Apply 'wrap-and-sort' on the debian directory

Contains only whitespace changes

Makefile

@@ -4,7 +4,7 @@ SHELL := sh -e
 
 LANGUAGES = $(shell cd manpages/po && ls)
 
-SCRIPTS = frontend/* functions/* examples/auto/* examples/hooks/* scripts/*.sh scripts/*/* share/bin/* share/hooks/*
+SCRIPTS = frontend/* functions/* examples/auto/* examples/hooks/*.chroot examples/hooks/reproducible/*.chroot scripts/*.sh scripts/*/* share/bin/* share/hooks/*/*
 
 all: build
 
@@ -29,7 +29,7 @@ test:
 			echo -n "."; \
 		done; \
 	else \
-		echo "WARNING: skipping bashism test - you need to install devscripts."; \
+		echo "WARNING: Skipping bashism test - you need to install devscripts."; \
 	fi
 
 	@echo " done."
@@ -40,7 +40,8 @@ build:
 install:
 	# Installing shared data
 	mkdir -p $(DESTDIR)/usr/share/live/build
-	cp -r data functions VERSION $(DESTDIR)/usr/share/live/build
+	cp -r data functions $(DESTDIR)/usr/share/live/build
+	sed -e 's/.*(\(.*\)).*/\1/; s/^[0-9]://; q' debian/changelog >$(DESTDIR)/usr/share/live/build/VERSION
 	cp -r share/* $(DESTDIR)/usr/share/live/build
 
 	# Installing executables
@@ -102,3 +103,5 @@ clean:
 distclean:
 
 reinstall: uninstall install
+
+.PHONY: all test build install uninstall clean distclean reinstall

VERSION

@@ -1 +0,0 @@
-5.0~a6-1

data/debian-cd/bookworm

@@ -0,0 +1 @@
+squeeze/

data/debian-cd/bullseye

@@ -0,0 +1 @@
+squeeze/

data/debian-cd/buster

@@ -0,0 +1 @@
+squeeze

data/debian-cd/kali-dev

@@ -0,0 +1 @@
+sid

data/debian-cd/kali-last-snapshot

@@ -0,0 +1 @@
+sid

data/debian-cd/kali-rolling

@@ -0,0 +1 @@
+sid

data/debian-cd/sid

@@ -1 +1 @@
-squeeze
+trixie

data/debian-cd/squeeze/arm64_businesscard_udeb_include

@@ -0,0 +1,3 @@
+choose-mirror
+netcfg
+ethdetect

data/debian-cd/squeeze/arm64_netinst_udeb_include

@@ -0,0 +1,2 @@
+netcfg
+ethdetect

data/debian-cd/squeeze/arm64_udeb_include

@@ -0,0 +1,2 @@
+netcfg
+ethdetect

data/debian-cd/testing

@@ -0,0 +1 @@
+trixie

data/debian-cd/trixie/README

@@ -0,0 +1,2 @@
+This is a manual copy of the exclude lists is debian-cd/data
+https://salsa.debian.org/images-team/debian-cd

data/debian-cd/trixie/amd64_businesscard_udeb_include

@@ -0,0 +1,4 @@
+choose-mirror
+netcfg
+ethdetect
+pcmciautils-udeb

data/debian-cd/trixie/amd64_netinst_udeb_include

@@ -0,0 +1,3 @@
+netcfg
+ethdetect
+pcmciautils-udeb

data/debian-cd/trixie/amd64_udeb_include

@@ -0,0 +1,3 @@
+netcfg
+ethdetect
+pcmciautils-udeb

data/debian-cd/trixie/exclude-udebs

@@ -0,0 +1,143 @@
+# These udebs build the d-i cdrom initrd. As such, there is no reason
+# to keep another copy of them on the CD in udeb form.
+# 
+# This duplicates data found in the file build/pkg-lists/kernel, in d-i svn
+kernel-image-*
+# build/pkg-lists/base in d-i svn
+archdetect
+rootskel
+main-menu
+cdebconf-udeb
+udpkg
+anna
+di-utils
+di-utils-shell
+di-utils-reboot
+lowmemcheck
+# build/pkg-lists/cdrom/common, in d-i svn (also included in the
+# root+cd-drivers floppies)
+busybox-udeb
+installation-locale
+localechooser
+iso-3166-udeb
+hw-detect
+cdrom-detect
+cdrom-retriever
+load-cdrom
+cdrom-checker
+bogl-bterm-udeb
+di-utils-terminfo
+cdebconf-priority
+cdebconf-newt-udeb
+usb-discover
+preseed-common
+initrd-preseed
+file-preseed
+nano-udeb
+floppy-retriever
+libfribidi0-udeb
+# Already on the initrd as dependencies
+libdebconfclient0-udeb
+libdebian-installer4-udeb
+libdebian-installer-extra4-udeb
+# These udebs are only useful in building the boot floppy image
+busybox-floppy-udeb
+rootskel-bootfloppy
+# Graphical installer: common udebs included in initrd
+rootskel-gtk
+cdebconf-gtk-udeb
+fontconfig-udeb
+gtk2-engines-udeb
+libatk1.0-udeb
+libexpat1-udeb
+libfreetype6-udeb
+libglib2.0-udeb
+libgtk2-engines-udeb
+libpango1.0-udeb
+libpcre3-udeb
+libpixman-1-0-udeb
+libpng*-udeb
+libsdl1.2debian-udeb
+mouse-modules-*
+ttf-*
+fbset-udeb
+# Graphical installer: udebs for directfb
+libdirectfb-*-udeb
+libcairo-directfb2-udeb
+libgtk-directfb-2.0-0-udeb
+# Graphical installer: udebs for X.Org
+xserver-xorg-core-udeb
+xserver-xorg-input-evdev-udeb
+xserver-xorg-video-fbdev-udeb
+x11-xkb-utils-udeb
+xkb-data-udeb
+libcairo2-udeb
+libdrm2-udeb
+libfontenc1-udeb
+libgtk-x11-udeb
+libpciaccess0-udeb
+libx11-6-udeb
+libxau6-udeb
+libxcb1-udeb
+libxcursor1-udeb
+libxdmcp6-udeb
+libxext6-udeb
+libxfixes3-udeb
+libxfont1-udeb
+libxft2-udeb
+libxi6-udeb
+libxinerama1-udeb
+libxkbfile1-udeb
+libxrender1-udeb
+# Graphical installer: terminal support is included in initrd
+cdebconf-gtk-terminal
+libvte9-udeb
+# Not currently used
+cdebootstrap-udeb
+hdparm-udeb
+dhcp-client-udeb
+# This package is only useful in the d-i-demo
+di-utils-exit-installer
+# No need for these loaders.
+download-installer
+load-floppy
+# Only useful in the hd-media initrd
+iso-scan
+load-iso
+# These are not really needed, the regular netcfg subsumes them
+netcfg-static
+# skolelinux stuff, not for the stock CDs
+debian-edu-install-udeb
+debian-edu-profile-udeb
+debian-edu-archive-keyring-udeb
+ltsp-client-builder
+autopartkit
+# live CD stuff
+live-installer
+simple-cdd-profiles
+# If needed, will be on the initrd already
+module-init-tools-udeb
+env-preseed
+rescue-check
+cdebconf-text-udeb
+brltty-udeb
+klibc-utils-udeb
+libklibc-udeb
+udev-udeb
+udev-gtk-udeb
+ai-choosers
+auto-install
+libslang2-udeb
+kbd-chooser
+kbd-udeb
+console-setup-*
+# Currently unused
+debian-ports-archive-keyring-udeb
+emdebian-archive-keyring-udeb
+nbd-client-udeb
+pwgen-udeb
+# Eh?
+gnumach-udeb
+# We only support grub these days, drop lilo and elilo
+lilo-installer
+elilo-installer

data/debian-cd/trixie/exclude-udebs-amd64

@@ -0,0 +1,42 @@
+# These udebs are in the d-i cdrom initrd and the hd-media initrd. 
+# As such, there is no reason to keep another copy of them on the CD
+# in udeb form.
+console-keymaps-at
+console-keymaps-usb
+kbd-chooser
+acpi-modules-*
+ata-modules-*
+cdrom-core-modules-*
+core-modules-*
+fat-modules-*
+fb-modules-*
+ide-core-modules-*
+ide-modules-*
+input-modules-*
+isofs-modules-*
+mmc-modules-*
+nls-core-modules-*
+parport-modules-*
+pcmcia-modules-*
+sata-modules-*
+scsi-common-modules-*
+scsi-core-modules-*
+scsi-modules-*
+serial-modules-*
+speakup-modules-*
+usb-modules-*
+usb-serial-modules-*
+usb-storage-modules-*
+# Not used on amd64
+console-keymaps-acorn
+console-keymaps-amiga
+console-keymaps-atari
+console-keymaps-dec
+console-keymaps-sun
+# Not needed with the 2.6 kernel on amd64.
+userdevfs
+# Only needed on arches that use partconf or autopartkit.
+partconf-mkfstab
+# Not needed on arches that use partman
+mdcfg
+lvmcfg

data/debian-cd/trixie/udeb_exclude

@@ -0,0 +1 @@
+apt-mirror-setup

data/debian-cd/unstable

@@ -0,0 +1 @@
+sid

debian/NEWS

@@ -0,0 +1,27 @@
+live-build (1:20220505) unstable; urgency=medium
+
+  The support for FTP proxies has ended. You are advised to use http or https
+  while configuring the debian package mirror, instead of ftp.
+  See https://salsa.debian.org/live-team/live-build/-/merge_requests/252#note_243114
+
+ -- Roland Clobus <rclobus@rclobus.nl>  Wed, 8 Sep 2021 11:55:00 +0200
+
+live-build (1:20210329) unstable; urgency=medium
+
+  The 'filesystem.size' file is no longer created and included in the image,
+  as it is often incorrect and variates depending on the build environment,
+  breaking reproducibility. For more information see the following thread:
+  https://lists.debian.org/debian-live/2021/03/msg00008.html
+
+ -- Luca Boccassi <bluca@debian.org>  Mon, 29 Mar 2021 10:49:43 +0100
+
+live-build (1:20180411) unstable; urgency=medium
+
+  The live-boot mount points have been moved from /lib/live/mount to
+  /run/live. Since this is a backward-incompatible change, a compat
+  recursive bind mount point is being provided in /lib/live/mount so
+  that existing scripts will not break in Debian 10 (Buster).
+  Please note that this will be removed in Debian 11 (Bullseye) so
+  plan accordingly and update any required scripts.
+
+ -- Luca Boccassi <bluca@debian.org>  Wed, 11 Apr 2018 12:35:19 +0100

debian/changelog

@@ -1,3 +1,984 @@
+live-build (1:20240810) unstable; urgency=medium
+
+  [ Roland Clobus ]
+  * Workaround for #1023472
+  * Revert previous commit to test/rebuild.sh
+
+  [ Thore Sommer ]
+  * ISO generation: add support for hybrid ISOs with grub-pc
+
+  [ Roland Clobus ]
+  * non-free firmware detection: in chroot, not on host
+  * If there is more than one kernel for the installer, use the newest
+  * Installer: ignore the configured kernel version
+  * Filter the firmware list (Closes: 1035382)
+  * Set additional meta information
+
+  [ David Hewitt ]
+  * Follow symlinks while copying shim files
+
+  [ Roland Clobus ]
+  * rebuild: update --disk-info
+
+  [ Marcel Partap ]
+  * Create binary_chroot stagefiles when skipping, too
+  * Remove ancient hook 9030-remove-apt-sources-lists that was never run
+
+  [ jfliu ]
+  * binary_iso: fix iso-hybrid images with EFI bootloader
+
+  [ Roland Clobus ]
+  * Use LC_ALL=C for sort
+  * Fix and correctly suppress lintian warnings
+  * Apply predictable timestamps in the source image
+  * binary_syslinux: Ensure the availability of the font of splash.svg
+  * binary_rootfs: Fixed test for /etc/mtab (Closes: #1032408)
+  * binary_disk: Don't create .disk/archive_trace any more
+  * rebuild.sh: Consistent timestamp of theme.txt
+
+  [ Arnaud Rebillout ]
+  * efi-image: Fix missing part_* modules in boot<platform>.efi
+  * efi-image: Fix <platform>/grub.cfg, variables must NOT be expanded
+
+  [ Roland Clobus ]
+  * Remove unneeded cached files from appstream
+  * Reproducible: fixes the last two issues for Debian 12.3
+
+  [ Emanuele Rocca ]
+  * chroot_sysfs: umount efivarfs if mounted
+
+  [ Roland Clobus ]
+  * Apply policykit fix when needed.
+  * rebuild: Don't use a symlink for the splash screen
+
+  [ Unit 193 ]
+  * firmwarelists.sh: Account for usrmerged firmware packages.
+
+  [ Roland Clobus ]
+  * Workaround for #1058994
+  * installer: The kernel version does not need to have a Debian-version
+  * The installer now requires grub-common and dependencies
+  * Installer: Support trixie
+  * Installer: fix for previous commit
+
+  [ Patrick Schleizer ]
+  * fix: check correct dependency package grub-common instead of grub-pc
+  * also check if grub-pc-bin dependency is available
+  * reproducible builds: use cp -a when copying binary/boot/grub/i386-pc
+
+  [ Roland Clobus ]
+  * Reproducible: Fix for vlc (used by the Bookworm KDE image)
+  * Fixed udeb handling
+  * Reproducible install-info
+
+  [ Marcel Partap ]
+  * container hooks: make nspawn work inside nspawn
+
+  [ Roland Clobus ]
+  * Allow for shim-only secure UEFI boot
+  * Remove 'nolapic' from the safe boot options.
+  * Rebuild: Always show the active settings
+  * Cross-build: arm64 support
+  * binary_bootloader_splash: New script
+  * hooks: Remove /etc/.pwd.lock and /run/mount/utab
+  * Architecture checking is not required any more
+  * installer: Also add the t64 versions of the libraries
+  * binary_includes: Activate when the directory exists (Closes: #1069349)
+
+  [ Luca Boccassi ]
+  * d/control: bump Standards-Version to 4.7.0, no changes
+
+  [ Roland Clobus ]
+  * Restore support for bullseye and bookworm
+  * installer: offline installation with calamares
+  * Fixed: select the package name for firmware packages
+  * Fix git installer build for arm64
+  * arm64: Only add .disk/udeb_include when the source file exists
+
+  [ Luca Boccassi ]
+  * Create local /etc/os-release with metadata about the live image
+
+  [ Helmut Grohne ]
+  * duplicate aliased diversions for DEP17 (Closes: #1064408)
+
+ -- Luca Boccassi <bluca@debian.org>  Sat, 10 Aug 2024 00:08:10 +0100
+
+live-build (1:20230502) unstable; urgency=medium
+
+  * Team upload
+  * Add cryptsetup-initramfs to package pool (Closes: #1035360)
+
+ -- Jonathan Carter <jcc@debian.org>  Tue, 02 May 2023 14:30:24 +0200
+
+live-build (1:20230131) unstable; urgency=medium
+
+  [ Roland Clobus ]
+  * Synchronise all --parent-distribution options.
+  * Create a clean chroot for the installer.
+  * Introduce '--debian-installer-distribution git'.
+  * Rebuild: Use the new settings '--debian-installer-distribution git'.
+  * Removes 'nomodeset' from fail-safe boot.
+  * Reproducible hooks: fix version check for libxmlb2
+  * Build from deb.debian.org
+  * Drop win32-loader for the images with an installer.
+  * Add more variables for the splash.svg image (Closes: #1015782)
+  * rebuild: New option to specify the origin of the d-i binaries
+  * installer: fail early
+  * Rebuild: allow execution by sudo-users and root
+  * Rebuild: Pass only a few environment variables to sub shells
+  * If the same file exists in multiple locations, take the version from
+    the first.
+  * installer: Skip rebuilding the debian installer if it is found in the
+    cache
+  * installer: Remove the udeb files
+  * installer: No error if the udeb-exclusion list is empty
+  * installer: add grub packages for d-i and Calamares
+  * installer: Mark the local repository as trusted
+
+  [ Nick Brown ]
+  * Allow APT_AUTH.CONF(5) config files to be used with archives during
+    bootstrap.
+
+  [ Ryan Finnie ]
+  * chroot_hostname: Fix reference to chroot inside chroot
+  * Fix build with memtest86+ 6.00
+  * memtest: Support arch-specific and EFI memtest86+ 6.00
+  * Memtest GRUB fixes
+
+  [ Luca Boccassi ]
+  * salsa-ci: drop aptly pages publishing, errors out
+
+  [ snip ]
+  * Use same naming scheme for archive keys in chroot and binary stages
+
+ -- Luca Boccassi <bluca@debian.org>  Tue, 31 Jan 2023 16:27:27 +0000
+
+live-build (1:20220505) unstable; urgency=medium
+
+  [ Roland Clobus ]
+  * The support for FTP proxies has ended
+  * Simpler handling of http proxies
+  * Code coverage test (for the proxy)
+
+  [ Ryan Finnie ]
+  * Add initial riscv64 support
+  * Fix missing variable quoting in proxy handling
+
+  [ Roland Clobus ]
+  * Adding symlink for udeb data for bookworm
+  * Fix Lintian warning about malformed NEWS file
+  * Mark the phony targets in the Makefile
+  * Add file with translatable text (lb_installer.1.pot)
+  * Remove generated translation files
+  * Use the release date from the changelog as the date for the last
+    modification of each manpage
+  * Bugfix: Add missing package when systemd is active
+  * Bugfix: Do not copy the content of e.g. /dev/shm when creating hdd
+    images
+  * Bugfix: The arguments to the 'tr' command must be quoted.
+  * Reactivate '--chroot-filesystem plain'.
+  * Bugfix: The values for '--cache-stages' were not matching the
+    implementation.
+  * Clean up the cache directory, if no files are present.
+  * When update-initramfs is called, clean up the backup files.
+  * Set the timestamp of the generated iso image.
+  * Set the timestamp inside hdd images.
+  * Add hooks for building reproducible images
+  * Add hook for libxmlb2 (used by appstream)
+  * Reproducible hooks: Regenerate initrd.img in chroot_hacks only when
+    chroot_hooks did not regenerate it already.
+
+  [ Sophie Brun ]
+  * Harmonize menu entries (uefi / bios) and add a variable for the
+    templates
+
+  [ Michał Prochera ]
+  * Unconditional Remove_packages calls in binary_rootfs (Closes: #994982)
+
+  [ Roland Clobus ]
+  * Reproducible hooks: fontconfig got fixed in 2.13.1-4.4.
+
+  [ Philip Hands ]
+  * get the aptly/pages stage to work
+
+  [ Roland Clobus ]
+  * Show git hash as version number, when a local git repo is used.
+
+  [ Nick Brown ]
+  * Echo executing source/binary hooks
+  * Add auth.conf.d support to archives (Closes: #991065)
+
+  [ Rob Shearman ]
+  * config: respect --bootloaders option again on amd64/i386
+
+  [ Roland Clobus ]
+  * Reproducible hooks: appstream and libxmlb2
+  * UEFI doesn't like nomodeset in safe mode
+  * Rebuild a reproducible ISO image.
+  * Check the actual length of the ISO fields.
+  * Use a shorter suffix for modified development versions.
+  * Remove a left-over file when using a package in
+    config/packages.chroot.
+  * Reproducible hooks: texlive-base and texlive-binaries
+
+  [ Olivier BLIN ]
+  * Add support for the new includes.chroot system to /etc/hosts file
+
+ -- Luca Boccassi <bluca@debian.org>  Thu, 05 May 2022 11:13:27 +0100
+
+live-build (1:20210902) unstable; urgency=medium
+
+  [ Thore Sommer ]
+  * Adding dm-verity support for rootfs
+  * docs: documentation for dm-verity feature
+  * Enable dm-verity support also for ext filesystems
+
+  [ David Hewitt ]
+  * binary_grub-efi: Allow removal of protected packages
+
+  [ Nick Brown ]
+  * Export variables for hooks (Closes: #992572)
+
+  [ Luca Boccassi ]
+  * Bump debhelper-compat to 13, no changes
+  * Bump Standards-Version to 4.6.0, no changes
+
+ -- Luca Boccassi <bluca@debian.org>  Thu, 02 Sep 2021 13:55:32 +0100
+
+live-build (1:20210407) unstable; urgency=medium
+
+  * Upload to unstable.
+
+ -- Luca Boccassi <bluca@debian.org>  Wed, 07 Apr 2021 18:52:50 +0100
+
+live-build (1:20210405) experimental; urgency=medium
+
+  * Firmware download: skip architecture if not found (Closes: #986278)
+  * Autopkgtest: build a buster image
+  * Autopkgtest: remove architecture restriction
+
+ -- Luca Boccassi <bluca@debian.org>  Mon, 05 Apr 2021 13:04:04 +0100
+
+live-build (1:20210330) unstable; urgency=medium
+
+  * security: do not append /updates for Bullseye and newer.
+    (Closes: #986148)
+
+ -- Luca Boccassi <bluca@debian.org>  Tue, 30 Mar 2021 16:17:38 +0100
+
+live-build (1:20210329) unstable; urgency=medium
+
+  [ Ryan Finnie ]
+  * Use --apt-http-proxy/--apt-ftp-proxy for debootstrap
+  * No mksquashfs progress bar if stdin is not a terminal
+
+  [ Unit 193 ]
+  * firmwarelists.sh: Search Contents-all for firmware too.
+
+  [ Roland Clobus ]
+  * Support security for bullseye. See
+    https://wiki.debian.org/NewInBullseye. Closes: #964914
+  * Fixed handling of checksums in combination with the d-i installer.
+  * Removed filesystem.size for squashfs images.
+
+ -- Luca Boccassi <bluca@debian.org>  Mon, 29 Mar 2021 10:49:43 +0100
+
+live-build (1:20210216) unstable; urgency=medium
+
+  [ Raphaël Hertzog ]
+  * Add symlinks to support kali releases
+
+  [ Roland Clobus ]
+  * Reproducible fix for glibc
+
+  [ Ryan Finnie ]
+  * binary_syslinux: Do not modify grub theme.txt if grub/splash.png
+    exists
+  * Restore_package_cache: Handle existing but empty packages directory
+
+  [ Roland Clobus ]
+  * The local LIVE_BUILD wins over the system live-build for the list of
+    udeb inclusions. Only copy when the distribution is known
+  * The local LIVE_BUILD wins over the system live-build for the list of
+    udeb exclusions
+  * lilo is not available any more in Bullseye (and newer), see #973850
+  * Adding symlink for udeb data for bullseye
+
+  [ Luca Boccassi ]
+  * Fix build on architecture without syslinux (Closes: #982746)
+  * autopkgtest: restrict to amd64 and i386 for now
+
+  [ Roland Clobus ]
+  * mkfs.msdos needs at most 32 bits for the -i argument. Use the
+    hexadecimal version of SOURCE_DATE_EPOCH, limited to the lower 32 bits
+
+ -- Luca Boccassi <bluca@debian.org>  Tue, 16 Feb 2021 21:25:05 +0000
+
+live-build (1:20210122) unstable; urgency=medium
+
+  [ Raphaël Hertzog ]
+  * Get rid of extraneous whitespace showing up in syslinux menu
+  * Standardize on having the GUI installation first in boot menus
+  * config: obsolete --net-root-path
+  * Drop the epoch in /usr/share/live/build/VERSION
+  * Fix version computing when LIVE_BUILD is set
+  * binary_syslinux: rely on $LIVE_BUILD_VERSION instead of lb --version
+  * Add updated directives to enable cryptsetup support in initrd
+  * frontend: do no try to look for sub-commands in the PATH
+  * Synchronize syslinux menu structure with the grub-pc one
+  * Make librsvg2-bin dependency unconditional for syslinux
+  * Do not overwrite splash.png if the user has provided it
+  * Tell APT to retry downloads a few times before giving up
+  * Use bullseye as default release in preparation of the next stable release
+  * Use truncate --no-create --size=0 to truncate files
+  * Document our autopkgtest tests as needing internet access
+  * Update renamed lintian tag names in lintian overrides.
+  * Don't fail if one of the package lists expands to an empty list
+  * Fix a small info message
+  * autopkgtest: get rid of deprecated needs-recommends feature
+
+  [ David Hewitt ]
+  * binary_syslinux: Accommodate LB_INITRAMFS not live-boot
+
+  [ Lyndon Brown ]
+  * Lots of cleanup and refactoring.
+  * remove redundant files (Closes: #952834, #952835)
+  * source: fix wrong action value for script execution (Closes: #952837)
+  * archives: fix removal of chroot/root/packages.chroot package list
+    (Closes: #952838)
+  * archives: fix incorrect usage string (Closes: #952839)
+  * archives: add 'pass' param validation check (Closes: #952841)
+  * archives: fix deb-src entry exclusion (Closes: #952842)
+  * fix indentation (Closes: #952857)
+  * installer: de-dup daily DI url (Closes: #952860)
+  * don't unnecessarily convert exit codes to strings (Closes: #952861)
+  * source: fix mistaken append instead of overwrite (Closes: #952862)
+  * memtest: better handle obsolete LB_MEMTEST value (Closes: #952866)
+  * bootloaders: fix ignoring LB_DEBIAN_INSTALLER_GUI in menu creation
+    (Closes: #952890)
+  * chroot_dpkg: start-stop-daemon simplification (Closes: #952891)
+  * add missing shebangs to temp generated shell code files
+    (Closes: #952863)
+  * help/usage: fix incorrect program command (Closes: #952884)
+  * config: rename --architectures to --architecture (Closes: #952892)
+  * echo: fix problem with error printing (Closes: #952878)
+  * echo: ensure output goes to stdout/stderr (Closes: #952879)
+  * cursor: purge unused cursor functions (Closes: #952880)
+  * binary_iso: fix wrong echo helper (Closes: #952881)
+  * binarie_onie: fix missing use of echo helpers (Closes: #952882)
+  * binary_onie: fix lack of newline on error (Closes: #952883)
+  * installer: robustify udeb inclusion
+  * installer: filter derived udebs from parent list
+  * installer: download udebs directly from correct mirror
+    (Closes: #952914)
+  * firmware: avoid building unnecessary lists
+  * firmware: construct file location once and reuse
+  * firmware: fix possible duplication in firmware package lists
+    (inefficiency) (Closes: #952906)
+  * firmware: delete pointlessly cached (large) file after use
+    (Closes: #952907)
+  * firmware: de-dup firmware list parsing (Closes: #952908)
+  * firmware: reorder firmware list construction
+  * firmware: avoid potentially duplicate work (Closes: #952909)
+  * firmware: save the compressed contents file to disk instead of
+    decompressed (Closes: #952910)
+  * firmware: enable caching for archive content file with firmware lists
+    (Closes: #952911)
+  * fix inadequate chroot_archives validation
+  * fix consistency in binary execution and existance checking
+    (Closes: #952927)
+  * archives: tidy deb-src exclusion (Closes: #952928)
+  * installer: use boolean for clarity (Closes: #952930)
+  * top level cmd "auto redirect" handling (Closes: #952919)
+  * help/usage: remove pointless vars (Closes: #952859)
+  * archives: always include enabled/disabled deb-src apt entries
+    (Closes: #952929)
+    * copyright: add missing "The Debian Live team" entry
+  * remove obsolete loop-aes-utils related losetup hack
+  * debootstrap: use --force-check-gpg
+  * hide mountpoints from nautilus
+  * source: properly fix _apt permissions warning (Closes: #953957)
+  * fix -h|--help component script man page redirection
+  * strip progress-linux distro hacks
+  * grub-pc: fix broken boot capability (Closes: #956131)
+  * Fix permissions & ownership of copied /etc/resolv.conf (Closes: #857740)
+  * manpage: document that multiple archive areas should be space separated
+  * manpages: document space separation for --keyring-packages
+  * manpages: document that --linux-flavours is space separated
+  * manpages: fix typo (Closes: #926238)
+  * config: stop writing 'default: <foo>' lines to config files
+    (Closes: #904614)
+  * config: obsolete unused --isohybrid-options option
+  * config: obsolete unused --net-cow-* options
+  * config: obsolete --net-root-* options (except one)
+  * rename LB_ARCHITECTURES to LB_ARCHITECTURE
+  * rename LB_BOOTSTRAP_QEMU_ARCHITECTURES to LB_BOOTSTRAP_QEMU_ARCHITECTURE
+  * rename binary_loopback_cfg to binary_grub_cfg
+  * bootloaders: reorganise installer menu entries
+  * grub2: fix using wrong directory in certain cases (Closes: #952843)
+  * binary: fix missing use of chroot_dpkg in binary stage (Closes: #776532)
+  * bootstrap: drop obsolete check for `--no-check-gpg` support in debootstrap
+    (Closes: #952847)
+  * binary_rootfs: fix deletion of excludes file from wrong location in
+    squashfs after use (Closes: #952849)
+  * binary_rootfs: fix chmod of squashfs image only being applied when using
+    chroot (Closes: #952850)
+  * binary: fix missing handling of disk info for netboot case
+    (Closes: #952846)
+  * simplify --debian-installer choices (Closes: #952864)
+  * archives: fix mount local repo comments (Closes: #952873)
+  * fix capitalisation of some output messages (Closes: #952875)
+  * help/usage: avoid unnecessary use of echo helpers (Closes: #952877)
+  * chroot: fix redundant usage line (Closes: #952885)
+  * binary_disk: refactor (Closes: #952865)
+  * help/usage: fix overly complex script description handling
+    (Closes: #952887)
+  * fix missing use of echo helpers (Closes: #952876)
+  * archives: deduplicate apt sourcelist file construction (Closes: #952889)
+  * aliases: simplify excessively complex In_list function (Closes: #952915)
+  * cache: clarify and simplify package cache save/restore (Closes: #952916)
+  * source: add output of config readme file to source image (Closes: #952921)
+  * defaults: ensure global caching param overrides specific caching params if
+    disabled (Closes: #952923)
+  * simplify STAGE checks - use In_List (Closes: #952917)
+  * config: rename the config set/check functions for clarity
+    (Closes: #952920)
+  * chroot: improve directory creation/destruction efficiency
+    (Closes: #952924)
+  * source: downloaded pkgs to a clean directory rather than chroot root
+    (Closes: #952931)
+  * source: target downloads with corresponding version (Closes: #952932)
+  * strip useless multi-arch separate directory stuff
+  * locks: tidy lock acquisition (Closes: #952918)
+  * grub1/grub2/loopback: fix missing delimiter in menu kernel parameter lists
+    (Closes: #775143)
+  * syslinux: remove replacement of unused label in menu configs
+  * syslinux: fix shortcut caret appearing in menu entries
+  * syslinux: changed 'build' to 'built' in splash
+  * bootloaders: add install with speech synthesis menu entries
+  * syslinux: expand list of install options
+  * syslinux: add install menu entries only if including installer
+  * syslinux: add memtest menu entry only if including memtest
+  * syslinux: use more dynamic memtest menu config file
+
+  [ Luca Boccassi ]
+  * Fix Lintian Warnings about changelog: day-of-week, trailing whitespace
+  * Bump Standards-Version to 4.5.0, no changes.
+  * Add autopkgtest: default image build
+  * autopkgtest: build kali image
+  * autopkgtest: disable updates/security repositories, not available for
+    Bullseye
+
+  [ johnraff ]
+  * Replace 'which' with 'command -v' to test for the existance of an
+    executable This is considered to be more robust.
+
+  [ Steven Shiau ]
+  * Add grub EFI support for armhf arch.
+
+  [ adrian15 ]
+  * grub-efi: fix partial broken boot capability (Closes: #924053)
+
+  [ Ryan Finnie ]
+  * Add initial ppc64el support
+  * Enable arm64 for binary_grub_cfg
+  * architectures.sh: armhf/armel can be built on arm64
+  * grub-efi: Show fwsetup, do not show incompatible memtest even if enabled
+  * Bugfix: Fix grub.cfg pc/ENABLE_MEMTEST check
+
+  [ Victor Gavro ]
+  * chroot_apt: fixed adding Pin-Priority (broken in da1fab11)
+
+  [ Roland Clobus ]
+  * Some changes towards reproducible builds of live images and
+    various bugfixes discovered while working on this.
+  * A second invocation of 'lb config' will result in an identical settings
+    file
+  * Delay resolving the timestamp for the ISO volume to the moment the
+    ISO-image is created
+  * Preserve timestamps
+  * Add new manpage to the list of translatable files
+  * Ensure that SOURCE_DATE_EPOCH is always set in all sub scripts. When
+    SOURCE_DATE_EPOCH was already set before 'lb config', also enable UTC
+    timestamps.
+  * SOURCE_DATE_EPOCH is always set
+  * Use SOURCE_DATE_EPOCH for 'now' in the boot splash image
+  * Use SOURCE_DATE_EPOCH for 'now' in .disk/info
+  * Use SOURCE_DATE_EPOCH for the partition-id of /efi.img
+  * Use SOURCE_DATE_EPOCH for the partition-id of /boot/grub/efi.img
+  * Set timestamp embedded in EFI files
+  * Set timestamp in embedded files of the installer
+  * Apply SOURCE_DATE_EPOCH to newly generated files and create a log
+  * Bugfix: do not create /dev/lock and /dev/lock-frontend
+
+  [ Marcel Partap ]
+  * For 32bit UEFI secure boot, the package name is grub-efi-ia32-signed
+  * binary_rootfs stage: give custom MKSQUASHFS_OPTIONS precedence
+  * binary_rootfs stage: disable mksquashfs progress bar only in quiet mode
+  * binary_rootfs stage: slightly lower mksquashfs nice levels (19 -> 17)
+
+  [ Thore Sommer ]
+  * Add option to change compression algorithm and level for squashfs.
+  * Option for using systemd-nspawn instead of chroot for hooks.
+    (Closes: #965953)
+  * Added the option to include files before and after package installation
+    (Closes: #927128)
+
+  [ Matthijs Kooijman ]
+  * binary_iso: Execute mkdir binary/.disk before writing to it
+
+  [ Unit 193 ]
+  * Add 'unstable' as a valid distribution and link to sid.
+
+  [ Jan Kot ]
+  * bootstrap_debootstrap: change debootstrap path to /usr/sbin/debootstrap
+  * packages.sh: check for /etc/debian_version existance rather than
+    dpkg-query aviability
+  * exit.sh: fix selinux mountpoint
+
+  [ Steev Klimaszewski ]
+  * Add arm64 udeb include files
+
+ -- Raphaël Hertzog <raphael@offensive-security.com>  Fri, 22 Jan 2021 15:13:32 +0100
+
+live-build (1:20191221) unstable; urgency=medium
+
+  * Revert some Kali-specific change in scripts/build/binary_iso
+
+ -- Raphaël Hertzog <raphael@offensive-security.com>  Thu, 19 Dec 2019 21:07:22 +0100
+
+live-build (1:20191220) unstable; urgency=medium
+
+  * Fix "--debian-installer cdrom" and its interaction with binary_package-lists
+    apt-ftparchive is not able to differentiate between .deb and .udeb so
+    we have to install them in different pool directories so that we can
+    regenerate the Packages files without having the .udeb show up
+    unexpectedly.
+    Since binary_package-lists can overwrite the Packages files generated
+    in installer_debian-installer we have to ensure that it also updates
+    the Release file created formerly.
+    Ideally we should find a way to avoid the duplication of this logic.
+  * Bump Standards-Version to 4.4.1
+  * Switch to debhelper compat level 12
+
+ -- Raphaël Hertzog <raphael@offensive-security.com>  Thu, 19 Dec 2019 19:16:08 +0100
+
+live-build (1:20191219) unstable; urgency=medium
+
+  [ Adrian Gibanel Lopez ]
+  * Fixed foreign architecture package support to linux kernel flavours
+    (Closes: #884553)
+
+  [ Matthijs Kooijman ]
+  * Remove --templates from lb_config manpage
+  * Remove ldlinux.c32 for extlinux and syslinux
+
+  [ Roland Clobus ]
+  * Updated URL in many places.
+  * Reenabled the command line option for colored messages for all scripts.
+    The functionality was added 2008-11-01, but was not really active.
+  * Removed obsolete short command line options. -f was --filesystem -l was
+    --language -p was --package-list -e was --encryption
+  * Do not store _QUIET in the configuration file, otherwise the overrides in
+    the command line get ignored. Adds a documentation line for the other
+    command line options as well.
+  * Removed option none for --apt-indices, which was removed in 3.0.2-1.
+  * Removed option --bootstrap, which is not implemented.
+  * Mention --breakpoints in 'lb config --help'
+  * Fixed a typo for --clean in 'lb config --help'
+  * Manpage: --binary-filesystem also accepts ntfs
+  * Matched the documentation of --checksums to the implementation in live-boot
+  * Manpage: Added documentation for --breakpoints
+  * Manpage: --compression also accepts xz. The default is none
+  * Manpage: --config synchronised to 'lb config --help'
+  * Manpage: Added documentation for --zsync
+  * Manpage: Removed references to command line options that are no longer in
+    the code: --firmware-binary --firmware-chroot --hooks
+    --parent-mirror-chroot-updates --parent-mirror-chroot-backports
+    --parent-mirror-binary-updates --parent-mirror-binary-backports
+    --mirror-chroot-updates --mirror-chroot-backports --mirror-binary-updates
+    --mirror-binary-backports --templates
+  * --initramfs support none and live-boot
+  * Manpage: Added documentation for --initsystem
+  * Manpage: Added documentation for --image-name
+  * Manpage: Added documentation for --hdd-label, --hdd-size and
+    --hdd-partition-start
+  * Manpage: --mode explicitly supports debian and progress-linux. Special
+    handling for ubuntu was dropped 2015-05-03
+  * Manpage: --parent-archive-areas uses the same argument name as 'lb config
+    --help'
+  * Manpage: Added documentation for --firmware-binary and --firmware-chroot
+  * Manpage: Added documentation for --swap-file-path and --swap-file-size
+  * Manpage: Added documentation for --loadlin
+  * Manpage: Added documentation for --bootstrap-qemu-[arch|exclude|static]
+  * Reordered the command line options to make them in alphabetical order
+  * Manpage: added missing \fR tags
+  * Manpage: consistent use of whitespace in the command line option list
+  * Manpage: typo
+  * Manpage: Use alphabetical order for the description of the command line
+    options
+  * --mirror-binary* was not properly sorted
+  * Manpage: removed incorrect mentioning of the -d command line option
+  * Manpage: removed FIXME for the SYNOPSIS section, all options are now
+    listed
+  * Manpage: the configuration directory (config) cannot be modified
+  * Manpage: simplify the description
+  * Manpage: use 3rd person form when describing an option
+  * Manpage: Update the default values of --mirror-* and --parent-mirror-*
+
+  [ adrian15 ]
+  * Readd findiso parametre to loopback.cfg generation.
+
+  [ Raphaël Hertzog ]
+  * binary_package-lists: avoid messing with dpkg's status file
+  * chroot_live-packages: use dpkg-query to see if a package is installed
+    (Closes: #944983)
+  * Set default distribution to buster.
+    Thanks to Алексей Шилин (Closes: #934495)
+  * installer_debian-installer: don't mess with /var/lib/dpkg/status
+  * Tweak lintian overrides
+  * Support --distribution-binary and --distribution-chroot (Closes: #888507)
+  * Update my email in the Maintainer field.
+
+  [ Ronny Standtke ]
+  * Run binary_hooks after binary_grub-efi (Closes: #940846)
+
+  [ John Estabrook ]
+  * Add local archive keys before configuring local package repository
+    (Closes: #941691)
+
+ -- Raphaël Hertzog <raphael@offensive-security.com>  Thu, 19 Dec 2019 18:56:00 +0100
+
+live-build (1:20190311) unstable; urgency=medium
+
+  [ Hideki Yamane ]
+  * use deb.debian.org as default
+  * We should add buster for release. (Closes: #924293)
+
+  [ Luca Boccassi ]
+  * Bump Standards-Version to 4.3.0, no changes.
+
+ -- Luca Boccassi <bluca@debian.org>  Mon, 11 Mar 2019 10:08:38 +0000
+
+live-build (1:20180925) unstable; urgency=medium
+
+  [ Raphaël Hertzog ]
+  * Handle includes.chroot files installed over symlinked directories
+
+  [ Marcel Partap ]
+  * copy keys to /etc/apt/trusted.gpg.d with appropriate extension for
+    them to not be ignored.
+
+  [ Steven Shiau ]
+  * Use gcd{x64.aa64}.efi.signed for amd64/arm64 arch.
+
+  [ Luca Boccassi ]
+  * UEFI: remove the EFI/debian/grub.cfg, not necessary anymore
+  * Build-Depend on debhelper >= 10~ to facilitate backports.
+  * Add Rules-Requires-Root: no.
+  * Bump Standards-Version to 4.2.1.
+  * lintian: override error on dependency on e2fsprogs
+
+ -- Luca Boccassi <bluca@debian.org>  Tue, 25 Sep 2018 14:28:19 +0100
+
+live-build (1:20180618) unstable; urgency=medium
+
+  * ONIE: make lb clean remove the ONIE binary.
+  * Avoid apt-key add and just drop the custom user-supplied apt key in
+    /etc/apt/trusted.gpg.d. Note that this requires the key to be in
+    armored ASCII format - which is usually the default anyway.
+  * UEFI: parse vendor from Grub package metadata if available, and use
+    it in the EFI partition directory layout instead of always using
+    "debian" (which is still the default fallback).
+  * Bump Standards-Version to 4.1.4, no changes.
+
+ -- Luca Boccassi <bluca@debian.org>  Mon, 18 Jun 2018 12:02:55 +0100
+
+live-build (1:20180411) unstable; urgency=medium
+
+  * ONIE: Check_package in the host, not the chroot
+  * ONIE: missing dependency on file
+  * ONIE: add Recommends for programs needed by binary_onie
+  * Print an error and exit if a host package (dependency) is missing.
+  * Reconfigure bootstrapped packages after preseeding.
+
+ -- Luca Boccassi <bluca@debian.org>  Wed, 11 Apr 2018 12:35:19 +0100
+
+live-build (1:20180328) unstable; urgency=low
+
+  [ Raphaël Hertzog ]
+  * Restore i386/amd64 autodetection in grub after rename of
+    i386 kernel from -486 to -686. Closes: #884585
+    Thanks to Adrian Gibanel Lopez for the patch.
+  * Fix handling of multiple kernels in binary_loopback_cfg.
+    Closes: #884588 Thanks to Adrian Gibanel Lopez for the patch.
+  * Rework failsafe entries in grub configuration to be more
+    consistent with the i386/amd64 autodetection entries.
+    Closes: #884591 Thanks to Adrian Gibanel Lopez for the patch.
+  * Add e2fsprogs to Suggests along with mtd-utils, parted. Closes: #887278
+  * Fix Check_package invocation in binary_hdd for ntfs-3g
+    (/sbin/mkfs.nfts -> /sbin/mkfs.ntfs)
+  * Run mksquashfs with nice -n 19 to not overload the system.
+    Thanks to Ronny Standtke for the patch. (Closes: #867539)
+
+  [ Luca Boccassi ]
+  * Fix build with local offline mirrors (Closes: #891206)
+
+  [ Rohan Garg ]
+  * Simplify bootstrapping of foreign architectures with qemu-debootstrap
+    (Closes: #847919)
+
+  [ Steven Shiau ]
+  * Add grub-based UEFI boot support for ARM64 (Closes: #885692)
+
+  [ Luca Boccassi ]
+  * UEFI: add minimal grub.cfg to fat32 partition (Closes: #892406)
+  * UEFI: add support for Secure Boot on amd64 and arm64 (Closes: #821084)
+  * UEFI: use uppercase EFI directory name for Tianocore
+  * Add NEWS file to warn users about change of live-boot mount paths
+  * Add options to build ONIE images
+  * Add Acquire::AllowInsecureRepositories to fix apt-secure in sid
+  * Use HTTPS in debian/copyright (policy 4.0.0).
+  * Bump Standards-Version to 4.1.3.
+  * Add myself to Uploaders.
+
+ -- Luca Boccassi <bluca@debian.org>  Wed, 28 Mar 2018 20:20:46 +0100
+
+live-build (1:20171207) unstable; urgency=medium
+
+  * Use $SOURCE_DATE_EPOCH when updating timestamps of manual pages in order
+    to make the package reproducible at build time. Closes: #879169
+    Thanks to Chris Lamb <lamby@debian.org> for the patch.
+  * Accept kernels without initrd. Closes: #878430
+    Thanks to Balint Reczey <balint.reczey@canonical.com> for the patch.
+  * Fix the way the .disk/mkisofs file is created. Closes: #881941
+    Thanks to Daniel Reichelt <debian@nachtgeist.net> for the patch.
+
+ -- Raphaël Hertzog <hertzog@debian.org>  Thu, 07 Dec 2017 20:29:59 +0100
+
+live-build (1:20170920) unstable; urgency=medium
+
+  * Auto-update version strings in manual pages.
+  * Update default value of PREPARER to correct the embedded URL.
+  * Pass --partscan to losetup to clean up partition devices lingering
+    from former operations. Closes: #865586
+    Thanks to Matthijs Kooijman <matthijs@stdin.nl> for the patch.
+  * Fix multiple issues with LB_BUILD_WITH_CHROOT=false. Closes: #873513
+    Thanks to Matthijs Kooijman <matthijs@stdin.nl> for the patch.
+  * Fix size calculation when we use FAT filesystems that do not support
+    hardlinks. Closes: #873640
+    Thanks to Matthijs Kooijman <matthijs@stdin.nl> for the patch.
+  * Replace "kirkwood" and "orion5x" armel flavors with the new
+    "marvell" (as done by the linux source package since its version 4.4).
+
+ -- Raphaël Hertzog <hertzog@debian.org>  Wed, 20 Sep 2017 10:01:42 +0200
+
+live-build (1:20170829) unstable; urgency=medium
+
+  * Add .disk/mkisofs file recording the xorriso command line. Thanks
+    to Thomas Schmitt <scdbackup@gmx.net> for the suggestion.
+  * Initialize /etc/default/locale with LANG=C.UTF-8 so that we always
+    have a valid UTF-8 locale even when we don't have the "locales"
+    package installed.
+  * Drop all references to live-systems.org. Closes: #859290
+  * Update copyright file.
+
+ -- Raphaël Hertzog <hertzog@debian.org>  Tue, 29 Aug 2017 14:16:49 +0200
+
+live-build (1:20170807) unstable; urgency=medium
+
+  * Add keyboard shortcut on the "Advanced options" syslinux menu entry.
+    Closes: #864386 Thanks to Daniel Reichelt <debian@nachtgeist.net>
+    for the patch.
+  * Drop the --hardlinks option from xorriso command line call. It's not
+    needed to avoid duplication of files since this is a native feature
+    of the IS0 filesystem. cf https://bugs.kali.org/view.php?id=4109
+    for a discussion about this.
+
+ -- Raphaël Hertzog <hertzog@debian.org>  Mon, 07 Aug 2017 17:29:04 +0200
+
+live-build (1:20170213) unstable; urgency=medium
+
+  * Drop the versatile kernel flavour on armel. It's no longer built since
+    Linux 4.9.
+
+ -- Raphaël Hertzog <hertzog@debian.org>  Mon, 13 Feb 2017 16:58:00 +0100
+
+live-build (1:20161216) unstable; urgency=medium
+
+  * Cleanup binary_loopback_cfg and offer more freedom in overriding
+    the default grub-pc configuration.
+  * Update the manual page with the missiong --bootappend-live-failsafe
+    option.
+  * Keep supporting the former --bootloader (without s).
+
+ -- Raphaël Hertzog <hertzog@debian.org>  Fri, 16 Dec 2016 10:05:26 +0100
+
+live-build (1:20161202) unstable; urgency=medium
+
+  [ Raphaël Hertzog ]
+  * Officially adopt the package. Closes: #808048
+  * Better handle empty package lists.
+  * Drop ixp4xx from available armel flavors, the image has been gone since
+    linux 3.17.
+  * Add symlinks for libgpl.c32 and libmenu.c32 which are required by
+    the "Hardware Detection Tool (HDT)" menu entry that live-build adds
+    in the advanced menu.
+  * Add EFI boot support with grub-efi, thanks to Adrian Gibanel Lopez.
+    Closes: #731709
+  * Fix usage of config/packages.chroot/*.deb that has been broken by the
+    switch to GnuPG2 by default by no longer using GnuPG but relying
+    on APT's trusted=yes attribute instead.
+    Thus we no longer have remaining key in /etc/apt/trusted.gpg
+    after building. Closes: #816204
+  * Try to reuse /isolinux/splash.png in default grub configuration.
+  * Drop debian/source/{local-options,options} as they are no longer needed.
+  * Pass components to debootstrap --second-stage. Closes: #806782
+    Thanks to Sjoerd Simons <sjoerd.simons@collabora.co.uk> for the patch.
+  * Fix behaviour of (undocumented) "#nif" conditional test. Closes: #801379
+    Thanks to Erik Cumps <erik.cumps@esaturnus.com> for the patch.
+  * Export SOURCE_DATE_EPOCH when running chroot commands. Closes: #832998
+    Thanks to Chris Lamb <lamby@debian.org> for the patch.
+  * Set xorriso's "modification time" to SOURCE_DATE_EPOCH. Closes: #831379
+    Thanks to Chris Lamb <lamby@debian.org> for the patch.
+  * Support “lb config --debootstrap-script <script>” to use an alternate
+    bootstrap script when running debootstrap. Thanks to Sjoerd Simons
+    <sjoerd@debian.org> for the initial patch. Closes: #790033
+  * Manual pages updates by jnqnfe. Closes: #774730
+  * Drop left-over translation files for removed lb_testroot command.
+  * Get rid of useless bootstrap_archive-keys script. Closes: #773775
+  * Drop an optimization in chroot_archives that has undesired side-effects.
+    Thanks to jnqnfe for the patch. Closes: #775989
+  * Drop gpgv and debian-keyring from Suggests.
+  * Fix Check_installed function when checking against host. Thanks to jnqnfe
+    for the report. Closes: #774807
+  * Bump debhelper compat level to 10.
+  * Bump Standards-Version to 3.9.8.
+  * Use a grub theme that integrates reasonably well with the current
+    background picture.
+  * Default for LB_UNION_FILESYSTEM is now "overlay" just like in live-boot.
+  * Update the way we generate the version of live-build that is displayed by
+    lb --version.
+  * Instead of renaming kernel for syslinux, create hardlinks.
+  * Simplify grub configuration code to use only long kernel names. Put
+    advanced options in a submenu. Use distro-agnostic labels.
+
+  [ Kristian Klausen ]
+  * Include ext{3,4} journal size when calculating image size. Closes: #801712
+  * Switch d-i.debian.org URIs from http to https. Closes: #809699
+  * Fix typo in binary_syslinux. Closes: #818916
+  * Correct syslinux/extlinux mbr.bin path. Closes: #773833
+
+ -- Raphaël Hertzog <hertzog@debian.org>  Fri, 02 Dec 2016 23:33:45 +0100
+
+live-build (1:20151215) unstable; urgency=medium
+
+  * QA Upload.
+
+  [ Carlos Zuferri ]
+  * Adding missing file extension to hdd images.
+
+  [ Adrian Gibanel Lopez ]
+  * Multi bootloader support.
+  * loopback.cfg support in the GRUB setup.
+
+  [ Maximilian Mehnert ]
+  * force link creation when diverting flash-kernel.
+  * Old BIOS: start partition at specific place.
+  * scripts/build/binary_hdd:
+   - Fix code style.
+
+  [ Carlos Zuferri ]
+  * Using 'Live Systems Project' as default project in .pot files.
+
+  [ trebmuh ]
+  * Update French translation for manpages.
+
+  [ Ben Armstrong ]
+  * Remove 586 flavour for i386 architecture. (Closes: #807972)
+
+  [ Iain R. Learmonth ]
+  * Changing to native source format
+  * debian/control:
+   - Change maintainer to QA Group.
+   - Updated Homepage and Vcs-* fields.
+
+ -- Iain R. Learmonth <irl@debian.org>  Tue, 15 Dec 2015 14:20:44 +0000
+
+live-build (5.0~a11-2) unstable; urgency=low
+
+  * Removing myself from uploaders, lost trust in Debian (#804315).
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Fri, 20 Nov 2015 13:04:24 +0100
+
+live-build (5.0~a11-1) unstable; urgency=low
+
+  [ Daniel Baumann ]
+  * Getting rid of hard-coded release numbers and using /etc/os-release
+    instead (Closes: #790860).
+  * Updating stat calls to also give the right result in container setups,
+    thanks to Kristian Klausen <klausenbusk@hotmail.com> (Closes:
+    #789300).
+
+  [ Maximilian Mehnert ]
+  * Correct syslinux mbr.bin path.
+
+  [ Daniel Baumann ]
+  * Wrap and sort debian control file.
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Sun, 23 Aug 2015 10:57:38 +0200
+
+live-build (5.0~a10-1) unstable; urgency=low
+
+  [ Daniel Baumann ]
+  * Correcting typos in chroot_hooks.
+
+  [ Raphaël Hertzog ]
+  * Do not pass an empty version in APT::FTPArchive::Release::Version
+    (Closes: #789800).
+  * Drop elilo from list of d-i required packages on i386.
+
+  [ Daniel Reichelt ]
+  * Fix check for presence of chroot hooks
+  * Fix hook scripts location in Makefile
+
+  [ Daniel Baumann ]
+  * Simplify hooks pattern in Makefile.
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Mon, 10 Aug 2015 19:35:24 +0200
+
+live-build (5.0~a9-1) unstable; urgency=low
+
+  * Splitting non-live specific hooks into their own subdirectory within
+    hooks.
+  * Installing apt and dpkg updates (if any) first in derivatives mode,
+    then doing dist-upgrade.
+  * Correcting symlinking of hooks in lb config.
+  * Correcting execution of local binary hooks.
+  * Correcting execution of local source hooks.
+  * Removing parent-directory too when cleaning up the config tree bind
+    mount in chroot.
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Sat, 06 Jun 2015 06:39:47 +0200
+
+live-build (5.0~a8-1) unstable; urgency=low
+
+  * Actually removing live-build-cgi from control.
+  * Correcting leftover reference to binary_grub in binary.
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Tue, 19 May 2015 06:26:38 +0200
+
+live-build (5.0~a7-1) unstable; urgency=low
+
+  * Renaming grub2 helper to grub-pc for later grub-efi addition.
+  * Renaming grub helper to grub-legacy for consistency.
+  * Dropping obsolete template checks within grub helpers.
+  * Switching from http.debian.net to httpredir.debian.org as default
+    binary mirror.
+  * Removing broken samhain handling (Closes: #785264).
+
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Thu, 14 May 2015 13:16:38 +0200
+
 live-build (5.0~a6-1) unstable; urgency=low
 
   * Moving grub and grub2 templates into shared bootloader config
@@ -6167,7 +7148,7 @@ live-package (0.99.24-1) unstable; urgency=low
     - adds LIVE_INCLUDE_CHROOT to the manual exported variables as reported by
       Mathieu Geli <mathieu.geli@gmail.com> (Closes: #412325).
 
- -- Daniel Baumann <mail@daniel-baumann.ch>  Sun,  3 Mar 2007 12:25:00 +0100
+ -- Daniel Baumann <mail@daniel-baumann.ch>  Sat, 03 Mar 2007 12:25:00 +0100
 
 live-package (0.99.23-1) unstable; urgency=low
 

debian/compat

@@ -1 +0,0 @@
-9

debian/control

@@ -1,47 +1,34 @@
 Source: live-build
 Section: misc
 Priority: optional
-Maintainer: Live Systems Maintainers <debian-live@lists.debian.org>
-Uploaders: Daniel Baumann <mail@daniel-baumann.ch>
-Build-Depends: debhelper (>= 9)
-Standards-Version: 3.9.6
-Homepage: http://live-systems.org/devel/live-build/
-Vcs-Browser: http://live-systems.org/gitweb/?p=live-build.git
-Vcs-Git: git://live-systems.org/git/live-build.git
+Maintainer: Debian Live <debian-live@lists.debian.org>
+Uploaders: Raphaël Hertzog <raphael@offensive-security.com>,
+           Luca Boccassi <bluca@debian.org>
+Build-Depends: debhelper-compat (= 13), devscripts, gettext, po4a
+Standards-Version: 4.7.0
+Rules-Requires-Root: no
+Homepage: https://wiki.debian.org/DebianLive
+Vcs-Browser: https://salsa.debian.org/live-team/live-build
+Vcs-Git: https://salsa.debian.org/live-team/live-build.git
 
 Package: live-build
 Architecture: all
-Depends:
- ${misc:Depends},
- debootstrap,
-Recommends:
- apt-utils,
- cpio,
- wget,
- live-boot-doc,
- live-config-doc,
- live-manual-html | live-manual,
-Suggests:
- gpgv,
- debian-keyring,
+Depends: cpio, debootstrap, ${misc:Depends}
+Recommends: apt-utils,
+            bzip2,
+            cryptsetup,
+            file,
+            live-boot-doc,
+            live-config-doc,
+            live-manual-html | live-manual,
+            rsync,
+            systemd-container,
+            wget,
+            xz-utils
+Suggests: e2fsprogs, eatmydata, git, mtd-utils, parted
 Description: Live System Build Components
- The Live Systems project maintains the components to build Debian based Live
+ The Debian Live project maintains the components to build Debian based Live
  systems and the official Debian Live images themselves.
  .
  live-build contains the components to build a live system from a configuration
  directory.
-
-Package: live-build-cgi
-Architecture: all
-Depends: ${misc:Depends}, live-build (= ${source:Version})
-Recommends:
- apache2 | httpd,
- cron,
-Description: Live System Build Scripts (CGI frontend)
- The Live Systems project maintains the components to build Debian based Live
- systems and the official Debian Live images themselves.
- .
- live-build contains the components to build a live system from a configuration
- directory.
- .
- This package contains the CGI frontend (experimental!).

debian/copyright

@@ -1,10 +1,12 @@
-Format: http://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
+Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/
 Upstream-Name: live-build
-Upstream-Contact: Live Systems Project <debian-live@lists.debian.org>
-Source: http://live-systems.org/archive/packages/live-build/
+Upstream-Contact: Debian Live Project <debian-live@lists.debian.org>
 
 Files: *
-Copyright: 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
+Copyright:
+ 2016-2020 The Debian Live team
+ 2016-2017 Raphaël Hertzog <hertzog@debian.org>
+ 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 License: GPL-3+
 
 License: GPL-3+

debian/gitlab-ci.yml

@@ -0,0 +1,55 @@
+---
+include:
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/salsa-ci.yml
+  - https://salsa.debian.org/salsa-ci-team/pipeline/raw/master/pipeline-jobs.yml
+
+variables:
+  SALSA_CI_DISABLE_BUILD_PACKAGE_ANY: 1
+  SALSA_CI_DISABLE_BUILD_PACKAGE_I386: 1
+
+.lb-build:
+  stage: test
+  script:
+    - apt-get update
+    - apt-get install -y "$(find . -type f -name '*.deb')"
+    - lb --version
+    # We need to stay within the maximum limit for artifacts on Salsa (250M),
+    # so disable a few things
+    - lb config --apt-indices false --apt-recommends false --firmware-chroot false --source false --distribution sid --updates false --debootstrap-options "--variant=minbase" --bootloaders grub-efi
+    # But do install user-setup and sudo to have a usable image
+    - echo "user-setup sudo" > config/package-lists/recommends.list.chroot
+    # xz compresses initrds much better than zstd
+    - echo xz-utils >> config/package-lists/live.list.chroot
+    - mkdir -p config/includes.chroot_after_packages/etc/initramfs-tools/conf.d/
+    - printf 'COMPRESS=xz\nCOMPRESSLEVEL=9\n' > config/includes.chroot_after_packages/etc/initramfs-tools/conf.d/compress
+    # Remove stuff not really needed to boot
+    - echo 'rm -rf /usr/share/doc/* /usr/share/i18n/* /usr/share/man/* /usr/share/locale/*' >> config/hooks/normal/9020-remove-man-cache.hook.chroot
+    # Build the ISO
+    - lb build
+    - ls -lh
+    - cp live-image-${BUILD_ARCH}.contents ${WORKING_DIR}
+    - cp live-image-${BUILD_ARCH}.hybrid.iso ${WORKING_DIR}
+  artifacts:
+    when: always
+    paths:
+      - ${WORKING_DIR}/live-image-${BUILD_ARCH}.contents
+      - ${WORKING_DIR}/live-image-${BUILD_ARCH}.hybrid.iso
+  needs:
+    - job: build
+      artifacts: true
+
+ISO amd64:
+  extends:
+    - .lb-build
+  variables:
+    BUILD_ARCH: 'amd64'
+
+ISO arm64:
+  extends:
+    - .lb-build
+  rules:
+    - if: $CI_PROJECT_ROOT_NAMESPACE != "rclobus-guest"
+  variables:
+    BUILD_ARCH: 'arm64'
+  tags:
+    - $SALSA_CI_ARM_RUNNER_TAG

debian/live-build.bug-presubj

@@ -1,7 +1,7 @@
 Before submitting a bug report against live-build, please make sure
 that you have read your guidelines for live systems bug reports:
 
-  http://live-systems.org/manual/
+  https://live-team.pages.debian.net/live-manual/
 
 By providing the required information as outlined in the guidelines makes
 sure that we can optimally reproduce and fix bugs, not doing so wastes a

debian/live-build.lintian-overrides

@@ -1 +1,6 @@
-live-build: symlink-should-be-relative
+live-build: absolute-symlink-in-top-level-folder
+# Those cases are legitimate uses of direct access to the database
+live-build: uses-dpkg-database-directly [usr/lib/live/build/chroot_tmpfs]
+live-build: uses-dpkg-database-directly [usr/lib/live/build/clean]
+live-build: uses-dpkg-database-directly [usr/share/live/build/functions/chroot.sh]
+live-build: uses-dpkg-database-directly [usr/share/live/build/hooks/normal/8010-remove-backup-files.hook.chroot]

debian/rules

@@ -1,20 +1,18 @@
 #!/usr/bin/make -f
 
 %:
-	dh ${@} --parallel
+	dh $@
 
 override_dh_auto_install:
+	# Update manual pages first
+	$(MAKE) -C manpages update
+	$(MAKE) -C manpages build
+
 	dh_auto_install -- DESTDIR=debian/live-build
 
 	# Removing unused files
 	rm -f debian/live-build/usr/share/doc/live-build/COPYING
 
-override_dh_builddeb:
-	dh_builddeb -- -Zxz
-
 override_dh_link:
-	dh_link
-
-	# workaround dh_link convertion of absolute symlinks to relvative symlinks
-	rm -rf debian/live-build/usr/share/live/build/bootloaders
-	cp -a share/bootloaders debian/live-build/usr/share/live/build/bootloaders
+	# workaround dh_link conversion of absolute symlinks to relative symlinks
+	dh_link -X.c32 -Xisolinux.bin -Xpxelinux.0

debian/source/format

@@ -1 +1 @@
-3.0 (quilt)
+3.0 (native)

debian/source/lintian-overrides

@@ -0,0 +1,11 @@
+# Ignore those errors, it's not nice but works currently
+absolute-symbolic-link-target-in-source /usr/lib/ISOLINUX/isolinux.bin [share/bootloaders/isolinux/isolinux.bin]
+absolute-symbolic-link-target-in-source /usr/lib/PXELINUX/pxelinux.0 [share/bootloaders/pxelinux/pxelinux.0]
+absolute-symbolic-link-target-in-source /usr/lib/syslinux/modules/bios/hdt.c32 [share/bootloaders/syslinux_common/hdt.c32]
+absolute-symbolic-link-target-in-source /usr/lib/syslinux/modules/bios/ldlinux.c32 [share/bootloaders/isolinux/ldlinux.c32]
+absolute-symbolic-link-target-in-source /usr/lib/syslinux/modules/bios/ldlinux.c32 [share/bootloaders/pxelinux/ldlinux.c32]
+absolute-symbolic-link-target-in-source /usr/lib/syslinux/modules/bios/libcom32.c32 [share/bootloaders/syslinux_common/libcom32.c32]
+absolute-symbolic-link-target-in-source /usr/lib/syslinux/modules/bios/libgpl.c32 [share/bootloaders/syslinux_common/libgpl.c32]
+absolute-symbolic-link-target-in-source /usr/lib/syslinux/modules/bios/libmenu.c32 [share/bootloaders/syslinux_common/libmenu.c32]
+absolute-symbolic-link-target-in-source /usr/lib/syslinux/modules/bios/libutil.c32 [share/bootloaders/syslinux_common/libutil.c32]
+absolute-symbolic-link-target-in-source /usr/lib/syslinux/modules/bios/vesamenu.c32 [share/bootloaders/syslinux_common/vesamenu.c32]

debian/source/local-options

@@ -1 +0,0 @@
-abort-on-upstream-changes

debian/source/options

@@ -1 +0,0 @@
-compression = xz

debian/tests/build-default-image

@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+cd "${AUTOPKGTEST_TMP}"
+# Use the default values
+lb config --verbose
+# Verify some values
+lb config --dump | grep 'LB_DISTRIBUTION="testing"'
+lb config --dump | grep 'LB_UPDATES="true"'
+lb config --dump | grep 'LB_SECURITY="true"'
+lb config --dump | grep 'LB_PROPOSED_UPDATES="false"'
+lb build --verbose
+ls -l

debian/tests/build-kali-image

@@ -0,0 +1,21 @@
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+# Ensure Kali's keyring archive is installed and is always up to date
+echo "Acquire::Retries 5;" > /etc/apt/apt.conf.d/live-build-ci
+curl https://archive.kali.org/archive-key.asc > /etc/apt/trusted.gpg.d/kali.asc
+mkdir -p /etc/apt/sources.list.d
+echo "deb http://http.kali.org/kali kali-rolling main" > /etc/apt/sources.list.d/kali.list
+apt-get update
+apt-get install -y kali-archive-keyring
+rm -f /etc/apt/trusted.gpg.d/kali.asc /etc/apt/sources.list.d/kali.list /etc/apt/apt.conf.d/live-build-ci
+apt-get update
+
+cd "${AUTOPKGTEST_TMP}"
+git clone --depth 1 --no-tags https://gitlab.com/kalilinux/build-scripts/live-build-config.git
+cd live-build-config
+./build.sh --verbose
+ls -l
+ls -l images

debian/tests/build-stable-image

@@ -0,0 +1,14 @@
+#!/bin/bash
+
+set -eu
+set -o pipefail
+
+cd "${AUTOPKGTEST_TMP}"
+# A minimal command line
+lb config --verbose --distribution stable
+# Verify some default values
+lb config --dump | grep 'LB_UPDATES="true"'
+lb config --dump | grep 'LB_SECURITY="true"'
+lb config --dump | grep 'LB_PROPOSED_UPDATES="false"'
+lb build --verbose
+ls -l

debian/tests/control

@@ -0,0 +1,20 @@
+Tests: build-default-image
+Depends: live-build
+Restrictions: allow-stderr, needs-internet, needs-root
+
+Tests: build-stable-image
+Depends: live-build
+Restrictions: allow-stderr, needs-internet, needs-root
+
+Tests: build-kali-image
+Depends: apt-utils,
+         bzip2,
+         ca-certificates,
+         cpio,
+         curl,
+         file,
+         git,
+         live-build,
+         wget,
+         xz-utils
+Restrictions: allow-stderr, flaky, needs-internet, needs-root

examples/hooks/minimal.hook.chroot

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.

examples/hooks/reproducible/2000-reproducible-function-uuid_generate_random.hook.chroot

@@ -0,0 +1,63 @@
+#!/bin/sh
+set -e
+
+# util-linux creates random UUIDs when uuid_generate_random is called
+# Use LD_PRELOAD to replace uuid_generate_random with a less random version
+
+# Don't run if gcc is not installed
+if [ ! -e /usr/bin/cc ];
+then
+  exit 0
+fi
+
+cat > unrandomize_uuid_generate_random.c << END_OF_SOURCE
+#include <stdlib.h>
+#include <stdio.h>
+
+#define SEQUENCE_FILENAME "/var/cache/unrandomize_uuid_generate_random.sequence_number"
+
+/* https://tools.ietf.org/html/rfc4122 */
+typedef unsigned char uuid_t[16];
+
+/* Our pseudo-random version */
+void uuid_generate_random(uuid_t out)
+{
+  /* Nil UUID */
+  for (int i=0;i<16;i++) {
+    out[i] = 0x00;
+  }
+  out[6]=0x40; /* UUID version 4 means randomly generated */
+  out[8]=0x80; /* bit7=1,bit6=0 */
+
+  /* The file doesn't need to exist yet */
+  FILE *f = fopen(SEQUENCE_FILENAME, "rb");
+  if (f) {
+    fread(out+12, 4, 1, f);
+    fclose(f);
+  }
+  /* Use the next number. Endianness is not important */
+  (*(unsigned long*)(out+12))++;
+
+  unsigned long long epoch;
+  /* Use SOURCE_DATE_EPOCH when provided */
+  char *date = getenv("SOURCE_DATE_EPOCH");
+  if (date) {
+    epoch = strtoll(date, NULL, 10);
+  } else {
+    epoch = 0ll;
+  }
+  out[0] = (epoch & 0xFF000000) >> 24;
+  out[1] = (epoch & 0x00FF0000) >> 16;
+  out[2] = (epoch & 0x0000FF00) >>  8;
+  out[3] = (epoch & 0x000000FF);
+
+  /* Write the sequence number */
+  f = fopen(SEQUENCE_FILENAME, "wb");
+  if (f) {
+    fwrite(out+12, 4, 1, f);
+    fclose(f);
+  }
+}
+END_OF_SOURCE
+/usr/bin/cc -shared -fPIC unrandomize_uuid_generate_random.c -Wall --pedantic -o /usr/lib/unrandomize_uuid_generate_random.so
+rm -f unrandomize_uuid_generate_random.c

examples/hooks/reproducible/2001-reproducible-fontconfig.hook.chroot

@@ -0,0 +1,31 @@
+#!/bin/sh
+set -e
+
+# fontconfig creates non-reproducible files with UUIDs
+# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864082
+#
+# Because the UUIDs should not be deleted, the proposed work-around is:
+# * Use LD_PRELOAD to replace uuid_generate_random with a less random version
+
+# Don't run if fontconfig is not installed
+if [ ! -e /usr/bin/fc-cache ];
+then
+  exit 0
+fi
+
+# Don't run if fontconfig is sufficiently new
+if dpkg --compare-versions $(dpkg-query --show --showformat '${Version}\n' fontconfig | head -1) ge 2.13.1-4.4~;
+then
+  exit 0
+fi
+
+# Don't run if the LD_PRELOAD module is not compiled
+if [ ! -e /usr/lib/unrandomize_uuid_generate_random.so ];
+then
+  echo "P: $(basename $0) Reproducible hook inactive: The UUID module was not found"
+  exit 0
+fi
+
+LD_PRELOAD=/usr/lib/unrandomize_uuid_generate_random.so /usr/bin/fc-cache --force --really-force --system-only --verbose
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/2002-reproducible-mdadm.hook.chroot

@@ -0,0 +1,21 @@
+#!/bin/sh
+set -e
+
+# mkconf of mdadm creates a file with a timestamp
+# A bug report with patch is available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=982607
+# This script duplicates that patch
+
+# Don't run if mdadm is not installed
+if [ ! -e /usr/share/mdadm/mkconf ];
+then
+  exit 0
+fi
+
+# If mkconf already contains references to SOURCE_DATE_EPOCH, there is no need to patch the file
+if grep -q SOURCE_DATE_EPOCH /usr/share/mdadm/mkconf;
+then
+  exit 0
+fi
+sed -i -e '/# This configuration was auto-generated on/cif [ -z $SOURCE_DATE_EPOCH ]; then\n  echo "# This configuration was auto-generated on $(date -R) by mkconf"\nelse\n  echo "# This configuration was auto-generated on $(date -R --utc -d@$SOURCE_DATE_EPOCH) by mkconf"\nfi' /usr/share/mdadm/mkconf
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/2004-reproducible-libxml-sax-perl.hook.chroot

@@ -0,0 +1,28 @@
+#!/bin/sh
+set -e
+
+# update-perl-sax-parsers of libxml-sax-perl creates a file with a random order of its lines
+# A bug report with patch is available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=993444
+# This script duplicates that patch
+
+# Don't run if libxml-sax-perl is not installed
+if [ ! -e /usr/bin/update-perl-sax-parsers ];
+then
+  exit 0
+fi
+
+# If Debian.pm already contains a sort line, there is no need to patch the file
+if grep -q sort /usr/share/perl5/XML/SAX/Debian.pm;
+then
+  exit 0
+fi
+
+# Patch the Perl script
+sed -i -e '/foreach my $key/s/keys/sort keys/' /usr/share/perl5/XML/SAX/Debian.pm
+
+# Regenerate the file that has more than one key-value pair
+update-perl-sax-parsers --remove XML::SAX::Expat
+update-perl-sax-parsers --add XML::SAX::Expat --priority 50
+update-perl-sax-parsers --update
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/2005-reproducible-libxmlb2-appstream.hook.chroot

@@ -0,0 +1,62 @@
+#!/bin/sh
+set -e
+
+# libxmlb2 creates random GUIDs
+# See https://github.com/hughsie/libxmlb/issues/110
+# Fixed upstream: https://github.com/hughsie/libxmlb/commit/0652ec042cc0611b9b98e080e64e1025db9b4183
+# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1006358
+#
+# Until a sufficiently new version is installed, apply the work-around
+
+# Don't run if libxmlb2 is not installed
+if [ ! -e /usr/share/doc/libxmlb2 ];
+then
+  exit 0
+fi
+
+# Don't run if AppStream is not installed
+if [ ! -e /usr/bin/appstreamcli ];
+then
+  exit 0
+fi
+
+# Don't run if the version of libxmlb2 is sufficiently new
+if dpkg --compare-versions $(dpkg-query --show --showformat '${Version}\n' libxmlb2 | head -1) ge 0.3.7~;
+then
+  exit 0
+fi
+
+# Refresh the compressed XML files
+appstreamcli refresh --force > /dev/null
+
+# appstream <= 0.15.1 uses /var/cache/app-info
+# appstream >= 0.15.2 uses /var/cache/swcatalog
+if [ -d /var/cache/swcatalog ];
+then
+  CACHE_PATH=/var/cache/swcatalog/cache
+else
+  CACHE_PATH=/var/cache/app-info/cache
+fi
+
+# Set the GUID field for each compressed XML file to zero
+for f in $(ls ${CACHE_PATH}/*.xb);
+do
+  dd if=$f of=tmp.xb count=8 iflag=count_bytes status=none
+  dd if=/dev/zero of=tmp.xb count=16 iflag=count_bytes status=none oflag=append conv=notrunc
+  dd if=$f of=tmp.xb skip=24 iflag=skip_bytes status=none oflag=append conv=notrunc
+  rm $f
+  mv tmp.xb $f
+done
+
+# When apt update is invoked, 50appstream calls 'appstreamcli refresh'
+# so add another hook to reset the guid again
+#
+# Before the chroot is finalised, 'apt update' is invoked again, so the reset guid step needs to be re-applied
+cat << EOF > /etc/apt/apt.conf.d/51appstream_reset_guid
+# Reset the GUID of the AppStream cache files when APT's cache is updated (i.e. apt update)
+APT::Update::Post-Invoke-Success {
+    "if /usr/bin/test -w ${CACHE_PATH} -a -e /usr/bin/appstreamcli; then for f in \$(ls ${CACHE_PATH}/*.xb); do dd if=\$f of=tmp.xb count=8 iflag=count_bytes status=none; dd if=/dev/zero of=tmp.xb count=16 iflag=count_bytes status=none oflag=append conv=notrunc; dd if=\$f of=tmp.xb skip=24 iflag=skip_bytes status=none oflag=append conv=notrunc; rm \$f; mv tmp.xb \$f; done; fi";
+};
+EOF
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/2006-reproducible-texlive-binaries-fmt-files.hook.chroot

@@ -0,0 +1,60 @@
+#!/bin/sh
+set -e
+
+# This script fixes several issues:
+# 1. The fmt files contain timestamps
+# 2. The fmt files randomly select the path to language.dat.lua and language.def
+#     (/var/lib/texmf/tex/generic/config vs /usr/share/texlive/texmf-dist/tex/generic/config)
+# 3. The fmt files have a random order due to the way iterators work in lua
+#      The function 'exception_strings' uses these iterators
+#      https://sources.debian.org/src/texlive-bin/2021.20210626.59705-1/texk/web2c/luatexdir/lang/texlang.c/?hl=501#L501
+#    See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1009196
+# 4. The 'tex' executable intentionally ignores SOURCE_DATE_EPOCH
+#    See https://sources.debian.org/src/texlive-bin/2021.20210626.59705-1/debian/patches/debian-SDE-docs-in-tex-etex-manpage/?hl=36#L36
+
+# Note: This hook must run before 0140-remove-log-files.hook.chroot and 0190-remove-temporary-files.hook.chroot
+
+# Don't run if texlive-binaries is not installed
+if [ ! -e /usr/bin/luahbtex ];
+then
+  exit 0
+fi
+
+# This is TeX: set FORCE_SOURCE_DATE to enable SOURCE_DATE_EPOCH -> fixes 1 and 2
+export FORCE_SOURCE_DATE=1
+
+# Generate the .fmt file 10 times. If the content differs, a fix for 3 is required
+for i in $(seq 1 10); do luahbtex -ini -jobname=luahbtex -progname=luabhtex luatex.ini > /dev/null; md5sum luahbtex.fmt >> md5sum.luahbtex; done
+rm -f luahbtex.fmt
+rm -f luahbtex.log
+if [ $(sort -u < md5sum.luahbtex | wc -l) -ne 1 ];
+then
+  # Ugly hack: remove the hyphenation exceptions -> fixes 3
+  #            This results in incorrect hyphenation, but it is a work-around until the function 'exception_strings' has been adjusted
+  sed -i -e '/as-so-ciate/d;/as-so-ciates/d;/dec-li-na-tion/d;/oblig-a-tory/d;/phil-an-thropic/d;/present/d;/presents/d;/project/d;/projects/d;/reci-procity/d;/re-cog-ni-zance/d;/ref-or-ma-tion/d;/ret-ri-bu-tion/d;/ta-ble/d' /usr/share/texlive/texmf-dist/tex/generic/hyphen/hyphen.tex
+  echo "P: $(basename $0) Reproducible hack has been applied: hyphenation of some words will be incorrect"
+fi
+rm -f md5sum.luahbtex
+
+# Rebuild all .fmt and .log files in /var/lib/texmf/web2c
+fmtutil --sys --all
+
+# Use faketime to enforce a timestamp -> fixes 4
+# NB: hooks don't know about the apt/aptitude selection, so use 'apt-get'
+export FAKETIME_ALREADY_INSTALLED=1
+if [ ! -e /usr/bin/faketime ];
+then
+  FAKETIME_ALREADY_INSTALLED=0
+  apt-get install faketime --yes -o Acquire::Check-Valid-Until=false
+fi
+OLD_PWD=$(pwd)
+cd /var/lib/texmf/web2c/tex
+faketime $(date --utc -d@$SOURCE_DATE_EPOCH --iso-8601=seconds) tex -ini -jobname=tex -progname=tex tex.ini
+cd ${OLD_PWD}
+if [ ${FAKETIME_ALREADY_INSTALLED} -eq 0 ];
+then
+  apt-get remove --purge --yes faketime
+  apt-get autoremove --yes
+fi
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/2007-reproducible-texlive-base-updmap.hook.chroot

@@ -0,0 +1,30 @@
+#!/bin/sh
+set -e
+
+# The file /var/lib/texmf/web2c/updmap.log contains timestamps for the files that it just generated
+# Not reported yet. See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=XXXXXXX
+
+# Don't run if texlive-base is not installed
+if [ ! -e /usr/bin/updmap ];
+then
+  exit 0
+fi
+
+# Don't run if the script has been fixed
+if grep -q gmtime /usr/share/texlive/texmf-dist/scripts/texlive/updmap.pl;
+then
+  exit 0
+fi
+
+# Change: printf LOG "%s\n\n", scalar localtime();
+# To    : printf LOG "%s\n\n", defined $ENV{SOURCE_DATE_EPOCH} ? scalar gmtime($ENV{SOURCE_DATE_EPOCH}) : scalar localtime();
+sed -i -e "/scalar localtime/s/scalar localtime/defined \$ENV{SOURCE_DATE_EPOCH} ? scalar gmtime(\$ENV{SOURCE_DATE_EPOCH}) : scalar localtime/" /usr/share/texlive/texmf-dist/scripts/texlive/updmap.pl
+
+# Change: my ($s,$m,$h,$D,$M,$Y)=localtime($stat[9]);
+# To    : my ($s,$m,$h,$D,$M,$Y)=defined $ENV{SOURCE_DATE_EPOCH} ? gmtime($ENV{SOURCE_DATE_EPOCH}) : localtime($stat[9]);
+sed -i -e "/localtime([$]/s/localtime/defined \$ENV{SOURCE_DATE_EPOCH} ? gmtime(\$ENV{SOURCE_DATE_EPOCH}) : localtime/" /usr/share/texlive/texmf-dist/scripts/texlive/updmap.pl
+
+# The timestamp of the files that are generated by the script will be corrected in the 'lb binary' phase
+updmap -sys
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/2008-reproducible-texlive-base-mktexlsr.hook.chroot

@@ -0,0 +1,27 @@
+#!/bin/sh
+set -e
+
+# mktexlsr and mktexlsr.pl generate different output
+# Whichever of both scripts is run last, determines the output of /var/lib/texmf/ls-R
+# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1003449
+
+# Don't run if texlive-base is not installed
+if [ ! -e /usr/share/texlive/texmf-dist/scripts/texlive/mktexlsr ];
+then
+  exit 0
+fi
+
+# Don't run if the version of mktexlsr is sufficiently new
+if grep -q "Also remove double empty" /usr/share/texlive/texmf-dist/scripts/texlive/mktexlsr;
+then
+  exit 0
+fi
+
+# Apply only the functional part of the patch in #1003449 (removes double empty lines)
+sed -i -e "/vc_dirs'\./s/[\\]/| cat -s \\\\/" /usr/share/texlive/texmf-dist/scripts/texlive/mktexlsr
+
+# Run the shell script, this hook is the last invoker.
+# The output in /var/lib/texmf/ls-R will be sorted
+mktexlsr
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/2009-reproducible-vlc.hook.chroot

@@ -0,0 +1,87 @@
+#!/bin/sh
+set -e
+
+# vlc-cache-gen uses readdir() which depends on the order in the filesystem
+
+# Don't run if vlc is not installed
+if [ ! -x /usr/lib/x86_64-linux-gnu/vlc/vlc-cache-gen ];
+then
+  exit 0
+fi
+
+# Don't run if the cache file does not exist
+if [ ! -e /usr/lib/x86_64-linux-gnu/vlc/plugins/plugins.dat ];
+then
+  exit 0
+fi
+
+# Install disorderfs when needed and mark for removal at the end
+_DISORDERFS_PREINSTALLED=yes
+if [ ! -x /usr/bin/disorderfs ];
+then
+  _DISORDERFS_PREINSTALLED=no
+  apt-get install --yes disorderfs
+fi
+
+# Install the fuse device (needed by disorderfs) and mark for removal at the end
+_FUSE_DEVICE_PRESENT=yes
+if [ ! -e /dev/fuse ];
+then
+  _FUSE_DEVICE_PRESENT=no
+  mknod /dev/fuse c 10 229
+fi
+
+# Check for changes in the cache file, for suppressing the output if no change was made
+_CHECK_FOR_CHANGES=yes
+if [ ! -x /usr/bin/sha256sum ];
+then
+  _CHECK_FOR_CHANGES=no
+fi
+
+
+# Prepare a directory with a stable sorting order
+_ORDERED_DIR=$(mktemp --directory)
+disorderfs /usr/lib/x86_64-linux-gnu/vlc/plugins ${_ORDERED_DIR} --reverse-dirents=no --sort-dirents=yes --quiet
+
+# The checksum of the original file
+if [ "${_CHECK_FOR_CHANGES}" = "yes" ];
+then
+  sha256sum /usr/lib/x86_64-linux-gnu/vlc/plugins/plugins.dat > ${_ORDERED_DIR}/before.sha256sum
+fi
+
+# Regenerate the cache file in a directory which guarantees the sorting order of the files
+/usr/lib/x86_64-linux-gnu/vlc/vlc-cache-gen ${_ORDERED_DIR}
+
+# Verify the checksum for changes
+if [ "${_CHECK_FOR_CHANGES}" = "yes" ];
+then
+  _HOOK_WAS_NEEDED=no
+  sha256sum --check ${_ORDERED_DIR}/before.sha256sum --status || _HOOK_WAS_NEEDED=yes
+  rm -f ${_ORDERED_DIR}/before.sha256sum
+fi
+
+# Cleanup
+fusermount -u ${_ORDERED_DIR}
+rmdir ${_ORDERED_DIR}
+
+if [ "${_DISORDERFS_PREINSTALLED}" = "no" ];
+then
+  apt-get remove --yes --purge disorderfs
+  apt-get autoremove --yes
+fi
+
+if [ "${_FUSE_DEVICE_PRESENT}" = "no" ];
+then
+  rm -f /dev/fuse
+fi
+
+# Report only when either a change was detected or not detectable (due to missing tools)
+if [ "${_CHECK_FOR_CHANGES}" = "yes" ];
+then
+  if [ "${_HOOK_WAS_NEEDED}" = "yes" ];
+  then
+    echo "P: $(basename $0) Reproducible hook has been applied"
+  fi
+else
+  echo "P: $(basename $0) Reproducible hook has been applied"
+fi

examples/hooks/reproducible/2010-reproducible-install-info.hook.chroot

@@ -0,0 +1,42 @@
+#!/bin/sh
+set -e
+
+# install-info has an unstable sort order when a new section is added
+# Fixed by https://git.savannah.gnu.org/cgit/texinfo.git/commit/?id=01b5a4b9c33bef08feae041c221f820a1c76749f
+#
+# The postinst-hook of install-info depends on the natural order of the
+# filesystem and deletes the existing dir file beforehand.
+# Installing the same info.gz file again follows a different code path,
+# which has a stable sort order
+
+# Don't run if install-info is not installed
+if [ ! -x /usr/bin/install-info ];
+then
+  exit 0
+fi
+
+# Don't run if install-info is sufficiently new
+if dpkg --compare-versions $(dpkg-query --show --showformat '${Version}\n' install-info | head -1) gt 7.2~;
+then
+  exit 0
+fi
+
+# Keep the original file
+cp /usr/share/info/dir /tmp/before
+
+# dir, dircolors, dirname / pr, printenv, printf / tr, true, truncate / who, whoami
+install-info /usr/share/info/coreutils.info.gz /usr/share/info/dir
+# diff, diff3
+install-info /usr/share/info/diffutils.info.gz /usr/share/info/dir
+# dirmngr, dirmngr-client
+if [ -e /usr/share/info/gnupg.info.gz ];
+then
+  install-info /usr/share/info/gnupg.info.gz /usr/share/info/dir
+fi
+
+# Only report when the hook has made a difference
+if ! diff /tmp/before /usr/share/info/dir > /dev/null;
+then
+  echo "P: $(basename $0) Reproducible hook has been applied"
+fi
+rm -f /tmp/before

examples/hooks/reproducible/2011-reproducible-ca-certificates-java.hook.chroot

@@ -0,0 +1,64 @@
+#!/bin/sh
+set -e
+
+# /etc/ssl/certs/java/cacerts is a keystore
+# Due to cryptographic requirements, it will be non-reproducible
+# as it embeds timestamps
+# It can be re-generated with low overhead
+
+# Don't run if ca-certificates-java is not installed
+if [ ! -e /etc/ssl/certs/java/cacerts ];
+then
+	exit 0
+fi
+
+# Remove the file
+rm -f /etc/ssl/certs/java/cacerts
+
+# Add a hook to live-config to recreate it
+cat << EOF > /usr/lib/live/config/5000-ca-certificates-java
+#!/bin/sh
+
+. /lib/live/config.sh
+
+## live-config(7) - System Configuration Components
+## Copyright (C) 2024 The Debian Live team
+##
+## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
+## This is free software, and you are welcome to redistribute it
+## under certain conditions; see COPYING for details.
+
+Init ()
+{
+	# Checking if package is installed
+	if ! pkg_is_installed "ca-certificates-java" || \\
+		component_was_executed "ca-certificates-java"
+	then
+		exit 0
+	fi
+	# If the keystore is embedded in the image, don't touch it
+	if [ -e /etc/ssl/certs/java/cacerts ]
+	then
+		exit 0
+	fi
+
+	echo -n " ca-certificates-java"
+}
+
+Config ()
+{
+	# Re-generate the keystore
+	touch /var/lib/ca-certificates-java/fresh
+	dpkg-reconfigure ca-certificates-java
+
+	# Creating state file
+	touch /var/lib/live/config/ca-certificates-java
+}
+
+Init
+Config
+EOF
+chmod u=rwx,go=rx /usr/lib/live/config/5000-ca-certificates-java
+
+echo "P: $(basename $0) Reproducible hook has been applied"
+

examples/hooks/reproducible/2012-reproducible-emacsen-ispell-dicts.el.hook.chroot

@@ -0,0 +1,25 @@
+#!/bin/sh
+set -e
+
+# update-dictcommon-aspell creates a file with content depending on PERL_HASH_SEED
+# A bug report with patch is available at https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090981
+# This script duplicates that patch
+
+# Don't run if the file is not present
+if [ ! -e /usr/share/perl5/Debian/DictionariesCommon.pm ];
+then
+  exit 0
+fi
+
+# If DictionariesCommon.pm already contains a sort statement at line 656, there is no need to patch the file
+if sed -e '656p;d' /usr/share/perl5/Debian/DictionariesCommon.pm | grep -q "foreach my \$k (sort keys"
+then
+  exit 0
+fi
+
+# Patch the Perl script (at line 656)
+sed -i -e '656s/keys/sort keys/' /usr/share/perl5/Debian/DictionariesCommon.pm
+
+update-dictcommon-aspell
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/8500-cleanup-ucf-backup-files.hook.chroot

@@ -0,0 +1,7 @@
+#!/bin/sh
+set -e
+
+# Delete all older backups of ucf files
+# The current files are /var/lib/ucf/hashfile and /var/lib/ucf/registry
+rm -f /var/lib/ucf/hashfile.*
+rm -f /var/lib/ucf/registry.* 

examples/hooks/reproducible/8510-reproducible-fonts_in_initramfs.hook.chroot

@@ -0,0 +1,38 @@
+#!/bin/sh
+set -e
+
+# fontconfig creates non-reproducible files with UUIDs
+# See https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=864082
+#
+# Because the UUIDs should not be deleted, the proposed work-around is:
+# * Use LD_PRELOAD to replace uuid_generate_random with a less random version
+
+# Don't run if fontconfig is not installed
+if [ ! -e /usr/bin/fc-cache ];
+then
+  exit 0
+fi
+
+# Don't run if fontconfig is sufficiently new
+if dpkg --compare-versions $(dpkg-query --show --showformat '${Version}\n' fontconfig | head -1) ge 2.13.1-4.4~;
+then
+  exit 0
+fi
+
+# Don't run if there is no font in the initrd.img file
+if ! lsinitramfs /initrd.img | grep "^var/cache/fontconfig" | grep ".cache-7$" > /dev/null;
+then
+  exit 0
+fi
+
+# Don't run if the LD_PRELOAD module is not compiled
+if [ ! -e /usr/lib/unrandomize_uuid_generate_random.so ];
+then
+  echo "P: $(basename $0) Reproducible hook inactive: The UUID module was not found"
+  exit 0
+fi
+
+LD_PRELOAD=/usr/lib/unrandomize_uuid_generate_random.so update-initramfs -k all -u
+touch /initrd.img_has_already_been_regenerated
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/8520-cleanup-appstream-cache.hook.chroot

@@ -0,0 +1,41 @@
+#!/bin/sh
+set -e
+
+# 'appstreamcli refresh --source=os' which is invoked by 'apt-get update'
+# creates cache files that will be re-generated by live-config.
+# These cache files are generated by lb for the C locale, while after boot in
+# the live image the actual language is used (default=en_US) when a network
+# connection was made. If no network is available 'GNOME Software' still works
+# correctly without these cache files.
+# Therefore these files can safely be removed from the live image.
+#
+# However, after all hooks have run, 'apt-get update' is run once again by
+# 'chroot_archives chroot remove', therefore the original executable
+# 'appstreamcli' is moved away by this script, to be restored upon the next
+# invocation.
+
+# Don't run if AppStream is not installed
+if [ ! -e /usr/bin/appstreamcli ];
+then
+  exit 0
+fi
+
+# Don't run if the version of appstream is too old
+if dpkg --compare-versions $(dpkg-query --show --showformat '${Version}\n' appstream | head -1) lt 0.15.2~;
+then
+  exit 0
+fi
+
+# Create a wrapper that restores itself on the next invocation
+mv /usr/bin/appstreamcli /usr/bin/appstreamcli.orig
+cat << EOF > /usr/bin/appstreamcli
+#!/bin/sh
+/usr/bin/appstreamcli.orig \$@
+rm /usr/bin/appstreamcli
+mv /usr/bin/appstreamcli.orig /usr/bin/appstreamcli
+# Delete the cache files
+rm -f /var/cache/swcatalog/cache/C-*.xb
+EOF
+chmod a+x /usr/bin/appstreamcli
+
+echo "P: $(basename $0) Reproducible hook has been applied"

examples/hooks/reproducible/8900-reproducible-cleanup-uuid_generate_random.hook.chroot

@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+# Remove the module and its data file
+rm -f /usr/lib/unrandomize_uuid_generate_random.so
+rm -f /var/cache/unrandomize_uuid_generate_random.sequence_number

examples/hooks/reproducible/README

@@ -0,0 +1,11 @@
+Use these scripts to generate reproducible images.
+
+See the generic Wiki page: https://wiki.debian.org/ReproducibleInstalls/LiveImages
+
+After 'lb config' and before 'lb build' you should copy these hooks:
+
+cp /usr/share/doc/live-build/examples/hooks/reproducible/* config/hooks/normal
+
+or (when using the latest git version):
+
+cp $LIVE_BUILD/examples/hooks/reproducible/* config/hooks/normal

examples/hooks/stripped.hook.chroot

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.

frontend/lb

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -11,80 +12,70 @@
 set -e
 
 # Including common functions
-[ -e "${LIVE_BUILD}/scripts/build.sh" ] && . "${LIVE_BUILD}/scripts/build.sh" || . /usr/lib/live/build.sh
+[ -n "${LIVE_BUILD}" ] && [ -e "${LIVE_BUILD}/scripts/build.sh" ] && . "${LIVE_BUILD}/scripts/build.sh" || . /usr/lib/live/build.sh
 
 # Setting static variables
-DESCRIPTION="$(Echo 'utility to build live systems')"
-HELP="FIXME"
-USAGE="FIXME"
+PROGRAM="${FRONTEND}"
+DESCRIPTION="Utility to build live systems"
+USAGE="lb {clean|config|build}"
 
-case "${1}" in
-	-h|--help)
-		if [ -x "$(which man 2>/dev/null)" ]
-		then
-			man lb
-			exit 0
-		else
-			${0} --usage
-			exit 0
-		fi
-		;;
+# This bits of code relies on the fact that we only accept
+# options without values before the real command.
+GLOBAL_ARGS=""
+while true; do
+	case $1 in
+		-*)
+			GLOBAL_ARGS="${GLOBAL_ARGS:+$GLOBAL_ARGS }$1"
+			shift
+			;;
+		*)
+			break
+			;;
+	esac
+done
+Arguments $GLOBAL_ARGS
 
-	""|-u|--usage)
-		Usage
-		;;
+if [ $# = 0 ]; then
+	Echo_error "Missing sub-command"
+	Usage --fail
+fi
 
-	-v|--version)
-		echo "${VERSION}"
-		exit 0
-		;;
+COMMAND="${1}"
+shift
 
-	*)
-		COMMAND="${1}"
-		shift
+if [ -x "${LIVE_BUILD}/scripts/build/${COMMAND}" ]; then
+	# User has live-build copied locally in the system
+	SCRIPT="${LIVE_BUILD}/scripts/build/${COMMAND}"
+elif [ -x "local/live-build/scripts/build/${COMMAND}" ]; then
+	# User has live-build copied locally in the config
+	SCRIPT="local/live-build/scripts/build/${COMMAND}";
+elif [ -x /usr/lib/live/build/${COMMAND} ]; then
+	# User has live-build installed in the system
+	SCRIPT=/usr/lib/live/build/"${COMMAND}"
+else
+	Echo_error "Unknown command: ${COMMAND}"
+	exit 1
+fi
 
-		ENV=""
+if [ "${COMMAND}" != "config" ]; then
+	# Checking user account
+	if [ "$(id -u)" -ne "0" ]; then
+		Echo_error "Root privileges needed!"
+		exit 1
+	fi
+fi
 
-		if [ "${COMMAND}" != "config" ]
-		then
-			# Checking user account
-			if [ "$(id -u)" -ne "0" ]
-			then
-				Echo_error "need root privileges"
-				exit 1
-			fi
-		fi
+ENV=""
+for _FILE in config/environment config/environment.binary; do
+	if [ -e "${_FILE}" ]; then
+		ENV="${ENV} $(grep -v '^#' ${_FILE})"
+	fi
+done
 
-		for _FILE in config/environment config/environment.binary
-		do
-			if [ -e "${_FILE}" ]
-			then
-				ENV="${ENV} $(grep -v '^#' ${_FILE})"
-			fi
-		done
+_CMD_LABEL="lb ${COMMAND}"
+if [ "${_COLOR_OUT}" = "true" ]; then
+	_CMD_LABEL="${CYAN}${_CMD_LABEL}${NO_COLOR}"
+fi
+Echo "[%s] ${_CMD_LABEL} %s" "$(date +'%F %T')" "$(echo ${GLOBAL_ARGS} ${@})"
 
-		if [ -x "${LIVE_BUILD}/scripts/build/${COMMAND}" ]
-		then
-			# User has live-build copied locally in the system
-			SCRIPT="${LIVE_BUILD}/scripts/build/${COMMAND}"
-		elif [ -x "local/live-build/scripts/build/${COMMAND}" ]
-		then
-			# User has live-build copied locally in the config
-			SCRIPT="local/live-build/scripts/build/${COMMAND}"
-		elif [ -x /usr/lib/live/build/${COMMAND} ]
-		then
-			# User has live-build installed in the system
-			SCRIPT=/usr/lib/live/build/"${COMMAND}"
-		elif [ -x "$(which ${COMMAND} 2>/dev/null)" ]
-		then
-			# User has live-build commands in path
-			SCRIPT="${COMMAND}"
-		else
-			Echo_error "no such script: ${COMMAND}"
-			exit 1
-		fi
-
-		Echo "[%s] %s" "$(date +'%F %T')" "lb ${COMMAND} $(echo ${@})"
-		${ENV} exec "${SCRIPT}" "${@}"
-		;;
-esac
+exec /usr/bin/env ${ENV} "${SCRIPT}" ${GLOBAL_ARGS} "${@}"

frontend/live-build

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program is free software: you can redistribute it and/or modify
@@ -22,7 +23,7 @@
 
 set -e
 
-if [ -x "$(which man 2>/dev/null)" ]
+if command -v man >/dev/null
 then
 	man live-build
 else

functions/aliases.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -15,18 +16,14 @@ Find_files ()
 
 In_list ()
 {
-	NEEDLES="${1}"
+	local NEEDLE="${1}"
 	shift
 
-	for ITEM in ${@}
-	do
-		for NEEDLE in ${NEEDLES}
-		do
-			if [ "${NEEDLE}" = "${ITEM}" ]
-			then
-				return 0
-			fi
-		done
+	local ITEM
+	for ITEM in "${@}"; do
+		if [ "${NEEDLE}" = "${ITEM}" ]; then
+			return 0
+		fi
 	done
 
 	return 1
@@ -34,8 +31,8 @@ In_list ()
 
 Truncate ()
 {
-	for FILE in ${@}
-	do
+	local FILE
+	for FILE in "${@}"; do
 		if [ ! -L ${FILE} ]
 		then
 			: > ${FILE}

functions/architectures.sh

@@ -1,124 +0,0 @@
-#!/bin/sh
-
-## live-build(7) - System Build Scripts
-## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
-##
-## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
-## This is free software, and you are welcome to redistribute it
-## under certain conditions; see COPYING for details.
-
-
-Check_architectures ()
-{
-	ARCHITECTURES="${@}"
-	VALID="false"
-
-	for ARCHITECTURE in ${ARCHITECTURES}
-	do
-		if [ "$(echo ${LB_ARCHITECTURES} | grep ${ARCHITECTURE})" ]
-		then
-			VALID="true"
-			break
-		fi
-	done
-
-	if [ "${ARCHITECTURES}" = "${LB_BOOTSTRAP_QEMU_ARCHITECTURES}" ]
-	then
-		VALID="true"
-
-		if [ ! -e "${LB_BOOTSTRAP_QEMU_STATIC}" ]
-		then
-			Echo_warning "skipping %s, qemu-static binary ${LB_BOOTSTRAP_QEMU_ARCHITECTURES} was not found"
-			VALID="false"
-		fi
-
-		if [ ! -x "${LB_BOOTSTRAP_QEMU_STATIC}" ]
-		then
-			Echo_warning "skipping %s, qemu-static binary ${LB_BOOTSTRAP_QEMU_STATIC} is not executable"
-			VALID="false"
-		fi
-
-	fi
-
-	if [ "${VALID}" = "false" ]
-	then
-		Echo_warning "skipping %s, foreign architecture(s)." "${0}"
-		exit 0
-	fi
-}
-
-Check_crossarchitectures ()
-{
-	if [ -x /usr/bin/dpkg ]
-	then
-		HOST="$(dpkg --print-architecture)"
-	else
-		HOST="$(uname -m)"
-	fi
-
-	case "${HOST}" in
-		amd64|i386|x86_64)
-			CROSS="amd64 i386"
-			;;
-
-		powerpc|ppc64)
-			CROSS="powerpc ppc64"
-			;;
-
-		*)
-			CROSS="${HOST}"
-			;;
-	esac
-
-	if [ "${LB_ARCHITECTURES}" = "${LB_BOOTSTRAP_QEMU_ARCHITECTURES}" ]
-	then
-
-		if [ ! -e "${LB_BOOTSTRAP_QEMU_STATIC}" ]
-		then
-			Echo_warning "skipping %s, qemu-static binary ${LB_BOOTSTRAP_QEMU_ARCHITECTURES} was not found"
-			exit 0
-		fi
-
-		if [ ! -x "${LB_BOOTSTRAP_QEMU_STATIC}" ]
-		then
-			Echo_warning "skipping %s, qemu-static binary ${LB_BOOTSTRAP_QEMU_STATIC} is not executable"
-			exit 0
-		fi
-		return
-	fi
-
-
-	Check_architectures "${CROSS}"
-}
-
-Check_multiarchitectures ()
-{
-	if [ "$(echo ${LB_ARCHITECTURES} | wc -w)" -gt "1" ]
-	then
-		# First, only support multiarch on iso
-		case "${LIVE_IMAGE_TYPE}" in
-			iso*)
-				# Assemble multi-arch
-				case "${LB_CURRENT_ARCHITECTURE}" in
-					amd64)
-						DESTDIR="${DESTDIR}.amd"
-						DESTDIR_LIVE="${DESTDIR_LIVE}.amd"
-						DESTDIR_INSTALL="${DESTDIR_INSTALL}.amd"
-						;;
-
-					i386)
-						DESTDIR="${DESTDIR}.386"
-						DESTDIR_LIVE="${DESTDIR_LIVE}.386"
-						DESTDIR_INSTALL="${DESTDIR_INSTALL}.386"
-						;;
-
-					powerpc)
-						DESTDIR="${DESTDIR}.ppc"
-						DESTDIR_LIVE="${DESTDIR_LIVE}.ppc"
-						DESTDIR_INSTALL="${DESTDIR_INSTALL}.ppc"
-						;;
-				esac
-				;;
-		esac
-	fi
-}

functions/arguments.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,73 +11,95 @@
 
 Arguments ()
 {
-	ARGUMENTS="$(getopt --longoptions breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options c:huv --shell sh -- "${@}")"
+	local LONGOPTS="breakpoints,color,debug,force,help,no-color,quiet,usage,verbose,version"
+	local SHORTOPTS="huv"
 
-	if [ "${?}" != "0" ]
-	then
-		Echo_error "terminating" >&2
+	local ARGUMENTS
+	local ERR=0
+	ARGUMENTS="$(getopt --shell sh --name "${PROGRAM}" --longoptions $LONGOPTS --options $SHORTOPTS -- "${@}")" || ERR=$?
+
+	if [ $ERR -eq 1 ]; then
+		Echo_error "invalid argument(s)"
+		exit 1
+	elif [ $ERR -ne 0 ]; then
+		Echo_error "getopt failure"
 		exit 1
 	fi
 
 	eval set -- "${ARGUMENTS}"
 
-	while true
-	do
-		case "${1}" in
-			--breakpoints)
-				_BREAKPOINTS="true"
+	while true; do
+		local ARG="${1}"
+		case "${ARG}" in
+			--breakpoints|--color|--debug|--force|-h|--help|--no-color|--quiet|-u|--usage|--verbose|-v|--version)
+				Handle_common_option "${ARG}"
 				shift
 				;;
 
-			-c|--conffile)
-				_CONFFILE="${2}"
-				shift 2
-				;;
-
-			--debug)
-				_DEBUG="true"
-				shift
-				;;
-
-			--force)
-				_FORCE="true"
-				shift
-				;;
-
-			-h|--help)
-				Man
-				shift
-				;;
-
-			--quiet)
-				_QUIET="true"
-				shift
-				;;
-
-			-u|--usage)
-				Usage
-				shift
-				;;
-
-			--verbose)
-				_VERBOSE="true"
-				shift
-				;;
-
-			-v|--version)
-				echo "${VERSION}"
-				exit 0
-				;;
-
 			--)
 				shift
 				break
 				;;
 
 			*)
-				Echo_error "internal error %s" "${0}"
+				Echo_error "Internal error, unhandled option: %s" "${ARG}"
 				exit 1
 				;;
 		esac
 	done
 }
+
+Handle_common_option ()
+{
+	case "${1}" in
+		--breakpoints)
+			_BREAKPOINTS="true"
+			;;
+
+		--color)
+			_COLOR="true"
+			_COLOR_OUT="true"
+			_COLOR_ERR="true"
+			;;
+
+		--no-color)
+			_COLOR="false"
+			_COLOR_OUT="false"
+			_COLOR_ERR="false"
+			;;
+
+		--debug)
+			_DEBUG="true"
+			;;
+
+		--force)
+			_FORCE="true"
+			;;
+
+		-h|--help)
+			Man
+			;;
+
+		--quiet)
+			_QUIET="true"
+			;;
+
+		-u|--usage)
+			Usage --exit
+			;;
+
+		--verbose)
+			_VERBOSE="true"
+			;;
+
+		-v|--version)
+			echo "${VERSION}"
+			exit 0
+			;;
+
+		*)
+			Echo_error "Internal error: Unknown common option '%s'" "${1}"
+			exit 1
+			;;
+	esac
+}

functions/breakpoints.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,7 +11,7 @@
 
 Breakpoint ()
 {
-	NAME="${1}"
+	local NAME="${1}"
 
 	if [ "${_BREAKPOINTS}" = "true" ]
 	then

functions/cache.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -8,30 +9,30 @@
 ## under certain conditions; see COPYING for details.
 
 
-Restore_cache ()
+Restore_package_cache ()
 {
-	DIRECTORY="${1}"
+	local DIRECTORY="cache/packages.${1}"
 
 	if [ "${LB_CACHE}" = "true" ] && [ "${LB_CACHE_PACKAGES}" = "true" ]
 	then
 		if [ -e "${DIRECTORY}" ]
 		then
 			# Restore old cache
-			if [ "$(stat --printf %d ${DIRECTORY})" = "$(stat --printf %d chroot/var/cache/apt/archives)" ]
+			if [ "$(stat --printf %d ${DIRECTORY}/)" = "$(stat --printf %d chroot/var/cache/apt/archives/)" ]
 			then
 				# with hardlinks
-				find "${DIRECTORY}" -name "*.deb" | xargs cp -fl -t chroot/var/cache/apt/archives
+				find "${DIRECTORY}" -name "*.deb" -print0 | xargs -0 --no-run-if-empty cp -fl -t chroot/var/cache/apt/archives
 			else
 				# without hardlinks
-				find "${DIRECTORY}" -name "*.deb" | xargs cp -t chroot/var/cache/apt/archives
+				find "${DIRECTORY}" -name "*.deb" -print0 | xargs -0 --no-run-if-empty cp -t chroot/var/cache/apt/archives
 			fi
 		fi
 	fi
 }
 
-Save_cache ()
+Save_package_cache ()
 {
-	DIRECTORY="${1}"
+	local DIRECTORY="cache/packages.${1}"
 
 	if [ "${LB_CACHE}" = "true" ] && [ "${LB_CACHE_PACKAGES}" = "true" ]
 	then
@@ -46,6 +47,7 @@ Save_cache ()
 			mkdir -p "${DIRECTORY}"
 
 			# Saving new cache
+			local PACKAGE
 			for PACKAGE in chroot/var/cache/apt/archives/*.deb
 			do
 				if [ -e "${DIRECTORY}"/"$(basename ${PACKAGE})" ]

functions/chroot.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,14 +11,16 @@
 
 Chroot ()
 {
-	CHROOT="${1}"; shift
-	COMMANDS="${@}"
+	local CHROOT="${1}"; shift
+	local COMMANDS
+	COMMANDS="${@}" #must be on separate line to 'local' declaration to avoid error
 
 	# Executing commands in chroot
 	Echo_debug "Executing: %s" "${COMMANDS}"
 
-	ENV=""
+	local ENV=""
 
+	local _FILE
 	for _FILE in config/environment config/environment.chroot
 	do
 		if [ -e "${_FILE}" ]
@@ -26,7 +29,44 @@ Chroot ()
 		fi
 	done
 
-	${_LINUX32} chroot "${CHROOT}" /usr/bin/env -i HOME="/root" PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" TERM="${TERM}" DEBIAN_FRONTEND="${LB_DEBCONF_FRONTEND}" DEBIAN_PRIORITY="${LB_DEBCONF_PRIORITY}" DEBCONF_NONINTERACTIVE_SEEN="true" DEBCONF_NOWARNINGS="true" ${ENV} ${COMMANDS}
+	${_LINUX32} chroot "${CHROOT}" /usr/bin/env -i HOME="/root" PATH="/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" TERM="${TERM}" DEBIAN_FRONTEND="${LB_DEBCONF_FRONTEND}" DEBIAN_PRIORITY="${LB_DEBCONF_PRIORITY}" DEBCONF_NONINTERACTIVE_SEEN="true" DEBCONF_NOWARNINGS="true" SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH} http_proxy=${http_proxy} no_proxy=${no_proxy} ${ENV} ${COMMANDS}
 
-	return "${?}"
+	return ${?}
+}
+
+Chroot_has_package() {
+	local PACKAGE="${1}"; shift
+	local CHROOT="${2:-chroot}"; shift
+
+	if dpkg-query --admindir=${CHROOT}/var/lib/dpkg -s ${PACKAGE} >/dev/null 2>&1 | grep -q "^Status: install"
+	then
+		return 0
+	fi
+	return 1
+}
+
+Chroot_package_list() {
+	local CHROOT="${1:-chroot}"; shift
+
+	dpkg-query --admindir=${CHROOT}/var/lib/dpkg -W -f'${Package}\n'
+}
+
+Chroot_copy_dir() {
+	local DIR="${1}"
+	local NAME="${2:-$(basename ${DIR})}"
+
+	Check_installed host /usr/bin/rsync rsync
+	if [ "${INSTALL_STATUS}" -eq "0" ]
+	then
+		Echo_message "Copying ${NAME} into chroot using rsync..."
+		rsync -Klrv --chown=0:0 "${DIR}" chroot/
+	else
+		cd "${DIR}"
+		Echo_message "Creating a tarball with files from ${NAME}..."
+		tar cf "${OLDPWD}"/chroot/"${NAME}".tar .
+		cd "${OLDPWD}"
+		Echo_message "Extracting the tarball in the chroot..."
+		Chroot chroot "tar -xvf ${NAME}.tar --no-same-owner --keep-directory-symlink --overwrite"
+		rm chroot/"${NAME}".tar
+	fi
 }

functions/chroot_bind_path.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,6 +11,9 @@
 
 Chroot_bind_path ()
 {
+	local CHROOT
+	local BIND_SRC
+	local BIND_DEST
 	CHROOT="$(readlink -f ${1})"
 	BIND_SRC="$(readlink -f ${2})"
 
@@ -26,6 +30,9 @@ Chroot_bind_path ()
 
 Chroot_unbind_path ()
 {
+	local CHROOT
+	local BIND_SRC
+	local BIND_DEST
 	CHROOT="$(readlink -f ${1})"
 	BIND_SRC="$(readlink -f ${2})"
 

functions/color.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,6 +11,7 @@
 
 NO_COLOR="\033[0m"
 
+BOLD="\033[1m"
 UNDERSCORE="\033[4m"
 BLINK="\033[5m"
 

functions/common.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -8,11 +9,30 @@
 ## under certain conditions; see COPYING for details.
 
 
-PROGRAM="live-build"
-VERSION="$(if [ -e ${LIVE_BUILD}/VERSION ]; then cat ${LIVE_BUILD}/VERSION; else cat /usr/share/live/build/VERSION; fi)"
-CONFIG_VERSION="$(echo ${VERSION} | awk -F- '{ print $1 }')"
+PROGRAM_NAME="live-build"
+FRONTEND="lb"
+PROGRAM="${FRONTEND} $(basename "${0}")"
+VERSION=""
+# Find the version:
+#  1) For development versions, the git hash with date
+#  2) For distributed source code, the version from the changelog
+#  3) For installed versions, the version from the file VERSION
+if [ ! -z "${LIVE_BUILD}" -a "$(command -v git)" -a -e ${LIVE_BUILD}/.git ]; then
+	VERSION="$(cd ${LIVE_BUILD}; git log -n 1 --pretty=format:%H_%aI)"
+	# If a local modification is made or there are staged commits, add 'mod'
+	# See https://stackoverflow.com/questions/2657935/checking-for-a-dirty-index-or-untracked-files-with-git
+	if ! $(cd ${LIVE_BUILD}; git diff-index --quiet HEAD --ignore-submodules --); then
+		VERSION="${VERSION}_mod"
+	fi
+fi
+if [ -z "${VERSION}" -a ! -z "${LIVE_BUILD}" -a -e ${LIVE_BUILD}/debian/changelog ]; then
+	# Remove the epoch
+	VERSION="$(dpkg-parsechangelog -S Version | sed -e 's/^[0-9]://')"
+fi
+if [ -z "${VERSION}" ]; then
+	VERSION="$(cat /usr/share/live/build/VERSION)"
+fi
 
-# FIXME
-LIVE_BUILD_VERSION="${CONFIG_VERSION}"
+LIVE_BUILD_VERSION="${VERSION}"
 
 PATH="${PWD}/local/bin:${PATH}"

functions/compatibility.sh

@@ -0,0 +1,30 @@
+#!/bin/sh
+
+## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
+## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
+##
+## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
+## This is free software, and you are welcome to redistribute it
+## under certain conditions; see COPYING for details.
+
+# We've added the option to also include files before packages renamed the old directory.
+# This function auto detects which version should be used.
+select_includes_chroot(){
+    local OLD_DIR="includes.chroot"
+    local NEW_DIR="includes.chroot_after_packages"
+
+    if Find_files "config/${NEW_DIR}/" && Find_files "config/${OLD_DIR}/"
+    then
+        Echo_error "You have files in ${OLD_DIR} and ${NEW_DIR}. Only one directory is allowed."
+        exit 1
+    fi
+
+    if Find_files "config/${NEW_DIR}/"
+    then
+        echo -n "${NEW_DIR}"
+    elif Find_files "config/${OLD_DIR}/"
+    then
+        echo -n "${OLD_DIR}"
+    fi
+}

functions/conffile.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -8,18 +9,24 @@
 ## under certain conditions; see COPYING for details.
 
 
+Common_conffiles ()
+{
+	echo "config/all config/common config/bootstrap config/chroot config/binary config/source"
+}
+
 Get_conffiles ()
 {
+	local FILES
 	if [ -n "${LB_CONFIG}" ]
 	then
 		FILES="${LB_CONFIG}"
 	else
-		for FILE in ${@}
-		do
-			FILES="${FILES} ${FILE} ${FILE}.${LB_ARCHITECTURES} ${FILE}.${DISTRIBUTION}"
-			FILES="${FILES} config/$(echo ${PROGRAM} | sed -e 's|^lb_||')"
-			FILES="${FILES} config/$(echo ${PROGRAM} | sed -e 's|^lb_||').${ARCHITECTURE}"
-			FILES="${FILES} config/$(echo ${PROGRAM} | sed -e 's|^lb_||').${DISTRIBUTION}"
+		# List standard files first, then possible user arch/dist overrides
+		FILES="${@}"
+		local FILE
+		for FILE in "${@}"; do
+			FILES="${FILES} ${LB_ARCHITECTURE:+$FILE.$LB_ARCHITECTURE}"
+			FILES="${FILES} ${LB_DISTRIBUTION:+$FILE.$LB_DISTRIBUTION}"
 		done
 	fi
 
@@ -28,6 +35,7 @@ Get_conffiles ()
 
 Read_conffiles ()
 {
+	local CONFFILE
 	for CONFFILE in $(Get_conffiles "${@}")
 	do
 		if [ -f "${CONFFILE}" ]
@@ -45,6 +53,7 @@ Read_conffiles ()
 
 Print_conffiles ()
 {
+	local CONFFILE
 	for CONFFILE in $(Get_conffiles "${@}")
 	do
 		if [ -f "${CONFFILE}" ]

functions/configuration.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -8,31 +9,928 @@
 ## under certain conditions; see COPYING for details.
 
 
-Get_configuration ()
+# Prepare config for use, filling in defaults where no value provided for instance
+#
+# This function should avoid performing validation checks and failing from invalid values.
+# Validation should be done through `Validate_config()`.
+Prepare_config ()
 {
-	_CONFIGURATION_FILE="${1}"
-	_FIELD_NAME="${2}"
+	# Colouring is re-evaluated here just incase a hard coded override was given in the saved config
+	case "${_COLOR}" in
+		true)
+			_COLOR_OUT="true"
+			_COLOR_ERR="true"
+			;;
+		false)
+			_COLOR_OUT="false"
+			_COLOR_ERR="false"
+			;;
+		auto)
+			;;
+	esac
+	_BREAKPOINTS="${_BREAKPOINTS:-false}"
+	_DEBUG="${_DEBUG:-false}"
+	_FORCE="${_FORCE:-false}"
+	_QUIET="${_QUIET:-false}"
+	_VERBOSE="${_VERBOSE:-false}"
 
-	if [ -e "${_CONFIGURATION_FILE}" ]
-	then
-		_FIELD_BODY="$(grep ^${_FIELD_NAME}: ${_CONFIGURATION_FILE} | awk '{ $1=""; print $0 }' | sed -e 's|^ ||')"
+	export LB_CONFIGURATION_VERSION="${LB_CONFIGURATION_VERSION:-${LIVE_BUILD_VERSION}}"
+	export LIVE_CONFIGURATION_VERSION="${LB_CONFIGURATION_VERSION}" #for backwards compatibility with hooks
+
+	LB_SYSTEM="${LB_SYSTEM:-live}"
+
+	LB_MODE="${LB_MODE:-debian}"
+	LB_DERIVATIVE="false"
+	LB_DISTRIBUTION="${LB_DISTRIBUTION:-testing}"
+	LB_DISTRIBUTION_CHROOT="${LB_DISTRIBUTION_CHROOT:-${LB_DISTRIBUTION}}"
+	LB_DISTRIBUTION_BINARY="${LB_DISTRIBUTION_BINARY:-${LB_DISTRIBUTION_CHROOT}}"
+
+	# Do a reproducible build, i.e. is SOURCE_DATE_EPOCH already set?
+	_REPRODUCIBLE="${SOURCE_DATE_EPOCH:-false}"
+	if [ "${_REPRODUCIBLE}" != "false" ]; then
+		_REPRODUCIBLE=true
 	fi
+	# For a reproducible build, use UTC per default, otherwise the local time
+	_UTC_TIME_DEFAULT=${_REPRODUCIBLE}
 
-	echo ${_FIELD_BODY}
-}
+	# The current time: for a unified timestamp throughout the building process
+ 	export SOURCE_DATE_EPOCH="${SOURCE_DATE_EPOCH:-$(date '+%s')}"
 
-Set_configuration ()
-{
-	_CONFIGURATION_FILE="${1}"
-	_FIELD_NAME="${2}"
-	_FIELD_BODY="${3}"
-
-	if grep -qs "^${_FIELD_NAME}:" "${_CONFIGURATION_FILE}"
-	then
-		# Update configuration
-		sed -i -e "s|^${_FIELD_NAME}:.*$|${_FIELD_NAME}: ${_FIELD_BODY}|" "${_CONFIGURATION_FILE}"
+	LB_UTC_TIME="${LB_UTC_TIME:-${_UTC_TIME_DEFAULT}}"
+	# Set UTC option for use with `date` where applicable
+	if [ "${LB_UTC_TIME}" = "true" ]; then
+		DATE_UTC_OPTION="--utc"
 	else
-		# Append configuration
-		echo "${_FIELD_NAME}: ${_FIELD_BODY}" >> "${_CONFIGURATION_FILE}"
+		DATE_UTC_OPTION=""
+	fi
+
+	export LB_IMAGE_NAME="${LB_IMAGE_NAME:-live-image}"
+	export LB_IMAGE_TYPE="${LB_IMAGE_TYPE:-iso-hybrid}"
+	#for backwards compatibility with hooks
+	export LIVE_IMAGE_NAME="${LB_IMAGE_NAME}"
+	export LIVE_IMAGE_TYPE="${LB_IMAGE_TYPE}"
+
+	if [ -z "${LB_ARCHITECTURE}" ]; then
+		if command -v dpkg >/dev/null; then
+			LB_ARCHITECTURE="$(dpkg --print-architecture)"
+		else
+			case "$(uname -m)" in
+				x86_64)
+					LB_ARCHITECTURE="amd64"
+					;;
+
+				i?86)
+					LB_ARCHITECTURE="i386"
+					;;
+
+				*)
+					Echo_error "Unable to determine current architecture"
+					exit 1
+					;;
+			esac
+		fi
+	fi
+	export LB_ARCHITECTURE
+	# For backwards compat with custom hooks and conditional includes
+	export LB_ARCHITECTURES="${LB_ARCHITECTURE}"
+
+	LB_ARCHIVE_AREAS="${LB_ARCHIVE_AREAS:-main}"
+	LB_PARENT_ARCHIVE_AREAS="${LB_PARENT_ARCHIVE_AREAS:-${LB_ARCHIVE_AREAS}}"
+	export LB_ARCHIVE_AREAS="$(echo "${LB_ARCHIVE_AREAS}" | tr "," " ")"
+	export LB_PARENT_ARCHIVE_AREAS="$(echo "${LB_PARENT_ARCHIVE_AREAS}" | tr "," " ")"
+
+	LB_BACKPORTS="${LB_BACKPORTS:-false}"
+	if [ -n "$LB_PARENT_DISTRIBUTION" ]; then
+		LB_PARENT_DISTRIBUTION_CHROOT="${LB_PARENT_DISTRIBUTION_CHROOT:-${LB_PARENT_DISTRIBUTION}}"
+		LB_PARENT_DISTRIBUTION_BINARY="${LB_PARENT_DISTRIBUTION_BINARY:-${LB_PARENT_DISTRIBUTION}}"
+		LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION="${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION:-${LB_PARENT_DISTRIBUTION}}"
+	else
+		LB_PARENT_DISTRIBUTION_CHROOT="${LB_PARENT_DISTRIBUTION_CHROOT:-${LB_DISTRIBUTION_CHROOT}}"
+		LB_PARENT_DISTRIBUTION_BINARY="${LB_PARENT_DISTRIBUTION_BINARY:-${LB_DISTRIBUTION_BINARY}}"
+		LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION="${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION:-${LB_DEBIAN_INSTALLER_DISTRIBUTION}}"
+	fi
+
+	LB_APT="${LB_APT:-apt}"
+	LB_APT_HTTP_PROXY="${LB_APT_HTTP_PROXY}"
+	LB_APT_RECOMMENDS="${LB_APT_RECOMMENDS:-true}"
+	LB_APT_SECURE="${LB_APT_SECURE:-true}"
+	LB_APT_SOURCE_ARCHIVES="${LB_APT_SOURCE_ARCHIVES:-true}"
+	LB_APT_INDICES="${LB_APT_INDICES:-true}"
+
+	APT_OPTIONS="${APT_OPTIONS:---yes -o Acquire::Retries=5}"
+	APTITUDE_OPTIONS="${APTITUDE_OPTIONS:---assume-yes -o Acquire::Retries=5}"
+
+	BZIP2_OPTIONS="${BZIP2_OPTIONS:--6}"
+	GZIP_OPTIONS="${GZIP_OPTIONS:--6}"
+	LZIP_OPTIONS="${LZIP_OPTIONS:--6}"
+	LZMA_OPTIONS="${LZMA_OPTIONS:--6}"
+	XZ_OPTIONS="${XZ_OPTIONS:--6}"
+
+	if gzip --help | grep -qs "\-\-rsyncable"
+	then
+		GZIP_OPTIONS="$(echo ${GZIP_OPTIONS} | sed -E -e 's|[ ]?--rsyncable||') --rsyncable"
+	fi
+
+	LB_CACHE="${LB_CACHE:-true}"
+	if [ "${LB_CACHE}" = "false" ]
+	then
+		LB_CACHE_INDICES="false"
+		LB_CACHE_PACKAGES="false"
+		LB_CACHE_STAGES="bootstrap" #bootstrap caching currently required for process to work
+	else
+		LB_CACHE_INDICES="${LB_CACHE_INDICES:-false}"
+		LB_CACHE_PACKAGES="${LB_CACHE_PACKAGES:-true}"
+		LB_CACHE_STAGES="${LB_CACHE_STAGES:-bootstrap}"
+	fi
+	LB_CACHE_STAGES="$(echo "${LB_CACHE_STAGES}" | tr "," " ")"
+
+	LB_DEBCONF_FRONTEND="${LB_DEBCONF_FRONTEND:-noninteractive}"
+	LB_DEBCONF_PRIORITY="${LB_DEBCONF_PRIORITY:-critical}"
+
+	case "${LB_SYSTEM}" in
+		live)
+			LB_INITRAMFS="${LB_INITRAMFS:-live-boot}"
+			;;
+
+		normal)
+			LB_INITRAMFS="${LB_INITRAMFS:-none}"
+			;;
+	esac
+
+	LB_INITRAMFS_COMPRESSION="${LB_INITRAMFS_COMPRESSION:-gzip}"
+
+	case "${LB_SYSTEM}" in
+		live)
+			LB_INITSYSTEM="${LB_INITSYSTEM:-systemd}"
+			;;
+
+		normal)
+			LB_INITSYSTEM="${LB_INITSYSTEM:-none}"
+			;;
+	esac
+
+	if [ "${LB_ARCHITECTURE}" = "i386" ] && [ "${CURRENT_IMAGE_ARCHITECTURE}" = "amd64" ]
+	then
+		# Use linux32 when building amd64 images on i386
+		_LINUX32="linux32"
+	else
+		_LINUX32=""
+	fi
+
+	# Mirrors:
+	# *_MIRROR_BOOTSTRAP: to fetch packages from
+	# *_MIRROR_CHROOT: to fetch packages from
+	# *_MIRROR_CHROOT_SECURITY: security mirror to fetch packages from
+	# *_MIRROR_BINARY: mirror which ends up in the image
+	# *_MIRROR_BINARY_SECURITY: security mirror which ends up in the image
+	# *_MIRROR_DEBIAN_INSTALLER: to fetch installer from
+	if [ "${LB_MODE}" = "debian" ]; then
+		LB_MIRROR_BOOTSTRAP="${LB_MIRROR_BOOTSTRAP:-http://deb.debian.org/debian/}"
+		LB_PARENT_MIRROR_BOOTSTRAP="${LB_PARENT_MIRROR_BOOTSTRAP:-${LB_MIRROR_BOOTSTRAP}}"
+	fi
+	LB_MIRROR_CHROOT="${LB_MIRROR_CHROOT:-${LB_MIRROR_BOOTSTRAP}}"
+	LB_PARENT_MIRROR_CHROOT="${LB_PARENT_MIRROR_CHROOT:-${LB_PARENT_MIRROR_BOOTSTRAP}}"
+	if [ "${LB_MODE}" = "debian" ]; then
+		LB_MIRROR_CHROOT_SECURITY="${LB_MIRROR_CHROOT_SECURITY:-http://security.debian.org/}"
+		LB_PARENT_MIRROR_CHROOT_SECURITY="${LB_PARENT_MIRROR_CHROOT_SECURITY:-${LB_MIRROR_CHROOT_SECURITY}}"
+
+		LB_MIRROR_BINARY="${LB_MIRROR_BINARY:-http://deb.debian.org/debian/}"
+		LB_PARENT_MIRROR_BINARY="${LB_PARENT_MIRROR_BINARY:-${LB_MIRROR_BINARY}}"
+
+		LB_MIRROR_BINARY_SECURITY="${LB_MIRROR_BINARY_SECURITY:-http://security.debian.org/}"
+		LB_PARENT_MIRROR_BINARY_SECURITY="${LB_PARENT_MIRROR_BINARY_SECURITY:-${LB_MIRROR_BINARY_SECURITY}}"
+	fi
+	LB_MIRROR_DEBIAN_INSTALLER="${LB_MIRROR_DEBIAN_INSTALLER:-${LB_MIRROR_CHROOT}}"
+	LB_PARENT_MIRROR_DEBIAN_INSTALLER="${LB_PARENT_MIRROR_DEBIAN_INSTALLER:-${LB_PARENT_MIRROR_CHROOT}}"
+
+	LB_CHROOT_FILESYSTEM="${LB_CHROOT_FILESYSTEM:-squashfs}"
+
+	LB_UNION_FILESYSTEM="${LB_UNION_FILESYSTEM:-overlay}"
+
+	LB_INTERACTIVE="${LB_INTERACTIVE:-false}"
+
+	LB_KEYRING_PACKAGES="${LB_KEYRING_PACKAGES:-debian-archive-keyring}"
+
+	# first, handle existing LB_LINUX_FLAVOURS for backwards compatibility
+	if [ -n "${LB_LINUX_FLAVOURS}" ]; then
+		LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS}"
+	fi
+	case "${LB_ARCHITECTURE}" in
+		arm64)
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-arm64}"
+			;;
+
+		armel)
+			# armel will have special images: one rootfs image and many additional kernel images.
+			# therefore we default to all available armel flavours
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-marvell}"
+			;;
+
+		armhf)
+			# armhf will have special images: one rootfs image and many additional kernel images.
+			# therefore we default to all available armhf flavours
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-armmp armmp-lpae}"
+			;;
+
+		amd64)
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-amd64}"
+			;;
+
+		i386)
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-686-pae}"
+			;;
+
+		ia64)
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-itanium}"
+			;;
+
+		powerpc)
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-powerpc64 powerpc}"
+			;;
+
+		ppc64el)
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-powerpc64le}"
+			;;
+
+		riscv64)
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-riscv64}"
+			;;
+
+		s390x)
+			LB_LINUX_FLAVOURS_WITH_ARCH="${LB_LINUX_FLAVOURS_WITH_ARCH:-s390x}"
+			;;
+
+		*)
+			Echo_error "Architecture(s) ${LB_ARCHITECTURE} not yet supported (FIXME)"
+			exit 1
+			;;
+	esac
+
+	LB_LINUX_FLAVOURS=""
+	for FLAVOUR in ${LB_LINUX_FLAVOURS_WITH_ARCH}
+	do
+		ARCH_FILTERED_FLAVOUR="$(echo ${FLAVOUR} | awk -F':' '{print $1}')"
+		LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:+$LB_LINUX_FLAVOURS }${ARCH_FILTERED_FLAVOUR}"
+	done
+
+	LB_LINUX_PACKAGES="${LB_LINUX_PACKAGES:-linux-image}"
+
+	LB_BINARY_FILESYSTEM="${LB_BINARY_FILESYSTEM:-fat32}"
+
+	case "${LB_PARENT_DISTRIBUTION_BINARY}" in
+		sid|unstable)
+			LB_SECURITY="${LB_SECURITY:-false}"
+			LB_UPDATES="${LB_UPDATES:-false}"
+			LB_PROPOSED_UPDATES="${LB_PROPOSED_UPDATES:-false}"
+			;;
+
+		*)
+			LB_SECURITY="${LB_SECURITY:-true}"
+			LB_UPDATES="${LB_UPDATES:-true}"
+			LB_PROPOSED_UPDATES="${LB_PROPOSED_UPDATES:-false}"
+			;;
+	esac
+
+	case "${LB_ARCHITECTURE}" in
+		amd64|i386)
+			LB_IMAGE_TYPE="${LB_IMAGE_TYPE:-iso-hybrid}"
+			;;
+
+		*)
+			LB_IMAGE_TYPE="${LB_IMAGE_TYPE:-iso}"
+			;;
+	esac
+
+	case "${LB_ARCHITECTURE}" in
+		amd64|i386)
+			if [ "${LB_INITRAMFS}" = "dracut-live" ]; then
+				LB_BOOTLOADER_BIOS="${LB_BOOTLOADER_BIOS:-grub-pc}"
+			else
+				LB_BOOTLOADER_BIOS="${LB_BOOTLOADER_BIOS:-syslinux}"
+			fi
+			if ! In_list "${LB_IMAGE_TYPE}" hdd netboot; then
+				LB_BOOTLOADER_EFI="${LB_BOOTLOADER_EFI:-grub-efi}"
+			fi
+			;;
+		arm64)
+			if ! In_list "${LB_IMAGE_TYPE}" hdd netboot; then
+				LB_BOOTLOADER_EFI="${LB_BOOTLOADER_EFI:-grub-efi}"
+			fi
+			;;
+	esac
+	# Command line option combines BIOS and EFI selection in one.
+	# Also, need to support old config files that held `LB_BOOTLOADERS`.
+	# Note that this function does not perform validation, so none is done here.
+	if [ -n "${LB_BOOTLOADERS}" ]; then
+		LB_BOOTLOADERS="$(echo "${LB_BOOTLOADERS}" | tr "," " ")"
+		unset LB_BOOTLOADER_BIOS
+		unset LB_BOOTLOADER_EFI
+		local BOOTLOADER
+		for BOOTLOADER in $LB_BOOTLOADERS; do
+			case "${BOOTLOADER}" in
+				grub-legacy|grub-pc|syslinux)
+					LB_BOOTLOADER_BIOS="${BOOTLOADER}"
+					;;
+				grub-efi)
+					LB_BOOTLOADER_EFI="${BOOTLOADER}"
+					;;
+			esac
+		done
+	fi
+
+	LB_CHECKSUMS="${LB_CHECKSUMS:-sha256}"
+
+	LB_COMPRESSION="${LB_COMPRESSION:-none}"
+
+	LB_ZSYNC="${LB_ZSYNC:-false}"
+
+	LB_BUILD_WITH_CHROOT="${LB_BUILD_WITH_CHROOT:-true}"
+
+	LB_BUILD_WITH_TMPFS="${LB_BUILD_WITH_TMPFS:-false}"
+
+	LB_DEBIAN_INSTALLER="${LB_DEBIAN_INSTALLER:-none}"
+	if [ "${LB_DEBIAN_INSTALLER}" = "false" ]
+	then
+		LB_DEBIAN_INSTALLER="none"
+		Echo_warning "A value of 'false' for option LB_DEBIAN_INSTALLER is deprecated, please use 'none' in future."
+	fi
+	if [ "${LB_DEBIAN_INSTALLER}" = "true" ]
+	then
+		LB_DEBIAN_INSTALLER="netinst"
+		Echo_warning "A value of 'true' for option LB_DEBIAN_INSTALLER is deprecated, please use 'netinst' in future."
+	fi
+
+	# cdrom-checker in d-i requires a md5 checksum file
+	if [ "${LB_DEBIAN_INSTALLER}" != "none" ]
+	then
+		if [ "${LB_CHECKSUMS}" = "none" ]
+		then
+			LB_CHECKSUMS="md5"
+		else
+			if ! In_list md5 ${LB_CHECKSUMS}; then
+				LB_CHECKSUMS=${LB_CHECKSUMS}" md5"
+			fi
+		fi
+	fi
+
+	LB_DEBIAN_INSTALLER_DISTRIBUTION="${LB_DEBIAN_INSTALLER_DISTRIBUTION:-${LB_DISTRIBUTION}}"
+	LB_DEBIAN_INSTALLER_GUI="${LB_DEBIAN_INSTALLER_GUI:-true}"
+
+	if [ -z "${LB_DEBIAN_INSTALLER_PRESEEDFILE}" ]
+	then
+		if Find_files config/debian-installer/preseed.cfg
+		then
+			LB_DEBIAN_INSTALLER_PRESEEDFILE="/preseed.cfg"
+		fi
+
+		if Find_files config/debian-installer/*.cfg && [ ! -e config/debian-installer/preseed.cfg ]
+		then
+			Echo_warning "You have placed some preseeding files into config/debian-installer but you didn't specify the default preseeding file through LB_DEBIAN_INSTALLER_PRESEEDFILE. This means that debian-installer will not take up a preseeding file by default."
+		fi
+	fi
+
+	LB_ISO_APPLICATION="${LB_ISO_APPLICATION:-Debian Live}"
+	LB_ISO_PREPARER="${LB_ISO_PREPARER:-live-build @LB_VERSION@; https://salsa.debian.org/live-team/live-build}"
+	LB_ISO_PUBLISHER="${LB_ISO_PUBLISHER:-Debian Live project; https://wiki.debian.org/DebianLive; debian-live@lists.debian.org}"
+	# The string @ISOVOLUME_TS@ must have the same length as the output of `date +%Y%m%d-%H:%M`
+	LB_ISO_VOLUME="${LB_ISO_VOLUME:-Debian ${LB_DISTRIBUTION} @ISOVOLUME_TS@}"
+
+	case "${LB_INITRAMFS}" in
+		live-boot)
+			LB_BOOTAPPEND_LIVE="${LB_BOOTAPPEND_LIVE:-boot=live components quiet splash}"
+			LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-boot=live components memtest noapic noapm nodma nomce nosmp nosplash vga=788}"
+			;;
+
+		dracut-live)
+			# Replace all spaces with underscore for the CD label
+			LB_ISO_VOLUME="$(echo "${LB_ISO_VOLUME}" | tr " " "_")"
+			LB_BOOTAPPEND_LIVE="${LB_BOOTAPPEND_LIVE:-boot=live components quiet splash rd.live.image root=live:CDLABEL=${LB_ISO_VOLUME} rd.live.dir=live rd.live.squashimg=filesystem.squashfs}"
+			LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-boot=live components memtest noapic noapm nodma nomce nosmp nosplash vga=788 rd.live.image root=live:CDLABEL=${LB_ISO_VOLUME} rd.live.dir=live rd.live.squashimg=filesystem.squashfs}"
+			;;
+
+		none)
+			LB_BOOTAPPEND_LIVE="${LB_BOOTAPPEND_LIVE:-quiet splash}"
+			LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-memtest noapic noapm nodma nomce nosmp nosplash vga=788}"
+			;;
+	esac
+
+	local _LB_BOOTAPPEND_PRESEED
+	if [ -n "${LB_DEBIAN_INSTALLER_PRESEEDFILE}" ]
+	then
+		case "${LB_IMAGE_TYPE}" in
+			iso|iso-hybrid)
+				_LB_BOOTAPPEND_PRESEED="file=/cdrom/install/${LB_DEBIAN_INSTALLER_PRESEEDFILE}"
+				;;
+
+			hdd)
+				_LB_BOOTAPPEND_PRESEED="file=/hd-media/install/${LB_DEBIAN_INSTALLER_PRESEEDFILE}"
+				;;
+
+			netboot)
+				case "${LB_DEBIAN_INSTALLER_PRESEEDFILE}" in
+					*://*)
+						_LB_BOOTAPPEND_PRESEED="file=${LB_DEBIAN_INSTALLER_PRESEEDFILE}"
+						;;
+
+					*)
+						_LB_BOOTAPPEND_PRESEED="file=/${LB_DEBIAN_INSTALLER_PRESEEDFILE}"
+						;;
+				esac
+				;;
+
+			tar)
+				;;
+		esac
+	fi
+
+	if [ -n ${_LB_BOOTAPPEND_PRESEED} ]
+	then
+		LB_BOOTAPPEND_INSTALL="${LB_BOOTAPPEND_INSTALL} ${_LB_BOOTAPPEND_PRESEED}"
+	fi
+
+	LB_BOOTAPPEND_INSTALL="$(echo ${LB_BOOTAPPEND_INSTALL} | sed -e 's/[ \t]*$//')"
+
+	LB_HDD_LABEL="${LB_HDD_LABEL:-DEBIAN_LIVE}"
+	LB_HDD_SIZE="${LB_HDD_SIZE:-auto}"
+
+	LB_MEMTEST="${LB_MEMTEST:-none}"
+	if [ "${LB_MEMTEST}" = "false" ]; then
+		LB_MEMTEST="none"
+		Echo_warning "A value of 'false' for option LB_MEMTEST is deprecated, please use 'none' in future."
+	fi
+
+	case "${LB_ARCHITECTURE}" in
+		amd64|i386)
+			if [ "${LB_DEBIAN_INSTALLER}" != "none" ]; then
+				LB_LOADLIN="${LB_LOADLIN:-true}"
+			else
+				LB_LOADLIN="${LB_LOADLIN:-false}"
+			fi
+			;;
+
+		*)
+			LB_LOADLIN="${LB_LOADLIN:-false}"
+			;;
+	esac
+
+	LB_WIN32_LOADER="${LB_WIN32_LOADER:-false}"
+
+	LB_NET_TARBALL="${LB_NET_TARBALL:-true}"
+
+	LB_ONIE="${LB_ONIE:-false}"
+	LB_ONIE_KERNEL_CMDLINE="${LB_ONIE_KERNEL_CMDLINE:-}"
+
+	LB_FIRMWARE_CHROOT="${LB_FIRMWARE_CHROOT:-true}"
+	LB_FIRMWARE_BINARY="${LB_FIRMWARE_BINARY:-true}"
+
+	LB_SWAP_FILE_SIZE="${LB_SWAP_FILE_SIZE:-512}"
+
+	LB_UEFI_SECURE_BOOT="${LB_UEFI_SECURE_BOOT:-auto}"
+
+	LB_SOURCE="${LB_SOURCE:-false}"
+	LB_SOURCE_IMAGES="${LB_SOURCE_IMAGES:-tar}"
+	LB_SOURCE_IMAGES="$(echo "${LB_SOURCE_IMAGES}" | tr "," " ")"
+
+	# Foreign/port bootstrapping
+	if [ -n "${LB_BOOTSTRAP_QEMU_ARCHITECTURES}" ]; then
+		LB_BOOTSTRAP_QEMU_ARCHITECTURE="${LB_BOOTSTRAP_QEMU_ARCHITECTURES}"
+		unset LB_BOOTSTRAP_QEMU_ARCHITECTURES
+		Echo_warning "LB_BOOTSTRAP_QEMU_ARCHITECTURES was renamed to LB_BOOTSTRAP_QEMU_ARCHITECTURE, please update your config."
+	fi
+	LB_BOOTSTRAP_QEMU_ARCHITECTURE="${LB_BOOTSTRAP_QEMU_ARCHITECTURE:-}"
+	LB_BOOTSTRAP_QEMU_EXCLUDE="${LB_BOOTSTRAP_QEMU_EXCLUDE:-}"
+	LB_BOOTSTRAP_QEMU_STATIC="${LB_BOOTSTRAP_QEMU_STATIC:-}"
+}
+
+Validate_config ()
+{
+	Validate_config_permitted_values
+	Validate_config_dependencies
+}
+
+# Check values are individually permitted, including:
+#  - value in list of available values
+#  - string lengths within permitted ranges
+Validate_config_permitted_values ()
+{
+	if [ "${LB_APT_INDICES}" != "true" ] && [ "${LB_APT_INDICES}" != "false" ]; then
+		Echo_error "Value for LB_APT_INDICES (--apt-indices) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_APT_RECOMMENDS}" != "true" ] && [ "${LB_APT_RECOMMENDS}" != "false" ]; then
+		Echo_error "Value for LB_APT_RECOMMENDS (--apt-recommends) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_APT_SECURE}" != "true" ] && [ "${LB_APT_SECURE}" != "false" ]; then
+		Echo_error "Value for LB_APT_SECURE (--apt-secure) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_APT_SOURCE_ARCHIVES}" != "true" ] && [ "${LB_APT_SOURCE_ARCHIVES}" != "false" ]; then
+		Echo_error "Value for LB_APT_SOURCE_ARCHIVES (--apt-source-archives) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_BACKPORTS}" != "true" ] && [ "${LB_BACKPORTS}" != "false" ]; then
+		Echo_error "Value for LB_BACKPORTS (--backports) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_BUILD_WITH_CHROOT}" != "true" ] && [ "${LB_BUILD_WITH_CHROOT}" != "false" ]; then
+		Echo_error "Value for LB_BUILD_WITH_CHROOT (--build-with-chroot) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_CACHE}" != "true" ] && [ "${LB_CACHE}" != "false" ]; then
+		Echo_error "Value for LB_CACHE (--cache) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_CACHE_INDICES}" != "true" ] && [ "${LB_CACHE_INDICES}" != "false" ]; then
+		Echo_error "Value for LB_CACHE_INDICES (--cache-indices) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_CACHE_PACKAGES}" != "true" ] && [ "${LB_CACHE_PACKAGES}" != "false" ]; then
+		Echo_error "Value for LB_CACHE_PACKAGES (--cache-packages) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_DEBIAN_INSTALLER_GUI}" != "true" ] && [ "${LB_DEBIAN_INSTALLER_GUI}" != "false" ]; then
+		Echo_error "Value for LB_DEBIAN_INSTALLER_GUI (--debian-installer-gui) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_FIRMWARE_BINARY}" != "true" ] && [ "${LB_FIRMWARE_BINARY}" != "false" ]; then
+		Echo_error "Value for LB_FIRMWARE_BINARY (--firmware-binary) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_FIRMWARE_CHROOT}" != "true" ] && [ "${LB_FIRMWARE_CHROOT}" != "false" ]; then
+		Echo_error "Value for LB_FIRMWARE_CHROOT (--firmware-chroot) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_LOADLIN}" != "true" ] && [ "${LB_LOADLIN}" != "false" ]; then
+		Echo_error "Value for LB_LOADLIN (--loadlin) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_NET_TARBALL}" != "true" ] && [ "${LB_NET_TARBALL}" != "false" ]; then
+		Echo_error "Value for LB_NET_TARBALL (--net-tarball) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_ONIE}" != "true" ] && [ "${LB_ONIE}" != "false" ]; then
+		Echo_error "Value for LB_ONIE (--onie) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_PROPOSED_UPDATES}" != "true" ] && [ "${LB_PROPOSED_UPDATES}" != "false" ]; then
+		Echo_error "Value for LB_PROPOSED_UPDATES (--proposed-updates) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_SECURITY}" != "true" ] && [ "${LB_SECURITY}" != "false" ]; then
+		Echo_error "Value for LB_SECURITY (--security) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_SOURCE}" != "true" ] && [ "${LB_SOURCE}" != "false" ]; then
+		Echo_error "Value for LB_SOURCE (--source) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_UPDATES}" != "true" ] && [ "${LB_UPDATES}" != "false" ]; then
+		Echo_error "Value for LB_UPDATES (--updates) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_UTC_TIME}" != "true" ] && [ "${LB_UTC_TIME}" != "false" ]; then
+		Echo_error "Value for LB_UTC_TIME (--utc-time) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_WIN32_LOADER}" != "true" ] && [ "${LB_WIN32_LOADER}" != "false" ]; then
+		Echo_error "Value for LB_WIN32_LOADER (--win32-loader) can only be 'true' or 'false'!"
+		exit 1
+	fi
+	if [ "${LB_ZSYNC}" != "true" ] && [ "${LB_ZSYNC}" != "false" ]; then
+		Echo_error "Value for LB_ZSYNC (--zsync) can only be 'true' or 'false'!"
+		exit 1
+	fi
+
+	if ! In_list "${LB_APT}" apt apt-get aptitude; then
+		Echo_error "You have specified an invalid value for LB_APT (--apt)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_BINARY_FILESYSTEM}" fat16 fat32 ext2 ext3 ext4 ntfs; then
+		Echo_error "You have specified an invalid value for LB_BINARY_FILESYSTEM (--binary-filesystem)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_IMAGE_TYPE}" iso iso-hybrid hdd tar netboot; then
+		Echo_error "You have specified an invalid value for --binary-image."
+		exit 1
+	fi
+
+	if [ -z "${LB_BOOTLOADER_BIOS}" ] && [ -z "${LB_BOOTLOADER_EFI}" ]; then
+		Echo_warning "You have specified no bootloaders; I predict that you will experience some problems!"
+	fi
+	if [ -n "${LB_BOOTLOADER_BIOS}" ] && ! In_list "${LB_BOOTLOADER_BIOS}" grub-legacy grub-pc syslinux; then
+		Echo_error "You have specified an invalid BIOS bootloader."
+		exit 1
+	fi
+	if [ -n "${LB_BOOTLOADER_EFI}" ] && ! In_list "${LB_BOOTLOADER_EFI}" grub-efi; then
+		Echo_error "You have specified an invalid EFI bootloader."
+		exit 1
+	fi
+	if [ -n "${LB_BOOTLOADERS}" ]; then
+		local BOOTLOADER
+		local BOOTLOADERS_BIOS=0
+		local BOOTLOADERS_EFI=0
+		for BOOTLOADER in $LB_BOOTLOADERS; do
+			# Note, multiple instances of the same bootloader should be rejected,
+			# to avoid issues (e.g. in `binary_iso` bootloader handling).
+			case "${BOOTLOADER}" in
+				grub-legacy|grub-pc|syslinux)
+					BOOTLOADERS_BIOS=$(( $BOOTLOADERS_BIOS + 1 ))
+					;;
+				grub-efi)
+					BOOTLOADERS_EFI=$(( $BOOTLOADERS_EFI + 1 ))
+					;;
+				*)
+					Echo_error "The following is not a valid bootloader: '%s'" "${BOOTLOADER}"
+					exit 1
+					;;
+			esac
+		done
+		if [ $BOOTLOADERS_BIOS -ge 2 ]; then
+			Echo_error "Invalid bootloader selection. Multiple BIOS instances specified."
+			exit 1
+		fi
+		if [ $BOOTLOADERS_EFI -ge 2 ]; then
+			Echo_error "Invalid bootloader selection. Multiple EFI instances specified."
+			exit 1
+		fi
+		if [ $BOOTLOADERS_BIOS -eq 0 ] && [ $BOOTLOADERS_EFI -eq 0 ]; then
+			Echo_warning "You have specified no bootloaders; I predict that you will experience some problems!"
+		fi
+	fi
+
+	local CACHE_STAGE
+	for CACHE_STAGE in ${LB_CACHE_STAGES}; do
+		if ! In_list "${CACHE_STAGE}" bootstrap chroot rootfs; then
+			Echo_warning "The following is not a valid stage: '%s'" "${CACHE_STAGE}"
+		fi
+	done
+
+	local CHECKSUM
+	if [ "${LB_CHECKSUMS}" != "none" ]; then
+		for CHECKSUM in ${LB_CHECKSUMS}; do
+			if ! In_list "${CHECKSUM}" md5 sha1 sha224 sha256 sha384 sha512; then
+				Echo_error "You have specified an invalid value for LB_CHECKSUMS (--checksums): '%s'" "${CHECKSUM}"
+				exit 1
+			fi
+		done
+	fi
+
+	if ! In_list "${LB_CHROOT_FILESYSTEM}" ext2 ext3 ext4 squashfs jffs2 none plain; then
+		Echo_error "You have specified an invalid value for LB_CHROOT_FILESYSTEM (--chroot-filesystem)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_COMPRESSION}" bzip2 gzip lzip xz none; then
+		Echo_error "You have specified an invalid value for LB_COMPRESSION (--compression)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_DEBCONF_FRONTEND}" dialog editor noninteractive readline; then
+		Echo_error "You have specified an invalid value for LB_DEBCONF_FRONTEND (--debconf-frontend)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_DEBCONF_PRIORITY}" low medium high critical; then
+		Echo_error "You have specified an invalid value for LB_DEBCONF_PRIORITY (--debconf-priority)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_DEBIAN_INSTALLER}" cdrom netinst netboot businesscard live none; then
+		Echo_error "You have specified an invalid value for LB_DEBIAN_INSTALLER (--debian-installer)."
+		exit 1
+	fi
+
+	if echo ${LB_HDD_LABEL} | grep -qs ' '; then
+		Echo_error "Whitespace is not currently supported in HDD labels (LB_HDD_LABEL; --hdd-label)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_INITRAMFS}" none live-boot dracut-live; then
+		Echo_error "You have specified an invalid value for LB_INITRAMFS (--initramfs)."
+		exit 1
+	fi
+
+	if [ "${LB_INITRAMFS}" = "dracut-live" ]; then
+		if [ "${LB_DM_VERITY}"  = "true" ]; then
+			Echo_error "Currently unsupported/untested: dm_verity and dracut."
+			exit 1
+		fi
+		if [ "${LB_BOOTLOADER_BIOS}" = "grub-legacy" ]; then
+			Echo_error "Currently unsupported/untested: grub-legacy and dracut."
+			exit 1
+		fi
+		if [ "${LB_BOOTLOADER_BIOS}" = "syslinux" ]; then
+			Echo_error "Currently unsupported/untested: syslinux and dracut."
+			exit 1
+		fi
+		if ! In_list "${LB_IMAGE_TYPE}" iso iso-hybrid; then
+			# The boot=live:CDLABEL requires a CD medium
+			Echo_error "Currently unsupported/untested: image type ${LB_IMAGE_TYPE} and dracut."
+			exit 1
+		fi
+		if [ "${LB_INITRAMFS_COMPRESSION}" != "gzip" ]; then
+			Echo_error "Currently unsupported/untested: compression ${LB_INITRAMFS_COMPRESSION} and dracut."
+			exit 1
+		fi
+		if [ "${LB_CHROOT_FILESYSTEM}" != "squashfs" ]; then
+			Echo_error "Currently unsupported/untested: chroot filesystem ${LB_CHROOT_FILESYSTEM} and dracut."
+			exit 1
+		fi
+		if [ "${LB_INITSYSTEM}" != systemd ]; then
+			Echo_error "Currently unsupported/untested: init system ${LB_INITSYSTEM} and dracut."
+			exit 1
+		fi
+	fi
+
+	if ! In_list "${LB_INITRAMFS_COMPRESSION}" bzip2 gzip lzma; then
+		Echo_error "You have specified an invalid value for LB_INITRAMFS_COMPRESSION (--initramfs-compression)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_INITSYSTEM}" sysvinit systemd none; then
+		Echo_error "You have specified an invalid value for LB_INITSYSTEM (--initsystem)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_INTERACTIVE}" true shell x11 xnest false; then
+		Echo_error "You have specified an invalid value for LB_INTERACTIVE (--interactive)."
+		exit 1
+	fi
+
+	if [ "$(echo -n "${LB_ISO_APPLICATION}" | wc -c)" -gt 128 ]; then
+		Echo_warning "You have specified a value of LB_ISO_APPLICATION (--iso-application) that is too long; the maximum length is 128 characters."
+	fi
+
+	if [ "$(echo -n "${LB_ISO_PREPARER}" | sed -e "s/@LB_VERSION@/${VERSION}/" | wc -c)" -gt  128 ]; then
+		Echo_warning "You have specified a value of LB_ISO_PREPARER (--iso-preparer) that is too long; the maximum length is 128 characters."
+	fi
+
+	if [ "$(echo -n "${LB_ISO_PUBLISHER}" | wc -c)" -gt 128 ]; then
+		Echo_warning "You have specified a value of LB_ISO_PUBLISHER (--iso-publisher) that is too long; the maximum length is 128 characters."
+	fi
+
+	if [ "$(echo -n "${LB_ISO_VOLUME}" | sed -e "s/@ISOVOLUME_TS@/$(date $DATE_UTC_OPTION -d@${SOURCE_DATE_EPOCH} +%Y%m%d-%H:%M)/" | wc -c)" -gt 32 ]; then
+		Echo_warning "You have specified a value of LB_ISO_VOLUME (--iso-volume) that is too long; the maximum length is 32 characters."
+	fi
+
+	if ! In_list "${LB_MEMTEST}" memtest86+ memtest86 none; then
+		Echo_error "You have specified an invalid value for LB_MEMTEST (--memtest)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_SOURCE_IMAGES}" iso netboot tar hdd; then
+		Echo_error "You have specified an invalid value for LB_SOURCE_IMAGES (--source-images)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_SYSTEM}" live normal; then
+		Echo_error "You have specified an invalid value for LB_SYSTEM (--system)."
+		exit 1
+	fi
+
+	if ! In_list "${LB_UEFI_SECURE_BOOT}" auto enable disable; then
+		Echo_error "You have specified an invalid value for LB_UEFI_SECURE_BOOT (--uefi-secure-boot)."
+		exit 1
+	fi
+
+	if [ -n "${LB_BOOTSTRAP_QEMU_ARCHITECTURE}" ]; then
+		if [ -z "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
+			Echo_error "You have not specified the qemu-static binary for ${LB_BOOTSTRAP_QEMU_ARCHITECTURE} (--bootstrap-qemu-static)"
+			exit 1
+		fi
+		if [ ! -e "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
+			Echo_error "The qemu-static binary (${LB_BOOTSTRAP_QEMU_STATIC}) for ${LB_BOOTSTRAP_QEMU_ARCHITECTURE} was not found on the host"
+			exit 1
+		fi
+
+		if [ ! -x "${LB_BOOTSTRAP_QEMU_STATIC}" ]; then
+			Echo_error "The qemu-static binary (${LB_BOOTSTRAP_QEMU_STATIC}) for ${LB_BOOTSTRAP_QEMU_ARCHITECTURE} is not executable on the host"
+			exit 1
+		fi
+	fi
+}
+
+# Check option combinations and other extra stuff
+Validate_config_dependencies ()
+{
+	if [ "${LB_BINARY_FILESYSTEM}" = "ntfs" ] && ! command -v ntfs-3g >/dev/null; then
+		Echo_error "Using ntfs as the binary filesystem is currently only supported if ntfs-3g is installed on the host system."
+		exit 1
+	fi
+
+	if [ "${LB_DEBIAN_INSTALLER}" != "none" ] && [ "${LB_DEBIAN_INSTALLER}" != "live" ]; then
+		# d-i true, no caching
+		if ! In_list "bootstrap" ${LB_CACHE_STAGES} || [ "${LB_CACHE}" != "true" ] || [ "${LB_CACHE_PACKAGES}" != "true" ]
+		then
+			Echo_warning "You have selected values of LB_CACHE, LB_CACHE_PACKAGES, LB_CACHE_STAGES and LB_DEBIAN_INSTALLER which will result in 'bootstrap' packages not being cached. This configuration is potentially unsafe as the bootstrap packages are re-used when integrating the Debian Installer."
+		fi
+	fi
+
+	if In_list "syslinux" $LB_BOOTLOADERS; then
+		# syslinux + fat or ntfs, or extlinux + ext[234] or btrfs
+		if ! In_list "${LB_BINARY_FILESYSTEM}" fat16 fat32 ntfs ext2 ext3 ext4 btrfs; then
+			Echo_warning "You have selected values of LB_BOOTLOADERS and LB_BINARY_FILESYSTEM which are incompatible - the syslinux family only support FAT, NTFS, ext[234] or btrfs filesystems."
+		fi
+	fi
+
+	if In_list "grub-pc" ${LB_BOOTLOADERS} || In_list "grub-efi" ${LB_BOOTLOADERS} || In_list "grub-legacy" ${LB_BOOTLOADERS}; then
+		if In_list "${LB_IMAGE_TYPE}" hdd netboot; then
+			Echo_error "You have selected an invalid combination of bootloaders and live image type; the grub-* bootloaders are not compatible with hdd and netboot types."
+			exit 1
+		fi
+	fi
+
+	Validate_http_proxy
+}
+
+# Retrieve the proxy settings from the host. Check whether conflicts are present with the command line arguments
+Validate_http_proxy ()
+{
+	local HOST_AUTO_APT_PROXY=""
+	local HOST_AUTO_APT_PROXY_LEGACY=""
+	local HOST_FIXED_APT_PROXY=""
+
+	# Fetch the proxy, using the various ways the http proxy can be set in apt
+	if command -v apt-config >/dev/null; then
+		local APT_CONFIG_OPTIONS
+		# apt-config only understands --option (-o) and --config-file (-c) of ${APT_OPTIONS}
+		# Don't report errors when additional options are provided and don't add additional quotes
+		APT_CONFIG_OPTIONS=$(getopt --quiet --unquoted --options 'c:o:' --long 'config-file:,option:' -- ${APT_OPTIONS} || true)
+
+		# The apt configuration `Acquire::http::Proxy-Auto-Detect` (and the legacy `Acquire::http::ProxyAutoDetect`)
+		# If the script fails, or the result of the script is `DIRECT` or an empty line, it is considered to be not set (https://sources.debian.org/src/apt/2.3.9/apt-pkg/contrib/proxy.cc/)
+		local AUTOPROXY
+		eval "$(apt-config ${APT_CONFIG_OPTIONS} shell AUTOPROXY Acquire::http::Proxy-Auto-Detect)"
+		if [ -x "${AUTOPROXY}" ]; then
+			HOST_AUTO_APT_PROXY="$(${AUTOPROXY} || echo '')"
+			if [ "${HOST_AUTO_APT_PROXY}" = "DIRECT" ]; then
+				HOST_AUTO_APT_PROXY=""
+			fi
+		fi
+		# Also check the legacy ProxyAutoDetect
+		eval "$(apt-config ${APT_CONFIG_OPTIONS} shell AUTOPROXY Acquire::http::ProxyAutoDetect)"
+		if [ -x "$AUTOPROXY" ]; then
+			HOST_AUTO_APT_PROXY_LEGACY="$(${AUTOPROXY} || echo '')"
+			if [ "${HOST_AUTO_APT_PROXY_LEGACY}" = "DIRECT" ]; then
+				HOST_AUTO_APT_PROXY_LEGACY=""
+			fi
+		fi
+
+		# The apt configuration `Acquire::http::proxy::URL-host` (https://sources.debian.org/src/apt/2.3.9/methods/http.cc/)
+		# If set to `DIRECT`, it is considered to be not set
+		#  This configuration allows you to specify different proxies for specific URLs
+		#  This setup is too complex for the purpose of live-build and will silently be ignored
+
+		# The apt configuration `Acquire::http::Proxy`
+		eval "$(apt-config ${APT_CONFIG_OPTIONS} shell HOST_FIXED_APT_PROXY Acquire::http::Proxy)"
+	fi
+
+
+	# Report all detected settings in debug mode
+	Echo_debug "Detected proxy settings:"
+	Echo_debug "--apt-http-proxy: ${LB_APT_HTTP_PROXY}"
+	Echo_debug "HOST Auto APT PROXY: ${HOST_AUTO_APT_PROXY}"
+	Echo_debug "HOST Auto APT PROXY (legacy): ${HOST_AUTO_APT_PROXY_LEGACY}"
+	Echo_debug "HOST Fixed APT PROXY: ${HOST_FIXED_APT_PROXY}"
+	# The environment variable 'http_proxy' is used when no apt option is set
+	Echo_debug "HOST http_proxy: ${http_proxy}"
+	# The environment variable 'no_proxy' contains a list of domains that must not be handled by a proxy,
+	# it overrides all previous settings by apt and 'http_proxy'
+	Echo_debug "HOST no_proxy: ${no_proxy}"
+
+	# Check whether any of the provided proxy values conflicts with another
+	local LAST_SEEN_PROXY_NAME=""
+	local LAST_SEEN_PROXY_VALUE=""
+	Validate_http_proxy_source "apt configuration option Acquire::http::Proxy-Auto-Detect" "${HOST_AUTO_APT_PROXY}"
+	Validate_http_proxy_source "apt configuration option Acquire::http::ProxyAutoDetect" "${HOST_AUTO_APT_PROXY_LEGACY}"
+	Validate_http_proxy_source "apt configuration option Acquire::http::Proxy" "${HOST_FIXED_APT_PROXY}"
+	Validate_http_proxy_source "environment variable http_proxy" "${http_proxy}"
+	Validate_http_proxy_source "command line option --apt-http-proxy" "${LB_APT_HTTP_PROXY}"
+
+	# This is the value to use for the other scripts in live-build
+	export http_proxy="${LAST_SEEN_PROXY_VALUE}"
+	if [ ! -z "${http_proxy}" ]; then
+		Echo_message "Using http proxy: ${http_proxy}"
+	fi
+}
+
+# Check whether a proxy setting conflicts with a previously set proxy setting
+Validate_http_proxy_source ()
+{
+	local NAME="${1}"
+	local VALUE="${2}"
+
+	if [ ! -z "${VALUE}" ]; then
+		if [ ! -z "${LAST_SEEN_PROXY_VALUE}" ]; then
+			if [ "${VALUE}" != "${LAST_SEEN_PROXY_VALUE}" ]; then
+				Echo_error "Inconsistent proxy configuration: the value for ${NAME} (${VALUE}) differs from the value for ${LAST_SEEN_PROXY_NAME} (${LAST_SEEN_PROXY_VALUE})"
+				exit 1
+			fi
+		fi
+		LAST_SEEN_PROXY_NAME="${NAME}"
+		LAST_SEEN_PROXY_VALUE="${VALUE}"
 	fi
 }

functions/cursor.sh

@@ -1,74 +0,0 @@
-#!/bin/sh
-
-## live-build(7) - System Build Scripts
-## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
-##
-## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
-## This is free software, and you are welcome to redistribute it
-## under certain conditions; see COPYING for details.
-
-
-Cursor_goto_position ()
-{
-	__LINE="${1}"
-	__COLUMN="${2}"
-
-	#echo -e "[${__LINE};${__COLUMN};H\c"
-	printf "[${__LINE};${__COLUMN};H"
-}
-
-Cursor_save_position ()
-{
-	#echo -e "\c"
-	printf ""
-}
-
-Cursor_restore_position ()
-{
-	#echo -e "\c"
-	printf ""
-}
-
-Cursor_line_up ()
-{
-	__LINES="${1}"
-
-	#echo -e "[${__LINES}A\c"
-	printf "[${__LINES}A"
-}
-
-Cursor_line_down ()
-{
-	__LINES="${1}"
-
-	#echo -e "[${__LINES}B\c"
-	printf "[${__LINES}B"
-}
-
-Cursor_columns_forward ()
-{
-	__COLUMNS="${1}"
-
-	#echo -e "[${__COLUMNS}C\c"
-	printf "[${__COLUMNS}C"
-}
-
-Cursor_columns_backward ()
-{
-	__COLUMNS="${1}"
-
-	#echo -e "[${__COLUMNS}D\c"
-	printf "[${__COLUMNS}D"
-}
-
-Cursor_clear_screen ()
-{
-	#echo -e "\c"
-	printf ""
-}
-
-Cursor_erase_EOL ()
-{
-	#echo -e "\c"
-	printf ""
-}

functions/defaults.sh

@@ -1,908 +0,0 @@
-#!/bin/sh
-
-## live-build(7) - System Build Scripts
-## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
-##
-## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
-## This is free software, and you are welcome to redistribute it
-## under certain conditions; see COPYING for details.
-
-
-New_configuration ()
-{
-	## Runtime
-
-	# Image: Architecture
-	if [ -x "/usr/bin/dpkg" ]
-	then
-		CURRENT_IMAGE_ARCHITECTURE="$(dpkg --print-architecture)"
-	else
-		case "$(uname -m)" in
-			x86_64)
-				CURRENT_IMAGE_ARCHITECTURE="amd64"
-				;;
-
-			i?86)
-				CURRENT_IMAGE_ARCHITECTURE="i386"
-				;;
-
-			*)
-				Echo_warning "Unable to determine current architecture, using ${CURRENT_IMAGE_ARCHITECTURE}"
-				;;
-		esac
-	fi
-
-
-	## Configuration
-
-	# Configuration-Version
-	LIVE_CONFIGURATION_VERSION="${LIVE_CONFIGURATION_VERSION:-$(Get_configuration config/build Configuration-Version)}"
-	LIVE_CONFIGURATION_VERSION="${LIVE_CONFIGURATION_VERSION:-${LIVE_BUILD_VERSION}}"
-	export LIVE_CONFIGURATION_VERSION
-
-	# Image: Name
-	LIVE_IMAGE_NAME="${LIVE_IMAGE_NAME:-$(Get_configuration config/build Name)}"
-	LIVE_IMAGE_NAME="${LIVE_IMAGE_NAME:-live-image}"
-	export LIVE_IMAGE_NAME
-
-	# Image: Architecture (FIXME: Support and default to 'any')
-	LB_ARCHITECTURES="${LB_ARCHITECTURES:-$(Get_configuration config/build Architecture)}"
-	LB_ARCHITECTURES="${LB_ARCHITECTURES:-${CURRENT_IMAGE_ARCHITECTURE}}"
-	export LB_ARCHITECTURES
-
-	# Image: Archive Areas
-	LB_ARCHIVE_AREAS="${LB_ARCHIVE_AREAS:-$(Get_configuration config/build Archive-Areas)}"
-
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_ARCHIVE_AREAS="${LB_ARCHIVE_AREAS:-main contrib non-free}"
-			;;
-
-		*)
-			LB_ARCHIVE_AREAS="${LB_ARCHIVE_AREAS:-main}"
-			;;
-	esac
-
-	export LB_ARCHIVE_AREAS
-
-	# Image: Archive Areas
-	LB_PARENT_ARCHIVE_AREAS="${LB_PARENT_ARCHIVE_AREAS:-$(Get_configuration config/build Parent-Archive-Areas)}"
-	LB_PARENT_ARCHIVE_AREAS="${LB_PARENT_ARCHIVE_AREAS:-${LB_ARCHIVE_AREAS}}"
-	export LB_PARENT_ARCHIVE_AREAS
-
-	# Image: Type
-	LIVE_IMAGE_TYPE="${LIVE_IMAGE_TYPE:-$(Get_configuration config/build Type)}"
-	LIVE_IMAGE_TYPE="${LIVE_IMAGE_TYPE:-iso-hybrid}"
-	export LIVE_IMAGE_TYPE
-}
-
-Set_defaults ()
-{
-	# FIXME
-	New_configuration
-
-	## config/common
-
-	if [ -e local/live-build ]
-	then
-		LIVE_BUILD="${LIVE_BUILD:-${PWD}/local/live-build}"
-		export LIVE_BUILD
-	fi
-
-	# Setting system type
-	LB_SYSTEM="${LB_SYSTEM:-live}"
-
-	# Setting mode (currently: debian, progress-linux)
-	if [ -x /usr/bin/lsb_release ]
-	then
-		_DISTRIBUTOR="$(lsb_release -is | tr "[A-Z]" "[a-z]")"
-
-		case "${_DISTRIBUTOR}" in
-			debian|progress-linux)
-				LB_MODE="${LB_MODE:-${_DISTRIBUTOR}}"
-				;;
-
-			*)
-				LB_MODE="${LB_MODE:-debian}"
-				;;
-		esac
-	else
-		if [ -e /etc/progress-linux_version ]
-		then
-			LB_MODE="${LB_MODE:-progress-linux}"
-		else
-			LB_MODE="${LB_MODE:-debian}"
-		fi
-	fi
-
-	# Setting distribution name
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_DISTRIBUTION="${LB_DISTRIBUTION:-cairon}"
-			LB_DERIVATIVE="true"
-			LB_DERIVATIVE_IS_BASED_ON="debian"
-			;;
-
-		*)
-			LB_DISTRIBUTION="${LB_DISTRIBUTION:-stretch}"
-			LB_DERIVATIVE="false"
-			;;
-	esac
-
-	case "${LB_MODE}" in
-		progress-linux)
-			case "${LB_DISTRIBUTION}" in
-				baureo|baureo-backports)
-					LB_PARENT_DISTRIBUTION="${LB_PARENT_DISTRIBUTION:-wheezy}"
-					LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION="${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION:-${LB_PARENT_DISTRIBUTION}}"
-					;;
-
-				cairon|cairon-backports)
-					LB_PARENT_DISTRIBUTION="${LB_PARENT_DISTRIBUTION:-sid}"
-					LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION="${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION:-${LB_PARENT_DISTRIBUTION}}"
-					;;
-			esac
-
-			LB_BACKPORTS="${LB_BACKPORTS:-true}"
-			;;
-
-		*)
-			LB_PARENT_DISTRIBUTION="${LB_PARENT_DISTRIBUTION:-${LB_DISTRIBUTION}}"
-			LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION="${LB_PARENT_DEBIAN_INSTALLER_DISTRIBUTION:-${LB_PARENT_DISTRIBUTION}}"
-
-			LB_BACKPORTS="${LB_BACKPORTS:-false}"
-			;;
-	esac
-
-	# Setting package manager
-	LB_APT="${LB_APT:-apt}"
-
-	# Setting apt ftp proxy
-	LB_APT_FTP_PROXY="${LB_APT_FTP_PROXY}"
-
-	# Setting apt http proxy
-	LB_APT_HTTP_PROXY="${LB_APT_HTTP_PROXY}"
-
-	# Setting apt pipeline
-	# LB_APT_PIPELINE
-
-	APT_OPTIONS="${APT_OPTIONS:---yes}"
-	APTITUDE_OPTIONS="${APTITUDE_OPTIONS:---assume-yes}"
-
-	BZIP2_OPTIONS="${BZIP2_OPTIONS:--6}"
-
-	GZIP_OPTIONS="${GZIP_OPTIONS:--6}"
-
-	if gzip --help | grep -qs "\-\-rsyncable"
-	then
-		GZIP_OPTIONS="$(echo ${GZIP_OPTIONS} | sed -e 's|--rsyncable||') --rsyncable"
-	fi
-
-	LZIP_OPTIONS="${LZIP_OPTIONS:--6}"
-
-	LZMA_OPTIONS="${LZMA_OPTIONS:--6}"
-
-	XZ_OPTIONS="${XZ_OPTIONS:--6}"
-
-	# Setting apt recommends
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_APT_RECOMMENDS="${LB_APT_RECOMMENDS:-false}"
-			;;
-
-		*)
-			LB_APT_RECOMMENDS="${LB_APT_RECOMMENDS:-true}"
-			;;
-	esac
-
-	# Setting apt secure
-	LB_APT_SECURE="${LB_APT_SECURE:-true}"
-
-	# Setting apt source
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_APT_SOURCE_ARCHIVES="${LB_APT_SOURCE_ARCHIVES:-false}"
-			;;
-
-		*)
-			LB_APT_SOURCE_ARCHIVES="${LB_APT_SOURCE_ARCHIVES:-true}"
-			;;
-	esac
-
-	# Setting cache option
-	LB_CACHE="${LB_CACHE:-true}"
-	LB_CACHE_INDICES="${LB_CACHE_INDICES:-false}"
-	LB_CACHE_PACKAGES="${LB_CACHE_PACKAGES:-true}"
-	LB_CACHE_STAGES="${LB_CACHE_STAGES:-bootstrap}"
-
-	# Setting debconf frontend
-	LB_DEBCONF_FRONTEND="${LB_DEBCONF_FRONTEND:-noninteractive}"
-	LB_DEBCONF_PRIORITY="${LB_DEBCONF_PRIORITY:-critical}"
-
-	# Setting initramfs hook
-	case "${LB_SYSTEM}" in
-		live)
-			LB_INITRAMFS="${LB_INITRAMFS:-live-boot}"
-			;;
-
-		normal)
-			LB_INITRAMFS="${LB_INITRAMFS:-none}"
-			;;
-	esac
-
-	LB_INITRAMFS_COMPRESSION="${LB_INITRAMFS_COMPRESSION:-gzip}"
-
-	# Setting initsystem
-	case "${LB_MODE}" in
-		progress-linux)
-			case "${LB_DISTRIBUTION}" in
-				cairon*)
-					LB_INITSYSTEM="${LB_INITSYSTEM:-systemd}"
-					;;
-
-				*)
-					LB_INITSYSTEM="${LB_INITSYSTEM:-sysvinit}"
-					;;
-			esac
-			;;
-
-		*)
-			case "${LB_SYSTEM}" in
-				live)
-					LB_INITSYSTEM="${LB_INITSYSTEM:-systemd}"
-					;;
-
-				normal)
-					LB_INITSYSTEM="${LB_INITSYSTEM:-none}"
-					;;
-			esac
-			;;
-	esac
-
-	# Setting fdisk
-	if [ -z "${LB_FDISK}" ] || [ ! -x "${LB_FDISK}" ]
-	then
-		# Workaround for gnu-fdisk divertion
-		# (gnu-fdisk is buggy, #445304).
-		if [ -x /sbin/fdisk.distrib ]
-		then
-			LB_FDISK="fdisk.distrib"
-		elif [ -x /sbin/fdisk ]
-		then
-			LB_FDISK="fdisk"
-		else
-			Echo_error "Can't process file /sbin/fdisk"
-		fi
-	fi
-
-	# Setting losetup
-	if [ -z "${LB_LOSETUP}" ] || [ "${LB_LOSETUP}" != "/sbin/losetup.orig" ]
-	then
-		# Workaround for loop-aes-utils divertion
-		# (loop-aes-utils' losetup lacks features).
-		if [ -x /sbin/losetup.orig ]
-		then
-			LB_LOSETUP="losetup.orig"
-		elif [ -x /sbin/losetup ]
-		then
-			LB_LOSETUP="losetup"
-		else
-			Echo_error "Can't process file /sbin/losetup"
-		fi
-	fi
-
-	if [ "${LB_ARCHITECTURES}" = "i386" ] && [ "${CURRENT_IMAGE_ARCHITECTURE}" = "amd64" ]
-	then
-		# Use linux32 when building amd64 images on i386
-		_LINUX32="linux32"
-	else
-		_LINUX32=""
-	fi
-
-	# Setting tasksel
-	LB_TASKSEL="${LB_TASKSEL:-apt}"
-
-	# Setting root directory
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_ROOT="${LB_ROOT:-progress-linux}"
-			;;
-
-		*)
-			LB_ROOT="${LB_ROOT:-${LB_MODE}-live}"
-			;;
-	esac
-
-	# Setting live build options
-	_BREAKPOINTS="${_BREAKPOINTS:-false}"
-	_COLOR="${_COLOR:-false}"
-	_DEBUG="${_DEBUG:-false}"
-	_FORCE="${_FORCE:-false}"
-	_QUIET="${_QUIET:-false}"
-	_VERBOSE="${_VERBOSE:-false}"
-
-	## config/bootstrap
-
-	# Setting mirror to fetch packages from
-	case "${LB_MODE}" in
-		debian)
-			LB_MIRROR_BOOTSTRAP="${LB_MIRROR_BOOTSTRAP:-http://ftp.debian.org/debian/}"
-			LB_PARENT_MIRROR_BOOTSTRAP="${LB_PARENT_MIRROR_BOOTSTRAP:-${LB_MIRROR_BOOTSTRAP}}"
-			;;
-
-		progress-linux)
-			LB_PARENT_MIRROR_BOOTSTRAP="${LB_PARENT_MIRROR_BOOTSTRAP:-http://ftp.debian.org/debian/}"
-			LB_MIRROR_BOOTSTRAP="${LB_MIRROR_BOOTSTRAP:-http://cdn.archive.progress-linux.org/packages/}"
-			;;
-	esac
-
-	LB_PARENT_MIRROR_CHROOT="${LB_PARENT_MIRROR_CHROOT:-${LB_PARENT_MIRROR_BOOTSTRAP}}"
-	LB_MIRROR_CHROOT="${LB_MIRROR_CHROOT:-${LB_MIRROR_BOOTSTRAP}}"
-
-	# Setting security mirror to fetch packages from
-	case "${LB_MODE}" in
-		debian)
-			LB_MIRROR_CHROOT_SECURITY="${LB_MIRROR_CHROOT_SECURITY:-http://security.debian.org/}"
-			LB_PARENT_MIRROR_CHROOT_SECURITY="${LB_PARENT_MIRROR_CHROOT_SECURITY:-${LB_MIRROR_CHROOT_SECURITY}}"
-			;;
-
-		progress-linux)
-			LB_PARENT_MIRROR_CHROOT_SECURITY="${LB_PARENT_MIRROR_CHROOT_SECURITY:-http://security.debian.org/}"
-			LB_MIRROR_CHROOT_SECURITY="${LB_MIRROR_CHROOT_SECURITY:-${LB_MIRROR_CHROOT}}"
-			;;
-	esac
-
-	# Setting mirror which ends up in the image
-	case "${LB_MODE}" in
-		debian)
-			LB_MIRROR_BINARY="${LB_MIRROR_BINARY:-http://http.debian.net/debian/}"
-			LB_PARENT_MIRROR_BINARY="${LB_PARENT_MIRROR_BINARY:-${LB_MIRROR_BINARY}}"
-			;;
-
-		progress-linux)
-			LB_PARENT_MIRROR_BINARY="${LB_PARENT_MIRROR_BINARY:-http://ftp.debian.org/debian/}"
-			LB_MIRROR_BINARY="${LB_MIRROR_BINARY:-${LB_MIRROR_CHROOT}}"
-			;;
-	esac
-
-	# Setting security mirror which ends up in the image
-	case "${LB_MODE}" in
-		debian)
-			LB_MIRROR_BINARY_SECURITY="${LB_MIRROR_BINARY_SECURITY:-http://security.debian.org/}"
-			LB_PARENT_MIRROR_BINARY_SECURITY="${LB_PARENT_MIRROR_BINARY_SECURITY:-${LB_MIRROR_BINARY_SECURITY}}"
-			;;
-
-		progress-linux)
-			LB_PARENT_MIRROR_BINARY_SECURITY="${LB_PARENT_MIRROR_BINARY_SECURITY:-http://security.debian.org/}"
-			LB_MIRROR_BINARY_SECURITY="${LB_MIRROR_BINARY_SECURITY:-${LB_MIRROR_CHROOT}}"
-			;;
-	esac
-
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_PARENT_MIRROR_DEBIAN_INSTALLER="${LB_PARENT_MIRROR_DEBIAN_INSTALLER:-${LB_MIRROR_CHROOT}}"
-			LB_MIRROR_DEBIAN_INSTALLER="${LB_MIRROR_DEBIAN_INSTALLER:-${LB_MIRROR_CHROOT}}"
-			;;
-
-		*)
-			LB_MIRROR_DEBIAN_INSTALLER="${LB_MIRROR_DEBIAN_INSTALLER:-${LB_MIRROR_CHROOT}}"
-			LB_PARENT_MIRROR_DEBIAN_INSTALLER="${LB_PARENT_MIRROR_DEBIAN_INSTALLER:-${LB_PARENT_MIRROR_CHROOT}}"
-			;;
-	esac
-
-	## config/chroot
-
-	# Setting chroot filesystem
-	LB_CHROOT_FILESYSTEM="${LB_CHROOT_FILESYSTEM:-squashfs}"
-
-	# Setting union filesystem
-	LB_UNION_FILESYSTEM="${LB_UNION_FILESYSTEM:-aufs}"
-
-	# Setting interactive shell/X11/Xnest
-	LB_INTERACTIVE="${LB_INTERACTIVE:-false}"
-
-	# Setting keyring packages
-	LB_KEYRING_PACKAGES="${LB_KEYRING_PACKAGES:-debian-archive-keyring}"
-
-	# Setting linux flavour string
-	case "${LB_ARCHITECTURES}" in
-		arm64)
-			LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-arm64}"
-			;;
-
-		armel)
-			# armel will have special images: one rootfs image and many additional kernel images.
-			# therefore we default to all available armel flavours
-			LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-ixp4xx kirkwood orion5x versatile}"
-			;;
-
-		armhf)
-			# armhf will have special images: one rootfs image and many additional kernel images.
-			# therefore we default to all available armhf flavours
-			LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-armmp armmp-lpae}"
-			;;
-
-		amd64)
-			LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-amd64}"
-			;;
-
-		i386)
-			case "${LB_MODE}" in
-				progress-linux)
-					LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-686-pae}"
-					;;
-
-				*)
-					LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-586}"
-					;;
-			esac
-			;;
-
-		ia64)
-			case "${LB_MODE}" in
-				progress-linux)
-					Echo_error "Architecture ${LB_ARCHITECTURES} not supported in the ${LB_MODE} mode."
-					exit 1
-					;;
-
-				*)
-					LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-itanium}"
-					;;
-			esac
-			;;
-
-		powerpc)
-			case "${LB_MODE}" in
-				progress-linux)
-					Echo_error "Architecture ${LB_ARCHITECTURES} not supported in the ${LB_MODE} mode."
-					exit 1
-					;;
-
-				*)
-					LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-powerpc64 powerpc}"
-					;;
-			esac
-			;;
-
-		s390x)
-			case "${LB_MODE}" in
-				progress-linux)
-					Echo_error "Architecture ${LB_ARCHITECTURES} not supported in the ${LB_MODE} mode."
-					exit 1
-					;;
-
-				*)
-					LB_LINUX_FLAVOURS="${LB_LINUX_FLAVOURS:-s390x}"
-					;;
-			esac
-			;;
-
-		*)
-			Echo_error "Architecture(s) ${LB_ARCHITECTURES} not yet supported (FIXME)"
-			exit 1
-			;;
-	esac
-
-	# Set linux packages
-	LB_LINUX_PACKAGES="${LB_LINUX_PACKAGES:-linux-image}"
-
-	# Setting security updates option
-	case "${LB_PARENT_DISTRIBUTION}" in
-		sid)
-			LB_SECURITY="${LB_SECURITY:-false}"
-			;;
-
-		*)
-			LB_SECURITY="${LB_SECURITY:-true}"
-			;;
-	esac
-
-	# Setting updates updates option
-	case "${LB_PARENT_DISTRIBUTION}" in
-		sid)
-			LB_UPDATES="${LB_UPDATES:-false}"
-			;;
-
-		*)
-			LB_UPDATES="${LB_UPDATES:-true}"
-			;;
-	esac
-
-	## config/binary
-
-	# Setting image filesystem
-	LB_BINARY_FILESYSTEM="${LB_BINARY_FILESYSTEM:-fat32}"
-
-	# Setting image type
-	case "${LB_ARCHITECTURES}" in
-		amd64|i386)
-			LIVE_IMAGE_TYPE="${LIVE_IMAGE_TYPE:-iso-hybrid}"
-			;;
-
-		*)
-			LIVE_IMAGE_TYPE="${LIVE_IMAGE_TYPE:-iso}"
-			;;
-	esac
-
-	# Setting apt indices
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_APT_INDICES="${LB_APT_INDICES:-false}"
-			;;
-
-		*)
-			LB_APT_INDICES="${LB_APT_INDICES:-true}"
-			;;
-	esac
-
-	# Setting bootloader
-	if [ -z "${LB_BOOTLOADER}" ]
-	then
-		case "${LB_ARCHITECTURES}" in
-			amd64|i386)
-				LB_BOOTLOADER="syslinux"
-				;;
-		esac
-	fi
-
-	# Setting checksums
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_CHECKSUMS="${LB_CHECKSUMS:-sha256}"
-			;;
-
-		*)
-			LB_CHECKSUMS="${LB_CHECKSUMS:-md5}"
-			;;
-	esac
-
-	# Setting compression
-	LB_COMPRESSION="${LB_COMPRESSION:-none}"
-
-	# Setting zsync
-	LB_ZSYNC="${LB_ZSYNC:-true}"
-
-	# Setting chroot option
-	LB_BUILD_WITH_CHROOT="${LB_BUILD_WITH_CHROOT:-true}"
-
-	LB_BUILD_WITH_TMPFS="${LB_BUILD_WITH_TMPFS:-false}"
-
-	# Setting debian-installer option
-	LB_DEBIAN_INSTALLER="${LB_DEBIAN_INSTALLER:-false}"
-
-	LB_DEBIAN_INSTALLER_DISTRIBUTION="${LB_DEBIAN_INSTALLER_DISTRIBUTION:-${LB_DISTRIBUTION}}"
-
-	# Setting debian-installer-gui
-	case "${LB_MODE}" in
-		debian|progress-linux)
-			LB_DEBIAN_INSTALLER_GUI="${LB_DEBIAN_INSTALLER_GUI:-true}"
-			;;
-
-		*)
-			LB_DEBIAN_INSTALLER_GUI="${LB_DEBIAN_INSTALLER_GUI:-false}"
-			;;
-	esac
-
-	# Setting debian-installer preseed filename
-	if [ -z "${LB_DEBIAN_INSTALLER_PRESEEDFILE}" ]
-	then
-		if Find_files config/debian-installer/preseed.cfg
-		then
-			LB_DEBIAN_INSTALLER_PRESEEDFILE="/preseed.cfg"
-		fi
-
-		if Find_files config/debian-installer/*.cfg && [ ! -e config/debian-installer/preseed.cfg ]
-		then
-			Echo_warning "You have placed some preseeding files into config/debian-installer but you didn't specify the default preseeding file through LB_DEBIAN_INSTALLER_PRESEEDFILE. This means that debian-installer will not take up a preseeding file by default."
-		fi
-	fi
-
-	# Setting boot parameters
-	case "${LB_INITRAMFS}" in
-		live-boot)
-			LB_BOOTAPPEND_LIVE="${LB_BOOTAPPEND_LIVE:-boot=live components quiet splash}"
-			LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-boot=live components memtest noapic noapm nodma nomce nolapic nomodeset nosmp nosplash vga=normal}"
-			;;
-
-		none)
-			LB_BOOTAPPEND_LIVE="${LB_BOOTAPPEND_LIVE:-quiet splash}"
-			LB_BOOTAPPEND_LIVE_FAILSAFE="${LB_BOOTAPPEND_LIVE_FAILSAFE:-memtest noapic noapm nodma nomce nolapic nomodeset nosmp nosplash vga=normal}"
-			;;
-	esac
-
-	if [ -n "${LB_DEBIAN_INSTALLER_PRESEEDFILE}" ]
-	then
-		case "${LIVE_IMAGE_TYPE}" in
-			iso*)
-				_LB_BOOTAPPEND_PRESEED="file=/cdrom/install/${LB_DEBIAN_INSTALLER_PRESEEDFILE}"
-				;;
-
-			hdd*)
-				_LB_BOOTAPPEND_PRESEED="file=/hd-media/install/${LB_DEBIAN_INSTALLER_PRESEEDFILE}"
-				;;
-
-			netboot)
-				case "${LB_DEBIAN_INSTALLER_PRESEEDFILE}" in
-					*://*)
-						_LB_BOOTAPPEND_PRESEED="file=${LB_DEBIAN_INSTALLER_PRESEEDFILE}"
-						;;
-
-					*)
-						_LB_BOOTAPPEND_PRESEED="file=/${LB_DEBIAN_INSTALLER_PRESEEDFILE}"
-						;;
-				esac
-				;;
-		esac
-	fi
-
-	if [ -n ${_LB_BOOTAPPEND_PRESEED} ]
-	then
-		LB_BOOTAPPEND_INSTALL="${LB_BOOTAPPEND_INSTALL} ${_LB_BOOTAPPEND_PRESEED}"
-	fi
-
-	LB_BOOTAPPEND_INSTALL="$(echo ${LB_BOOTAPPEND_INSTALL} | sed -e 's/[ \t]*$//')"
-
-	# Setting grub splash
-	# LB_GRUB_SPLASH
-
-	# Setting iso author
-	case "${LB_MODE}" in
-		debian)
-			LB_ISO_APPLICATION="${LB_ISO_APPLICATION:-Debian Live}"
-			;;
-
-		progress-linux)
-			LB_ISO_APPLICATION="${LB_ISO_APPLICATION:-Progress Linux}"
-			;;
-	esac
-
-	# Set iso preparer
-	LB_ISO_PREPARER="${LB_ISO_PREPARER:-live-build \$VERSION; http://live-systems.org/devel/live-build}"
-
-	# Set iso publisher
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_ISO_PUBLISHER="${LB_ISO_PUBLISHER:-Progress Linux; http://www.progress-linux.org/; progress-project@lists.progress-linux.org}"
-			;;
-
-		*)
-			LB_ISO_PUBLISHER="${LB_ISO_PUBLISHER:-Live Systems project; http://live-systems.org/; debian-live@lists.debian.org}"
-			;;
-	esac
-
-	# Setting hdd options
-	case "${LB_MODE}" in
-		debian)
-			LB_HDD_LABEL="${LB_HDD_LABEL:-DEBIAN_LIVE}"
-			;;
-
-		progress-linux)
-			LB_HDD_LABEL="${LB_HDD_LABEL:-PROGRESS_$(echo ${LB_DISTRIBUTION} | tr "[a-z]" "[A-Z]")}"
-			;;
-	esac
-
-	# Setting hdd size
-	LB_HDD_SIZE="${LB_HDD_SIZE:-auto}"
-
-	# Setting iso volume
-	case "${LB_MODE}" in
-		debian)
-			LB_ISO_VOLUME="${LB_ISO_VOLUME:-Debian ${LB_DISTRIBUTION} \$(date +%Y%m%d-%H:%M)}"
-			;;
-
-		progress-linux)
-			LB_ISO_VOLUME="${LB_ISO_VOLUME:-Progress ${LB_DISTRIBUTION}}"
-			;;
-	esac
-
-	# Setting memtest option
-	LB_MEMTEST="${LB_MEMTEST:-none}"
-
-	# Setting loadlin option
-	case "${LB_MODE}" in
-		progress-linux)
-
-			;;
-
-		*)
-			case "${LB_ARCHITECTURES}" in
-				amd64|i386)
-					if [ "${LB_DEBIAN_INSTALLER}" != "false" ]
-					then
-						LB_LOADLIN="${LB_LOADLIN:-true}"
-					else
-						LB_LOADLIN="${LB_LOADLIN:-false}"
-					fi
-					;;
-
-				*)
-					LB_LOADLIN="${LB_LOADLIN:-false}"
-					;;
-			esac
-			;;
-	esac
-
-	# Setting win32-loader option
-	case "${LB_MODE}" in
-		progress-linux)
-
-			;;
-
-		*)
-			case "${LB_ARCHITECTURES}" in
-				amd64|i386)
-					if [ "${LB_DEBIAN_INSTALLER}" != "false" ]
-					then
-						LB_WIN32_LOADER="${LB_WIN32_LOADER:-true}"
-					else
-						LB_WIN32_LOADER="${LB_WIN32_LOADER:-false}"
-					fi
-					;;
-
-				*)
-					LB_WIN32_LOADER="${LB_WIN32_LOADER:-false}"
-					;;
-			esac
-			;;
-	esac
-
-	# Setting netboot filesystem
-	LB_NET_ROOT_FILESYSTEM="${LB_NET_ROOT_FILESYSTEM:-nfs}"
-
-	# Setting netboot server path
-	case "${LB_MODE}" in
-		progress-linux)
-			LB_NET_ROOT_PATH="${LB_NET_ROOT_PATH:-/srv/progress-linux}"
-			;;
-
-		*)
-			LB_NET_ROOT_PATH="${LB_NET_ROOT_PATH:-/srv/${LB_MODE}-live}"
-			;;
-	esac
-
-	# Setting netboot server address
-	LB_NET_ROOT_SERVER="${LB_NET_ROOT_SERVER:-192.168.1.1}"
-
-	# Setting net cow filesystem
-	LB_NET_COW_FILESYSTEM="${LB_NET_COW_FILESYSTEM:-nfs}"
-
-	# Setting net tarball
-	LB_NET_TARBALL="${LB_NET_TARBALL:-true}"
-
-	# Setting firmware option
-	LB_FIRMWARE_CHROOT="${LB_FIRMWARE_CHROOT:-true}"
-	LB_FIRMWARE_BINARY="${LB_FIRMWARE_BINARY:-true}"
-
-	# Setting swap file
-	LB_SWAP_FILE_SIZE="${LB_SWAP_FILE_SIZE:-512}"
-
-	## config/source
-
-	# Setting source option
-	LB_SOURCE="${LB_SOURCE:-false}"
-
-	# Setting image type
-	LB_SOURCE_IMAGES="${LB_SOURCE_IMAGES:-tar}"
-}
-
-Check_defaults ()
-{
-	if [ -n "${LIVE_BUILD_VERSION}" ]
-	then
-		# We're only checking when we're actually running the checks
-		# that's why the check for emptyness of the version;
-		# however, as live-build always declares LIVE_BUILD_VERSION
-		# internally, this is safe assumption (no cases where it's unset,
-		# except when bootstrapping the functions/defaults etc.).
-
-		CURRENT_CONFIGURATION_VERSION="$(echo ${LIVE_CONFIGURATION_VERSION} | awk -F. ' { print $1 }')"
-
-		if [ -n "${CURRENT_CONFIGURATION_VERSION}" ]
-		then
-			CORRECT_VERSION="$(echo ${LIVE_BUILD_VERSION} | awk -F. '{ print $1 }')"
-			TOO_NEW_VERSION="$((${CORRECT_VERSION} + 1))"
-			TOO_OLD_VERSION="$((${CORRECT_VERSION} - 1))"
-
-			if [ ${CURRENT_CONFIGURATION_VERSION} -ne ${CORRECT_VERSION} ]
-			then
-				if [ ${CURRENT_CONFIGURATION_VERSION} -ge ${TOO_NEW_VERSION} ]
-				then
-					Echo_error "This config tree is too new for live-build (${VERSION})."
-					Echo_error "Aborting build, please update live-build."
-
-					exit 1
-				elif [ ${CURRENT_CONFIGURATION_VERSION} -le ${TOO_OLD_VERSION} ]
-				then
-					Echo_error "This config tree is too old for live-build (${VERSION})."
-					Echo_error "Aborting build, please update the configuration."
-
-					exit 1
-				else
-					Echo_warning "This configuration does not specify a version or has a unknown version."
-					Echo_warning "Continuing build, please correct the configuration."
-				fi
-			fi
-		fi
-	fi
-
-	case "${LB_BINARY_FILESYSTEM}" in
-		ntfs)
-			if [ ! -x "$(which ntfs-3g 2>/dev/null)" ]
-			then
-				Echo_error "Using ntfs as the binary filesystem is currently only supported"
-				Echo_error "if ntfs-3g is installed on the host system."
-
-				exit 1
-			fi
-			;;
-	esac
-
-	if echo ${LB_HDD_LABEL} | grep -qs ' '
-	then
-		Echo_error "There are currently no whitespaces supported in hdd labels."
-
-		exit 1
-	fi
-
-	if [ "${LB_DEBIAN_INSTALLER}" != "false" ]
-	then
-		# d-i true, no caching
-		if ! echo ${LB_CACHE_STAGES} | grep -qs "bootstrap\b" || [ "${LB_CACHE}" != "true" ] || [ "${LB_CACHE_PACKAGES}" != "true" ]
-		then
-			Echo_warning "You have selected values of LB_CACHE, LB_CACHE_PACKAGES, LB_CACHE_STAGES and LB_DEBIAN_INSTALLER which will result in 'bootstrap' packages not being cached. This configuration is potentially unsafe as the bootstrap packages are re-used when integrating the Debian Installer."
-		fi
-	fi
-
-	if [ "${LB_BOOTLOADER}" = "syslinux" ]
-	then
-		# syslinux + fat or ntfs, or extlinux + ext[234] or btrfs
-		case "${LB_BINARY_FILESYSTEM}" in
-			fat*|ntfs|ext[234]|btrfs)
-				;;
-			*)
-				Echo_warning "You have selected values of LB_BOOTLOADER and LB_BINARY_FILESYSTEM which are incompatible - the syslinux family only support FAT, NTFS, ext[234] or btrfs filesystems."
-				;;
-		esac
-	fi
-
-	case "${LIVE_IMAGE_TYPE}" in
-		hdd*)
-			case "${LB_BOOTLOADER}" in
-				grub)
-					Echo_error "You have selected a combination of bootloader and image type that is currently not supported by live-build. Please use either another bootloader or a different image type."
-					exit 1
-					;;
-			esac
-			;;
-	esac
-
-	if [ "$(echo \"${LB_ISO_APPLICATION}\" | wc -c)" -gt 128 ]
-	then
-		Echo_warning "You have specified a value of LB_ISO_APPLICATION that is too long; the maximum length is 128 characters."
-	fi
-
-	if [ "$(echo \"${LB_ISO_PREPARER}\" | wc -c)" -gt  128 ]
-	then
-		Echo_warning "You have specified a value of LB_ISO_PREPARER that is too long; the maximum length is 128 characters."
-	fi
-
-	if [ "$(echo \"${LB_ISO_PUBLISHER}\" | wc -c)" -gt 128 ]
-	then
-		Echo_warning "You have specified a value of LB_ISO_PUBLISHER that is too long; the maximum length is 128 characters."
-	fi
-
-	if [ "$(eval "echo \"${LB_ISO_VOLUME}\"" | wc -c)" -gt 32 ]
-	then
-		Echo_warning "You have specified a value of LB_ISO_VOLUME that is too long; the maximum length is 32 characters."
-	fi
-
-	# Architectures to use foreign bootstrap for
-	LB_BOOTSTRAP_QEMU_ARCHITECTURES="${LB_BOOTSTRAP_QEMU_ARCHITECTURES:-}"
-
-	# Packages to exclude for the foreign/ports bootstrapping
-	LB_BOOTSTRAP_QEMU_EXCLUDE="${LB_BOOTSTRAP_QEMU_EXCLUDE:-}"
-
-	# Ports using foreign bootstrap need a working qemu-*-system. This is the location it
-	LB_BOOTSTRAP_QEMU_STATIC="${LB_BOOTSTRAP_QEMU_STATIC:-}"
-
-}

functions/echo.sh

@@ -1,206 +1,90 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
 ## This is free software, and you are welcome to redistribute it
 ## under certain conditions; see COPYING for details.
 
+exec 3>&1
 
 Echo ()
 {
-	STRING="${1}"
+	local STRING="${1}"
 	shift
 
-	printf "${STRING}\n" "${@}"
+	printf "${STRING}\n" "${@}" >&3
 }
 
 Echo_debug ()
 {
-	if [ "${_DEBUG}" = "true" ]
-	then
-		STRING="${1}"
+	if [ "${_DEBUG}" = "true" ]; then
+		local STRING="${1}"
 		shift
 
-		printf "D: ${STRING}\n" "${@}"
-	fi
-}
-
-Echo_debug_running ()
-{
-	if [ "${_DEBUG}" = "true" ]
-	then
-		STRING="${1}"
-		shift
-
-		printf "D: ${STRING}" "${@}"
-
-		if [ "${_COLOR}" = "false" ]
-		then
-			printf "..."
-		else
-			printf "... ${YELLOW}${BLINK}running${NO_COLOR}"
-		fi
+		printf "D: ${STRING}\n" "${@}" >&3
 	fi
 }
 
 Echo_error ()
 {
-	STRING="${1}"
+	local STRING="${1}"
 	shift
 
-	if [ "${_COLOR}" = "false" ]
-	then
-		printf "E:"
-	else
-		printf "${RED}E${NO_COLOR}:"
+	local PREFIX="${RED}E${NO_COLOR}"
+	if [ "${_COLOR_ERR}" = "false" ]; then
+		PREFIX="E"
 	fi
 
-	printf " ${STRING}\n" "${@}" >&2
+	printf "${PREFIX}: ${STRING}\n" "${@}" >&2
 }
 
 Echo_message ()
 {
 	if [ "${_QUIET}" != "true" ]
 	then
-		STRING="${1}"
+		local STRING="${1}"
 		shift
 
-		if [ "${_COLOR}" = "false" ]
-		then
-			printf "P:"
-		else
-			printf "${WHITE}P${NO_COLOR}:"
+		local PREFIX="${PURPLE}P${NO_COLOR}"
+		if [ "${_COLOR_OUT}" = "false" ]; then
+			PREFIX="P"
 		fi
 
-		printf " ${STRING}\n" "${@}"
-	fi
-}
-
-Echo_message_running ()
-{
-	if [ "${_QUIET}" != "true" ]
-	then
-		STRING="${1}"
-		shift
-
-		if [ "${_COLOR}" = "false" ]
-		then
-			printf "P:"
-		else
-			printf "${WHITE}P${NO_COLOR}:"
-		fi
-
-		printf " ${STRING}" "${@}"
-
-		if [ "${_COLOR}" = "true" ]
-		then
-			printf "... ${YELLOW}${BLINK}running${NO_COLOR}"
-		else
-			printf "..."
-		fi
+		printf "${PREFIX}: ${STRING}\n" "${@}" >&3
 	fi
 }
 
 Echo_verbose ()
 {
-	if [ "${_VERBOSE}" = "true" ]
-	then
-		STRING="${1}"
+	if [ "${_VERBOSE}" = "true" ]; then
+		local STRING="${1}"
 		shift
 
-		printf "I: ${STRING}\n" "${@}"
-	fi
-}
-
-Echo_verbose_running ()
-{
-	if [ "${_VERBOSE}" != "true" ]
-	then
-		STRING="${1}"
-		shift
-
-		printf "I: ${STRING}" "${@}"
-
-		if [ "${_COLOR}" = "true" ]
-		then
-			printf "... ${YELLOW}${BLINK}running${NO_COLOR}"
-		else
-			printf "..."
-		fi
+		printf "I: ${STRING}\n" "${@}" >&3
 	fi
 }
 
 Echo_warning ()
 {
-	STRING="${1}"
+	local STRING="${1}"
 	shift
 
-	if [ "${_COLOR}" = "false" ]
-	then
-		printf "W:"
-	else
-		printf "${YELLOW}W${NO_COLOR}:"
+	local PREFIX="${YELLOW}W${NO_COLOR}"
+	if [ "${_COLOR_ERR}" = "false" ]; then
+		PREFIX="W"
 	fi
 
-	printf " ${STRING}\n" "${@}"
-}
-
-Echo_status ()
-{
-	__RETURN="${?}"
-
-	if [ "${_COLOR}" = "false" ]
-	then
-		if [ "${__RETURN}" = "0" ]
-		then
-			printf " done.\n"
-		else
-			printf " failed.\n"
-		fi
-	else
-		Cursor_columns_backward 8
-
-		if [ "${__RETURN}" = "0" ]
-		then
-			printf " ${GREEN}done${NO_COLOR}.  \n"
-		else
-			printf " ${RED}failed${NO_COLOR}.\n"
-		fi
-	fi
-}
-
-Echo_done ()
-{
-	if [ "${_COLOR}" = "false" ]
-	then
-		printf " already done.\n"
-	else
-		Cursor_columns_backward 8
-
-		printf " ${GREEN}already done${NO_COLOR}.\n"
-	fi
+	printf "${PREFIX}: ${STRING}\n" "${@}" >&2
 }
 
 Echo_file ()
 {
-	while read LINE
+	local LINE
+	while read -r LINE
 	do
-		echo "${1}: ${LINE}"
+		echo "${1}: ${LINE}" >&3
 	done < "${1}"
 }
-
-Echo_breakage ()
-{
-	case "${LB_PARENT_DISTRIBUTION}" in
-		sid)
-			Echo_message "If the following stage fails, the most likely cause of the problem is with your mirror configuration, a caching proxy or the sid distribution."
-			;;
-		*)
-			Echo_message "If the following stage fails, the most likely cause of the problem is with your mirror configuration or a caching proxy."
-			;;
-	esac
-
-	Echo_message "${@}"
-}

functions/exit.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,7 +11,7 @@
 
 Exit ()
 {
-	VALUE="${?}"
+	local VALUE=$1
 
 	if [ "${_DEBUG}" = "true" ]
 	then
@@ -18,10 +19,17 @@ Exit ()
 		set | grep -e ^LB
 	fi
 
+	# Skip if we have not yet completed the initial bootstrapping (bootstrap_debootstrap)
+	# (nothing to be done; avoids unhelpful messages)
+	if ! Stagefile_exists bootstrap; then
+		return ${VALUE}
+	fi
+
 	# Always exit true in case we are not able to unmount
 	# (e.g. due to running processes in chroot from user customizations)
 	Echo_message "Begin unmounting filesystems..."
 
+	local DIRECTORY
 	if [ -e /proc/mounts ]
 	then
 		for DIRECTORY in $(awk -v dir="${PWD}/chroot/" '$2 ~ dir { print $2 }' /proc/mounts | sort -r)
@@ -29,16 +37,18 @@ Exit ()
 			umount ${DIRECTORY} > /dev/null 2>&1 || true
 		done
 	else
-		for DIRECTORY in /dev/shm /dev/pts /dev /proc /selinux /sys /root/config
+		for DIRECTORY in /dev/shm /dev/pts /dev /proc /sys/fs/selinux /sys /root/config
 		do
 			umount -f chroot/${DIRECTORY} > /dev/null 2>&1 || true
 		done
 	fi
 
-	rm -f .build/chroot_devpts
-	rm -f .build/chroot_proc
-	rm -f .build/chroot_selinuxfs
-	rm -f .build/chroot_sysfs
+	STAGEFILES_DIR="$(Stagefiles_dir)"
+
+	rm -f "${STAGEFILES_DIR}"/chroot_devpts
+	rm -f "${STAGEFILES_DIR}"/chroot_proc
+	rm -f "${STAGEFILES_DIR}"/chroot_selinuxfs
+	rm -f "${STAGEFILES_DIR}"/chroot_sysfs
 
 	Echo_message "Saving caches..."
 
@@ -46,18 +56,35 @@ Exit ()
 	# but let's assume that if there's any binary stage file arround
 	# we are in binary stage.
 
-	if ls .build/binary* > /dev/null 2>&1
+	if ls "${STAGEFILES_DIR}"/binary* > /dev/null 2>&1
 	then
-		Save_cache cache/packages.binary
+		Save_package_cache binary
 	else
-		Save_cache cache/packages.chroot
+		Save_package_cache chroot
 	fi
 
 	return ${VALUE}
 }
 
-Setup_cleanup ()
+Exit_exit ()
 {
-	Echo_message "Setting up cleanup function"
-	trap 'Exit' EXIT HUP INT QUIT TERM
+	local VALUE=$?
+	if [ "${VALUE}" -ne 0 ]; then
+		Echo_error "An unexpected failure occurred, exiting..."
+	fi
+	Exit ${VALUE}
+}
+
+Exit_other ()
+{
+	local VALUE=$?
+	Echo_warning "Unexpected early exit caught, attempting cleanup..."
+	Exit ${VALUE}
+}
+
+Setup_clean_exit ()
+{
+	Echo_message "Setting up clean exit handler"
+	trap 'Exit_other' HUP INT QUIT TERM
+	trap 'Exit_exit' EXIT
 }

functions/firmwarelists.sh

@@ -0,0 +1,117 @@
+#!/bin/sh
+
+## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2023 The Debian Live team
+## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
+##
+## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
+## This is free software, and you are welcome to redistribute it
+## under certain conditions; see COPYING for details.
+
+# Updates FIRMWARE_PACKAGES with list of packages determined from specified
+# archive areas of specified distro, based upon reading archive content file.
+#
+# Shared by chroot_firmware and installer_debian-installer
+#
+# Assumption: firmware packages install files into /lib/firmware
+Firmware_List_From_Contents () {
+	local MIRROR_CHROOT="${1}"
+	local DISTRO_CHROOT="${2}"
+	local ARCHIVE_AREAS="${3}"
+	local HAS_X86_ARCH=0
+	local HAS_ARM_ARCH=0
+
+	local _ARCHIVE_AREA
+	for _ARCHIVE_AREA in ${ARCHIVE_AREAS}
+	do
+		local CONTENTS_FILEDIR="cache/contents.chroot/${DISTRO_CHROOT}/${_ARCHIVE_AREA}"
+		mkdir -p "${CONTENTS_FILEDIR}"
+
+		local _ARCH
+		for _ARCH in all ${LB_ARCHITECTURE}
+		do
+			local CONTENTS_URL="${MIRROR_CHROOT}/dists/${DISTRO_CHROOT}/${_ARCHIVE_AREA}/Contents-${_ARCH}.gz"
+			local CONTENTS_FILE="${CONTENTS_FILEDIR}/contents-${_ARCH}.gz"
+
+			# Purge from cache if not wanting to use from cache, ensuring fresh copy
+			if [ "${LB_CACHE}" != "true" ]
+			then
+				rm -f "${CONTENTS_FILE}"
+			fi
+
+			# If not cached, download
+			if [ ! -e "${CONTENTS_FILE}" ]
+			then
+				# Contents-all.gz does not exist in Buster and other older versions
+				if ! wget --quiet --spider ${WGET_OPTIONS} "${CONTENTS_URL}"; then
+					continue
+				fi
+				wget ${WGET_OPTIONS} "${CONTENTS_URL}" -O "${CONTENTS_FILE}"
+			fi
+
+			local PACKAGES
+			PACKAGES="$(gunzip -c "${CONTENTS_FILE}" | awk '/^(usr\/)?lib\/firmware/ { print $NF }' | sort -u )"
+			FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} ${PACKAGES}"
+			if [ -n "${FIRMWARE_DETAILS_FILE}" ]
+			then
+				# Use similar formatting as tools/make-firmware-image from debian-cd
+				# Note: for firmware/Contents-firmware (used by check-missing-firmware.sh from hw-detect),
+				#       the second argument must be the filename of the package.
+				#       That information is not available here and will be added by installer_debian-installer
+				gunzip -c "${CONTENTS_FILE}" | awk -v AREA=${_ARCHIVE_AREA} '/^(usr\/)?lib\/firmware/ { printf "/%-54s %s %s\n", $1, $2, AREA }' >> ${FIRMWARE_DETAILS_FILE}
+			fi
+
+			# Don't waste disk space, if not making use of caching
+			if [ "${LB_CACHE}" != "true" ]
+			then
+				rm -f "${CONTENTS_FILE}"
+			fi
+
+			case "${_ARCH}" in
+				arm64 | armel | armhf)
+					HAS_ARM_ARCH=1
+					;;
+				amd64 | i386)
+					HAS_X86_ARCH=1
+					;;
+			esac
+		done
+
+		# Clean up the cache directory, if no files are present
+		rmdir --ignore-fail-on-non-empty "cache/contents.chroot/${DISTRO_CHROOT}/${_ARCHIVE_AREA}"
+		rmdir --ignore-fail-on-non-empty "cache/contents.chroot/${DISTRO_CHROOT}"
+		rmdir --ignore-fail-on-non-empty "cache/contents.chroot"
+	done
+
+	# Blocklist firmware which does not match the requested architectures #1035382
+	# See https://salsa.debian.org/images-team/debian-cd/-/blob/master/tasks/bookworm/exclude-firmware
+
+	# Filter out firmware packages that are only useful with non-free drivers
+	BLOCKLIST_FIRMWARE="firmware-nvidia-gsp firmware-nvidia-tesla-gsp"
+	# Exclude ARM firmware when no ARM is requested
+	if [ ${HAS_ARM_ARCH} -eq 0 ]
+	then
+		BLOCKLIST_FIRMWARE="${BLOCKLIST_FIRMWARE} arm-trusted-firmware-tools crust-firmware firmware-qcom-soc firmware-samsung firmware-ti-connectivity raspi-firmware"
+	fi
+	# Exclude x86 firmware when no x86 is requested
+	if [ ${HAS_X86_ARCH} -eq 0 ]
+	then
+		BLOCKLIST_FIRMWARE="${BLOCKLIST_FIRMWARE} amd64-microcode firmware-intel-sound firmware-sof-signed intel-microcode"
+	fi
+
+	# Deduplicate the list and prepare for easier manipulation by having each package on its own line
+	local _FIRMWARE_PACKAGES_FILE=tmp_firmware_packages.txt
+	echo ${FIRMWARE_PACKAGES} | tr " " "\n" | sort -u > ${_FIRMWARE_PACKAGES_FILE}
+
+	# Remove the blocklisted firmware packages
+	# FIRMWARE_PACKAGES has section names and BLOCKLIST_FIRMWARE (intentionally) does not
+	local _REMOVEME
+	for _REMOVEME in ${BLOCKLIST_FIRMWARE}
+	do
+		sed -i -e "/\/${_REMOVEME}$/d" ${_FIRMWARE_PACKAGES_FILE}
+	done
+
+	# Reassemble the filtered list
+	FIRMWARE_PACKAGES=$(cat ${_FIRMWARE_PACKAGES_FILE})
+	rm -f ${_FIRMWARE_PACKAGES_FILE}
+}

functions/help.sh

@@ -1,36 +0,0 @@
-#!/bin/sh
-
-## live-build(7) - System Build Scripts
-## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
-##
-## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
-## This is free software, and you are welcome to redistribute it
-## under certain conditions; see COPYING for details.
-
-
-Help ()
-{
-        Echo "%s - %s" "${PROGRAM}" "${DESCRIPTION}"
-	echo
-	Echo "Usage:"
-	echo
-
-	if [ -n "${USAGE}" ]
-	then
-		Echo "${USAGE}"
-		echo
-	fi
-	Echo "  %s [-h|--help]" "${PROGRAM}"
-	Echo "  %s [-u|--usage]" "${PROGRAM}"
-	Echo "  %s [-v|--version]" "${PROGRAM}"
-	echo
-
-	if [ -n "${HELP}" ]
-	then
-		Echo "${HELP}"
-		echo
-	fi
-
-	Echo "Report bugs to the Live Systems project <http://live-systems.org/>."
-	exit 0
-}

functions/init.sh

@@ -0,0 +1,86 @@
+#!/bin/sh
+
+## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
+## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
+##
+## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
+## This is free software, and you are welcome to redistribute it
+## under certain conditions; see COPYING for details.
+
+
+Auto_build_config ()
+{
+	# Automatically build config
+	if [ -x auto/config ] && ! Stagefile_exists config; then
+		Echo_message "Automatically populating config tree."
+		lb config
+	fi
+}
+
+Init_config_data ()
+{
+	Arguments "${@}"
+
+	Read_conffiles $(Common_conffiles)
+	Prepare_config
+
+	# Validating config
+	if [ "${CONFIG_VALIDATED}" != "true" ]; then
+		Validate_config
+		export CONFIG_VALIDATED="true"
+	fi
+
+	# Apt v2.0.1 introduced color support, but it needs to be explicitly enabled.
+	# This is done here so that the injection of the option does not get stored in the config file.
+	if [ "${_COLOR_OUT}" = "true" ] && [ "${_COLOR_ERR}" = "true" ]; then
+		APT_OPTIONS="${APT_OPTIONS} -o APT::Color=true"
+		APTITUDE_OPTIONS="${APTITUDE_OPTIONS} -o APT::Color=true"
+	else
+		APT_OPTIONS="${APT_OPTIONS} -o APT::Color=false"
+		APTITUDE_OPTIONS="${APTITUDE_OPTIONS} -o APT::Color=false"
+	fi
+}
+
+# "Auto" script redirection.
+#
+# As a matter of convenience users can have a set of saved commandline options
+# which will be automatically included in every execution of live-build. How
+# this works is that the save file is itself a shell script saved in the config
+# directory (one per top-level live-build command in fact). When `lb config`,
+# `lb build` or `lb clean` is run, these scripts, if they see that an "auto"
+# file exists in the config, they run that file, passing along any user
+# arguments, and terminate once that ends. The "auto" script simply re-executes
+# the same command (e.g. `lb config`), only with a first param of "noauto",
+# used to stop an infinite loop of further redirection, then a fixed saved set
+# of command line options, as saved in the file by the user, then any
+# additional command line arguments passed into the script. This is simply a
+# means of injecting a saved set of command line options into the execution of
+# live-build.
+#
+# As for this function, it is a simple helper, used by the top-level commands
+# to perform the redirection if the relevant "auto" file exists. It should only
+# be called if the calling command script was not run with "noauto" as the
+# first argument (the purpose of which was just described).
+Maybe_auto_redirect ()
+{
+	local TYPE="${1}"; shift
+
+	case "${TYPE}" in
+		clean|config|build)
+			;;
+		*)
+			Echo_error "Unknown auto redirect type"
+			exit 1
+			;;
+	esac
+
+	local AUTO_SCRIPT="auto/${TYPE}"
+	if [ -x "${AUTO_SCRIPT}" ]; then
+		Echo_message "Executing ${AUTO_SCRIPT} script."
+		./"${AUTO_SCRIPT}" "${@}"
+		exit ${?}
+	elif [ -f "${AUTO_SCRIPT}" ]; then
+		Echo_warning "The ${AUTO_SCRIPT} script exists but is not executable, ignoring."
+	fi
+}

functions/lockfile.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -8,40 +9,38 @@
 ## under certain conditions; see COPYING for details.
 
 
+Acquire_lockfile ()
+{
+	local FILE="${1:-.lock}"
+	Check_lockfile "${FILE}"
+	Create_lockfile "${FILE}"
+}
+
 Check_lockfile ()
 {
-	FILE="${1}"
+	local FILE="${1}"
 
-	if [ -z "${FILE}" ]
-	then
-		FILE=".build/lock"
-	fi
-
-	# Checking lock file
-	if [ -f "${FILE}" ]
-	then
-		Echo_error "${PROGRAM} locked"
+	if [ -f "${FILE}" ]; then
+		Echo_error "${PROGRAM} already locked"
 		exit 1
 	fi
 }
 
 Create_lockfile ()
 {
-	FILE="${1}"
+	local FILE="${1}"
 
-	if [ -z "${FILE}" ]
-	then
-		FILE=".build/lock"
-	fi
-
-	DIRECTORY="$(dirname ${FILE})"
-
-	# Creating lock directory
-	mkdir -p "${DIRECTORY}"
-
-	# Creating lock trap
+	# Create lock trap
+	# This automatically removes the lock file in certain conditions
 	trap 'ret=${?}; '"rm -f \"${FILE}\";"' exit ${ret}' EXIT HUP INT QUIT TERM
 
 	# Creating lock file
 	touch "${FILE}"
 }
+
+Remove_lockfile ()
+{
+	local FILE="${1:-.lock}"
+
+	rm -f "${FILE}"
+}

functions/losetup.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -9,8 +10,8 @@
 
 Lodetach ()
 {
-	DEVICE="${1}"
-	ATTEMPT="${2:-1}"
+	local DEVICE="${1}"
+	local ATTEMPT="${2:-1}"
 
 	if [ "${ATTEMPT}" -gt 3 ]
 	then
@@ -21,7 +22,7 @@ Lodetach ()
 	# Changes to block devices result in uevents which trigger rules which in
 	# turn access the loop device (ex. udisks-part-id, blkid) which can cause
 	# a race condition. We call 'udevadm settle' to help avoid this.
-	if [ -x "$(which udevadm 2>/dev/null)" ]
+	if command -v udevadm >/dev/null
 	then
 		udevadm settle
 	fi
@@ -31,17 +32,19 @@ Lodetach ()
 	sync
 	sleep 1
 
-	${LB_LOSETUP} -d "${DEVICE}" || Lodetach "${DEVICE}" "$(expr ${ATTEMPT} + 1)"
+	losetup -d "${DEVICE}" || Lodetach "${DEVICE}" "$(expr ${ATTEMPT} + 1)"
 }
 
 Losetup ()
 {
-	DEVICE="${1}"
-	FILE="${2}"
-	PARTITION="${3:-1}"
+	local DEVICE="${1}"
+	local FILE="${2}"
+	local PARTITION="${3:-1}"
 
-	${LB_LOSETUP} --read-only "${DEVICE}" "${FILE}"
-	FDISK_OUT="$(${LB_FDISK} -l -u ${DEVICE} 2>&1)"
+	local FDISK_OUT
+	local LOOPDEVICE
+	losetup --read-only --partscan "${DEVICE}" "${FILE}"
+	FDISK_OUT="$(fdisk -l -u ${DEVICE} 2>&1)"
 	Lodetach "${DEVICE}"
 
 	LOOPDEVICE="$(echo ${DEVICE}p${PARTITION})"
@@ -50,23 +53,45 @@ Losetup ()
 	then
 		Echo_message "Mounting %s with offset 0" "${DEVICE}"
 
-		${LB_LOSETUP} "${DEVICE}" "${FILE}"
+		losetup --partscan "${DEVICE}" "${FILE}"
 	else
+		local SECTORS
+		local OFFSET
 		SECTORS="$(echo "$FDISK_OUT" | sed -ne "s|^$LOOPDEVICE[ *]*\([0-9]*\).*|\1|p")"
 		OFFSET="$(expr ${SECTORS} '*' 512)"
 
 		Echo_message "Mounting %s with offset %s" "${DEVICE}" "${OFFSET}"
 
-		${LB_LOSETUP} -o "${OFFSET}" "${DEVICE}" "${FILE}"
+		losetup --partscan -o "${OFFSET}" "${DEVICE}" "${FILE}"
 	fi
 }
 
-Calculate_partition_size ()
+# adapted from lib/ext2fs/mkjournal.c, default block size is 4096 bytes (/etc/mke2fs.conf).
+ext2fs_default_journal_size()
 {
-	ORIGINAL_SIZE="${1}"
-	FILESYSTEM="${2}"
+	local SIZE="$1"
+	if [ "${SIZE}" -lt "8" ]; then # 2048*4096
+		echo 0
+	elif [ "${SIZE}" -lt "128" ]; then # 32768*4096
+		echo 4
+	elif [ "${SIZE}" -lt "1024" ]; then # 256*1024*4096
+		echo 16
+	elif [ "${SIZE}" -lt "2048" ]; then # 512*1024*4096
+		echo 32
+	elif [ "${SIZE}" -lt "4096" ]; then # 1024*1024*4096
+		echo 64
+	else
+		echo 128
+	fi
+}
 
-	case "${FILESYSTEM}" in
+Calculate_partition_size_without_journal ()
+{
+	local WITHOUT_JOURNAL_ORIGINAL_SIZE="${1}"
+	local WITHOUT_JOURNAL_FILESYSTEM="${2}"
+
+	local PERCENT
+	case "${WITHOUT_JOURNAL_FILESYSTEM}" in
 		ext2|ext3|ext4)
 			PERCENT="6"
 			;;
@@ -75,5 +100,31 @@ Calculate_partition_size ()
 			;;
 	esac
 
-	echo $(expr ${ORIGINAL_SIZE} + ${ORIGINAL_SIZE} \* ${PERCENT} / 100 + 1)
+	echo $(expr ${WITHOUT_JOURNAL_ORIGINAL_SIZE} + ${WITHOUT_JOURNAL_ORIGINAL_SIZE} \* ${PERCENT} / 100 + 1)
+}
+
+Calculate_partition_size ()
+{
+	local ORIGINAL_SIZE="${1}"
+	local FILESYSTEM="${2}"
+
+	case "${FILESYSTEM}" in
+		ext3|ext4)
+			local NON_JOURNAL_SIZE
+			local PROJECTED_JOURNAL_SIZE
+			local PROJECTED_PARTITION_SIZE
+			local PRE_FINAL_PARTITION_SIZE
+			local JOURNAL_SIZE
+			NON_JOURNAL_SIZE=$(Calculate_partition_size_without_journal ${ORIGINAL_SIZE} ${FILESYSTEM})
+			PROJECTED_JOURNAL_SIZE=$(ext2fs_default_journal_size ${NON_JOURNAL_SIZE})
+			PROJECTED_PARTITION_SIZE=$(expr ${ORIGINAL_SIZE} + ${PROJECTED_JOURNAL_SIZE})
+			PRE_FINAL_PARTITION_SIZE=$(Calculate_partition_size_without_journal ${PROJECTED_PARTITION_SIZE} ${FILESYSTEM})
+			JOURNAL_SIZE=$(ext2fs_default_journal_size ${PRE_FINAL_PARTITION_SIZE})
+
+			expr $(Calculate_partition_size_without_journal ${ORIGINAL_SIZE} ${FILESYSTEM}) + ${JOURNAL_SIZE}
+			;;
+		*)
+			Calculate_partition_size_without_journal ${ORIGINAL_SIZE} ${FILESYSTEM}
+			;;
+	esac
 }

functions/man.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,9 +11,15 @@
 
 Man ()
 {
-	if [ -x "$(which man 2>/dev/null)" ]
-	then
-		man $(basename ${0})
-		exit 0
+	if command -v man >/dev/null; then
+		if [ -n "${LIVE_BUILD}" -a -e "${LIVE_BUILD}/manpages/en/lb_${PROGRAM#lb }.1" ]; then
+			man ${LIVE_BUILD}/manpages/en/lb_${PROGRAM#lb }.1
+		else
+			man ${PROGRAM}
+		fi
+	else
+		Echo_warning "man is not installed, falling back to usage output."
+		Usage
 	fi
+	exit 0
 }

functions/packagelists.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,20 +11,22 @@
 
 Expand_packagelist ()
 {
+	local _LB_EXPAND_QUEUE
 	_LB_EXPAND_QUEUE="$(basename "${1}")"
 
 	shift
 
 	while [ -n "${_LB_EXPAND_QUEUE}" ]
 	do
+		local _LB_LIST_NAME
+		local _LB_EXPAND_QUEUE
 		_LB_LIST_NAME="$(echo ${_LB_EXPAND_QUEUE} | cut -d" " -f1)"
 		_LB_EXPAND_QUEUE="$(echo ${_LB_EXPAND_QUEUE} | cut -s -d" " -f2-)"
-		_LB_LIST_LOCATION=""
-		_LB_NESTED=0
-		_LB_ENABLED=1
+		local _LB_LIST_LOCATION=""
+		local _LB_NESTED=0
+		local _LB_ENABLED=1
 
-		for _LB_SEARCH_PATH in ${@}
-		do
+		for _LB_SEARCH_PATH in "${@}"; do
 			if [ -e "${_LB_SEARCH_PATH}/${_LB_LIST_NAME}" ]
 			then
 				_LB_LIST_LOCATION="${_LB_SEARCH_PATH}/${_LB_LIST_NAME}"
@@ -33,7 +36,7 @@ Expand_packagelist ()
 
 		if [ -z "${_LB_LIST_LOCATION}" ]
 		then
-			echo "W: Unknown package list '${_LB_LIST_NAME}'" >&2
+			Echo_warning "Unknown package list '${_LB_LIST_NAME}'"
 			continue
 		fi
 
@@ -41,6 +44,7 @@ Expand_packagelist ()
 		do
 			case "${_LB_LINE}" in
 				\!*)
+					local _EXEC
 					_EXEC="$(echo ${_LB_LINE} | sed -e 's|^!||')"
 
 					case "${LB_BUILD_WITH_CHROOT}" in
@@ -57,11 +61,15 @@ Expand_packagelist ()
 				\#if\ *)
 					if [ ${_LB_NESTED} -eq 1 ]
 					then
-						echo "E: Nesting conditionals is not supported" >&2
+						Echo_error "Nesting conditionals is not supported"
 						exit 1
 					fi
 					_LB_NESTED=1
 
+					local _LB_NEEDLE
+					local _LB_HAYSTACK
+					local _LB_NEEDLE_PART
+					local _LB_HAYSTACK_PART
 					_LB_NEEDLE="$(echo "${_LB_LINE}" | cut -d' ' -f3-)"
 					_LB_HAYSTACK="$(eval "echo \$LB_$(echo "${_LB_LINE}" | cut -d' ' -f2)")"
 
@@ -81,22 +89,26 @@ Expand_packagelist ()
 				\#nif\ *)
 					if [ ${_LB_NESTED} -eq 1 ]
 					then
-						echo "E: Nesting conditionals is not supported" >&2
+						Echo_error "Nesting conditionals is not supported"
 						exit 1
 					fi
 					_LB_NESTED=1
 
+					local _LB_NEEDLE
+					local _LB_HAYSTACK
+					local _LB_NEEDLE_PART
+					local _LB_HAYSTACK_PART
 					_LB_NEEDLE="$(echo "${_LB_LINE}" | cut -d' ' -f3-)"
 					_LB_HAYSTACK="$(eval "echo \$LB_$(echo "${_LB_LINE}" | cut -d' ' -f2)")"
 
-					_LB_ENABLED=0
+					_LB_ENABLED=1
 					for _LB_NEEDLE_PART in ${_LB_NEEDLE}
 					do
 						for _LB_HAYSTACK_PART in ${_LB_HAYSTACK}
 						do
-							if [ "${_LB_NEEDLE_PART}" != "${_LB_HAYSTACK_PART}" ]
+							if [ "${_LB_NEEDLE_PART}" = "${_LB_HAYSTACK_PART}" ]
 							then
-								_LB_ENABLED=1
+								_LB_ENABLED=0
 							fi
 						done
 					done
@@ -125,13 +137,15 @@ Expand_packagelist ()
 
 Discover_package_architectures ()
 {
-	_LB_EXPANDED_PKG_LIST="${1}"
-	_LB_DISCOVERED_ARCHITECTURES=""
+	local _LB_EXPANDED_PKG_LIST="${1}"
+	local _LB_DISCOVERED_ARCHITECTURES=""
 
 	shift
 
 	if [ -e "${_LB_EXPANDED_PKG_LIST}" ] && [ -s "${_LB_EXPANDED_PKG_LIST}" ]
 	then
+		local _LB_PACKAGE_LINE
+		local _LB_PACKAGE_LINE_PART
 		while read _LB_PACKAGE_LINE
 		do
 			# Lines from the expanded package list may have multiple, space-separated packages

functions/packages.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -8,56 +9,101 @@
 ## under certain conditions; see COPYING for details.
 
 
+# The file that records temporarily installed packages.
+Installed_tmp_packages_file ()
+{
+	echo "chroot.installed_tmp_pkgs"
+}
+
+# Note, writes to _LB_PACKAGES
 Check_package ()
 {
-	CHROOT="${1}"
-	FILE="${2}"
-	PACKAGE="${3}"
+	local CHROOT="${1}"
+	local FILE="${2}"
+	local PACKAGE="${3}"
 
 	Check_installed "${CHROOT}" "${FILE}" "${PACKAGE}"
 
-	case "${INSTALL_STATUS}" in
-		1)
+	if [ "${INSTALL_STATUS}" -ne 0 ]
+	then
+		if [ "${LB_BUILD_WITH_CHROOT}" != "false" ] && [ "${CHROOT}" = "chroot" ]
+		then
 			_LB_PACKAGES="${_LB_PACKAGES} ${PACKAGE}"
-			;;
-
-		2)
+		else
 			Echo_error "You need to install %s on your host system." "${PACKAGE}"
 			exit 1
-			;;
-	esac
-}
-
-Install_package ()
-{
-	if [ -n "${_LB_PACKAGES}" ] && [ "${LB_BUILD_WITH_CHROOT}" != "false" ]
-	then
-		case "${LB_APT}" in
-			apt|apt-get)
-				Chroot chroot "apt-get install -o APT::Install-Recommends=false ${APT_OPTIONS} ${_LB_PACKAGES}"
-				;;
-
-			aptitude)
-				Chroot chroot "aptitude install --without-recommends ${APTITUDE_OPTIONS} ${_LB_PACKAGES}"
-				;;
-		esac
+		fi
 	fi
 }
 
-Remove_package ()
+# Note, reads from _LB_PACKAGES
+Install_packages ()
 {
-	if [ -n "${_LB_PACKAGES}" ] && [ "${LB_BUILD_WITH_CHROOT}" != "false" ]
-	then
+	if [ -z "${_LB_PACKAGES}" ] || [ "${LB_BUILD_WITH_CHROOT}" != "true" ]; then
+		return
+	fi
+
+	# Record in file to survive failure such that recovery can take place.
+	local LIST_FILE
+	LIST_FILE="$(Installed_tmp_packages_file)"
+	local PACKAGE
+	for PACKAGE in ${_LB_PACKAGES}; do
+		echo "${PACKAGE}" >> "${LIST_FILE}"
+	done
+
+	case "${LB_APT}" in
+		apt|apt-get)
+			Chroot chroot "apt-get install -o APT::Install-Recommends=false ${APT_OPTIONS} ${_LB_PACKAGES}"
+			;;
+
+		aptitude)
+			Chroot chroot "aptitude install --without-recommends ${APTITUDE_OPTIONS} ${_LB_PACKAGES}"
+			;;
+	esac
+	unset _LB_PACKAGES # Can clear this now
+}
+
+Remove_packages ()
+{
+	if [ "${LB_BUILD_WITH_CHROOT}" != "true" ]; then
+		return
+	fi
+
+	local LIST_FILE
+	LIST_FILE="$(Installed_tmp_packages_file)"
+
+	# List is read from file to ensure packages from any past failure are
+	# included in the list on re-running scripts to recover.
+	local PACKAGES=""
+	if [ -e "${LIST_FILE}" ]; then
+		local PACKAGE
+		while read -r PACKAGE; do
+			PACKAGES="${PACKAGES} ${PACKAGE}"
+		done < "${LIST_FILE}"
+	fi
+
+	if [ -n "${PACKAGES}" ]; then
 		case "${LB_APT}" in
 			apt|apt-get)
-				Chroot chroot "apt-get remove --purge ${APT_OPTIONS} ${_LB_PACKAGES}"
+				Chroot chroot "apt-get remove --auto-remove --purge ${APT_OPTIONS} ${PACKAGES}"
 				;;
 
 			aptitude)
-				Chroot chroot "aptitude purge ${APTITUDE_OPTIONS} ${_LB_PACKAGES}"
+				Chroot chroot "aptitude purge --purge-unused ${APTITUDE_OPTIONS} ${PACKAGES}"
 				;;
 		esac
 	fi
+
+	rm -f "${LIST_FILE}"
+}
+
+#FIXME: make use of this. see commit log that added this for details.
+# Perform temp package removal for recovery if necessary
+Cleanup_temp_packages ()
+{
+	if [ -e "$(Installed_tmp_packages_file)" ]; then
+		Remove_packages
+	fi
 }
 
 # Check_installed
@@ -67,9 +113,9 @@ Remove_package ()
 #                  2 if package isn't installed and we aren't in an apt managed system
 Check_installed ()
 {
-	CHROOT="${1}"
-	FILE="${2}"
-	PACKAGE="${3}"
+	local CHROOT="${1}"
+	local FILE="${2}"
+	local PACKAGE="${3}"
 
 	if [ "${LB_BUILD_WITH_CHROOT}" = "true" ] && [ "${CHROOT}" = "chroot" ]
 	then
@@ -80,9 +126,9 @@ Check_installed ()
 			INSTALL_STATUS=1
 		fi
 	else
-		if which dpkg-query > /dev/null 2>&1
+		if [ -e /etc/debian_version ]
 		then
-			if Chroot chroot "dpkg-query -s ${PACKAGE}" 2> /dev/null | grep -qs "Status: install"
+			if dpkg-query -s "${PACKAGE}" 2> /dev/null | grep -qs "Status: install"
 			then
 				INSTALL_STATUS=0
 			else
@@ -99,3 +145,28 @@ Check_installed ()
 	fi
 }
 
+# $1 = Packagename
+# Echoes:
+#  1 if the package is available
+#  0 otherwise
+Check_package_available ()
+{
+	local _PACKAGE="${1}"
+
+	if [ "${LB_BUILD_WITH_CHROOT}" = "true" ]
+	then
+		if [ $(Chroot chroot apt-cache show "^${_PACKAGE}$" 2> /dev/null | grep "^Package:" | wc -l) -eq 1 ]
+		then
+			echo 1
+			return
+		fi
+	else
+		if [ $(apt-cache show "^${_PACKAGE}$" 2> /dev/null | grep "^Package:" | wc -l) -eq 1 ]
+		then
+			echo 1
+			return
+		fi
+	fi
+	echo 0
+}
+

functions/releases.sh

@@ -1,18 +0,0 @@
-#!/bin/sh
-
-## live-build(7) - System Build Scripts
-## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
-##
-## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
-## This is free software, and you are welcome to redistribute it
-## under certain conditions; see COPYING for details.
-
-
-# Debian releases
-RELEASE_jessie="8"
-RELEASE_stretch="9"
-RELEASE_sid="unstable"
-
-# Progress Linux releases
-RELEASE_baureo="2"
-RELEASE_cairon="3"

functions/sourcelist.sh

@@ -0,0 +1,150 @@
+#!/bin/sh
+
+## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
+## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
+##
+## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
+## This is free software, and you are welcome to redistribute it
+## under certain conditions; see COPYING for details.
+
+
+Create_apt_sources_list ()
+{
+	local PARENT_MIRROR
+	local MIRROR
+	local PARENT_MIRROR_SECURITY
+	local MIRROR_SECURITY
+	local PARENT_DISTRIBUTION
+	local DISTRIBUTION
+
+	case "${1}" in
+		chroot)
+			PARENT_MIRROR=${LB_PARENT_MIRROR_CHROOT}
+			MIRROR=${LB_MIRROR_CHROOT}
+			PARENT_MIRROR_SECURITY=${LB_PARENT_MIRROR_CHROOT_SECURITY}
+			MIRROR_SECURITY=${LB_MIRROR_CHROOT_SECURITY}
+			PARENT_DISTRIBUTION=${LB_PARENT_DISTRIBUTION_CHROOT}
+			DISTRIBUTION=${LB_DISTRIBUTION_CHROOT}
+			;;
+		binary)
+			PARENT_MIRROR="${LB_PARENT_MIRROR_BINARY}"
+			MIRROR="${LB_MIRROR_BINARY}"
+			PARENT_MIRROR_SECURITY=${LB_PARENT_MIRROR_BINARY_SECURITY}
+			MIRROR_SECURITY=${LB_MIRROR_BINARY_SECURITY}
+			PARENT_DISTRIBUTION=${LB_PARENT_DISTRIBUTION_BINARY}
+			DISTRIBUTION=${LB_DISTRIBUTION_BINARY}
+			;;
+		*)
+			Echo_error "Invalid mode '${1}' specified for source list creation!"
+			exit 1
+			;;
+	esac
+
+	local _PASS="${2}"
+
+	local PARENT_FILE
+	case "${LB_DERIVATIVE}" in
+		true)
+			PARENT_FILE="sources.list.d/debian.list"
+			;;
+
+		false)
+			PARENT_FILE="sources.list"
+			;;
+	esac
+
+	local LIST_FILE="chroot/etc/apt/sources.list.d/${LB_MODE}.list"
+	local PARENT_LIST_FILE="chroot/etc/apt/${PARENT_FILE}"
+
+	local _DISTRIBUTION
+	if [ "${LB_DERIVATIVE}" = "true" ]; then
+		_DISTRIBUTION="$(echo ${DISTRIBUTION} | sed -e 's|-backports||')"
+	fi
+
+	# Clear out existing lists
+	rm -f ${PARENT_LIST_FILE} ${LIST_FILE}
+
+	# Set general repo
+	echo "deb ${PARENT_MIRROR} ${PARENT_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" >> ${PARENT_LIST_FILE}
+	echo "deb-src ${PARENT_MIRROR} ${PARENT_DISTRIBUTION} ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+
+	if [ "${LB_DERIVATIVE}" = "true" ]; then
+		echo "deb ${MIRROR} ${_DISTRIBUTION} ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+		echo "deb-src ${MIRROR} ${_DISTRIBUTION} ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+	fi
+
+	# Set security repo
+	if [ "${LB_SECURITY}" = "true" ]; then
+		case "${LB_MODE}" in
+			debian)
+				case "${PARENT_DISTRIBUTION}" in
+					sid|unstable)
+						# do nothing
+						;;
+
+					buster|jessie|stretch)
+						echo "deb ${PARENT_MIRROR_SECURITY} ${PARENT_DISTRIBUTION}/updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+						echo "deb-src ${PARENT_MIRROR_SECURITY} ${PARENT_DISTRIBUTION}/updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+						;;
+					*)
+						echo "deb ${PARENT_MIRROR_SECURITY} ${PARENT_DISTRIBUTION}-security ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+						echo "deb-src ${PARENT_MIRROR_SECURITY} ${PARENT_DISTRIBUTION}-security ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+						;;
+				esac
+
+				if [ "${LB_DERIVATIVE}" = "true" ]; then
+					echo "deb ${MIRROR_SECURITY} ${_DISTRIBUTION}/updates ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+					echo "deb-src ${MIRROR_SECURITY} ${_DISTRIBUTION}/updates ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+				fi
+				;;
+		esac
+	fi
+
+	# Set updates repo
+	if [ "${LB_UPDATES}" = "true" ]; then
+		echo "deb ${PARENT_MIRROR} ${PARENT_DISTRIBUTION}-updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+		echo "deb-src ${PARENT_MIRROR} ${PARENT_DISTRIBUTION}-updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+
+		if [ "${LB_DERIVATIVE}" = "true" ]; then
+			echo "deb ${MIRROR} ${_DISTRIBUTION}-updates ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+			echo "deb-src ${MIRROR} ${_DISTRIBUTION}-updates ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+		fi
+	fi
+
+	# Set proposed-updates repo
+	if [ "${LB_PROPOSED_UPDATES}" = "true" ]; then
+		echo "deb ${PARENT_MIRROR} ${PARENT_DISTRIBUTION}-proposed-updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+		echo "deb-src ${PARENT_MIRROR} ${PARENT_DISTRIBUTION}-proposed-updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+
+		if [ "${LB_DERIVATIVE}" = "true" ]; then
+			echo "deb ${MIRROR} ${_DISTRIBUTION}-proposed-updates ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+			echo "deb-src ${MIRROR} ${_DISTRIBUTION}-proposed-updates ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+		fi
+	fi
+
+	# Set backports repo
+	if [ "${LB_BACKPORTS}" = "true" ]; then
+		case "${LB_MODE}" in
+			debian)
+				if [ "${PARENT_DISTRIBUTION}" != "sid" ] && [ "${PARENT_DISTRIBUTION}" != "unstable" ]; then
+					echo "deb ${PARENT_MIRROR} ${PARENT_DISTRIBUTION}-backports ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+					echo "deb-src ${PARENT_MIRROR} ${PARENT_DISTRIBUTION}-backports ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}"
+				fi
+				;;
+		esac
+
+		if [ "${LB_DERIVATIVE}" = "true" ]; then
+			echo "deb ${MIRROR} ${_DISTRIBUTION}-backports ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+			echo "deb-src ${MIRROR} ${_DISTRIBUTION}-backports ${LB_ARCHIVE_AREAS}" >> "${LIST_FILE}"
+		fi
+	fi
+
+	# Disable deb-src entries?
+	if [ "${_PASS}" != "source" ] && [ "${LB_APT_SOURCE_ARCHIVES}" != "true" ]; then
+		sed -i "s/^deb-src/#deb-src/g" "${PARENT_LIST_FILE}"
+		if [ "${LB_DERIVATIVE}" = "true" ]; then
+			sed -i "s/^deb-src/#deb-src/g" "${LIST_FILE}"
+		fi
+	fi
+}

functions/stagefile.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -8,31 +9,77 @@
 ## under certain conditions; see COPYING for details.
 
 
+Stagefiles_dir ()
+{
+	echo ".build"
+}
+
+# Get the default filename for a script's stagefile (the name of the script
+# file itself). A suffix can be appended via providing as a param.
+Stagefile_name ()
+{
+	local SUFFIX="${1}"
+	local FILENAME
+	FILENAME="$(basename $0)"
+	echo ${FILENAME}${SUFFIX:+.$SUFFIX}
+}
+
+Stagefile_exists ()
+{
+	if [ -f ".build/${1:-$(Stagefile_name)}" ]; then
+		return 0
+	fi
+	return 1
+}
+
 Check_stagefile ()
 {
-	FILE="${1}"
-	NAME="$(basename ${1})"
+	local FILE
+	local NAME
+	FILE=".build/${1:-$(Stagefile_name)}"
+	NAME="$(basename ${FILE})"
 
 	# Checking stage file
-	if [ -f "${FILE}" ]
-	then
-		if [ "${_FORCE}" != "true" ]
-		then
-			# Skipping execution
-			Echo_warning "skipping %s, already done" "${NAME}"
+	if [ -f "${FILE}" ]; then
+		if [ "${_FORCE}" != "true" ]; then
+			# Skip execution
+			Echo_warning "Skipping %s, already done" "${NAME}"
 			exit 0
 		else
-			# Forcing execution
-			Echo_message "forcing %s" "${NAME}"
+			# Force execution
+			Echo_message "Forcing %s" "${NAME}"
 			rm -f "${FILE}"
 		fi
 	fi
 }
 
+# Used by chroot preparation scripts in removal mode
+Ensure_stagefile_exists ()
+{
+	local FILE
+	local NAME
+	FILE=".build/${1:-$(Stagefile_name)}"
+	NAME="$(basename ${FILE})"
+
+	# Checking stage file
+	if [ ! -f "${FILE}" ]; then
+		if [ "${_FORCE}" != "true" ]; then
+			# Skip execution
+			Echo_warning "Skipping removal of %s, it is not applied" "${NAME}"
+			exit 0
+		else
+			# Force execution
+			Echo_message "Forcing %s" "${NAME}"
+		fi
+	fi
+}
+
 Create_stagefile ()
 {
-	FILE="${1}"
-	DIRECTORY="$(dirname ${1})"
+	local FILE
+	local DIRECTORY
+	FILE=".build/${1:-$(Stagefile_name)}"
+	DIRECTORY="$(dirname ${FILE})"
 
 	# Creating stage directory
 	mkdir -p "${DIRECTORY}"
@@ -41,31 +88,37 @@ Create_stagefile ()
 	touch "${FILE}"
 }
 
-Require_stagefile ()
+Remove_stagefile ()
 {
-	NAME="$(basename ${0})"
-	FILES="${@}"
-	NUMBER="$(echo ${@} | wc -w)"
+	local FILE
+	FILE=".build/${1:-$(Stagefile_name)}"
+	rm -f "${FILE}"
+}
 
-	for FILE in ${FILES}
-	do
-		# Find at least one of the required stages
-		if [ -f ${FILE} ]
-		then
-			CONTINUE="true"
-			NAME="${NAME} $(basename ${FILE})"
+# Ensure that all specified stagefiles exist (and thus that all associated stages are complete)
+Require_stagefiles ()
+{
+	if [ $# -eq 0 ]; then
+		Echo_warning "Bad 'Require_stagefiles' usage, no params were supplied"
+		return 0
+	fi
+
+	local FILE
+	local MISSING=""
+	local MISSING_COUNT=0
+	for FILE in "${@}"; do
+		if [ ! -f ".build/${FILE}" ]; then
+			MISSING_COUNT=$(( $MISSING_COUNT + 1 ))
+			MISSING="${MISSING:+$MISSING }${FILE}"
 		fi
 	done
-
-	if [ "${CONTINUE}" != "true" ]
-	then
-		if [ "${NUMBER}" -eq 1 ]
-		then
-			Echo_error "%s: %s missing" "${NAME}" "${FILE}"
-		else
-			Echo_error "%s: one of %s is missing" "${NAME}" "${FILES}"
-		fi
-
-		exit 1
+	if [ $MISSING_COUNT -eq 0 ]; then
+		return 0
+	elif [ $MISSING_COUNT -eq 1 ]; then
+		Echo_error "the following stage is required to be done first: %s" "${MISSING}"
+	else
+		Echo_error "the following stages are required to be completed first: %s" "${MISSING}"
 	fi
+
+	exit 1
 }

functions/usage.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,22 +11,32 @@
 
 Usage ()
 {
-	printf "%s - %s\n" "${PROGRAM}" "${DESCRIPTION}"
-	echo
-	Echo "Usage:"
-	echo
+	echo "${PROGRAM_NAME} - ${DESCRIPTION}"
+	printf "\nUsage:\n\n"
 
-	if [ -n "${USAGE}" ]
-	then
-		Echo " ${USAGE}"
-		echo
+	if [ -n "${USAGE}" ]; then
+		# printf without placeholder required here for correct \t and \n formatting of `lb config` usage string
+		printf "  ${USAGE}\n"
 	fi
 
-	printf "  %s [-h|--help]\n" "${PROGRAM}"
-	printf "  %s [-u|--usage]\n" "${PROGRAM}"
-	printf "  %s [-v|--version]\n" "${PROGRAM}"
+	echo "  ${PROGRAM} [-h|--help]"
+	echo "  ${PROGRAM} [-u|--usage]"
+	echo "  ${PROGRAM} [-v|--version]"
 	echo
-	Echo "Try \"%s --help\" for more information." "${PROGRAM}"
+	echo "Try \"${PROGRAM} --help\" for more information."
 
-	exit 1
+	case $1 in
+		--fail)
+			exit 1
+			;;
+		--exit)
+			exit 0
+			;;
+		"")
+			:
+			;;
+		*)
+			Echo_error "Unexpected parameter to Usage(): $1"
+			;;
+	esac
 }

functions/wrapper.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - System Build Scripts
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -10,16 +11,16 @@
 
 Apt ()
 {
-	CHROOT="${1}"
+	local CHROOT="${1}"
 	shift
 
 	case "${LB_APT}" in
 		apt|apt-get)
-			Chroot ${CHROOT} apt-get ${APT_OPTIONS} ${@}
+			Chroot ${CHROOT} apt-get ${APT_OPTIONS} "${@}"
 			;;
 
 		aptitude)
-			Chroot ${CHROOT} aptitude ${APTITUDE_OPTIONS} ${@}
+			Chroot ${CHROOT} aptitude ${APTITUDE_OPTIONS} "${@}"
 			;;
 	esac
 }

manpages/.gitignore

@@ -0,0 +1,3 @@
+po4a.cfg
+fr/
+ja/

manpages/Makefile

@@ -42,12 +42,12 @@ build: check po4a.cfg
 	@if [ ! -x "$$(which po4a 2>/dev/null)" ]; \
 	then \
 		echo "E: po4a - command not found"; \
-		echo "I: po4a can be obtained from http://po4a.alioth.debian.org/"; \
+		echo "I: po4a can be obtained from https://po4a.org"; \
 		echo "I: On Debian based systems, po4a can be installed with 'apt-get install po4a'."; \
 		exit 1; \
 	fi
 
-	po4a --keep 0 --package-name live-build --package-version $(shell cat ../VERSION) po4a.cfg
+	po4a --copyright-holder "Debian Live Project" --keep 0 --package-name live-build --package-version $(shell cd .. && dpkg-parsechangelog -S Version) po4a.cfg
 
 clean:
 	rm -f po/*/*.po~
@@ -57,3 +57,5 @@ distclean: clean
 	rm -rf $(LANGUAGES)
 
 rebuild: distclean update build
+
+.PHONY: all update check build clean distclean rebuild

manpages/bin/update-version.sh

@@ -1,6 +1,7 @@
 #!/bin/sh
 
 ## live-build(7) - Live System Build Components
+## Copyright (C) 2016-2020 The Debian Live team
 ## Copyright (C) 2006-2015 Daniel Baumann <mail@daniel-baumann.ch>
 ##
 ## This program comes with ABSOLUTELY NO WARRANTY; for details see COPYING.
@@ -11,13 +12,14 @@
 set -e
 
 PROGRAM="LIVE\\\-BUILD"
-VERSION="$(cat ../VERSION)"
+VERSION="$(cd .. && dpkg-parsechangelog -S Version)"
+RELEASE_DATE="$(cd .. && dpkg-parsechangelog -S Timestamp)"
 
-DATE="$(LC_ALL=C date +%Y\\\\-%m\\\\-%d)"
+DATE="$(LC_ALL=C date --utc --date="@${RELEASE_DATE}" +%Y\\\\-%m\\\\-%d)"
 
-DAY="$(LC_ALL=C date +%d)"
-MONTH="$(LC_ALL=C date +%m)"
-YEAR="$(LC_ALL=C date +%Y)"
+DAY="$(LC_ALL=C date --utc --date="@${RELEASE_DATE}" +%d)"
+MONTH="$(LC_ALL=C date --utc --date="@${RELEASE_DATE}" +%m)"
+YEAR="$(LC_ALL=C date --utc --date="@${RELEASE_DATE}" +%Y)"
 
 echo "Updating version headers..."
 
@@ -25,7 +27,7 @@ for MANPAGE in en/*
 do
 	SECTION="$(basename ${MANPAGE} | awk -F. '{ print $2 }')"
 
-	sed -i -e "s|^.TH.*$|.TH ${PROGRAM} ${SECTION} ${DATE} ${VERSION} \"Live Systems Project\"|" ${MANPAGE}
+	sed -i -e "s|^.TH.*$|.TH ${PROGRAM} ${SECTION} ${DATE} ${VERSION} \"Debian Live Project\"|" ${MANPAGE}
 done
 
 # European date format

manpages/en/lb.1

@@ -1,17 +1,15 @@
-.TH LIVE\-BUILD 1 2015\-05\-04 5.0~a6-1 "Live Systems Project"
+.TH LIVE\-BUILD 1 2020\-03\-30 1:20191222 "Debian Live Project"
 
 .SH NAME
 \fBlb\fR \- wrapper for live\-build programs
 
 .SH SYNOPSIS
-\fBlb\fR COMMAND [COMMAND_OPTIONS]
+\fBlb\fR \fICOMMAND\fR [\fICOMMAND_OPTIONS\fR]
 .PP
-\fBlb\fR [\fIlive\-build\ options\fR]
+\fBlb\fR [\fIOPTIONS\fR]
 
 .SH DESCRIPTION
-\fBlb\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the live systems tool suite.
-.PP
-.\" FIXME
+\fBlb\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
 
 .SH OPTIONS
 \fBlb\fR has no specific options but understands all generic live\-build options. See \fIlive\-build\fR(7) for a complete list of all generic live\-build options.
@@ -25,10 +23,10 @@
 This program is a part of live\-build.
 
 .SH HOMEPAGE
-More information about live\-build and the Live Systems project can be found on the homepage at <\fIhttp://live-systems.org/\fR> and in the manual at <\fIhttp://live-systems.org/manual/\fR>.
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
 
 .SH BUGS
-Bugs can be reported by submitting a bugreport for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Live Systems mailing list at <\fIdebian-live@lists.debian.org\fR>.
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
 
 .SH AUTHOR
-live\-build was written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>.
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.

manpages/en/lb_binary.1

@@ -1,13 +1,13 @@
-.TH LIVE\-BUILD 1 2015\-05\-04 5.0~a6-1 "Live Systems Project"
+.TH LIVE\-BUILD 1 2020\-03\-30 1:20191222 "Debian Live Project"
 
 .SH NAME
-\fBlb binary\fR \- Complete the binary stage
+\fBlb_binary\fR \- Complete the binary stage
 
 .SH SYNOPSIS
-\fBlb binary\fR [\fIlive\-build options\fR]
+\fBlb binary\fR [\fIOPTIONS\fR]
 
 .SH DESCRIPTION
-\fBlb binary\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the live systems tool suite.
+\fBlb binary\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
 .PP
 \fBlb binary\fR calls all necessary live\-build programs in the correct order to complete the binary stage.
 
@@ -23,10 +23,10 @@
 This program is a part of live\-build.
 
 .SH HOMEPAGE
-More information about live\-build and the Live Systems project can be found on the homepage at <\fIhttp://live-systems.org/\fR> and in the manual at <\fIhttp://live-systems.org/manual/\fR>.
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
 
 .SH BUGS
-Bugs can be reported by submitting a bugreport for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Live Systems mailing list at <\fIdebian-live@lists.debian.org\fR>.
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
 
 .SH AUTHOR
-live\-build was written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>.
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.

manpages/en/lb_bootstrap.1

@@ -1,13 +1,13 @@
-.TH LIVE\-BUILD 1 2015\-05\-04 5.0~a6-1 "Live Systems Project"
+.TH LIVE\-BUILD 1 2020\-03\-30 1:20191222 "Debian Live Project"
 
 .SH NAME
-\fBlb bootstrap\fR \- Complete the bootstrap stage
+\fBlb_bootstrap\fR \- Complete the bootstrap stage
 
 .SH SYNOPSIS
-\fBlb bootstrap\fR [\fIlive\-build options\fR]
+\fBlb bootstrap\fR [\fIOPTIONS\fR]
 
 .SH DESCRIPTION
-\fBlb bootstrap\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the live systems tool suite.
+\fBlb bootstrap\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
 .PP
 \fBlb bootstrap\fR calls all necessary live\-build programs in the correct order to complete the bootstrap stage.
 
@@ -23,10 +23,10 @@
 This program is a part of live\-build.
 
 .SH HOMEPAGE
-More information about live\-build and the Live Systems project can be found on the homepage at <\fIhttp://live-systems.org/\fR> and in the manual at <\fIhttp://live-systems.org/manual/\fR>.
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
 
 .SH BUGS
-Bugs can be reported by submitting a bugreport for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Live Systems mailing list at <\fIdebian-live@lists.debian.org\fR>.
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
 
 .SH AUTHOR
-live\-build was written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>.
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.

manpages/en/lb_build.1

@@ -1,23 +1,21 @@
-.TH LIVE\-BUILD 1 2015\-05\-04 5.0~a6-1 "Live Systems Project"
+.TH LIVE\-BUILD 1 2020\-03\-30 1:20191222 "Debian Live Project"
 
 .SH NAME
-\fBlb build\fR \- Complete the bootstrap, chroot, binary, and source stages
+\fBlb_build\fR \- Complete the bootstrap, chroot, installer, binary, and source stages
 
 .SH SYNOPSIS
-\fBlb build\fR [\fIlive\-build options\fR]
+\fBlb build\fR [\fIOPTIONS\fR]
 
 .SH DESCRIPTION
-\fBlb build\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the live systems tool suite.
+\fBlb build\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
 .PP
-\fBlb build\fR calls all necessary live\-build programs in the correct order to complete the bootstrap, chroot, binary, and source stages.
+\fBlb build\fR calls all necessary live\-build programs in the correct order to complete the bootstrap, chroot, installer, binary, and source stages.
 
 .SH OPTIONS
 \fBlb build\fR has no specific options but understands all generic live\-build options. See \fIlive\-build\fR(7) for a complete list of all generic live\-build options.
 
 .SH FILES
-.\" FIXME
 .IP "\fBauto/build\fR" 4
-.\" FIXME
 
 .SH SEE ALSO
 \fIlive\-build\fR(7)
@@ -25,10 +23,10 @@
 This program is a part of live\-build.
 
 .SH HOMEPAGE
-More information about live\-build and the Live Systems project can be found on the homepage at <\fIhttp://live-systems.org/\fR> and in the manual at <\fIhttp://live-systems.org/manual/\fR>.
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
 
 .SH BUGS
-Bugs can be reported by submitting a bugreport for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Live Systems mailing list at <\fIdebian-live@lists.debian.org\fR>.
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
 
 .SH AUTHOR
-live\-build was written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>.
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.

manpages/en/lb_chroot.1

@@ -1,13 +1,13 @@
-.TH LIVE\-BUILD 1 2015\-05\-04 5.0~a6-1 "Live Systems Project"
+.TH LIVE\-BUILD 1 2020\-03\-30 1:20191222 "Debian Live Project"
 
 .SH NAME
-\fBlb chroot\fR \- Complete the chroot stage
+\fBlb_chroot\fR \- Complete the chroot stage
 
 .SH SYNOPSIS
-\fBlb chroot\fR [\fIlive\-build options\fR]
+\fBlb chroot\fR [\fIOPTIONS\fR]
 
 .SH DESCRIPTION
-\fBlb chroot\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the live systems tool suite.
+\fBlb chroot\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
 .PP
 \fBlb chroot\fR calls all necessary live\-build programs in the correct order to complete the chroot stage.
 
@@ -23,10 +23,10 @@
 This program is a part of live\-build.
 
 .SH HOMEPAGE
-More information about live\-build and the Live Systems project can be found on the homepage at <\fIhttp://live-systems.org/\fR> and in the manual at <\fIhttp://live-systems.org/manual/\fR>.
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
 
 .SH BUGS
-Bugs can be reported by submitting a bugreport for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Live Systems mailing list at <\fIdebian-live@lists.debian.org\fR>.
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
 
 .SH AUTHOR
-live\-build was written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>.
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.

manpages/en/lb_clean.1

@@ -1,22 +1,19 @@
-.TH LIVE\-BUILD 1 2015\-05\-04 5.0~a6-1 "Live Systems Project"
+.TH LIVE\-BUILD 1 2020\-03\-30 1:20191222 "Debian Live Project"
 
 .SH NAME
-\fBlb clean\fR \- Clean build directory
+\fBlb_clean\fR \- Clean build directory
 
 .SH SYNOPSIS
-\fBlb clean\fR [\fIlive\-build options\fR]
+\fBlb clean\fR [\fIOPTIONS\fR]
 
 .SH DESCRIPTION
-\fBlb clean\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the live systems tool suite.
+\fBlb clean\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
 .PP
-.\" FIXME
 \fBlb clean\fR is responsible for cleaning up after a system is built. It removes the build directories, and removes some other files including stage files, and any detritus left behind by other live\-build commands.
-.\" FIXME
 
 .SH OPTIONS
 In addition to its specific options \fBlb clean\fR understands all generic live\-build options. See \fIlive\-build\fR(7) for a complete list of all generic live\-build options.
 .PP
-.\" FIXME
 .IP "\fB\-\-all\fR" 4
 removes chroot, binary, stage, and source. The cache directory is kept. This is the default operation and will be performed if no argument is given.
 .IP "\fB\-\-cache\fR" 4
@@ -33,12 +30,9 @@ removes everything, including package cache but not stage cache. The config dire
 removes all stage files.
 .IP "\fB\-\-source\fR" 4
 removes all source related caches, files, directories, and stage files.
-.\" FIXME
 
 .SH FILES
-.\" FIXME
 .IP "\fBauto/clean\fR" 4
-.\" FIXME
 
 .SH SEE ALSO
 \fIlive\-build\fR(7)
@@ -46,10 +40,10 @@ removes all source related caches, files, directories, and stage files.
 This program is a part of live\-build.
 
 .SH HOMEPAGE
-More information about live\-build and the Live Systems project can be found on the homepage at <\fIhttp://live-systems.org/\fR> and in the manual at <\fIhttp://live-systems.org/manual/\fR>.
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
 
 .SH BUGS
-Bugs can be reported by submitting a bugreport for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Live Systems mailing list at <\fIdebian-live@lists.debian.org\fR>.
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
 
 .SH AUTHOR
-live\-build was written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>.
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.

manpages/en/lb_config.1

@@ -1,25 +1,20 @@
-.TH LIVE\-BUILD 1 2015\-05\-04 5.0~a6-1 "Live Systems Project"
+.TH LIVE\-BUILD 1 2020\-04\-27 1:20191222 "Debian Live Project"
 
 .SH NAME
-\fBlb config\fR \- Create config directory
+\fBlb_config\fR \- Create config directory
 
 .SH SYNOPSIS
-\fBlb config\fR [\fIlive\-build options\fR]
+\fBlb config\fR {\fB\-h\fR|\fB\-\-help\fR|\fB\-u\fR|\fB\-\-usage\fR|\fB\-v\fR|\fB\-\-version\fR}
 .PP
-.\" FIXME
 \fBlb config\fR
 .br
-	[\fB\-\-apt\fR apt|aptitude]
-.br
-	[\fB\-\-apt\-ftp\-proxy\fR \fIURL\fR]
+	[\fB\-\-apt\fR apt|apt-get|aptitude]
 .br
 	[\fB\-\-apt\-http\-proxy\fR \fIURL\fR]
 .br
 	[\fB\-\-apt\-indices\fR true|false]
 .br
 	[\fB\-\-apt\-options\fR \fIOPTION\fR|"\fIOPTIONS\fR"]
-.br
-	[\fB\-\-aptitude\-options\fR \fIOPTION\fR|"\fIOPTIONS\fR"]
 .br
 	[\fB\-\-apt\-pipeline\fR \fIDEPTH\fR]
 .br
@@ -29,17 +24,35 @@
 .br
 	[\fB\-\-apt\-source\-archives\fR true|false]
 .br
-	[\-a|\fB\-\-architectures\fR \fIARCHITECTURE\fR]
+	[\fB\-\-aptitude\-options\fR \fIOPTION\fR|"\fIOPTIONS\fR"]
 .br
-	[\-b|\fB\-\-binary\-images\fR iso|iso\-hybrid|netboot|tar|hdd]
+	[\fB\-a\fR|\fB\-\-architecture\fR \fIARCHITECTURE\fR]
 .br
-	[\fB\-\-binary\-filesystem\fR fat16|fat32|ext2|ext3|ext4]
+	[\fB\-\-archive\-areas\fR \fIARCHIVE_AREA\fR|"\fIARCHIVE_AREAS\fR"]
 .br
-	[\fB\-\-bootappend\-install\fR \fIPARAMETER\fR|\fI"PARAMETERS"\fR]
+	[\fB\-\-backports\fR true|false]
 .br
-	[\fB\-\-bootappend\-live\fR \fIPARAMETER\fR|\fI"PARAMETERS"\fR]
+	[\fB\-\-binary\-filesystem\fR fat16|fat32|ext2|ext3|ext4|ntfs]
 .br
-	[\fB\-\-bootloader\fR grub|grub2|syslinux]
+	[\fB\-b\fR|\fB\-\-binary\-image\fR iso|iso\-hybrid|netboot|tar|hdd]
+.br
+	[\fB\-\-bootappend\-install\fR \fIPARAMETER\fR|"\fIPARAMETERS\fR"]
+.br
+	[\fB\-\-bootappend\-live\fR \fIPARAMETER\fR|"\fIPARAMETERS\fR"]
+.br
+	[\fB\-\-bootappend\-live\-failsafe\fR \fIPARAMETER\fR|"\fIPARAMETERS\fR"]
+.br
+	[\fB\-\-bootloaders\fR grub-legacy|grub-pc|syslinux|grub-efi|"\fIBOOTLOADERS\fR"]
+.br
+	[\fB\-\-bootstrap\-qemu\-arch\fR \fIARCH\fR]
+.br
+	[\fB\-\-bootstrap\-qemu\-exclude\fR \fIPACKAGE\fR|"\fIPACKAGES\fR"]
+.br
+	[\fB\-\-bootstrap\-qemu\-static\fR \fIPATH\fR]
+.br
+	[\fB\-\-breakpoints\fR]
+.br
+	[\fB\-\-build\-with\-chroot\fR true|false]
 .br
 	[\fB\-\-cache\fR true|false]
 .br
@@ -47,69 +60,83 @@
 .br
 	[\fB\-\-cache\-packages\fR true|false]
 .br
-	[\fB\-\-cache\-stages\fR \fISTAGE\fR|\fI"STAGES"\fR]
+	[\fB\-\-cache\-stages\fR bootstrap|chroot|rootfs|"\fISTAGES\fR"]
 .br
-	[\fB\-\-checksums\fR md5|sha1|sha256|none]
+	[\fB\-\-checksums\fR md5|sha1|sha224|sha256|sha384|sha512|none]
 .br
-	[\fB\-\-compression\fR bzip2|gzip|lzip|none]
+	[\fB\-\-chroot\-filesystem\fR ext2|ext3|ext4|squashfs|jffs2|none|plain]
 .br
-	[\fB\-\-config\fR \fIGIT_URL::GIT_ID\fR]
+	[\fB\-\-chroot\-squashfs\-compression\-level\fR LEVEL]
 .br
-	[\fB\-\-build\-with\-chroot\fR true|false]
-.br
-	[\fB\-\-chroot\-filesystem\fR ext2|ext3|ext4|squashfs|jffs2|none]
+	[\fB\-\-chroot\-squashfs\-compression\-type\fR gzip|lzma|lzo|lz4|xz|zstd]
 .br
 	[\fB\-\-clean\fR]
 .br
-	[\-c|\fB\-\-conffile\fR \fIFILE\fR]
+	[\fB\-\-color\fR]
+.br
+	[\fB\-\-compression\fR bzip2|gzip|lzip|xz|none]
+.br
+	[\fB\-c\fR|\fB\-\-conffile\fR \fIFILE\fR]
+.br
+	[\fB\-\-config\fR \fIGIT_URL\fR::\fIGIT_BRANCH\fR]
 .br
 	[\fB\-\-debconf\-frontend\fR dialog|editor|noninteractive|readline]
 .br
 	[\fB\-\-debconf\-priority\fR low|medium|high|critical]
 .br
-	[\fB\-\-debian\-installer\fR true|cdrom|netinst|netboot|businesscard|live|false]
+	[\fB\-\-debian\-installer\fR cdrom|netinst|netboot|businesscard|live|none]
 .br
-	[\fB\-\-debian\-installer\-distribution\fR daily|\fICODENAME\fR]
-.br
-	[\fB\-\-debian\-installer\-preseedfile\fR \fIFILE\fR|\fIURL\fR]
+	[\fB\-\-debian\-installer\-distribution\fR daily|git|\fICODENAME\fR]
 .br
 	[\fB\-\-debian\-installer\-gui\fR true|false]
+.br
+	[\fB\-\-debian\-installer\-preseedfile\fR \fIFILE\fR|\fIURL\fR]
+.br
+	[\fB\-\-debootstrap\-options\fR \fIOPTION\fR|"\fIOPTIONS\fR"]
+.br
+	[\fB\-\-debootstrap\-script\fR \fISCRIPT\fR]
 .br
 	[\fB\-\-debug\fR]
 .br
-	[\-d|\fB\-\-distribution\fR \fICODENAME\fR]
+	[\fB\-d\fR|\fB\-\-distribution\fR \fICODENAME\fR]
 .br
-	[\fB\-\-parent\-distribution\fR \fICODENAME\fR]
+	[\fB\-\-distribution\-chroot\fR \fICODENAME\fR]
 .br
-	[\fB\-\-parent\-debian\-installer\-distribution\fR \fICODENAME\fR]
+	[\fB\-\-distribution\-binary\fR \fICODENAME\fR]
+.br
+	[\fB\-\-dm\-verity\fR]
+.br
+	[\fB\-\-dm\-verity\-fec\fR \fINB_ROOTS\fR]
+.br
+	[\fB\-\-dm\-verity\-sign\fR \fISIGN_SCRIPT\fR]
 .br
 	[\fB\-\-dump\fR]
 .br
-	[\fB\-\-fdisk\fR fdisk|fdisk.dist]
+	[\fB\-\-firmware\-binary\fR true|false]
 .br
-	[\fB\-\-firmware\-binary true|false\fR]
-.br
-	[\fB\-\-firmware\-chroot true|false\fR]
+	[\fB\-\-firmware\-chroot\fR true|false]
 .br
 	[\fB\-\-force\fR]
-.br
-	[\fB\-\-grub\-splash\fR \fIFILE\fR]
 .br
 	[\fB\-\-gzip\-options\fR \fIOPTION\fR|"\fIOPTIONS\fR"]
 .br
-	[\fB\-\-hooks\fR \fIFILE\fR]
+	[\fB\-\-hdd\-label\fR \fILABEL\fR]
+.br
+	[\fB\-\-hdd\-partition\-start\fR \fISTART\fR]
+.br
+	[\fB\-\-hdd\-size\fR \fISIZE\fR]
 .br
 	[\fB\-\-ignore\-system\-defaults\fR]
 .br
-	[\fB\-\-initramfs\fR auto|none|live\-boot|casper]
+	[\fB\-\-image\-name\fR \fINAME\fR]
+.br
+	[\fB\-\-initramfs\fR none|live\-boot|dracut\-live]
 .br
 	[\fB\-\-initramfs\-compression\fR bzip2|gzip|lzma]
 .br
-	[\fB\-\-initsystem\fR sysvinit|runit|systemd|upstart|none]
+	[\fB\-\-initsystem\fR sysvinit|systemd|none]
 .br
-	[\fB\-\-interactive\fR shell]
-.br
-	[\fB\-\-isohybrid\-options\fR \fIOPTION\fR|"\fIOPTIONS\fR"]
+	[\fB\-\-interactive\fR true|shell|x11|xnest|false]
 .br
 	[\fB\-\-iso\-application\fR \fINAME\fR]
 .br
@@ -121,350 +148,328 @@
 .br
 	[\fB\-\-jffs2\-eraseblock\fR \fISIZE\fR]
 .br
-	[\fB\-\-keyring\-packages\fR \fIPACKAGE\fI|\fI"PACKAGES"\fR]
+	[\fB\-\-keyring\-packages\fR \fIPACKAGE\fR|"\fIPACKAGES\fR"]
 .br
-	[\-k|\fB\-\-linux\-flavours\fR \fIFLAVOUR\fR|\fI"FLAVOURS"\fR]
+	[\fB\-k\fR|\fB\-\-linux\-flavours\fR \fIFLAVOUR\fR|"\fIFLAVOURS\fR"]
 .br
-	[\fB\-\-linux\-packages\fR \fI"PACKAGES"\fR]
+	[\fB\-\-linux\-packages\fR \fIPACKAGE\fR|"\fIPACKAGES\fR"]
 .br
-	[\fB\-\-losetup\fR losetup|losetup.orig]
+	[\fB\-\-loadlin\fR true|false]
 .br
 	[\fB\-\-memtest\fR memtest86+|memtest86|none]
 .br
-	[\-m|\fB\-\-parent\-mirror\-bootstrap\fR \fIURL\fR]
+	[\fB\-\-mirror\-binary\fR \fIURL\fR]
 .br
-	[\fB\-\-parent\-mirror\-chroot\fR \fIURL\fR]
-.br
-	[\fB\-\-parent\-mirror\-chroot\-security\fR \fIURL\fR]
-.br
-	[\fB\-\-parent\-mirror\-chroot\-updates\fR \fIURL\fR]
-.br
-	[\fB\-\-parent\-mirror\-chroot\-backports\fR \fIURL\fR]
-.br
-	[\fB\-\-parent\-mirror\-binary\fR \fIURL\fR]
-.br
-	[\fB\-\-parent\-mirror\-binary\-security\fR \fIURL\fR]
-.br
-	[\fB\-\-parent\-mirror\-binary\-updates\fR \fIURL\fR]
-.br
-	[\fB\-\-parent\-mirror\-binary\-backports\fR \fIURL\fR]
-.br
-	[\fB\-\-parent\-mirror\-debian\-installer\fR \fIURL\fR]
+	[\fB\-\-mirror\-binary\-security\fR \fIURL\fR]
 .br
 	[\fB\-\-mirror\-bootstrap\fR \fIURL\fR]
 .br
 	[\fB\-\-mirror\-chroot\fR \fIURL\fR]
 .br
 	[\fB\-\-mirror\-chroot\-security\fR \fIURL\fR]
-.br
-	[\fB\-\-mirror\-chroot\-updates\fR \fIURL\fR]
-.br
-	[\fB\-\-mirror\-chroot\-backports\fR \fIURL\fR]
-.br
-	[\fB\-\-mirror\-binary\fR \fIURL\fR]
-.br
-	[\fB\-\-mirror\-binary\-security\fR \fIURL\fR]
-.br
-	[\fB\-\-mirror\-binary\-updates\fR \fIURL\fR]
-.br
-	[\fB\-\-mirror\-binary\-backports\fR \fIURL\fR]
 .br
 	[\fB\-\-mirror\-debian\-installer\fR \fIURL\fR]
 .br
-	[\fB\-\-mode\fR debian|progress-linux|ubuntu]
-.br
-	[\fB\-\-system\fR live|normal]
-.br
-	[\fB\-\-net\-root\-filesystem\fR nfs|cfs]
-.br
-	[\fB\-\-net\-root\-mountoptions\fR \fIOPTIONS\fR]
-.br
-	[\fB\-\-net\-root\-path\fR \fIPATH\fR]
-.br
-	[\fB\-\-net\-root\-server\fR \fIIP\fR|\fIHOSTNAME\fR]
-.br
-	[\fB\-\-net\-cow\-filesystem\fR nfs|cfs]
-.br
-	[\fB\-\-net\-cow\-mountoptions\fR \fIOPTIONS\fR]
-.br
-	[\fB\-\-net\-cow\-path\fR \fIPATH\fR]
-.br
-	[\fB\-\-net\-cow\-server\fR \fIIP\fR|\fIHOSTNAME\fR]
+	[\fB\-\-mode\fR debian]
 .br
 	[\fB\-\-net\-tarball\fR true|false]
+.br
+	[\fB\-\-no\-color\fR]
+.br
+	[\fB\-\-onie\fR true|false]
+.br
+	[\fB\-\-onie\-kernel\-cmdline\fR \fIOPTION\fR|"\fIOPTIONS\fR"]
+.br
+	[\fB\-\-parent\-archive\-areas\fR \fIARCHIVE_AREA\fR|"\fIARCHIVE_AREAS\fR"]
+.br
+	[\fB\-\-parent\-debian\-installer\-distribution\fR daily|git|\fICODENAME\fR]
+.br
+	[\fB\-\-parent\-distribution\fR \fICODENAME\fR]
+.br
+	[\fB\-\-parent\-distribution\-chroot\fR \fICODENAME\fR]
+.br
+	[\fB\-\-parent\-distribution\-binary\fR \fICODENAME\fR]
+.br
+	[\fB\-\-parent\-mirror\-binary\fR \fIURL\fR]
+.br
+	[\fB\-\-parent\-mirror\-binary\-security\fR \fIURL\fR]
+.br
+	[\fB\-m\fR|\fB\-\-parent\-mirror\-bootstrap\fR \fIURL\fR]
+.br
+	[\fB\-\-parent\-mirror\-chroot\fR \fIURL\fR]
+.br
+	[\fB\-\-parent\-mirror\-chroot\-security\fR \fIURL\fR]
+.br
+	[\fB\-\-parent\-mirror\-debian\-installer\fR \fIURL\fR]
 .br
 	[\fB\-\-quiet\fR]
-.br
-	[\fB\-\-archive\-areas\fR \fIARCHIVE_AREA\fR|\fI"ARCHIVE_AREAS"\fR]
-.br
-	[\fB\-\-parent\-archive\-areas\fR \fIPARENT_ARCHIVE_AREA\fR|\fI"PARENT_ARCHIVE_AREAS"\fR]
 .br
 	[\fB\-\-security\fR true|false]
 .br
 	[\fB\-\-source\fR true|false]
 .br
-	[\-s|\fB\-\-source\-images\fR iso|netboot|tar|hdd]
+	[\fB\-s\fR|\fB\-\-source\-images\fR iso|netboot|tar|hdd|"\fIIMAGES\fR"]
 .br
-	[\fB\-\-tasksel\fR apt|aptitude|tasksel]
+	[\fB\-\-swap\-file\-path\fR \fIPATH\fR]
 .br
-	[\fB\-\-templates\fR \fIPATH\fR]
+	[\fB\-\-swap\-file\-size\fR \fIMB\fR]
 .br
-	[\fB\-\-hdd\-size \fIMB\fR]
+	[\fB\-\-system\fR live|normal]
+.br
+	[\fB\-\-uefi\-secure\-boot\fR auto|enable|disable]
 .br
 	[\fB\-\-updates\fR true|false]
 .br
-	[\fB\-\-backports\fR true|false]
+	[\fB\-\-utc\-time\fR true|false]
+.br
+	[\fB\-\-validate\fR]
 .br
 	[\fB\-\-verbose\fR]
 .br
-	[\fB\-\-win32\-loader true|false]
-.\" FIXME
+	[\fB\-\-win32\-loader\fR true|false]
+.br
+	[\fB\-\-zsync\fR true|false]
 
 .SH DESCRIPTION
-\fBlb config\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the live systems tool suite.
+\fBlb config\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
 .PP
-.\" FIXME
-\fBlb config\fR populates the configuration directory for live\-build. By default, this directory is named 'config' and is created in the current directory where \fBlb config\fR was executed.
+\fBlb config\fR populates the configuration directory for live\-build. This directory is named 'config' and is created in the current directory where \fBlb config\fR was executed.
 .PP
-Note: Currently \fBlb config\fR tries to be smart and sets defaults for some options depending on the setting of other options (e.g. which linux packages to be used depending on if a wheezy system gets build or not). This means that when generating a new configuration, you should call \fBlb config\fR only once with all options specified. Calling it several times with only a subset of the options each can result in non working configurations. This is also caused by the fact that \fBlb config\fR called with one option only changes that option, and leaves everything else as is unless its not defined. However, \fBlb config\fR does warn about know impossible or likely impossible combinations that would lead to non working live systems. If unsure, remove config/{binary,bootstrap,chroot,common,source} and call \fBlb config\fR again.
-.\" FIXME
+Note: \fBlb config\fR tries to be smart and sets defaults for some options depending upon the settings of others. However, this only typically happens when no existing saved config exists, because values are only automatically set when not already defined (and running \fBlb config\fR involves loading any existing config). This means that when generating a new configuration, you should typically first ensure that any existing saved config files are removed (by deletion of \fBconfig/{binary,bootstrap,chroot,common,source}\fR), before then calling \fBlb config\fR just once with \fBall\fR necessary options specified. Calling it when an existing saved config exists risks ending up with a non\-working configuration, depending on the options changed, since in doing so other options may end up with different values than they otherwise might have had had automatic setting of them not been blocked by an existing saved value. In some cases invalid combinations will be noticed and reported as an error or warning, but this is not always the case and should not be relied upon.
 
 .SH OPTIONS
 In addition to its specific options \fBlb config\fR understands all generic live\-build options. See \fIlive\-build\fR(7) for a complete list of all generic live\-build options.
 .PP
-.\" FIXME
-.IP "\fB\-\-apt\fR apt|aptitude" 4
+.IP "\fB\-\-apt\fR apt|apt-get|aptitude" 4
 defines if apt\-get or aptitude is used to install packages when building the image. The default is apt.
-.IP "\fB\-\-apt\-ftp\-proxy\fR \fIURL\fR" 4
-sets the ftp proxy to be used by apt. By default, this is empty. Note that this variable is only for the proxy that gets used by apt internally within the chroot, it is not used for anything else.
 .IP "\fB\-\-apt\-http\-proxy\fR \fIURL\fR" 4
-sets the http proxy to be used by apt. By default, this is empty. Note that this variable is only for the proxy that gets used by apt internally within the chroot, it is not used for anything else.
-.IP "\fB\-\-apt\-indices\fR true|false|none" 4
-defines if the resulting images should have apt indices or not and defaults to true. If set to none, no indices are included at all.
+sets the proxy for HTTP connections. By default, this is empty. It is recommended to use the environment variable \fBhttp_proxy\fR instead.
+.IP "\fB\-\-apt\-indices\fR true|false" 4
+defines if the resulting images should have apt indices or not and defaults to true.
 .IP "\fB\-\-apt\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4
-defines the default options that will be appended to every apt call that is made inside chroot during the building of the image. By default, this is set to \-\-yes to allow non-interactive installation of packages.
-.IP "\fB\-\-aptitude\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4
-defines the default options that will be appended to every aptitude call that is made inside chroot during building of the image. By default, this is set to \-\-assume\-yes to allow non-interactive installation of packages.
+defines the default options that will be appended to every apt call that is made inside chroot during the building of the image. By default, this is set to '\-\-yes' to allow non-interactive installation of packages.
 .IP "\fB\-\-apt\-pipeline\fR \fIDEPTH\fR" 4
-sets the depth of the apt/aptitude pipeline. In cases where the remote server is not RFC conforming or buggy (such as Squid 2.0.2) this option can be a value from 0 to 5 indicating how many outstanding requests APT should send. A value of zero MUST be specified if the remote host does not properly linger on TCP connections \- otherwise data corruption will occur. Hosts which require this are in violation of RFC 2068. By default, live\-build does not set this option.
+sets the depth of the apt/aptitude pipeline. In cases where the remote server is not RFC conforming or buggy (such as Squid 2.0.2) this option can be a value from 0 to 5 indicating how many outstanding requests apt should send. A value of zero MUST be specified if the remote host does not properly linger on TCP connections \- otherwise data corruption will occur. Hosts which require this are in violation of RFC 2068. By default, live\-build does not set this option.
 .IP "\fB\-\-apt\-recommends\fR true|false" 4
 defines if apt should install recommended packages automatically. By default, this is true.
 .IP "\fB\-\-apt\-secure\fR true|false" 4
 defines if apt should check repository signatures. This is true by default.
 .IP "\fB\-\-apt\-source\-archives\fR true|false" 4
-defines if deb-src entries should be included in the resulting live image or not, defaults to true.
-.IP "\-a|\fB\-\-architectures\fR \fIARCHITECTURE\fR" 4
-defines the architecture of the to be build image. By default, this is set to the host architecture. Note that you cannot crossbuild for another architecture if your host system is not able to execute binaries for the target architecture natively. For example, building amd64 images on i386 and vice versa is possible if you have a 64bit capable i386 processor and the right kernel. But building powerpc images on an i386 system is not possible.
-.IP "\-b|\fB\-\-binary\-images\fR iso|iso\-hybrid|netboot|tar|hdd" 4
-defines the image type to build. By default, for images using syslinux this is set to iso\-hybrid to build CD/DVD images that may also be used like hdd images, for non\-syslinux images, it defaults to iso.
-.IP "\fB\-\-binary\-filesystem\fR fat16|fat32|ext2|ext3|ext4" 4
-defines the filesystem to be used in the image type. This only has an effect if the selected binary image type does allow to choose a filesystem. For example, when selection iso the resulting CD/DVD has always the filesystem ISO9660. When building hdd images for usb sticks, this is active. Note that it defaults to fat16 on all architectures except sparc where it defaults to ext4. Also note that if you choose fat16 and your resulting binary image gets bigger than 2GB, the binary filesystem automatically gets switched to fat32.
+defines if deb-src entries should be included in the resulting live image's apt sources.list or not, defaults to true.
+.IP "\fB\-\-aptitude\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4
+defines the default options that will be appended to every aptitude call that is made inside chroot during building of the image. By default, this is set to '\-\-assume\-yes' to allow non-interactive installation of packages.
+.IP "\fB\-a\fR|\fB\-\-architecture\fR \fIARCHITECTURE\fR" 4
+defines the architecture of the to be built image. By default, this is set to the host architecture. Note that you cannot crossbuild for another architecture if your host system is not able to execute binaries for the target architecture natively. For example, building amd64 images on i386 and vice versa is possible if you have a 64bit capable i386 processor and the right kernel. But building powerpc images on an i386 system is not possible.
+.IP "\fB\-\-archive\-areas\fR \fIARCHIVE_AREA\fR|""\fIARCHIVE_AREAS\fR""" 4
+defines which package archive areas (a comma or space separated list) of a debian package archive should be used for configured debian package mirrors. By default, this is set to main only. Remember to check the licenses of each package with respect to their redistributability in your juristiction when enabling contrib or non\-free with this mechanism.
+.IP "\fB\-\-backports\fR true|false" 4
+defines if debian backports package archives should be included in the image or not.
+.IP "\fB\-\-binary\-filesystem\fR fat16|fat32|ext2|ext3|ext4|ntfs" 4
+defines the filesystem to be used in the image type. This only has an effect if the selected binary image type lets you choose a filesystem. For example, for the ISO image type the resulting CD/DVD always has the filesystem ISO9660. When building HDD images for USB sticks, multiple filesystem formats are supported, thus this becomes applicable to allow selection. Note that it defaults to 'fat32' on all architectures. Also note that if you choose 'fat16' and your resulting binary image gets bigger than 2GB, the binary filesystem automatically gets switched to 'fat32'.
+.IP "\fB\-b\fR|\fB\-\-binary\-image\fR iso|iso\-hybrid|netboot|tar|hdd" 4
+defines the image type to build. By default, for images using syslinux, this is set to 'iso\-hybrid' to build CD/DVD images that may also be used like HDD images, for non\-syslinux images, it defaults to 'iso'.
 .IP "\fB\-\-bootappend\-install\fR \fIPARAMETER\fR|""\fIPARAMETERS\fR""" 4
 sets boot parameters specific to debian\-installer, if included.
 .IP "\fB\-\-bootappend\-live\fR \fIPARAMETER\fR|""\fIPARAMETERS\fR""" 4
 sets boot parameters specific to debian\-live. A complete list of boot parameters can be found in the \fIlive\-boot\fR(7) and \fIlive\-config\fR(7) manual pages.
-.IP "\fB\-\-bootloader\fR grub|grub2|syslinux" 4
-defines which bootloader is being used in the generated image. This has only an effect if the selected binary image type does allow to choose the bootloader. For example, if you build a iso, always syslinux (or more precise, isolinux) is being used. Also note that some combinations of binary images types and bootloaders may be possible but live\-build does not support them yet. \fBlb config\fR will fail to create such a not yet supported configuration and give a explanation about it. For hdd images on amd64 and i386, the default is syslinux.
-.IP "\fB\-\-cache\fR true|false" 4
-defines globally if any cache should be used at all. Different caches can be controlled through the their own options.
-.IP "\fB\-\-cache\-indices\fR true|false" 4
-defines if downloaded package indices and lists should be cached which is false by default. Enabling it would allow to rebuild an image completely offline, however, you would not get updates anymore then.
-.IP "\fB\-\-cache\-packages\fR true|false" 4
-defines if downloaded packages files should be cached which is true by default. Disabling it does save space consumption in your build directory, but remember that you will cause much unnecessary traffic if you do a couple of rebuilds. In general you should always leave it true, however, in some particular rare build setups, it can be faster to refetch packages from the local network mirror rather than to utilize the local disk.
-.IP "\fB\-\-cache\-stages\fR true|false|\fISTAGE\fR|""\fISTAGES\fR""" 4
-sets which stages should be cached. By default set to bootstrap. As an exception to the normal stage names, also rootfs can be used here which does only cache the generated root filesystem in filesystem.{dir,ext*,squashfs}. This is useful during development if you want to rebuild the binary stage but not regenerate the root filesystem all the time.
-.IP "\fB\-\-checksums\fR md5|sha1|sha256|none" 4
-defines if the binary image should contain a file called md5sums.txt, sha1sums.txt and/or sha256sums.txt. These lists all files on the image together with their checksums. This in turn can be used by live\-boot's built\-in integrity\-check to verify the medium if specified at boot prompt. In general, this should not be false and is an important feature of live system released to the public. However, during development of very big images it can save some time by not calculating the checksums.
-.IP "\fB\-\-compression\fR bzip2|gzip|lzip|none" 4
-defines the compression program to be used to compress tarballs. Defaults to gzip.
-.IP "\fB\-\-config\fR \fIGIT_URL\fR::\fIGIT_ID\fR" 4
-allows to bootstrap a config tree from a git repositories, optionally appended by a Git Id (branch, commit, tag, etc.).
+.IP "\fB\-\-bootappend\-live\-failsafe\fR \fIPARAMETER\fR|""\fIPARAMETERS\fR""" 4
+sets boot parameters specific to debian\-live failsafe boot entries. A complete list of boot parameters can be found in the \fIlive\-boot\fR(7) and \fIlive\-config\fR(7) manual pages.
+.IP "\fB\-\-bootloaders\fR grub-legacy|grub-pc|syslinux|grub-efi|""\fIBOOTLOADERS\fR""" 4
+defines which bootloaders to use in the generated image. This only has an effect if the selected binary image type lets you choose the bootloader. For example, if you build an ISO then syslinux (or more precise, isolinux) is always used. Also note that not all combinations of binary image types and bootloaders are supported (\fBlb config\fR will fail to create such an unsupported configuration and will give a explanation about it). For HDD images on amd64 and i386, the default is 'syslinux'. This option supports more than one bootloader to be specified (space or comma separated) in order to allow for both BIOS and EFI bootloaders to be included, though note that only one of each type can be used (i.e. do not try to use two BIOS bootloaders).
+.IP "\fB\-\-bootstrap\-qemu\-arch\fR \fIARCH\fR" 4
+sets the architecture to use for foreign bootstrap. Defaults to empty.
+.IP "\fB\-\-bootstrap\-qemu\-exclude\fR \fIPACKAGE\fR|""\fIPACKAGES\fR""" 4
+sets the packages to exclude during foreign bootstrap. Defaults to empty.
+.IP "\fB\-\-bootstrap\-qemu\-static\fR \fIPATH\fR" 4
+sets the static qemu binary for foreign bootstrap. Defaults to empty.
+.IP "\fB\-\-breakpoints\fR" 4
+inserts pauses during the generation of the image, where breakpoints have been placed, if any (development oriented).
 .IP "\fB\-\-build\-with\-chroot\fR true|false" 4
-defines whether live\-build should use the tools from within the chroot to build the binary image or not by using and including the host system's tools. This is a very dangerous option, using the tools of the host system can lead to tainted and even non-bootable images if the host systems version of the required tools (mainly these are the bootloaders such as syslinux and grub, and the auxiliary tools such as dosfstools, xorriso, squashfs-tools and others) do not \fBexactly\fR match what is present at build-time in the target distribution. Never do disable this option unless you are \fBexactly\fR sure what you are doing and have \fBcompletely\fI understood its consequences.
-.IP "\fB\-\-chroot\-filesystem\fR ext2|ext3|ext4|squashfs|jffs2|none" 4
-defines which filesystem type should be used for the root filesystem image. If you use none, then no filesystem image is created and the root filesystem content is copied on the binary image filesystem as flat files. Depending on what binary filesystem you have chosen, it may not be possible to build with such a plain root filesystem, e.g. fat16/fat32 will not work as linux does not support to run directly on them.
+defines whether live\-build should use the tools from within the chroot to build the binary image or not by using and including the host system's tools. This is a very dangerous option, using the tools of the host system can lead to tainted and even non-bootable images if the host systems version of the required tools (mainly these are the bootloaders such as syslinux and grub, and the auxiliary tools such as dosfstools, xorriso, squashfs-tools and others) do not \fBexactly\fR match what is present at build-time in the target distribution. Never disable this option unless you are \fBexactly\fR sure what you are doing and have \fBcompletely\fR understood its consequences.
+.IP "\fB\-\-cache\fR true|false" 4
+defines globally if any cache should be used at all. Different caches can be controlled through their own options.
+.IP "\fB\-\-cache\-indices\fR true|false" 4
+defines if downloaded package indices and lists should be cached. This is false by default. Enabling it lets you rebuild an image completely offline, however, you would not get updates anymore then.
+.IP "\fB\-\-cache\-packages\fR true|false" 4
+defines if downloaded packages files should be cached. This is true by default. Disabling it does save space consumption in your build directory, but remember that you will cause much unnecessary traffic if you do a couple of rebuilds. In general you should always leave it true, however, in some particular rare build setups, it can be faster to refetch packages from the network mirror, if using a local one, rather than to utilize the local disk.
+.IP "\fB\-\-cache\-stages\fR bootstrap|chroot|rootfs|""\fISTAGES\fR""" 4
+sets which stages should be cached (a comma or space separated list). By default this is set to 'bootstrap'. As an exception to the normal stage names, 'rootfs' can also be used here which means only cache the generated root filesystem in filesystem.{dir,ext*,squashfs}. This is useful during development if you want to rebuild the binary stage but not regenerate the root filesystem all the time.
+.IP "\fB\-\-checksums\fR md5|sha1|sha224|sha256|sha384|sha512|none" 4
+defines if the binary image should contain a file called XXXsums.txt, where XXX is one of the mentioned checksum types. This file lists all files on the image together with their checksums. This in turn can be used by \fIlive\-boot\fR(7)'s built\-in integrity\-check to verify the medium if specified at boot prompt. In general, this should not be 'none' and is an important feature of live system released to the public. However, during development of very big images it can save some time by not calculating the checksums.
+.IP "\fB\-\-chroot\-filesystem\fR ext2|ext3|ext4|squashfs|jffs2|none|plain" 4
+defines which filesystem type should be used for the root filesystem image. If you use 'none' or 'plain', then no filesystem image is created and the root filesystem content is copied on the binary image filesystem as flat files. Depending on what binary filesystem you have chosen, it may not be possible to build with such a plain root filesystem, e.g. fat16/fat32 will not work as linux does not support running directly on them.
+.IP "\fB\-\-chroot\-squashfs\-compression\-level\fR LEVEL" 4
+defines the compression level that is used for the root filesystem image if squashfs is used. Each compression algorithm supports different levels (or none). You can look them up in the \fImksquashfs\fR help. Defaults to the default setting in \fImksquashfs\fR.
+.IP "\fB\-\-chroot\-squashfs\-compression\-type\fR gzip|lzma|lzo|lz4|xz|zstd" 4
+defines the compression algorithm that is used for the root filesystem image if squashfs is used. Defaults to xz.
 .IP "\fB\-\-clean\fR" 4
 minimizes config directory by automatically removing unused and thus empty subdirectories.
-.IP "\-c|\fB\-\-conffile\fR \fIFILE\fR" 4
-using a user specified alternative configuration file in addition to the normally used one in the config directory.
+.IP "\fB\-\-color\fR" 4
+turns on color in the messages.
+.IP "\fB\-\-compression\fR bzip2|gzip|lzip|xz|none" 4
+defines the compression program to be used to compress tarballs. Defaults to none.
+.IP "\fB\-c\fR|\fB\-\-conffile\fR \fIFILE\fR" 4
+defines a user specified alternative configuration file to use in addition to the normally used one in the config directory.
+.IP "\fB\-\-config\fR \fIGIT_URL\fR::\fIGIT_BRANCH\fR" 4
+bootstraps the config tree from a git repository, optionally appended by a Git ID (branch, commit, tag, etc.).
 .IP "\fB\-\-debconf\-frontend\fR dialog|editor|noninteractive|readline" 4
-defines what value the debconf frontend should be set to inside the chroot. Note that setting it to anything but noninteractive, which is the default, makes your build asking questions during the build.
+defines what value the debconf frontend should be set to inside the chroot. Note that setting it to anything but 'noninteractive', which is the default, makes your build asking questions during the build.
 .IP "\fB\-\-debconf\-priority\fR low|medium|high|critical" 4
 defines what value the debconf priority should be set to inside the chroot. By default, it is set to critical, which means that almost no questions are displayed. Note that this only has an effect if you use any debconf frontend different from noninteractive.
-.IP "\fB\-\-debian\-installer\fR true|cdrom|netinst|netboot|businesscard|live|false" 4
+.IP "\fB\-\-debian\-installer\fR cdrom|netinst|netboot|businesscard|live|none" 4
 defines which type, if any, of the debian\-installer should be included in the resulting binary image. By default, no installer is included. All available flavours except live are the identical configurations used on the installer media produced by regular debian\-cd. When live is chosen, the live\-installer udeb is included so that debian\-installer will behave different than usual \- instead of installing the debian system from packages from the medium or the network, it installs the live system to the disk.
-.IP "\fB\-\-debian\-installer\-distribution\fR daily|\fICODENAME\fR" 4
-defines the distribution where the debian\-installer files should be taken out from. Normally, this should be set to the same distribution as the live system. However, some times, one wants to use a newer or even daily built installer.
+.IP "\fB\-\-debian\-installer\-distribution\fR daily|git|\fICODENAME\fR" 4
+defines the distribution where the debian\-installer files should be taken out from. Normally, this should be set to the same distribution as the live system. However, sometimes, one wants to use a newer or even either the \fIdaily\fR built installer or the installer rebuilt from its \fIgit\fR repository.
+.IP "\fB\-\-debian\-installer\-gui\fR true|false" 4
+defines whether the graphical version of the debian\-installer should be provided alongside the text based one. This defaults to true.
 .IP "\fB\-\-debian\-installer\-preseedfile\fR \fIFILE\fR|\fIURL\fR" 4
 sets the filename or URL for an optionally used and included preseeding file for debian\-installer. If config/binary_debian\-installer/preseed.cfg exists, it will be used by default. 
-.IP "\fB\-\-debian\-installer\-gui\fR true|false" 4
-defines if the debian\-installer graphical GTK interface should be true or not. In Debian mode and for most versions of Ubuntu, this option is true, whereas otherwise false, by default.
+.IP "\fB\-\-debootstrap\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4
+passes the given options to debootstrap when setting up the base system.
+.IP "\fB\-\-debootstrap\-script\fR \fISCRIPT\fR" 4
+tells debootstrap to use an alternate bootstrap script (last parameter to debootstrap).
 .IP "\fB\-\-debug\fR" 4
-turn on debugging informational messages.
-.IP "\-d|\fB\-\-distribution\fR \fICODENAME\fR" 4
-defines the distribution of the resulting live system.
-.IP "\-d|\fB\-\-parent\-distribution\fR \fICODENAME\fR" 4
-defines the parent distribution for derivatives of the resulting live system.
-.IP "\-d|\fB\-\-parent\-debian\-installer\-distribution\fR \fICODENAME\fR" 4
-defines the parent debian\-installer distribution for derivatives of the resulting live system.
+turns on debugging informational messages.
+.IP "\fB\-d\fR|\fB\-\-distribution\fR \fICODENAME\fR" 4
+defines the distribution of the resulting live system. This defaults to 'testing'. The value 'sid' can be used for Debian unstable.
+.IP "\fB\-\-distribution\-binary\fR \fICODENAME\fR" 4
+defines the distribution enabled in the resulting live system (defaults to the value set in \fB\-\-distribution\fR)
+.IP "\fB\-\-distribution\-chroot\fR \fICODENAME\fR" 4
+defines the distribution used to build the live system (defaults to the value set in \fB\-\-distribution\fR)
+.IP "\fB\-\-dm\-verity\fR" 4
+Enables dm\-verity support for root file system. Only squashfs, ext2, ext3 and ext4 are supported. For more information see \fIlive\-boot\fR(7).
+.IP "\fB\-\-dm\-verity\-fec\fR \fINB_ROOTS\fR" 4
+Enables forward error correction for dm-verity. \fINB_ROOTS\fR is the number of error correction roots thas should be used. The value can be between 2 and 24. Android uses 2 by default.
+.IP "\fB\-\-dm\-verity\-sign\fR \fISIGN_SCRIPT\fR" 4
+Sign root hash of dm-verity device. Script takes two arguments: the root hash and a file to output the signature to.
 .IP "\fB\-\-dump\fR" 4
-prepares a report of the currently present live system configuration and the version of live\-build used. This is useful to provide if you submit bug reports, we do get all informations required for us to locate and replicate an error.
-.IP "\fB\-\-fdisk\fR fdisk|fdisk.dist" 4
-sets the filename of the fdisk binary from the host system that should be used. This is autodetected and does generally not need any customization.
+prepares a report of the currently present live system configuration and the version of live\-build used. This is useful to provide if you submit bug reports, helping to provide basic useful information required for us to locate and replicate an error.
+.IP "\fB\-\-firmware\-binary\fR true|false" 4
+includes firmware packages in debian-installer. Defaults to true.
+.IP "\fB\-\-firmware\-chroot\fR true|false" 4
+includes firmware packages in the live image. Defaults to true. Beware that some firmware packages are non-free and will only be included if the non-free archive area is included in \fB\-\-archive\-areas\fR (and \fB\-\-parent\-archive\-areas\fR). This is particularly relevant if you want working wifi for instance.
 .IP "\fB\-\-force\fR" 4
 forces re\-execution of already run stages. Use only if you know what you are doing. It is generally safer to use \fBlb clean\fR to clean up before re\-executing \fBlb build\fR.
-.IP "\fB\-\-grub\-splash\fR \fIFILE\fR" 4
-defines the name of an optional to be included splash screen graphic for the grub bootloader.
 .IP "\fB\-\-gzip\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4
-defines the default options that will be appended to (almost) every gzip call during the building of the image. By default, this is set to \-\-best to use highest (but slowest) compression. Dynamically, if the host system supports it, also \-\-rsyncable is added.
-.IP "\fB\-\-hooks\fR \fIFILE\fR" 4
-defines which hooks available in /usr/share/live/build/examples/hooks should be activated. Normally, there are no hooks executed. Make sure you know and understood the hook before you enable it.
+defines the default options that will be appended to (almost) every gzip call during the building of the image. By default, this is set to '\-\-best' to use highest (but slowest) compression. Dynamically, if the host system supports it, also '\-\-rsyncable' is added.
+.IP "\fB\-\-hdd\-label\fR \fILABEL\fR" 4
+defines the label for the HDD target. Defaults to 'DEBIAN_LIVE'.
+.IP "\fB\-\-hdd\-partition\-start\fR \fISTART\fR" 4
+sets the start of the partition for the HDD target for BIOSes that expect a specific boot partition start (e.g. "63s"). If empty, use optimal layout. Defaults to empty.
+.IP "\fB\-\-hdd\-size\fR \fISIZE\fR" 4
+defines the size for the HDD target. The unit is MiB. Defaults to 'auto', which generates the smallest possible image.
 .IP "\fB\-\-ignore\-system\-defaults\fR" 4
-\fBlb config\fR by default reads system defaults from \fI/etc/live/build.conf\fR and \fI/etc/live/build/*\fR when generating a new live system config directory. This is useful if you want to set global settings, such as mirror locations, and don't want to specify them all of the time.
-.IP "\fB\-\-initramfs\fR auto|none|live\-boot|casper" 4
-sets the name of package that contains the live system specific initramfs modification. By default, auto is used, which means that at build time of the image rather than on configuration time, the value will be expanded to casper when building ubuntu systems, to live\-boot for all other systems. Using 'none' is useful if the resulting system image should not be a live image (experimental).
-.IP "\fB\-\-initramfs\-compression\fR bzip2|gzip|lzma]
-defines the compression program to be used to compress the initramfs. Defaults to gzip.
-.IP "\fB\-\-interactive\fR shell" 4
-defines if after the chroot stage and before the beginning of the binary stage, a interactive shell login should be spawned in the chroot in order to allow you to do manual customizations. Once you close the shell with logout or exit, the build will continue as usual. Note that it's strongly discouraged to use this for anything else than testing. Modifications that should be present in all builds of a live system should be properly made through hooks. Everything else destroys the beauty of being able to completely automatise the build process and making it non interactive. By default, this is of course false.
-.IP "\fB\-\-isohybrid\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4
-defines options to pass to isohybrid.
+\fBlb config\fR by default reads system defaults from \fI/etc/live/build.conf\fR and \fI/etc/live/build/*\fR when generating a new live system config directory. This is useful if you want to set global settings, such as mirror locations, and don't want to specify them all of the time. This option allows you to ignore such global settings.
+.IP "\fB\-\-image\-name\fR \fINAME\fR" 4
+sets the base name of the image. Defaults to live-image.
+.IP "\fB\-\-initramfs\fR none|live\-boot|dracut\-live" 4
+sets the name of the package that contains the live system specific initramfs modification and defaults to live\-boot. Using 'none' is useful if the resulting system image should not be a live image (experimental). Note that dracut requires the CD label in the kernel command line, so you might want to set \fB\-\-iso\-volume\fR explicitly.
+.IP "\fB\-\-initramfs\-compression\fR bzip2|gzip|lzma" 4
+defines the compression program to be used to compress the initramfs. Defaults to 'gzip'.
+.IP "\fB\-\-initsystem\fR sysvinit|systemd|none" 4
+defines the init system. Defaults to 'systemd'.
+.IP "\fB\-\-interactive\fR true|shell|x11|xnest|false" 4
+defines if after the chroot stage and before the beginning of the binary stage, an interactive shell login should be spawned in the chroot in order to allow you to do manual customizations, or as an alternative to 'true' and 'false' a specific shell to use (note that 'true' corresponds to a value of 'shell'). Once you close the shell with logout or exit, the build will continue as usual. Note that it's strongly discouraged to use this for anything else than testing. Modifications that should be present in all builds of a live system should be properly made through hooks. Everything else destroys the beauty of being able to completely automate the build process and making it non-interactive. By default, this is of course 'false'.
 .IP "\fB\-\-iso\-application\fR \fINAME\fR" 4
-sets the APPLICATION field in the header of a resulting CD/DVD image and defaults to "Debian Live" in debian mode, and "Ubuntu Live" in ubuntu mode.
+sets the APPLICATION field in the header of a resulting CD/DVD image and defaults to "Debian Live".
 .IP "\fB\-\-iso\-preparer\fR \fINAME\fR" 4
-sets the PREPARER field in the header of a resulting CD/DVD image. By default this is set to "live\-build \fIVERSION\fR; http://packages.qa.debian.org/live\-build", where VERSION is expanded to the version of live\-build that was used to build the image.
+sets the PREPARER field in the header of a resulting CD/DVD image. By default this is set to "live\-build \fIVERSION\fR; https://salsa.debian.org/live-team/live-build", where VERSION is expanded to the version of live\-build that was used to build the image.
 .IP "\fB\-\-iso\-publisher\fR \fINAME\fR" 4
-sets the PUBLISHED field in the header of a resulting CD/DVD image. By default, this is set to 'Live Systems project; http:/live-systems.org/; debian\-live@lists.debian.org'. Remember to change this to the appropriate values at latest when you distributing custom and unofficial images.
+sets the PUBLISHED field in the header of a resulting CD/DVD image. By default, this is set to 'Debian Live project; https://wiki.debian.org/DebianLive; debian\-live@lists.debian.org'. Remember to change this to the appropriate value when distributing custom and unofficial images.
 .IP "\fB\-\-iso\-volume\fR \fINAME\fR" 4
-sets the VOLUME field in the header of a resulting CD/DVD and defaults to '(\fIMODE\fR) (\fIDISTRIBUTION\fR) (\fIDATE\fR)' whereas MODE is expanded to the name of the mode in use, DISTRIBUTION the distribution name, and DATE with the current date and time of the generation.
+sets the VOLUME field in the header of a resulting CD/DVD and defaults to 'Debian (\fIDISTRIBUTION\fR) (\fIDATE\fR)' where DISTRIBUTION is replaced with the distribution name, and DATE with the current date and time of the generation.
 .IP "\fB\-\-jffs2\-eraseblock\fR \fISIZE\fR" 4
 sets the eraseblock size for a JFFS2 (Second Journaling Flash File System) filesystem. The default is 64 KiB. If you use an erase block size different than the erase block size of the target MTD device, JFFS2 may not perform optimally. If the SIZE specified is below 4096, the units are assumed to be KiB.
-.IP "\fB\-\-keyring\-packages\fR \fIPACKAGE\fI|""\fIPACKAGES\fR""" 4
-sets the keyring package or additional keyring packages. By default this is set to debian\-archive\-keyring.
-.IP "\-k|\fB\-\-linux\-flavours\fR \fIFLAVOUR\fR|""\fIFLAVOURS\fR""" 4
-sets the kernel flavours to be installed. Note that in case you specify more than that the first will be configured the default kernel that gets booted.
-.IP "\fB\-\-linux\-packages\fR ""\fIPACKAGES\fR""" 4
-sets the internal name of the kernel packages naming scheme. If you use debian kernel packages, you will not have to adjust it. If you decide to use custom kernel packages that do not follow the debian naming scheme, remember to set this option to the stub of the packages only (for debian this is linux\-image\-2.6), so that \fISTUB\fR-\fIFLAVOUR\fR results in a valid package name (for debian e.g. linux\-image\-586). Preferably you use the meta package name, if any, for the stub, so that your configuration is ABI independent. Also don't forget that you have to include stubs of the binary modules packages for unionfs or aufs, and squashfs if you built them out-of-tree.
-.IP "\fB\-\-losetup\fR losetup|losetup.orig" 4
-sets the filename of the losetup binary from the host system that should be used. This is autodetected and does generally not need any customization.
+.IP "\fB\-\-keyring\-packages\fR \fIPACKAGE\fR|""\fIPACKAGES\fR""" 4
+sets the keyring package or additional keyring packages (a space separated list). By default this is set to 'debian\-archive\-keyring'.
+.IP "\fB\-k\fR|\fB\-\-linux\-flavours\fR \fIFLAVOUR\fR|""\fIFLAVOURS\fR""" 4
+sets the kernel flavours to be installed (a space separated list). Note that in case you specify more than one the first will be configured as the default kernel that gets booted. Optionally you can use an architecture qualifier, e.g. amd64:amd64. Given an i386 system you can enable amd64 foreign architecture thanks to the commands: "dpkg \-\-add\-architecture amd64 ; apt\-get update". This enables you to use "686 amd64:amd64" as a linux flavour. The amd64 kernel will be installed alongside the i386's 686 kernel.
+.IP "\fB\-\-linux\-packages\fR \fIPACKAGE\fR|""\fIPACKAGES\fR""" 4
+defines a space separated list of partial kernel package names. For each name given and for each flavour in \fBLB_LINUX_FLAVOURS_WITH_ARCH\fR (\fB\-\-linux-flavours\fR), '\-FLAVOUR' will be appended to the name to get the names of kernel packages to be included. By default this is 'linux\-image'. So for instance if this is set to "linux\-image linux\-headers" and \fBLB_LINUX_FLAVOURS_WITH_ARCH\fR is "i386 amd64:amd64" then you will get the four packages "linux\-image\-i386", "linux\-image\-amd64:amd64", "linux\-headers\-i386" and "linux\-headers\-amd64:amd64". You can specify "none" to disable the kernel installation step.
+.IP "\fB\-\-loadlin\fR true|false" 4
+sets loadlin. Defaults to false, except when the debian-installer is included for x86_64 or i386.
 .IP "\fB\-\-memtest\fR memtest86+|memtest86|none" 4
-defines if memtest, memtest86+ or no memory tester at all should be included as secondary bootloader configuration. This is only available on amd64 and i386 and defaults to memtest86+.
-.IP "\-m|\fB\-\-parent\-mirror\-bootstrap\fR \fIURL\fR" 4
-sets the location of the debian package mirror that should be used to bootstrap from. This defaults to http://ftp.de.debian.org/debian/ which may not be a good default if you live outside of Europe.
-.IP "\fB\-\-parent\-mirror\-chroot\fR \fIURL\fR" 4
-sets the location of the debian package mirror that will be used to fetch the packages in order to build the live system. By default, this is set to the value of \-\-parent\-mirror\-bootstrap.
-.IP "\fB\-\-parent\-mirror\-chroot\-security\fR \fIURL\fR" 4
-sets the location of the debian security package mirror that will be used to fetch the packages in order to build the live system. By default, this points to http://security.debian.org/debian/.
-.IP "\fB\-\-parent\-mirror\-chroot\-updates\fR \fIURL\fR" 4
-sets the location of the debian updates package mirror that will be used to fetch packages in order to build the live system. By default, this is set to the value of \-\-parent\-mirror\-chroot.
-.IP "\fB\-\-parent\-mirror\-chroot\-backports\fR \fIURL\fR" 4
-sets the location of the debian backports package mirror that will be used to fetch packages in order to build the live system. By default, this points to http://backports.debian.org/debian-backports/.
-.IP "\fB\-\-parent\-mirror\-binary\fR \fIURL\fR" 4
-sets the location of the debian package mirror that should end up configured in the final image and which is the one a user would see and use. This has not necessarily to be the same that is used to build the image, e.g. if you use a local mirror but want to have an official mirror in the image. By default, 'http://http.debian.net/debian/' is used.
-.IP "\fB\-\-parent\-mirror\-binary\-security\fR \fIURL\fR" 4
-sets the location of the debian security package mirror that should end up configured in the final image. By default, 'http://security.debian.org/' is used.
-.IP "\fB\-\-parent\-mirror\-binary\-updates\fR \fIURL\fR" 4
-sets the location of the debian updates package mirror that should end up configured in the final image. By default, the value of \-\-parent\-mirror\-binary is used.
-.IP "\fB\-\-parent\-mirror\-binary\-backports\fR \fIURL\fR" 4
-sets the location of the debian backports package mirror that should end up configured in the final image. By default, 'http://backports.debian.org/debian-backports/' is used.
-.IP "\fB\-\-parent\-mirror\-debian\-installer\fR \fIURL\fR" 4
-sets the location of the mirror that will be used to fetch the debian installer images. By default, this points to the same mirror used to build the live system, i.e. the value of \-\-parent\-mirror\-bootstrap.
-.IP "\fB\-\-mirror\-bootstrap\fR \fIURL\fR" 4
-sets the location of the debian package mirror that should be used to bootstrap the derivative from. This defaults to http://ftp.de.debian.org/debian/ which may not be a good default if you live outside of Europe.
-.IP "\fB\-\-mirror\-chroot\fR \fIURL\fR" 4
-sets the location of the debian package mirror that will be used to fetch the packages of the derivative in order to build the live system. By default, this is set to the value of \-\-mirror\-bootstrap.
-.IP "\fB\-\-mirror\-chroot\-security\fR \fIURL\fR" 4
-sets the location of the debian security package mirror that will be used to fetch the packages of the derivative in order to build the live system. By default, this points to http://security.debian.org/debian/.
-.IP "\fB\-\-mirror\-chroot\-updates\fR \fIURL\fR" 4
-sets the location of the debian updates package mirror that will be used to fetch packages of the derivative in order to build the live system. By default, this is set to the value of \-\-mirror\-chroot.
-.IP "\fB\-\-mirror\-chroot\-backports\fR \fIURL\fR" 4
-sets the location of the debian backports package mirror that will be used to fetch packages of the derivative in order to build the live system. By default, this points to http://backports.debian.org/debian-backports/.
+defines if memtest, memtest86+ or no memory tester at all should be included (available as a bootloader menu entry). This is only available on amd64 and i386 and defaults to memtest86+.
 .IP "\fB\-\-mirror\-binary\fR \fIURL\fR" 4
-sets the location of the derivative package mirror that should end up configured in the final image and which is the one a user would see and use. This has not necessarily to be the same that is used to build the image, e.g. if you use a local mirror but want to have an official mirror in the image.
+sets the location of the derivative package mirror that should end up configured in the final image and which is the one a user would see and use. This has not necessarily to be the same that is used to build the image, e.g. if you use a local mirror but want to have an official mirror in the image. This defaults to 'http://deb.debian.org/debian/'.
 .IP "\fB\-\-mirror\-binary\-security\fR \fIURL\fR" 4
-sets the location of the derivatives security package mirror that should end up configured in the final image.
-.IP "\fB\-\-mirror\-binary\-updates\fR \fIURL\fR" 4
-sets the location of the derivatives updates package mirror that should end up configured in the final image.
-.IP "\fB\-\-mirror\-binary\-backports\fR \fIURL\fR" 4
-sets the location of the derivatives backports package mirror that should end up configured in the final image.
+sets the location of the derivatives security package mirror that should end up configured in the final image. This defaults to 'http://security.debian.org/'.
+.IP "\fB\-\-mirror\-bootstrap\fR \fIURL\fR" 4
+sets the location of the debian package mirror that should be used to bootstrap the derivative from. This defaults to 'http://deb.debian.org/debian/'.
+.IP "\fB\-\-mirror\-chroot\fR \fIURL\fR" 4
+sets the location of the debian package mirror that will be used to fetch the packages of the derivative in order to build the live system. By default, this is set to the value of \fB\-\-mirror\-bootstrap\fR.
+.IP "\fB\-\-mirror\-chroot\-security\fR \fIURL\fR" 4
+sets the location of the debian security package mirror that will be used to fetch the packages of the derivative in order to build the live system. By default, this points to 'http://security.debian.org/'.
 .IP "\fB\-\-mirror\-debian\-installer\fR \fIURL\fR" 4
-sets the location of the mirror that will be used to fetch the debian installer images of the derivative. By default, this points to the same mirror used to build the live system, i.e. the value of \-\-mirror\-bootstrap.
-.IP "\fB\-\-mode\fR debian|progress|ubuntu" 4
+sets the location of the mirror that will be used to fetch the debian installer images of the derivative. By default, this points to the same mirror used to build the live system, i.e. the value of \fB\-\-mirror\-chroot\fR.
+.IP "\fB\-\-mode\fR debian" 4
 defines a global mode to load project specific defaults. By default this is set to debian.
-.IP "\fB\-\-system\fR live|normal" 4
-defines if the resulting system image should a live system or a normal, non-live system.
-.IP "\fB\-\-net\-root\-filesystem\fR nfs|cfs" 4
-defines the filesystem that will be configured in the bootloader configuration for your netboot image. This defaults to nfs.
-.IP "\fB\-\-net\-root\-mountoptions\fR \fIOPTIONS\fR" 4
-sets additional options for mounting the root filesystem in netboot images and is by default empty.
-.IP "\fB\-\-net\-root\-path\fR \fIPATH\fR" 4
-sets the file path that will be configured in the bootloader configuration for your netboot image. This defaults to /srv/debian\-live in debian mode, and /srv/ubuntu-live when in ubuntu mode.
-.IP "\fB\-\-net\-root\-server\fR \fIIP\fR|\fIHOSTNAME\fR" 4
-sets the IP or hostname that will be configured in the bootloader configuration for the root filesystem of your netboot image. This defaults to 192.168.1.1.
-.IP "\fB\-\-net\-cow\-filesystem\fR nfs|cfs" 4
-defines the filesystem type for the copy\-on\-write layer and defaults to nfs.
-.IP "\fB\-\-net\-cow\-mountoptions\fR \fIOPTIONS\fR" 4
-sets additional options for mounting the copy\-on\-write layer in netboot images and is by default empty.
-.IP "\fB\-\-net\-cow\-path\fR \fIPATH\fR" 4
-defines the path to client writable filesystem. Anywhere that \fIclient_mac_address\fR is specified in the path live\-boot will substitute the MAC address of the client delimited with hyphens.
-.PP
-.IP "" 4
-Example:
-.br
-/export/hosts/client_mac_address
-.br
-/export/hosts/00\-16\-D3\-33\-92\-E8
-.IP "\fB\-\-net\-cow\-server\fR \fIIP\fR|\fIHOSTNAME\fR" 4
-sets the IP or hostname that will be configured in the bootloader configuration for the copy\-on\-write filesystem of your netboot image and is by default empty.
 .IP "\fB\-\-net\-tarball\fR true|false" 4
-defines if a compressed tarball should be created. Disabling this options leads to no tarball at all, the plain binary directory is considered the output in this case. Default is true.
+defines if a compressed tarball should be created. If disabled, the plain binary directory is considered the output. Default is true.
+.IP "\fB\-\-no\-color\fR" 4
+turns off color in the messages.
+.IP "\fB\-\-onie\fR true|false" 4
+defines if an ONIE.bin image is generated. ONIE binaries can be loaded by supported systems, and will in turn boot the live image. Note that ISO or hybrid-iso are the only formats supported. For more information visit <\fIhttp://onie.org/\fR>. Default is false.
+.IP "\fB\-\-onie\-kernel\-cmdline\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4
+defines additional kernel command line options that the ONIE system will use when booting the image. Default is empty string.
+.IP "\fB\-\-parent\-archive\-areas\fR \fIARCHIVE_AREA\fR|""\fIARCHIVE_AREAS\fR""" 4
+defines the archive areas for derivatives of the resulting live system (a comma or space separated list).
+.IP "\fB\-\-parent\-debian\-installer\-distribution\fR daily|git|\fICODENAME\fR" 4
+defines the parent debian\-installer distribution for derivatives of the resulting live system.
+.IP "\fB\-\-parent\-distribution\fR \fICODENAME\fR" 4
+defines the parent distribution for derivatives of the resulting live system.
+.IP "\fB\-\-parent\-distribution\-binary\fR \fICODENAME\fR" 4
+defines the derivative's parent distribution enabled in the resulting live system.
+.IP "\fB\-\-parent\-distribution\-chroot\fR \fICODENAME\fR" 4
+defines the derivative's parent distribution used to build the live system.
+.IP "\fB\-\-parent\-mirror\-binary\fR \fIURL\fR" 4
+sets the location of the debian package mirror that should end up configured in the final image and which is the one a user would see and use. This has not necessarily to be the same that is used to build the image, e.g. if you use a local mirror but want to have an official mirror in the image. This defaults to the value of \fB\-\-mirror\-binary\fR.
+.IP "\fB\-\-parent\-mirror\-binary\-security\fR \fIURL\fR" 4
+sets the location of the debian security package mirror that should end up configured in the final image. This defaults to the value of \fB\-\-mirror\-binary\-security\fR.
+.IP "\-m|\fB\-\-parent\-mirror\-bootstrap\fR \fIURL\fR" 4
+sets the location of the debian package mirror that should be used to bootstrap from. This defaults to the value of \fB\-\-mirror\-bootstrap\fR.
+.IP "\fB\-\-parent\-mirror\-chroot\fR \fIURL\fR" 4
+sets the location of the debian package mirror that will be used to fetch the packages in order to build the live system. This defaults to the value of \fB\-\-parent\-mirror\-bootstrap\fR.
+.IP "\fB\-\-parent\-mirror\-chroot\-security\fR \fIURL\fR" 4
+sets the location of the debian security package mirror that will be used to fetch the packages in order to build the live system. This defaults to the value of \fB\-\-mirror\-chroot\-security\fR.
+.IP "\fB\-\-parent\-mirror\-debian\-installer\fR \fIURL\fR" 4
+sets the location of the mirror that will be used to fetch the debian installer images. This defaults to the value of \fB\-\-parent\-mirror\-chroot\fR.
 .IP "\fB\-\-quiet\fR" 4
 reduces the verbosity of messages output by \fBlb build\fR.
-.IP "\fB\-\-archive\-areas\fR \fIARCHIVE_AREA\fR|""\fIARCHIVE_AREAS\fR""" 4
-defines which package archive areas of a debian packages archive should be used for configured debian package mirrors. By default, this is set to main. Remember to check the licenses of each packages with respect to their redistributability in your juristiction when enabling contrib or non\-free with this mechanism.
-.IP "\fB\-\-parent\-archive\-areas\fR \fIPARENT_ARCHIVE_AREA\fR|""\fIPARENT_ARCHIVE_AREAS\fR""" 4
-defines the archive areas for derivatives of the resulting live system.
 .IP "\fB\-\-security\fR true|false" 4
 defines if the security repositories specified in the security mirror options should be used or not.
 .IP "\fB\-\-source\fR true|false" 4
-defines if a corresponding source image to the binary image should be build. By default this is false because most people do not require this and would require to download quite a few source packages. However, once you start distributing your live image, you should make sure you build it with a source image alongside.
-.IP "\-s|\fB\-\-source\-images\fR iso|netboot|tar|hdd" 4
-defines the image type for the source image. Default is tar.
-.IP "\fB\-\-firmware\-binary\fR true|false" 4
-defines if firmware packages should be automatically included into the binary pool for debian\-installer. Note that only firmware packages available within the configured archive areas are included, e.g. an image with packages from main only will not automatically include firmware from non\-free. This option does not interfere with explicitly listed packages in binary package lists.
-.IP "\fB\-\-firmware\-chroot\fR true|false" 4
-defines if firmware packages should be automatically included into the live image. Note that only firmware packages available within the configured archive areas are included, e.g. an image with packages from main only will not automatically include firmware from non\-free. This option does not interfere with explicitly listed packages in chroot package lists.
+defines if a corresponding source image to the binary image should be built. By default this is false because most people do not require this and it involves downloading quite a few source packages. However, if you distribute your live image to others, you should make sure you build it with a source image alongside to help enable you to comply with licensing terms.
+.IP "\fB\-s\fR|\fB\-\-source\-images\fR iso|netboot|tar|hdd" 4
+defines the image type for the source image. Default is tar. More than one can be specified (a comma or space separated list).
 .IP "\fB\-\-swap\-file\-path\fR \fIPATH\fR" 4
 defines the path to a swap file to create in the binary image. Default is not to create a swap file.
 .IP "\fB\-\-swap\-file\-size\fR \fIMB\fR" 4
 defines what size in megabytes the swap file should be, if one is to be created. Default is 512MB.
-.IP "\fB\-\-tasksel\fR apt|aptitude|tasksel" 4
-selects which program is used to install tasks. By default, this is set to tasksel.
-.IP "\fB\-\-templates\fR \fIPATH\fR" 4
-sets the path to the templates that live\-build is going to use, e.g. for bootloaders. By default, this is set to /usr/share/live/build/templates/.
-.IP "\fB\-\-hdd\-size\fR MB" 4
-defines what size the hdd image should be. Note that although the default is set to 10000 (= 10GB), it will not need 10GB space on your harddisk as the files are created as sparse files.
+.IP "\fB\-\-system\fR live|normal" 4
+defines if the resulting system image should be a live system or a normal, non-live system. Defaults to live.
+.IP "\fB\-\-uefi\-secure\-boot\fR auto|enable|disable" 4
+enables or disables Secure Boot support when using grub-efi, by installing signed shim and grub-efi packages. By default, this is set to auto, which means if the packages are available they will be installed, but if not only a warning will be printed and the normal non-signed grub-efi will be used.
 .IP "\fB\-\-updates\fR true|false" 4
 defines if debian updates package archives should be included in the image or not.
-.IP "\fB\-\-backports\fR true|false" 4
-defines if debian backports package archives should be included in the image or not.
+.IP "\fB\-\-utc\-time\fR true|false" 4
+defines if timestamps should be UTC. Default is false, unless SOURCE_DATE_EPOCH is set. Note, this does not affect the build log which remains local time.
+.IP "\fB\-\-validate\fR" 4
+requests that the config be validated only, not changed, thus after the validation check the script ends rather than writing an updated config. Please note that at the time of writing, many options do not have corresponding validation checks.
 .IP "\fB\-\-verbose\fR" 4
 increases the verbosity of messages output by \fBlb build\fR.
-.IP "\fB\-\-win32\-loader true|false" 4
+.IP "\fB\-\-win32\-loader\fR true|false" 4
 defines if win32\-loader should be included in the binary image or not.
-.\" FIXME
+.IP "\fB\-\-zsync\fR true|false" 4
+defines whether a file for distributing the image in \fIzsync\fR(1) format will be generated. Defaults to false.
 
 .SH ENVIRONMENT
-.\" FIXME
-Currently, command line switches can also be specified through the corresponding environment variable. However, this generally should not be relied upon, as it is an implementation detail that is subject to change in future releases. For options applying directly to live\-build, environment variables are named LB_FOO, meaning, e.g. \fB\-\-apt\-ftp\-proxy\fR becomes LB_APT_FTP_PROXY (the exception being internal options such as \fB\-\-debug\fR). For options passed to another program, as in APT_OPTIONS or GZIP_OPTIONS, no LB_ prefix is used.
-\" FIXME
+Currently, command line switches can also be specified through the corresponding environment variable. However, this generally should not be relied upon, as it is an implementation detail that is subject to change in future releases. For options applying directly to live\-build, environment variables are named LB_FOO, meaning, e.g. \fB\-\-apt\-http\-proxy\fR becomes \fBLB_APT_HTTP_PROXY\fR (the exception being internal options such as \fB\-\-debug\fR). For options passed to another program, as in APT_OPTIONS or GZIP_OPTIONS, no LB_ prefix is used.
 
 .SH FILES
-.\" FIXME
 .IP "\fBauto/config\fR" 4
 .IP "\fB/etc/live/build.conf, /etc/live/build/*\fR" 4
-An optional, global configuration file for \fBlb config\fR variables. It is useful to specify a few system wide defaults, like LB_PARENT_MIRROR_BOOTSTRAP. This feature can be false by specifying the \fB\-\-ignore\-system\-defaults\fR option.
-.\" FIXME
+An optional, global configuration file for \fBlb config\fR variables. It is useful to specify a few system wide defaults, like \fBLB_PARENT_MIRROR_BOOTSTRAP\fR. This feature can be disabled by using the \fB\-\-ignore\-system\-defaults\fR option.
 
 .SH SEE ALSO
 \fIlive\-build\fR(7)
@@ -476,10 +481,10 @@ An optional, global configuration file for \fBlb config\fR variables. It is usef
 This program is a part of live\-build.
 
 .SH HOMEPAGE
-More information about live\-build and the Live Systems project can be found on the homepage at <\fIhttp://live-systems.org/\fR> and in the manual at <\fIhttp://live-systems.org/manual/\fR>.
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
 
 .SH BUGS
-Bugs can be reported by submitting a bugreport for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Live Systems mailing list at <\fIdebian-live@lists.debian.org\fR>.
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
 
 .SH AUTHOR
-live\-build was written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>.
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.

manpages/en/lb_installer.1

@@ -0,0 +1,32 @@
+.TH LIVE\-BUILD 1 2020\-03\-30 1:20191222 "Debian Live Project"
+
+.SH NAME
+\fBlb_installer\fR \- Complete the installer stage
+
+.SH SYNOPSIS
+\fBlb installer\fR [\fIOPTIONS\fR]
+
+.SH DESCRIPTION
+\fBlb installer\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
+.PP
+\fBlb installer\fR calls all necessary live\-build programs in the correct order to complete the installer stage.
+
+.SH OPTIONS
+\fBlb installer\fR has no specific options but understands all generic live\-build options. See \fIlive\-build\fR(7) for a complete list of all generic live\-build options.
+
+.SH FILES
+.IP "\fBnone\fR" 4
+
+.SH SEE ALSO
+\fIlive\-build\fR(7)
+.PP
+This program is a part of live\-build.
+
+.SH HOMEPAGE
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
+
+.SH BUGS
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
+
+.SH AUTHOR
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.

manpages/en/lb_source.1

@@ -1,13 +1,13 @@
-.TH LIVE\-BUILD 1 2015\-05\-04 5.0~a6-1 "Live Systems Project"
+.TH LIVE\-BUILD 1 2020\-03\-30 1:20191222 "Debian Live Project"
 
 .SH NAME
-\fBlb source\fR \- Complete the source stage
+\fBlb_source\fR \- Complete the source stage
 
 .SH SYNOPSIS
-\fBlb source\fR [\fIlive\-build options\fR]
+\fBlb source\fR [\fIOPTIONS\fR]
 
 .SH DESCRIPTION
-\fBlb source\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the live systems tool suite.
+\fBlb source\fR is a high\-level command (porcelain) of \fIlive\-build\fR(7), the Debian Live tool suite.
 .PP
 \fBlb source\fR calls all necessary live\-build programs in the correct order to complete the source stage.
 
@@ -23,10 +23,10 @@
 This program is a part of live\-build.
 
 .SH HOMEPAGE
-More information about live\-build and the Live Systems project can be found on the homepage at <\fIhttp://live-systems.org/\fR> and in the manual at <\fIhttp://live-systems.org/manual/\fR>.
+More information about live\-build and the Debian Live project can be found on the homepage at <\fIhttps://wiki.debian.org/DebianLive\fR>.
 
 .SH BUGS
-Bugs can be reported by submitting a bugreport for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Live Systems mailing list at <\fIdebian-live@lists.debian.org\fR>.
+Bugs can be reported by submitting a bug report for the live\-build package in the Bug Tracking System at <\fIhttp://bugs.debian.org/\fR> or by writing a mail to the Debian Live mailing list at <\fIdebian-live@lists.debian.org\fR>.
 
 .SH AUTHOR
-live\-build was written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>.
+live\-build was originally written by Daniel Baumann <\fImail@daniel-baumann.ch\fR>. Since 2016 development has been continued by the Debian Live team.