_TARGET}/splash.svg" ] && [ ! -e "${_TARGET}/splash.png" ]
then
case "${LB_BUILD_WITH_CHROOT}" in
true)
cp "${_TARGET}/splash.svg" chroot
Chroot chroot "rsvg-convert --format png --height 480 --width 640 splash.svg -o splash.png"
mv chroot/splash.png "${_TARGET}"
Chroot chroot "rsvg-convert --format png --height 600 --width 800 splash.svg -o splash800x600.png"
mv chroot/splash800x600.png "${_TARGET}"
rm -f chroot/splash.svg
;;
false)
rsvg-convert --format png --height 480 --width 640 "${_TARGET}/splash.svg" -o "${_TARGET}/splash.png"
rsvg-convert --format png --height 600 --width 800 "${_TARGET}/splash.svg" -o "${_TARGET}/splash800x600.png"
;;
esac
fi
rm -f "${_TARGET}/splash.svg"
# Tweak the grub theme to reuse the syslinux background image if grub doesn't have its own
if [ -e binary/boot/grub/live-theme/theme.txt ] && [ ! -e binary/boot/grub/splash.png ]; then
sed -i -e 's|^desktop-image:.*|desktop-image: "/isolinux/splash800x600.png"|' \
-e 's|^title-text:.*|title-text: ""|' \
binary/boot/grub/live-theme/theme.txt
fi
case "${LB_BUILD_WITH_CHROOT}" in
true)
# Saving cache

View File

@ -24,9 +24,6 @@ Init_config_data "${@}"
_ACTION="${1}"
shift
# Check architecture
Check_crossarchitectures
if ! In_list "bootstrap" ${LB_CACHE_STAGES}; then
exit 0
fi

View File

@ -27,12 +27,18 @@ then
exit 1
fi
# Check architecture
Check_crossarchitectures
Echo_message "Begin bootstrapping system..."
Check_package host /usr/sbin/debootstrap debootstrap
Check_installed host /usr/bin/eatmydata eatmydata
if [ "${INSTALL_STATUS}" -eq 0 ]
then
Echo_message "eatmydata found. It will be used do disable the sync command in the second stage of debootstrap"
_EATMYDATA="eatmydata"
else
# eatmydata is optional
_EATMYDATA=""
fi
# Checking stage file
Check_stagefile "bootstrap"
@ -100,7 +106,7 @@ Print_breakage
Echo_message "Running debootstrap..."
# Run appropriate bootstrap, i.e. foreign or regular bootstrap
if [ "${LB_BOOTSTRAP_QEMU_ARCHITECTURE}" = "${LB_ARCHITECTURE}" ]; then
if [ -n "${LB_BOOTSTRAP_QEMU_ARCHITECTURE}" ]; then
if [ -n "${LB_BOOTSTRAP_QEMU_EXCLUDE}" ]
then
@ -111,10 +117,28 @@ if [ "${LB_BOOTSTRAP_QEMU_ARCHITECTURE}" = "${LB_ARCHITECTURE}" ]; then
debootstrap ${DEBOOTSTRAP_OPTIONS} --foreign "${LB_PARENT_DISTRIBUTION_CHROOT}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT}
Echo_message "Running debootstrap second stage under QEMU"
cp ${LB_BOOTSTRAP_QEMU_STATIC} chroot/usr/bin
Chroot chroot /bin/sh /debootstrap/debootstrap --second-stage ${FOREIGN_DEBOOTSTRAP_OPTIONS}
else
debootstrap ${DEBOOTSTRAP_OPTIONS} "${LB_PARENT_DISTRIBUTION_CHROOT}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT}
${_EATMYDATA} debootstrap ${DEBOOTSTRAP_OPTIONS} "${LB_PARENT_DISTRIBUTION_CHROOT}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT}
fi
# If there's an os-release file, copy it to /etc/ and add some extra fields that identify the live image
if [ -e chroot/usr/lib/os-release ]; then
# Ensure a potential update doesn't clobber our changes
if ! Chroot chroot dpkg-divert --list /etc/os-release | grep -q /etc/os-release; then
Chroot chroot dpkg-divert --quiet --local --add --no-rename --divert /etc/os-release.debootstrap /etc/os-release
fi
rm -f chroot/etc/os-release
cp chroot/usr/lib/os-release chroot/etc/os-release
# Ensure the metadata is sensible, even for unstable images
if [ "${LB_PARENT_DISTRIBUTION_CHROOT}" = "sid" ] || [ "${LB_PARENT_DISTRIBUTION_CHROOT}" = "unstable" ]; then
sed -i "s/VERSION_CODENAME=.*/VERSION_CODENAME=sid/g" chroot/etc/os-release
echo "RELEASE_TYPE=development" >> chroot/etc/os-release
fi
cat <<EOF >> chroot/etc/os-release
IMAGE_ID=live
BUILD_ID=$(date ${DATE_UTC_OPTION} -d @${SOURCE_DATE_EPOCH} +%Y%m%dT%H%M%SZ)
EOF
fi
# Deconfiguring debootstrap configurations

View File

@ -134,11 +134,11 @@ case "${_ACTION}" in
# Configure local package repository
if Find_files config/packages.chroot/*.deb || Find_files config/packages/*.deb
then
rm -rf chroot/root/packages
mkdir -p chroot/root/packages
rm -rf chroot/packages
mkdir -p chroot/packages
if [ "$(stat --printf %d config/packages.chroot/)" = "$(stat --printf %d chroot/root/packages/)" ] ||
[ "$(stat --printf %d config/packages/)" = "$(stat --printf %d chroot/root/packages/)" ]
if [ "$(stat --printf %d config/packages.chroot/)" = "$(stat --printf %d chroot/packages/)" ] ||
[ "$(stat --printf %d config/packages/)" = "$(stat --printf %d chroot/packages/)" ]
then
CP_OPTIONS="-l"
fi
@ -150,10 +150,10 @@ case "${_ACTION}" in
do
if [ -L "${FILE}" ]
then
cp -L "${FILE}" chroot/root/packages
cp -L "${FILE}" chroot/packages
elif [ -e "${FILE}" ]
then
cp ${CP_OPTIONS} "${FILE}" chroot/root/packages
cp ${CP_OPTIONS} "${FILE}" chroot/packages
fi
done
fi
@ -164,15 +164,15 @@ case "${_ACTION}" in
do
if [ -L "${FILE}" ]
then
cp -L "${FILE}" chroot/root/packages
cp -L "${FILE}" chroot/packages
elif [ -e "${FILE}" ]
then
cp ${CP_OPTIONS} "${FILE}" chroot/root/packages
cp ${CP_OPTIONS} "${FILE}" chroot/packages
fi
done
fi
if Find_files chroot/root/packages/*.deb
if Find_files chroot/packages/*.deb
then
# If we bootstrapped a minimal chroot, we need
# to install apt-utils before we have
@ -189,16 +189,16 @@ case "${_ACTION}" in
Install_packages
# Generate Packages and Packages.gz
echo "cd /root/packages && apt-ftparchive packages . > Packages" | Chroot chroot sh
gzip -9 -c chroot/root/packages/Packages > chroot/root/packages/Packages.gz
echo "cd /packages && apt-ftparchive packages . > Packages" | Chroot chroot sh
gzip -9 -c chroot/packages/Packages > chroot/packages/Packages.gz
# Generate Release
echo "cd /root/packages && apt-ftparchive \
echo "cd /packages && apt-ftparchive \
-o APT::FTPArchive::Release::Origin=config/packages.chroot \
release . > Release" | Chroot chroot sh
# Add to sources.list.d
echo "deb [ trusted=yes ] file:/root/packages ./" > chroot/etc/apt/sources.list.d/packages.list
echo "deb [ trusted=yes ] file:/packages ./" > chroot/etc/apt/sources.list.d/packages.list
# Move top-level sources away, otherwise apt always preferes it (#644148)
if [ -e chroot/etc/apt/sources.list ]
@ -213,9 +213,9 @@ case "${_ACTION}" in
fi
fi
if Find_files chroot/root/packages/*.deb
if Find_files chroot/packages/*.deb
then
gunzip < chroot/root/packages/Packages.gz | awk '/^Package: / { print $2 }' \
gunzip < chroot/packages/Packages.gz | awk '/^Package: / { print $2 }' \
>> chroot/root/packages.chroot
fi
@ -477,8 +477,8 @@ case "${_ACTION}" in
# Remove local package repository
rm -f chroot/etc/apt/sources.list.d/packages.list
rm -rf chroot/root/packages
rm -f chroot/var/lib/apt/lists/_root_packages_._*
rm -rf chroot/packages
rm -f chroot/var/lib/apt/lists/_packages_._*
# Ensure package list is removed
rm -f chroot/root/packages.chroot

View File

@ -38,8 +38,14 @@ case "${_ACTION}" in
Acquire_lockfile
# Create custom start-stop-daemon program
Chroot chroot dpkg-divert --rename --quiet --add /sbin/start-stop-daemon
ln -fs /bin/true chroot/sbin/start-stop-daemon
Chroot chroot dpkg-divert --rename --quiet --add /usr/sbin/start-stop-daemon
# begin-remove-after: released:forky
# In the bookworm to trixie upgrade, dpkg moves
# start-stop-daemon from /sbin to /usr/sbin. Duplicate the
# diversion to cover both. DEP17 P3 M18
Chroot chroot dpkg-divert --rename --quiet --add --divert /sbin/start-stop-daemon.distrib.usr-is-merged /sbin/start-stop-daemon
# end-remove-after
ln -fs /bin/true chroot/usr/sbin/start-stop-daemon
# Disable dpkg syncing
@ -79,8 +85,11 @@ EOF
Chroot chroot dpkg-divert --rename --quiet --remove /usr/sbin/flash-kernel
# Remove custom start-stop-daemon program
rm -f chroot/sbin/start-stop-daemon
rm -f chroot/usr/sbin/start-stop-daemon
# begin-remove-after: released:forky
Chroot chroot dpkg-divert --rename --quiet --remove /sbin/start-stop-daemon
# end-remove-after
Chroot chroot dpkg-divert --rename --quiet --remove /usr/sbin/start-stop-daemon
# Remove dpkg sync configuration
rm -f chroot/etc/dpkg/dpkg.cfg.d/live-build

View File

@ -54,17 +54,9 @@ Check_package host /usr/bin/wget wget
FIRMWARE_PACKAGES=""
# Manually add firmware-linux meta package if available
if [ "${LB_BUILD_WITH_CHROOT}" = "true" ]
if [ $(Check_package_available "firmware-linux") -eq 1 ]
then
if [ $(Chroot chroot apt-cache show "^firmware-linux$" 2> /dev/null | grep "^Package:" | wc -l) -eq 1 ]
then
FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} firmware-linux"
fi
else
if [ $(apt-cache show "^firmware-linux$" 2> /dev/null | grep "^Package:" | wc -l) -eq 1 ]
then
FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} firmware-linux"
fi
FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} firmware-linux"
fi
Firmware_List_From_Contents "${LB_PARENT_MIRROR_CHROOT}" "${LB_PARENT_DISTRIBUTION_CHROOT}" "${LB_PARENT_ARCHIVE_AREAS}"

View File

@ -62,18 +62,20 @@ esac
# Update initramfs (always, because of udev rules in initrd)
case "${LB_INITRAMFS}" in
live-boot)
#UPDATE_INITRAMFS_OPTIONS="LIVE_GENERATE_UUID=1"
if [ ! -e chroot/initrd.img_has_already_been_regenerated ]; then
Chroot chroot "${UPDATE_INITRAMFS_OPTIONS} update-initramfs -k all -t -u"
fi
;;
dracut-live)
# Enable the live module (with a unique name)
echo "add_dracutmodules+=\" dmsquash-live \"" > chroot/etc/dracut.conf.d/20-live-module-${SOURCE_DATE_EPOCH}.conf
# This ensures that dracut uses the same filename as initramfs-tools
Chroot chroot dpkg-reconfigure dracut
rm -f chroot/etc/dracut.conf.d/20-live-module-${SOURCE_DATE_EPOCH}.conf
;;
esac
if [ "${LB_INITRAMFS}" != "none" ]
then
if [ ! -e chroot/initrd.img_has_already_been_regenerated ]; then
Chroot chroot "${UPDATE_INITRAMFS_OPTIONS} update-initramfs -k all -t -u"
fi
rm -f chroot/vmlinuz.old
rm -f chroot/initrd.img.old
fi
rm -f chroot/vmlinuz.old
rm -f chroot/initrd.img.old
rm -f chroot/initrd.img_has_already_been_regenerated
# We probably ought to use COMPRESS= in a temporary file in
@ -100,16 +102,6 @@ case "${LB_INITRAMFS_COMPRESSION}" in
;;
esac
case "${LB_INITRAMFS}" in
live-boot)
ID="1000"
;;
*)
ID=""
;;
esac
rm -f chroot/etc/hosts
if [ "${LB_DEBIAN_INSTALLER}" = "live" ]

View File

@ -76,7 +76,7 @@ then
case "${HOOK}" in
*.container)
umount chroot/proc
systemd-nspawn --capability=all -D chroot "/root/$(basename ${HOOK})" || { Echo_error "${HOOK} failed (exit non-zero). You should check for errors."; exit 1 ;}
systemd-nspawn --capability=all --register=no --keep-unit -D chroot "/root/$(basename ${HOOK})" || { Echo_error "${HOOK} failed (exit non-zero). You should check for errors."; exit 1 ;}
mount proc-live -t proc chroot/proc
;;
*)

View File

@ -43,15 +43,21 @@ case "${_ACTION}" in
# Create custom hostname
Echo_message "Configuring file /bin/hostname"
Chroot chroot dpkg-divert --rename --quiet --add /bin/hostname
Chroot chroot dpkg-divert --rename --quiet --add /usr/bin/hostname
# begin-remove-after: released:forky
# In the bookworm to trixie upgrade, hostname moves hostname
# from /bin to /usr/bin. Duplicate the diversion to cover both.
# DEP17 P3 M18
Chroot chroot dpkg-divert --rename --quiet --add --divert /bin/hostname.distrib.usr-is-merged /bin/hostname
# end-remove-after
cat > chroot/bin/hostname << EOF
cat > chroot/usr/bin/hostname << EOF
#!/bin/sh
echo "localhost.localdomain"
EOF
chmod 755 chroot/bin/hostname
chmod 755 chroot/usr/bin/hostname
# Creating stage file
Create_stagefile
@ -84,7 +90,10 @@ EOF
# Remove custom hostname
rm -f chroot/bin/hostname
# begin-remove-after: released:forky
Chroot chroot dpkg-divert --rename --quiet --remove /bin/hostname
# end-remove-after
Chroot chroot dpkg-divert --rename --quiet --remove /usr/bin/hostname
# Removing stage file
Remove_stagefile

View File

@ -76,14 +76,20 @@ then
# Restoring cache
Restore_package_cache chroot
if [ "${LB_INITRAMFS}" = "dracut-live" ]; then
# Install each package separately, because the list contains conflicts
_INSTALL_ONE_BY_ONE="--max-args 1"
else
_INSTALL_ONE_BY_ONE=""
fi
# Installing packages
case "${LB_APT}" in
apt|apt-get)
Chroot chroot "xargs --arg-file=/root/packages.chroot apt-get ${APT_OPTIONS} install"
Chroot chroot "xargs ${_INSTALL_ONE_BY_ONE} --arg-file=/root/packages.chroot apt-get ${APT_OPTIONS} install"
;;
aptitude)
Chroot chroot "xargs --arg-file=/root/packages.chroot aptitude ${APTITUDE_OPTIONS} install"
Chroot chroot "xargs ${_INSTALL_ONE_BY_ONE} --arg-file=/root/packages.chroot aptitude ${APTITUDE_OPTIONS} install"
;;
esac

View File

@ -114,6 +114,7 @@ USAGE="${PROGRAM} [--apt apt|apt-get|aptitude]\n\
\t [--parent-mirror-chroot URL]\n\
\t [--parent-mirror-chroot-security URL]\n\
\t [--parent-mirror-debian-installer URL]\n\
\t [--proposed-updates true|false]\n\
\t [--quiet]\n\
\t [--security true|false]\n\
\t [--source true|false]\n\
@ -170,6 +171,7 @@ Local_arguments ()
parent-mirror-binary-security:,parent-mirror-bootstrap:,
parent-mirror-chroot:,parent-mirror-chroot-security:,
parent-mirror-debian-installer:,
proposed-updates:,
quiet,
security:,source:,source-images:,swap-file-path:,swap-file-size:,system:,
tasksel:,
@ -775,6 +777,11 @@ Local_arguments ()
shift 2
;;
--proposed-updates)
LB_PROPOSED_UPDATES="${2}"
shift 2
;;
--security)
LB_SECURITY="${2}"
shift 2
@ -1188,6 +1195,9 @@ LB_UPDATES="${LB_UPDATES}"
# Enable backports updates
LB_BACKPORTS="${LB_BACKPORTS}"
# Enable proposed updates
LB_PROPOSED_UPDATES="${LB_PROPOSED_UPDATES}"
EOF
# Creating lb_binary_* configuration
@ -1373,18 +1383,28 @@ done
LIVE_PKG_LIST="config/package-lists/live.list.chroot"
if [ ! -e "${LIVE_PKG_LIST}" ]; then
NEEDED_PACKAGES=""
if [ "${LB_INITRAMFS}" = "live-boot" ]; then
NEEDED_PACKAGES="live-boot live-config"
case "${LB_INITSYSTEM}" in
systemd)
NEEDED_PACKAGES="${NEEDED_PACKAGES} live-config-systemd systemd-sysv"
;;
case "${LB_INITRAMFS}" in
live-boot)
NEEDED_PACKAGES="live-boot live-config"
case "${LB_INITSYSTEM}" in
systemd)
NEEDED_PACKAGES="${NEEDED_PACKAGES} live-config-systemd systemd-sysv"
;;
sysvinit)
NEEDED_PACKAGES="${NEEDED_PACKAGES} live-config-sysvinit sysvinit-core"
;;
esac
fi
sysvinit)
NEEDED_PACKAGES="${NEEDED_PACKAGES} live-config-sysvinit sysvinit-core"
;;
esac
;;
dracut-live)
NEEDED_PACKAGES="live-config live-config-systemd systemd-sysv dracut-live dracut-config-generic dracut"
# Ensure that the settings are present before dracut is installed
mkdir -p config/includes.chroot_before_packages/etc/dracut.conf.d
echo "reproducible=yes" > config/includes.chroot_before_packages/etc/dracut.conf.d/50-reproducible.conf
# dracut-live (module dmsquash-live) will be enabled in chroot_hacks
;;
esac
for PKG in $NEEDED_PACKAGES; do
echo "${PKG}" >> "${LIVE_PKG_LIST}"
done

View File

@ -265,8 +265,20 @@ case "${LB_DERIVATIVE}" in
Check_package chroot /usr/bin/gcc gcc
Install_packages
# Set architecture-specific variables
case "${LB_ARCHITECTURE}" in
arm64)
TARGETS="build_cdrom_gtk build_cdrom_grub"
;;
*)
TARGETS="build_cdrom_gtk build_cdrom_isolinux"
;;
esac
# These variables do not need to be passed inside the chroot, they can be resolved earlier:
# SOURCE_DATE_EPOCH, _QUIET, LB_PARENT_MIRROR_CHROOT, LB_PARENT_DISTRIBUTION_CHROOT
# TARGETS, http_proxy
cat << EOF > chroot/buildit.sh
#!/bin/sh
# Get the version of the git repo that matches SOURCE_DATE_EPOCH
@ -319,7 +331,7 @@ fi
# USE_UDEBS_FROM -> use the same distribution as the chroot
# ROOTCMD -> Workaround for #1058994. Fakeroot is not present in the chroot (and not required)
export LINUX_KERNEL_ABI=\$(dpkg-query --showformat "\\\${db:Status-Abbrev} \\\${Package}\n" --show linux-image-* | awk '\$1=="ii" { c = split(\$2, a, "-"); if (c>3) { if (a[4] ~ /^[0-9]+/) { print a[3] "-" a[4] } else { print a[3] } } }' | sort | tail -1)
MIRROR="[check-valid-until=no] ${LB_PARENT_MIRROR_CHROOT}" TARGETS="build_cdrom_gtk build_cdrom_isolinux" USE_UDEBS_FROM=${LB_PARENT_DISTRIBUTION_CHROOT} ROOTCMD=" " bash ./daily-build build-only
http_proxy=${http_proxy} MIRROR="[check-valid-until=no] ${LB_PARENT_MIRROR_CHROOT}" TARGETS="${TARGETS}" USE_UDEBS_FROM=${LB_PARENT_DISTRIBUTION_CHROOT} ROOTCMD=" " bash ./daily-build build-only
EOF
Chroot chroot "sh buildit.sh"
# Place the files in the cache. Download_file will use the cache instead of downloading
@ -353,7 +365,7 @@ DOWNLOAD_GTK_INSTALLER=false
if [ "${LB_DEBIAN_INSTALLER_GUI}" = "true" ]
then
case "${LB_ARCHITECTURE}" in
amd64|i386)
amd64|i386|arm64)
DOWNLOAD_GTK_INSTALLER=true
;;
@ -380,9 +392,33 @@ then
case "${LB_ARCHITECTURE}" in
amd64)
DI_REQ_PACKAGES="grub-pc grub-common libefiboot1 libefivar1 libfuse2 libfuse3-3" # BIOS
DI_REQ_PACKAGES="grub-pc grub-common libfuse3-3" # BIOS
# Starting in trixie, the t64-packages have a 64-bit timestamp
if [ $(Check_package_available "libefiboot1t64") -eq 1 ]
then
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} libefiboot1t64"
else
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} libefiboot1"
fi
if [ $(Check_package_available "libefivar1t64") -eq 1 ]
then
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} libefivar1t64"
else
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} libefivar1"
fi
if [ $(Check_package_available "libfuse2t64") -eq 1 ]
then
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} libfuse2t64"
else
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} libfuse2"
fi
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} grub-efi-amd64 efibootmgr grub-efi-amd64-signed shim-signed" # UEFI (required for d-i, includes suggested packages)
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} efibootmgr grub-efi-amd64 grub-efi-amd64-bin grub-efi-amd64-signed grub2-common mokutil shim-helpers-amd64-signed shim-signed shim-signed-common shim-unsigned cryptsetup cryptsetup-initramfs keyutils" # UEFI (required by Calamares)
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} efibootmgr grub-efi grub-efi-amd64 grub-efi-amd64-bin grub-efi-amd64-signed grub2-common mokutil shim-helpers-amd64-signed shim-signed shim-signed-common shim-unsigned cryptsetup cryptsetup-initramfs keyutils" # UEFI (required by Calamares)
# grub-efi-amd64-unsigned was introduced in trixie
if [ $(Check_package_available "grub-efi-amd64-unsigned") -eq 1 ]
then
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} grub-efi-amd64-unsigned"
fi
DI_PACKAGES="linux-image-amd64"
;;
@ -391,6 +427,17 @@ then
DI_PACKAGES="linux-image-686-pae"
;;
arm64)
DI_REQ_PACKAGES="grub-efi-arm64 efibootmgr grub-efi-arm64-signed shim-signed" # UEFI (required for d-i, includes suggested packages)
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} grub-efi grub-efi-arm64-bin grub2-common mokutil shim-helpers-arm64-signed shim-signed-common shim-unsigned" # UEFI (required by Calamares)
# grub-efi-arm64-unsigned was introduced in trixie
if [ $(Check_package_available "grub-efi-arm64-unsigned") -eq 1 ]
then
DI_REQ_PACKAGES="${DI_REQ_PACKAGES} grub-efi-arm64-unsigned"
fi
DI_PACKAGES="linux-image-arm64"
;;
powerpc)
DI_REQ_PACKAGES="yaboot"
DI_PACKAGES="linux-image-powerpc linux-image-powerpc64 linux-image-powerpc-smp"
@ -408,6 +455,10 @@ then
Echo_debug "DI_REQ_PACKAGES: %s" "${DI_REQ_PACKAGES}"
Echo_debug "DI_PACKAGES: %s" "${DI_PACKAGES}"
# The file is generated by Firmware_List_From_Contents, ensure a fresh copy
FIRMWARE_DETAILS_FILE="installer_firmware_details.txt"
rm -f ${FIRMWARE_DETAILS_FILE}
# Include firmware packages
if [ "${LB_FIRMWARE_BINARY}" = "true" ]
then
@ -417,17 +468,9 @@ then
FIRMWARE_PACKAGES=""
# Manually add firmware-linux meta package if available
if [ "${LB_BUILD_WITH_CHROOT}" = "true" ]
if [ $(Check_package_available "firmware-linux") -eq 1 ]
then
if [ $(Chroot chroot apt-cache show "^firmware-linux$" 2> /dev/null | grep "^Package:" | wc -l) -eq 1 ]
then
FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} firmware-linux"
fi
else
if [ $(apt-cache show "^firmware-linux$" 2> /dev/null | grep "^Package:" | wc -l) -eq 1 ]
then
FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} firmware-linux"
fi
FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} firmware-linux"
fi
Firmware_List_From_Contents "${LB_PARENT_MIRROR_CHROOT}" "${LB_PARENT_DISTRIBUTION_CHROOT}" "${LB_PARENT_ARCHIVE_AREAS}"
@ -553,6 +596,21 @@ then
done
fi
# The path to the package pool when running inside the live environment
case "${LB_INITRAMFS}" in
live-boot)
PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT="/run/live/medium"
;;
dracut-live)
PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT="/run/initramfs/live"
;;
*)
PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT=""
;;
esac
# Generating deb indices
Echo_debug "Generating deb indices"
for _ARCHIVE_AREA in $(cd binary/pool && ls); do
@ -570,6 +628,12 @@ EOF
mv chroot/root/binary ./
touch "binary/${INDICE_DIR}/Packages" -d@${SOURCE_DATE_EPOCH}
if [ -n "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}" ]
then
# Make the pool available without 'apt-get update'
VAR_LIB_APT_LISTS_FILENAME=$(echo "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}/${INDICE_DIR}/Packages" | sed 's|/|_|g')
cp -a "binary/${INDICE_DIR}/Packages" "chroot/chroot/var/lib/apt/lists/${VAR_LIB_APT_LISTS_FILENAME}"
fi
gzip -9 -c "binary/${INDICE_DIR}/Packages" > "binary/${INDICE_DIR}/Packages.gz"
# Fetching release
@ -588,12 +652,22 @@ EOF
for _FILE in $(find ../pool -name "${_PACKAGE}_*.deb")
do
ln -sf ${_FILE} ./
if [ -e ../../${FIRMWARE_DETAILS_FILE} ]
then
# Create Contents-firmware similar to tools/make-firmware-image from debian-cd
# This file is used by check-missing-firmware.sh from hw-detect
# Note: the second argument is replaced by the filename of the package
sed --silent -e "s/ [^ ]*\/${_PACKAGE}/ "$(basename ${_FILE})"/p" ../../${FIRMWARE_DETAILS_FILE} >> Contents-firmware
fi
done
done
cd "${OLDPWD}"
fi
# No longer needed
rm -f ${FIRMWARE_DETAILS_FILE}
# Udeb handling
mkdir -p binary.udeb/pool-udeb/main
cd binary.udeb
@ -827,10 +901,10 @@ cd /root/binary && apt-ftparchive \
-o APT::FTPArchive::Release::Suite="${_SUITE}" \
${_LB_APT_VERSION_OPT} \
-o APT::FTPArchive::Release::Codename="${LB_PARENT_DISTRIBUTION_BINARY}" \
-o APT::FTPArchive::Release::Date="$(date -R ${DATE_UTC_OPTION} -d@${SOURCE_DATE_EPOCH})" \
-o APT::FTPArchive::Release::Date="$(date -R --utc -d@${SOURCE_DATE_EPOCH})" \
-o APT::FTPArchive::Release::Architectures="${LB_ARCHITECTURE}" \
-o APT::FTPArchive::Release::Components="${LB_PARENT_ARCHIVE_AREAS}" \
-o APT::FTPArchive::Release::Description="Last updated: $(date -R ${DATE_UTC_OPTION} -d@${SOURCE_DATE_EPOCH})" \
-o APT::FTPArchive::Release::Description="Last updated: $(date -R --utc -d@${SOURCE_DATE_EPOCH})" \
release dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} > dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release
EOF
@ -838,8 +912,16 @@ EOF
rm -f chroot/binary.sh
mv chroot/root/binary ./
# Add to sources.list with the path that is used inside the live environment
echo "deb [trusted=yes] file:/run/live/medium ${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" >> chroot/chroot/etc/apt/sources.list
if [ -n "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}" ]
then
# Add to sources.list with the path that is used inside the live environment
# Add in the first line, to give it precedence over the online versions of the same package
echo "deb [trusted=yes] file:${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT} ${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" > sources.list
cat chroot/chroot/etc/apt/sources.list >> sources.list
cp sources.list chroot/chroot/etc/apt/sources.list
VAR_LIB_APT_LISTS_FILENAME=$(echo "${PATH_TO_POOL_INSIDE_LIVE_ENVIRONMENT}/dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release" | sed 's|/|_|g')
cp -a binary/dists/${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION}/Release chroot/chroot/var/lib/apt/lists/${VAR_LIB_APT_LISTS_FILENAME}
fi
Echo_debug "Creating distribution directories/symlinks"

View File

@ -47,7 +47,7 @@ fi
cat >> chroot/source-selection.sh << EOF
#!/bin/sh
dpkg-query -W -f='\${binary:Package}=\${Version}\n' > source-selection.txt
dpkg-query -W -f='\${source:Package}=\${source:Version}\n' | sort -u > source-selection.txt
EOF
Chroot chroot "sh source-selection.sh"
@ -118,7 +118,7 @@ cat > chroot/source-download.sh << EOF
#!/bin/sh
cd source.pkgs
PACKAGE="\${1}"
if ! apt-get ${APT_OPTIONS} --download-only source \${PACKAGE}
if ! apt-get ${APT_OPTIONS} --only-source --download-only source \${PACKAGE}
then
dpkg -l \${PACKAGE} | tail -n1 >> ../missing-source.txt
touch ../missing-source-some

View File

@ -1,11 +1,7 @@
set color_normal=light-gray/black
set color_highlight=white/dark-gray
if [ -e /isolinux/splash.png ]; then
# binary_syslinux modifies the theme file to point to the correct
# background picture
set theme=/boot/grub/live-theme/theme.txt
elif [ -e /boot/grub/splash.png ]; then
if [ -e /boot/grub/splash.png ]; then
set theme=/boot/grub/live-theme/theme.txt
else
set menu_color_normal=cyan/blue

View File

Before

Width:  |  Height:  |  Size: 14 KiB

After

Width:  |  Height:  |  Size: 14 KiB

View File

@ -0,0 +1,55 @@
#!/bin/sh
set -e
# Adjust the remaining bits for dracut-live instead of initramfs-tools.
if [ ! -d /usr/share/doc/dracut-live ]
then
exit 0
fi
# Get access to LB_PARENT_DISTRIBUTION_CHROOT
. /live-build/config/bootstrap
# Remove remainder of initramfs-tools
apt-get remove --purge --yes initramfs-tools
# Remove live packages that work with initramfs-tools
apt-get remove --purge --yes live-tools
apt-get remove --purge --yes live-boot
apt-get remove --purge --yes live-boot-initramfs-tools
apt-get autoremove --yes
# Dracut mounts on /run/initramfs/live
# d-i, calamares and debian-installer-launcher have /run/live/medium hardcoded
# d-i -> fixed in live-build: installer_debian-installer
# calamares -> fixed here
# debian-installer-launcher -> probably not needed, is not part of the regular images
# Adjust the path for Calamares
if [ -e /etc/calamares/modules/unpackfs.conf ]
then
sed --follow-symlinks -i -e 's|/run/live/medium|/run/initramfs/live|' /etc/calamares/modules/unpackfs.conf
fi
# Use dracut instead of initramfs-tools
if [ -e /etc/calamares/settings.conf ]
then
sed --follow-symlinks -i -e '/initramfscfg/d;s/initramfs/dracut/' /etc/calamares/settings.conf
fi
# Add dracut-live to the list of packages to uninstall
if [ -e /etc/calamares/modules/packages.conf ]
then
sed --follow-symlinks -i -e "s/'live-boot'/'dracut-live'/" /etc/calamares/modules/packages.conf
fi
# Calamares script for /etc/apt/sources.list during the installation
SOURCES_MEDIA=/usr/share/calamares/helpers/calamares-sources-media
if [ -e /usr/sbin/sources-media ]
then
# Until calamares-settings-debian 13.0.11 the filename was more generic
SOURCES_MEDIA=/usr/sbin/sources-media
fi
if [ -e ${SOURCES_MEDIA} ]
then
sed -i -e 's|/run/live/medium|/run/initramfs/live|;s|/run/live|/run/initramfs|' ${SOURCES_MEDIA}
sed -i -e "s|RELEASE=\".*\"|RELEASE=\"${LB_PARENT_DISTRIBUTION_CHROOT}\"|" ${SOURCES_MEDIA}
fi

View File

@ -16,3 +16,5 @@ rm -f /etc/gshadow-
rm -f /var/cache/debconf/*-old
rm -f /var/lib/dpkg/*-old
rm -f /usr/share/info/dir.old

View File

@ -10,3 +10,13 @@ do
mkdir -p ${_DIRECTORY}
chmod 1777 ${_DIRECTORY}
done
# Remove the old lock file which will be generated when needed
rm -f /etc/.pwd.lock
# Remove /run/mount/utab of util-linux libmount (and its directory)
# The file and directory will be generated when needed
if [ -d /run/mount ]; then
rm -f /run/mount/utab
rmdir --ignore-fail-on-non-empty /run/mount
fi

View File

@ -3,7 +3,8 @@
# Rebuild an ISO image for a given timestamp
#
# Copyright 2021-2022 Holger Levsen <holger@layer-acht.org>
# Copyright 2021-2023 Roland Clobus <rclobus@rclobus.nl>
# Copyright 2021-2024 Roland Clobus <rclobus@rclobus.nl>
# Copyright 2024 Emanuele Rocca <ema@debian.org>
# released under the GPLv2
# Environment variables:
@ -59,6 +60,7 @@ EOF
show_help() {
echo "--help, --usage: This help text"
echo "--architecture: Optional, specifies the architecture (e.g. for cross-building)"
echo "--configuration: Mandatory, specifies the configuration (desktop environment)"
echo "--debian-version: Mandatory, e.g. trixie, sid"
echo "--debian-version-number: The version number, e.g. 13.0.1"
@ -77,7 +79,7 @@ show_help() {
parse_commandline_arguments() {
# In alphabetical order
local LONGOPTS="configuration:,debian-version:,debian-version-number:,debug,disk-info,generate-source,help,installer-origin:,timestamp:,usage"
local LONGOPTS="architecture:,configuration:,debian-version:,debian-version-number:,debug,disk-info,generate-source,help,installer-origin:,timestamp:,usage"
local ARGUMENTS
local ERR=0
@ -98,6 +100,11 @@ parse_commandline_arguments() {
local ARG="${1}"
# In alphabetical order
case "${ARG}" in
--architecture)
shift
ARCHITECTURE=$1
shift
;;
--configuration)
shift
CONFIGURATION=$1
@ -172,27 +179,27 @@ parse_commandline_arguments() {
;;
"cinnamon")
INSTALLER="live"
PACKAGES="live-task-cinnamon"
PACKAGES="live-task-cinnamon spice-vdagent"
;;
"gnome")
INSTALLER="live"
PACKAGES="live-task-gnome"
PACKAGES="live-task-gnome spice-vdagent"
;;
"kde")
INSTALLER="live"
PACKAGES="live-task-kde"
PACKAGES="live-task-kde spice-vdagent"
;;
"lxde")
INSTALLER="live"
PACKAGES="live-task-lxde"
PACKAGES="live-task-lxde spice-vdagent"
;;
"lxqt")
INSTALLER="live"
PACKAGES="live-task-lxqt"
PACKAGES="live-task-lxqt spice-vdagent"
;;
"mate")
INSTALLER="live"
PACKAGES="live-task-mate"
PACKAGES="live-task-mate spice-vdagent"
;;
"standard")
INSTALLER="live"
@ -200,7 +207,11 @@ parse_commandline_arguments() {
;;
"xfce")
INSTALLER="live"
PACKAGES="live-task-xfce"
PACKAGES="live-task-xfce spice-vdagent"
;;
"debian-junior")
INSTALLER="live"
PACKAGES="live-task-debian-junior spice-vdagent"
;;
"")
output_echo "Error: Missing --configuration"
@ -226,6 +237,36 @@ parse_commandline_arguments() {
;;
esac
if command -v dpkg >/dev/null; then
HOST_ARCH="$(dpkg --print-architecture)"
else
HOST_ARCH="$(uname -m)"
fi
# Use host architecture as default, if no architecture is provided
if [ -z "${ARCHITECTURE}" ]; then
ARCHITECTURE=${HOST_ARCH}
fi
if [ "${ARCHITECTURE}" != "${HOST_ARCH}" ]; then
output_echo "Cross-building ${ARCHITECTURE} image on ${HOST_ARCH}"
case "${ARCHITECTURE}" in
"amd64")
QEMU_STATIC_EXECUTABLE=qemu-x86_64-static
;;
"i386")
QEMU_STATIC_EXECUTABLE=qemu-i386-static
;;
"arm64")
QEMU_STATIC_EXECUTABLE=qemu-aarch64-static
;;
*)
output_echo "Error: Unknown architecture ${ARCHITECTURE}"
exit 5
;;
esac
ARCHITECTURE_OPTIONS="--bootstrap-qemu-arch ${ARCHITECTURE} --bootstrap-qemu-static /usr/bin/${QEMU_STATIC_EXECUTABLE}"
fi
BUILD_LATEST="archive"
BUILD_LATEST_DESC="yes, from the main Debian archive"
if [ ! -z "${TIMESTAMP}" ]; then
@ -269,25 +310,26 @@ parse_commandline_arguments() {
then
# Differentiate between lxqt and lxde
CONFIGURATION_SHORT=$(echo ${CONFIGURATION} | cut -c1,3)
elif [ "${CONFIGURATION}" == "debian-junior" ]
then
CONFIGURATION_SHORT="jr"
fi
ISO_VOLUME="d-live ${DEBIAN_VERSION_NUMBER} ${CONFIGURATION_SHORT} amd64"
ISO_VOLUME="d-live ${DEBIAN_VERSION_NUMBER} ${CONFIGURATION_SHORT} ${ARCHITECTURE}"
# Tracing this generator script
REBUILD_SHA256SUM=$(sha256sum ${BASH_SOURCE} | cut -f1 -d" ")
if [ $DEBUG ]
then
echo "CONFIGURATION = ${CONFIGURATION}"
echo "DEBIAN_VERSION = ${DEBIAN_VERSION}"
echo "DEBIAN_VERSION_NUMBER = ${DEBIAN_VERSION_NUMBER}"
echo "TIMESTAMP = ${TIMESTAMP}"
echo "SNAPSHOT_TIMESTAMP = ${SNAPSHOT_TIMESTAMP}"
echo "BUILD_LATEST = ${BUILD_LATEST}"
echo "BUILD_LATEST_DESC = ${BUILD_LATEST_DESC}"
echo "INSTALLER_ORIGIN = ${INSTALLER_ORIGIN}"
echo "ISO_VOLUME = ${ISO_VOLUME}"
echo "DISK_INFO = ${DISK_INFO}"
fi
echo "ARCHITECTURE = ${ARCHITECTURE}"
echo "CONFIGURATION = ${CONFIGURATION}"
echo "DEBIAN_VERSION = ${DEBIAN_VERSION}"
echo "DEBIAN_VERSION_NUMBER = ${DEBIAN_VERSION_NUMBER}"
echo "TIMESTAMP = ${TIMESTAMP}"
echo "SNAPSHOT_TIMESTAMP = ${SNAPSHOT_TIMESTAMP}"
echo "BUILD_LATEST = ${BUILD_LATEST}"
echo "BUILD_LATEST_DESC = ${BUILD_LATEST_DESC}"
echo "INSTALLER_ORIGIN = ${INSTALLER_ORIGIN}"
echo "ISO_VOLUME = ${ISO_VOLUME}"
echo "DISK_INFO = ${DISK_INFO}"
}
get_snapshot_from_archive() {
@ -306,6 +348,23 @@ get_snapshot_from_archive() {
rm latest
}
get_snapshot_from_snapshot_debian_org() {
# Pick the snapshot closest to 'now'
wget ${WGET_OPTIONS} http://snapshot.debian.org/archive/debian/$(date --utc +%Y%m%dT%H%M%SZ)/dists/${DEBIAN_VERSION}/InRelease --output-document latest
#
# Extract the timestamp from the InRelease file
#
# Input:
# ...
# Date: Sat, 23 Jul 2022 14:33:45 UTC
# ...
# Output:
# 20220723T143345Z
#
SNAPSHOT_TIMESTAMP=$(cat latest | awk '/^Date:/ { print substr($0, 7) }' | xargs -I this_date date --utc --date "this_date" +%Y%m%dT%H%M%SZ)
rm latest
}
#
# main: follow https://wiki.debian.org/ReproducibleInstalls/LiveImages
#
@ -351,29 +410,21 @@ case ${BUILD_LATEST} in
# Use the timestamp of the current Debian archive
get_snapshot_from_archive
MIRROR=http://deb.debian.org/debian/
MIRROR_BINARY=${MIRROR}
MODIFY_APT_OPTIONS=0
;;
"snapshot")
# Use the timestamp of the latest mirror snapshot
wget ${WGET_OPTIONS} http://snapshot.notset.fr/mr/timestamp/debian/latest --output-document latest
#
# Extract the timestamp from the JSON file
#
# Input:
# {
# "_api": "0.3",
# "_comment": "notset",
# "result": "20210828T083909Z"
# }
# Output:
# 20210828T083909Z
#
SNAPSHOT_TIMESTAMP=$(cat latest | awk '/"result":/ { split($0, a, "\""); print a[4] }')
rm latest
MIRROR=http://snapshot.notset.fr/archive/debian/${SNAPSHOT_TIMESTAMP}
get_snapshot_from_snapshot_debian_org
MIRROR=http://snapshot.debian.org/archive/debian/${SNAPSHOT_TIMESTAMP}
MIRROR_BINARY="[check-valid-until=no] ${MIRROR}"
MODIFY_APT_OPTIONS=1
;;
"no")
# The value of SNAPSHOT_TIMESTAMP was provided on the command line
MIRROR=http://snapshot.notset.fr/archive/debian/${SNAPSHOT_TIMESTAMP}
MIRROR=http://snapshot.debian.org/archive/debian/${SNAPSHOT_TIMESTAMP}
MIRROR_BINARY="[check-valid-until=no] ${MIRROR}"
MODIFY_APT_OPTIONS=1
;;
*)
echo "E: A new option to BUILD_LATEST has been added"
@ -415,7 +466,7 @@ fi
output_echo "Running lb config."
lb config \
--mirror-bootstrap ${MIRROR} \
--mirror-binary ${MIRROR} \
--mirror-binary "${MIRROR_BINARY}" \
--security false \
--updates false \
--distribution ${DEBIAN_VERSION} \
@ -424,12 +475,16 @@ lb config \
--cache-packages false \
--archive-areas "main ${FIRMWARE_ARCHIVE_AREA}" \
--iso-volume "${ISO_VOLUME}" \
--architecture ${ARCHITECTURE} \
${ARCHITECTURE_OPTIONS} \
${GENERATE_SOURCE} \
2>&1 | tee $LB_OUTPUT
# Insider knowledge of live-build:
# Add '-o Acquire::Check-Valid-Until=false', to allow for rebuilds of older timestamps
sed -i -e '/^APT_OPTIONS=/s/--yes/--yes -o Acquire::Check-Valid-Until=false/' config/common
if [ ${MODIFY_APT_OPTIONS} -ne 0 ]; then
# Insider knowledge of live-build:
# Add '-o Acquire::Check-Valid-Until=false', to allow for rebuilds of older timestamps
sed -i -e '/^APT_OPTIONS=/s/--yes/--yes -o Acquire::Check-Valid-Until=false/' config/common
fi
if [ ! -z "${PACKAGES}" ]; then
echo "${PACKAGES}" >config/package-lists/desktop.list.chroot
@ -570,22 +625,41 @@ EOFNEWCONTENT
echo "P: \$(basename \$0) Bugfix hook has been applied"
EOFHOOK
# For stable and soon-to-be-stable use the same boot splash screen as the Debian installer
if [ "${DEBIAN_VERSION}" = "bookworm" -a "${CONFIGURATION}" = "kde" ];
then
cat << EOFHOOK > config/hooks/live/5010-kde-icon-for-calamares.hook.chroot
#!/bin/sh
set -e
# Fix for #1057853: Missing Calamares icon for KDE on bookworm
if [ ! -e /etc/xdg/autostart/calamares-desktop-icon.desktop ];
then
exit 0
fi
sed -i -e '/X-GNOME-Autostart-Phase=/d' /etc/xdg/autostart/calamares-desktop-icon.desktop
echo "P: \$(basename \$0) Bugfix hook has been applied"
EOFHOOK
fi
# For oldstable and stable use the same boot splash screen as the Debian installer
case "$DEBIAN_VERSION" in
"bullseye")
mkdir -p config/bootloaders/syslinux_common
wget --quiet https://salsa.debian.org/installer-team/debian-installer/-/raw/master/build/boot/artwork/11-homeworld/homeworld.svg -O config/bootloaders/syslinux_common/splash.svg
"bullseye"|"oldstable")
mkdir -p config/bootloaders
wget --quiet https://salsa.debian.org/installer-team/debian-installer/-/raw/master/build/boot/artwork/11-homeworld/homeworld.svg -O config/bootloaders/splash.svg
mkdir -p config/bootloaders/grub-pc
# Use the old resolution of 640x480 for grub
ln -s ../../isolinux/splash.png config/bootloaders/grub-pc/splash.png
;;
"bookworm")
mkdir -p config/bootloaders/syslinux_common
wget --quiet https://salsa.debian.org/installer-team/debian-installer/-/raw/master/build/boot/artwork/12-emerald/emerald.svg -O config/bootloaders/syslinux_common/splash.svg
# To have a 800x600 image and the title 'Live Boot Menu with GRUB', manually undo the title-text modification from binary_syslinux
cat > config/hooks/live/5010-restore-grub-title.hook.binary << EOF
#!/bin/sh
sed -i -e 's|^title-text:.*|title-text: "Live Boot Menu with GRUB"|' boot/grub/live-theme/theme.txt
EOF
"bookworm"|"stable")
mkdir -p config/bootloaders
wget --quiet https://salsa.debian.org/installer-team/debian-installer/-/raw/master/build/boot/artwork/12-emerald/emerald.svg -O config/bootloaders/splash.svg
;;
"trixie"|"testing")
# Trixie artwork: https://wiki.debian.org/DebianArt/Themes/Ceratopsian
mkdir -p config/bootloaders
wget --quiet https://raw.githubusercontent.com/pccouper/trixie/refs/heads/main/grub/grub.svg -O config/bootloaders/splash.svg
;;
*)
# Use the default 'under construction' image
@ -601,8 +675,8 @@ BUILD_RESULT=$?
set -e
if [ ${BUILD_RESULT} -ne 0 ]; then
# Find the snapshot that matches 1 second before the current snapshot
wget ${WGET_OPTIONS} http://snapshot.notset.fr/mr/timestamp/debian/$(date --utc -d @$((${SOURCE_DATE_EPOCH} - 1)) +%Y%m%dT%H%M%SZ) --output-document but_latest
PROPOSED_SNAPSHOT_TIMESTAMP=$(cat but_latest | awk '/"result":/ { split($0, a, "\""); print a[4] }')
wget ${WGET_OPTIONS} http://snapshot.debian.org/archive/debian/$(date --utc -d @$((${SOURCE_DATE_EPOCH} - 1)) +%Y%m%dT%H%M%SZ)/dists/${DEBIAN_VERSION}/InRelease --output-document but_latest
PROPOSED_SNAPSHOT_TIMESTAMP=$(cat but_latest | awk '/^Date:/ { print substr($0, 7) }' | xargs -I this_date date --utc --date "this_date" +%Y%m%dT%H%M%SZ)
rm but_latest
output_echo "Warning: lb build failed with ${BUILD_RESULT}. The latest snapshot might not be complete (yet). Try re-running the script with SNAPSHOT_TIMESTAMP=${PROPOSED_SNAPSHOT_TIMESTAMP}."
@ -611,7 +685,7 @@ if [ ${BUILD_RESULT} -ne 0 ]; then
fi
# Calculate the checksum
SHA256SUM=$(sha256sum live-image-amd64.hybrid.iso | cut -f 1 -d " ")
SHA256SUM=$(sha256sum live-image-${ARCHITECTURE}.hybrid.iso | cut -f 1 -d " ")
if [ ${BUILD_LATEST} == "archive" ]; then
SNAPSHOT_TIMESTAMP_OLD=${SNAPSHOT_TIMESTAMP}

479
test/test_external_deb_sources.sh Executable file
View File

@ -0,0 +1,479 @@
#!/bin/bash
if ! command -v equivs-build > /dev/null; then
echo "Install equivs"
exit 1
fi
if ! command -v reprepro > /dev/null; then
echo "Install reprepro"
exit 1
fi
if ! command -v shunit2 > /dev/null; then
echo "Install shunit2"
exit 1
fi
if ! command -v faketime > /dev/null; then
echo "Install faketime"
exit 1
fi
function create_packages () {
# Create package generator files
cat << EOF > package
Source: live-testpackage-$1-main
Section: misc
Priority: optional
Standards-Version: 4.7.0
Package: live-testpackage-$1-main
Version: 1.0
Maintainer: Debian Live <debian-live@lists.debian.org>
Depends: live-testpackage-$1-dependency
Architecture: all
File: /etc/live-testpackage/testpackage-$1-main-file 644
live-testpackage-$1-main has been installed
Description: Test package for testing the inclusion in live images
Tests dependency chain
Package live-testpackage-$1-dependency should be automatically installed and removed too
EOF
faketime -f "$(date --utc -d@${SOURCE_DATE_EPOCH} +'%Y-%m-%d %H:%M:%SZ')" equivs-build package
cat << EOF > package
Source: live-testpackage-$1-dependency
Section: misc
Priority: optional
Standards-Version: 4.7.0
Package: live-testpackage-$1-dependency
Version: 1.0
Maintainer: Debian Live <debian-live@lists.debian.org>
Architecture: all
File: /etc/live-testpackage/testpackage-$1-dependency-file 644
The dependency for live-testpackage-$1-main has been installed
Description: Test package for testing the inclusion in live images
Tests dependency chain
This package should be automatically installed and removed too
EOF
faketime -f "$(date --utc -d@${SOURCE_DATE_EPOCH} +'%Y-%m-%d %H:%M:%SZ')" equivs-build package
rm package
}
function create_repository () {
# See https://wiki.debian.org/DebianRepository/SetupWithReprepro
# Collect in a repository
rm -fr testrepository-$1
mkdir -p testrepository-$1/conf
touch testrepository-$1/conf/options
cat << EOF > testrepository-$1/conf/distributions
Origin: Test_repository_for_testing_external_sources
Label: Test_repository_for_testing_external_sources
Codename: nondebian
Architectures: amd64 source
Components: mymain
Description: Test repository for testing external sources
EOF
create_packages $1
reprepro -b testrepository-$1 includedeb nondebian live-testpackage-$1-main_1.0_all.deb
reprepro -b testrepository-$1 includedeb nondebian live-testpackage-$1-dependency_1.0_all.deb
}
function mountSquashfs() {
assertTrue "ISO image has been generated" "[ -e live-image-amd64.hybrid.iso ]"
mkdir iso squashfs
mount live-image-amd64.hybrid.iso iso -oro
mount iso/live/filesystem.squashfs squashfs -oro
}
function unmountSquashfs() {
umount squashfs
umount iso
rmdir iso squashfs
}
function oneTimeSetUp() {
# Speed up, because there is no compression of the ISO file
export MKSQUASHFS_OPTIONS=-no-compression
}
function setUp() {
# Create a test configuration
lb clean --purge
rm -fr config
# Slight speedup: --zsync, --firmware-chroot, --cache
lb config --distribution unstable --zsync false --firmware-chroot false --cache false
}
function build_image() {
# Speed up
export MKSQUASHFS_OPTIONS=-no-compression
# Perform the build
lb build
if [ -e live-image-amd64.hybrid.iso ]
then
sha256sum --tag live-image-amd64.hybrid.iso
fi
}
function test_snapshot_with_mirror_bootstrap() {
# Rebuild the configuration, as many mirror settings depend on eachother
lb clean --purge
rm -fr config
# Slight speedup: --zsync, --firmware-chroot, --cache
lb config --distribution unstable --zsync false --firmware-chroot false --cache false --mirror-bootstrap http://snapshot.debian.org/archive/debian/20240701T000000Z/ --mirror-binary http://deb.debian.org/debian/
# Insider knowledge of live-build:
# Add '-o Acquire::Check-Valid-Until=false', to allow for rebuilds of older timestamps
sed -i -e '/^APT_OPTIONS=/s/--yes/--yes -o Acquire::Check-Valid-Until=false/' config/common
build_image
mountSquashfs
assertTrue "Sources.list mentions deb.d.o" "grep -q 'http://deb.debian.org/debian' squashfs/etc/apt/sources.list"
assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/deb\.debian\.org_debian_dists_unstable_main_binary-amd64_Packages ]"
assertTrue "The kernel from the snapshot is used" "grep -q '^linux-image-6\.9\.7-amd64' chroot.packages.install"
assertTrue "The kernel from the snapshot will be booted" "[ -e squashfs/boot/vmlinuz-6.9.7-amd64 ]"
unmountSquashfs
}
function test_preexisting_package_inclusion_chroot() {
# Why this package?
# - It has only a few dependencies
# - It is not present in the small image
echo "hwdata" > config/package-lists/config-package-lists-chroot.list.chroot
build_image
assertTrue "Main package is installed (install)" "grep -q '^hwdata' chroot.packages.install"
assertTrue "Dependency package is installed (install)" "grep -q '^pci.ids' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^hwdata' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^pci.ids' chroot.packages.live"
mountSquashfs
assertFalse "Main package stays after installation" "grep -q '^hwdata' iso/live/filesystem.packages-remove"
assertFalse "Dependency package stays after installation" "grep -q '^pci\.ids' iso/live/filesystem.packages-remove"
assertFalse "No package pool should be generated" "[ -e iso/pool ]"
assertFalse "Package pool is not listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
unmountSquashfs
}
function test_preexisting_package_inclusion_chroot_live() {
# Why this package?
# - It has only a few dependencies
# - It is not present in the small image
echo "hwdata" > config/package-lists/config-package-lists-chroot-live.list.chroot_live
build_image
assertFalse "Main package is not installed (install)" "grep -q '^hwdata' chroot.packages.install"
assertFalse "Dependency package is not installed (install)" "grep -q '^pci.ids' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^hwdata' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^pci.ids' chroot.packages.live"
mountSquashfs
assertTrue "Main package will be removed after installation" "grep -q '^hwdata' iso/live/filesystem.packages-remove"
assertTrue "Dependency package will be removed after installation" "grep -q '^pci\.ids' iso/live/filesystem.packages-remove"
assertFalse "No package pool should be generated" "[ -e iso/pool ]"
assertFalse "Package pool is not listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
unmountSquashfs
}
# Effectively is a duplicate of test_preexisting_package_inclusion_chroot
function test_preexisting_package_inclusion_chroot_install() {
# Why this package?
# - It has only a few dependencies
# - It is not present in the small image
echo "hwdata" > config/package-lists/config-package-lists-chroot-live.list.chroot_install
build_image
assertTrue "Main package is installed (install)" "grep -q '^hwdata' chroot.packages.install"
assertTrue "Dependency package is installed (install)" "grep -q '^pci.ids' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^hwdata' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^pci.ids' chroot.packages.live"
mountSquashfs
assertFalse "Main package stays after installation" "grep -q '^hwdata' iso/live/filesystem.packages-remove"
assertFalse "Dependency package stays after installation" "grep -q '^pci\.ids' iso/live/filesystem.packages-remove"
assertFalse "No package pool should be generated" "[ -e iso/pool ]"
assertFalse "Package pool is not listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
unmountSquashfs
}
function test_preexisting_package_inclusion_unspecified_chroot_or_binary() {
# Why this package?
# - It has only a few dependencies
# - It is not present in the small image
echo "hwdata" > config/package-lists/config-package-lists-chroot.list
build_image
assertTrue "Main package is installed (install)" "grep -q '^hwdata' chroot.packages.install"
assertTrue "Dependency package is installed (install)" "grep -q '^pci.ids' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^hwdata' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^pci.ids' chroot.packages.live"
mountSquashfs
assertFalse "Main package stays after installation" "grep -q '^hwdata' iso/live/filesystem.packages-remove"
assertFalse "Dependency package stays after installation" "grep -q '^pci\.ids' iso/live/filesystem.packages-remove"
assertTrue "Main package should be in the pool" "[ -e iso/pool/main/h/hwdata/hwdata_*_all.deb ]"
assertTrue "Dependency package should be in the pool" "[ -e iso/pool/main/p/pci.ids/pci.ids_*_all.deb ]"
assertTrue "Package pool is listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
assertTrue "Sources list meta info should be present: Release" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_Release ]"
assertTrue "Sources list meta info should be present: Packages" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_main_binary-amd64_Packages ]"
unmountSquashfs
}
function test_preexisting_package_inclusion_binary() {
# Why this package?
# - It has only a few dependencies
# - It is not present in the small image
echo "hwdata" > config/package-lists/config-package-lists-chroot.list.binary
build_image
assertFalse "Main package is not installed (install)" "grep -q '^hwdata' chroot.packages.install"
assertFalse "Dependency package is not installed (install)" "grep -q '^pci.ids' chroot.packages.install"
assertFalse "Main package is not installed (live)" "grep -q '^hwdata' chroot.packages.live"
assertFalse "Dependency package is not installed (live)" "grep -q '^pci.ids' chroot.packages.live"
mountSquashfs
assertFalse "Main package stays after installation" "grep -q '^hwdata' iso/live/filesystem.packages-remove"
assertFalse "Dependency package stays after installation" "grep -q '^pci\.ids' iso/live/filesystem.packages-remove"
assertTrue "Main package should be in the pool" "[ -e iso/pool/main/h/hwdata/hwdata_*_all.deb ]"
assertTrue "Dependency package should be in the pool" "[ -e iso/pool/main/p/pci.ids/pci.ids_*_all.deb ]"
assertTrue "Package pool is listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
assertTrue "Sources list meta info should be present: Release" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_Release ]"
assertTrue "Sources list meta info should be present: Packages" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_main_binary-amd64_Packages ]"
unmountSquashfs
}
# Untested:
# 8.2.5 Generated package lists
# 8.2.6 Using conditionals inside package lists
function test_direct_inclusion_of_deb_unspecified_chroot_or_binary() {
create_packages config-packages
cp live-testpackage-config-packages-main_1.0_all.deb config/packages
cp live-testpackage-config-packages-dependency_1.0_all.deb config/packages
build_image
assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-main-file$' chroot.files"
assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-dependency-file$' chroot.files"
assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-packages-main' chroot.packages.install"
assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-packages-dependency' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-packages-main' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-packages-dependency' chroot.packages.live"
}
function test_direct_inclusion_of_deb_binary() {
create_packages config-packages-binary
cp live-testpackage-config-packages-binary-main_1.0_all.deb config/packages.binary
cp live-testpackage-config-packages-binary-dependency_1.0_all.deb config/packages.binary
# config/packages.binary is only used when an installer is requested
lb config --debian-installer live
build_image
assertFalse "Packaged file for main package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-binary-main-file$' chroot.files"
assertFalse "Packaged file for dependency package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-binary-dependency-file$' chroot.files"
assertFalse "Main package is not installed (install)" "grep -q '^live-testpackage-config-packages-binary-main' chroot.packages.install"
assertFalse "Dependency package is not installed (install)" "grep -q '^live-testpackage-config-packages-binary-dependency' chroot.packages.install"
assertFalse "Main package is not installed (live)" "grep -q '^live-testpackage-config-packages-binary-main' chroot.packages.live"
assertFalse "Dependency package is not installed (live)" "grep -q '^live-testpackage-config-packages-binary-dependency' chroot.packages.live"
mountSquashfs
assertTrue "Main package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-packages-binary-main/live-testpackage-config-packages-binary-main_1.0_all.deb ]"
assertTrue "Dependency package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-packages-binary-dependency/live-testpackage-config-packages-binary-dependency_1.0_all.deb ]"
assertTrue "Package pool is listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
assertTrue "Sources list meta info should be present: Release" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_Release ]"
assertTrue "Sources list meta info should be present: Packages" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_main_binary-amd64_Packages ]"
unmountSquashfs
}
function test_direct_inclusion_of_deb_chroot() {
create_packages config-packages-chroot
cp live-testpackage-config-packages-chroot-main_1.0_all.deb config/packages.chroot
cp live-testpackage-config-packages-chroot-dependency_1.0_all.deb config/packages.chroot
build_image
assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-chroot-main-file$' chroot.files"
assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-packages-chroot-dependency-file$' chroot.files"
assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-packages-chroot-main' chroot.packages.install"
assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-packages-chroot-dependency' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-packages-chroot-main' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-packages-chroot-dependency' chroot.packages.live"
}
function test_remote_repository_unspecified_choot_or_binary() {
cat << EOF > config/archives/remote-config-archives-list.list
deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.gpg] http://archive.ubuntu.com/ubuntu noble main
EOF
# We need something that is not in Debian.
# Let's use the live image building tool from Ubuntu ;-)
echo "casper" > config/package-lists/remote-config-archives-list.list
# Manually fetch the key for Ubuntu
wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key
build_image
assertTrue "Package is installed (install)" "grep -q '^casper' chroot.packages.install"
assertTrue "Package is installed (live)" "grep -q '^casper' chroot.packages.live"
mountSquashfs
assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list.list ]"
assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]"
unmountSquashfs
}
function test_remote_repository_chroot() {
cat << EOF > config/archives/remote-config-archives-list-chroot.list
deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.chroot.gpg] http://archive.ubuntu.com/ubuntu noble main
EOF
# We need something that is not in Debian.
# Let's use the live image building tool from Ubuntu ;-)
echo "casper" > config/package-lists/remote-config-archives-list-chroot.list.chroot
# Manually fetch the key for Ubuntu
wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key.chroot
build_image
assertTrue "Package is installed (install)" "grep -q '^casper' chroot.packages.install"
assertTrue "Package is installed (live)" "grep -q '^casper' chroot.packages.live"
mountSquashfs
assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list-chroot.list ]"
assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]"
unmountSquashfs
}
function test_remote_repository_binary() {
cat << EOF > config/archives/remote-config-archives-list-binary.list.binary
deb [signed-by=/etc/apt/trusted.gpg.d/ubuntu-archive-keyring.gpg.key.binary.gpg] http://archive.ubuntu.com/ubuntu noble main
EOF
# We need something that is not in Debian.
# Let's use the live image building tool from Ubuntu ;-)
echo "casper" > config/package-lists/remote-config-archives-list-binary.list.binary
# Manually fetch the key for Ubuntu
wget --quiet https://salsa.debian.org/debian/ubuntu-keyring/-/raw/master/keyrings/ubuntu-archive-keyring.gpg?ref_type=heads -O config/archives/ubuntu-archive-keyring.gpg.key.binary
build_image
assertFalse "Package is not installed (install)" "grep -q '^casper' chroot.packages.install"
assertFalse "Package is not installed (live)" "grep -q '^casper' chroot.packages.live"
mountSquashfs
assertTrue "Sources list should be present" "[ -e squashfs/etc/apt/sources.list.d/remote-config-archives-list-binary.list ]"
assertTrue "Sources list meta info should be present" "[ -e squashfs/var/lib/apt/lists/archive.ubuntu.com_ubuntu_dists_noble_main_binary-amd64_Packages ]"
assertTrue "Package should be in the pool" "find iso | grep 'iso/pool/main/c/casper/casper_.*_amd64\.deb'"
unmountSquashfs
}
function test_local_repository_unspecified_chroot_or_binary() {
create_repository config-archives-list
cat << EOF > config/archives/my_repro-config-archives-list.list
deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list nondebian mymain
EOF
echo "live-testpackage-config-archives-list-main" > config/package-lists/my_repro-config-archives-list.list
build_image
assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" ""
assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-main-file$' chroot.files"
assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-dependency-file$' chroot.files"
assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-archives-list-main' chroot.packages.install"
assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-archives-list-dependency' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-archives-list-main' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-archives-list-dependency' chroot.packages.live"
mountSquashfs
# The following files should not be present
# -> however, they currently are, because there is not detection whether the repo is reachable from within the running live environment
# -> this will result in an error message when 'apt-get update' is run in the live environment
# /etc/apt/sources.list.d/my_repro-config-archives-list.list
# /var/lib/apt/lists/_*_testrepository-config-archives-list-*_Release
# /var/lib/apt/lists/_*_testrepository-config-archives-list-*_Packages
assertFalse "Sources list should not be present" "[ -e squashfs/etc/apt/sources.list.d/my_repro-config-archives-list.list ]"
assertFalse "Sources list meta info should not be present" "find squashfs/var/lib/apt/lists | grep -q 'squashfs/var/lib/apt/lists/_*_testrepository-config-archives-list-'"
unmountSquashfs
}
function test_local_repository_chroot() {
create_repository config-archives-list-chroot
cat << EOF > config/archives/my_repro-config-archives-list-chroot.list.chroot
deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list-chroot nondebian mymain
EOF
echo "live-testpackage-config-archives-list-chroot-main" > config/package-lists/my_repro-config-archives-list-chroot.list.chroot
build_image
assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" ""
assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-chroot-main-file$' chroot.files"
assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-chroot-dependency-file$' chroot.files"
assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-archives-list-chroot-main' chroot.packages.install"
assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-archives-list-chroot-dependency' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-archives-list-chroot-main' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-archives-list-chroot-dependency' chroot.packages.live"
mountSquashfs
# The following files should not be present
# -> however, they currently are, because there is not detection whether the repo is reachable from within the running live environment
# -> this will result in an error message when 'apt-get update' is run in the live environment
# /etc/apt/sources.list.d/my_repro-config-archives-list-chroot.list
# /var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-*_Release
# /var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-*_Packages
assertFalse "Sources list should not be present" "[ -e squashfs/etc/apt/sources.list.d/my_repro-config-archives-list-chroot.list ]"
assertFalse "Sources list meta info should not be present" "find squashfs/var/lib/apt/lists | grep -q 'squashfs/var/lib/apt/lists/_*_testrepository-config-archives-list-chroot-'"
unmountSquashfs
}
function test_local_repository_binary() {
# Skip the .list.binary scenario for now
# -> the bind mount is not activated properly
create_repository config-archives-list-binary
cat << EOF > config/archives/my_repro-config-archives.list-binary.list.binary
deb [trusted=yes] file://$(pwd)/testrepository-config-archives-list-binary nondebian mymain
EOF
echo "live-testpackage-config-archives-list-binary-main" > config/package-lists/my_repro-config-archives-list-binary.list.binary
build_image
assertNotNull "Not implemented yet: fails at lb chroot_prep remove all mode-archives-chroot with step lb chroot_archives chroot remove at the moment" ""
assertFalse "Packaged file for main package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-binary-main-file$' chroot.files"
assertFalse "Packaged file for dependency package should not be present" "grep -q '^-rw-r--r--.* testpackage-config-archives-list-binary-dependency-file$' chroot.files"
assertFalse "Main package is not installed (install)" "grep -q '^live-testpackage-config-archives-list-binary-main' chroot.packages.install"
assertFalse "Dependency package is not installed (install)" "grep -q '^live-testpackage-config-archives-list-binary-dependency' chroot.packages.install"
assertFalse "Main package is not installed (live)" "grep -q '^live-testpackage-config-archives-list-binary-main' chroot.packages.live"
assertFalse "Dependency package is not installed (live)" "grep -q '^live-testpackage-config-archives-list-binary-dependency' chroot.packages.live"
mountSquashfs
assertTrue "Main package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-archives-list-binary-main/live-testpackage-config-archives-list-binary-main_1.0_all.deb ]"
assertTrue "Dependency package should be in the pool" "[ -e iso/pool/main/l/live-testpackage-config-archives-list-binary-dependency/live-testpackage-config-archives-list-binary-dependency_1.0_all.deb ]"
assertTrue "Package pool is listed in /etc/apt/sources.list" "grep -q 'file:/run/live/medium' squashfs/etc/apt/sources.list"
assertTrue "Sources list meta info should be present: Release" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_Release ]"
assertTrue "Sources list meta info should be present: Packages" "[ -e squashfs/var/lib/apt/lists/_run_live_medium_dists_unstable_main_binary-amd64_Packages ]"
unmountSquashfs
}
function test_embedded_repository() {
# An embedded repository scenario
# -> it fails in the bootstrap phase, because the files are copied later in the chroot step!
create_repository config-opt-extra-repo
mkdir -p config/includes.chroot_before_packages/opt/extrarepo/dists
mkdir -p config/includes.chroot_before_packages/opt/extrarepo/pool
cp -a testrepository-config-opt-extra-repo/dists/* config/includes.chroot_before_packages/opt/extrarepo/dists
cp -a testrepository-config-opt-extra-repo/pool/* config/includes.chroot_before_packages/opt/extrarepo/pool
# Note it uses '.list', because the repository should be functional after the chroot is sealed
cat << EOF > config/archives/my_repro-config-opt-extra-repo.list
deb [trusted=yes] file:///opt/extrarepo nondebian mymain
EOF
echo "live-testpackage-config-opt-extra-repo-main" > config/package-lists/my_repro-config-opt-extra-repo.list
build_image
assertNotNull "Not implemented yet: fails at bootstrap_archives at the moment" ""
# Current issue: the /etc/apt/sources.list.d entry gets removed, but the index files and the packages are installed in the chroot
assertTrue "Packaged file for main package should be present" "grep -q '^-rw-r--r--.* testpackage-config-opt-extra-repo-main-file$' chroot.files"
assertTrue "Packaged file for dependency package should be present" "grep -q '^-rw-r--r--.* testpackage-config-opt-extra-repo-dependency-file$' chroot.files"
assertTrue "Main package is installed (install)" "grep -q '^live-testpackage-config-opt-extra-repo-main' chroot.packages.install"
assertTrue "Dependency package is installed (install)" "grep -q '^live-testpackage-config-opt-extra-repo-dependency' chroot.packages.install"
assertTrue "Main package is installed (live)" "grep -q '^live-testpackage-config-opt-extra-repo-main' chroot.packages.live"
assertTrue "Dependency package is installed (live)" "grep -q '^live-testpackage-config-opt-extra-repo-dependency' chroot.packages.live"
}
function test_derivatives() {
# Rebuild the configuration, as many mirror settings depend on eachother
#lb clean --purge
#rm -fr config
# Slight speedup: --zsync, --firmware-chroot, --cache
#lb config --distribution unstable --zsync false --firmware-chroot false --cache false
# Let's not test --parent-distribution-chroot at the moment:
# --apt-secure false --parent-mirror-chroot file://localhost$(pwd)/testrepository --parent-distribution-chroot nondebian --parent-archive-areas mymain --mirror-chroot http://deb.debian.org/debian --distribution-chroot debian --archive-areas main --parent-mirror-bootstrap file://localhost$(pwd)/testrepository
# --apt-secure false --mirror-chroot file://localhost$(pwd)/testrepository-mirror-chroot --distribution-chroot nondebian --archive-areas mymain --parent-mirror-chroot http://deb.debian.org/debian --parent-distribution-chroot unstable --parent-archive-areas main
#build_image
#mountSquashfs
assertNotNull "Not implemented (yet): this can be quite complicated" ""
#unmountSquashfs
}
SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-$(date --utc '+%s')}"
ISO8601_TIMESTAMP=$(date --utc -d@${SOURCE_DATE_EPOCH} +%Y-%m-%dT%H:%M:%SZ)
. shunit2 2> logfile_${ISO8601_TIMESTAMP}.stderr | tee logfile_${ISO8601_TIMESTAMP}.stdout
egrep "ASSERT|FAILED|OK|shunit2|test_|SHA256" logfile_${ISO8601_TIMESTAMP}.stdout | tee logfile_${ISO8601_TIMESTAMP}.summary