[neon/neon/livecd-rootfs/Neon/release-lts] /: 2.664.8 diff

Jonathan Riddell null at kde.org
Fri Dec 4 22:32:20 GMT 2020 

Git commit c19bbcecee631d94ebc3f159fb276c1c6a7878e9 by Jonathan Riddell.
Committed on 04/12/2020 at 22:31.
Pushed by jriddell into branch 'Neon/release-lts'.

2.664.8 diff

M  +24   -0    debian/changelog
M  +5    -2    live-build/auto/build
M  +15   -0    live-build/functions
M  +7    -2    live-build/ubuntu-server/hooks/032-installer-squashfs.binary

https://invent.kde.org/neon/neon/livecd-rootfs/commit/c19bbcecee631d94ebc3f159fb276c1c6a7878e9

diff --git a/debian/changelog b/debian/changelog
index c8f9ba23..4d1865fd 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,27 @@
+livecd-rootfs (2.664.8) focal; urgency=medium
+
+  Backport snap-preseed work from groovy to focal LP: #1896755
+
+  [ Robert C Jennings ]
+  * Apply snap-preseed optimizations after seeding snaps
+
+  [ Dimitri John Ledkov ]
+  * live-server: remove duplicate snaps, due to overlayfs vs snap-preseed.
+  * apparmor: Add generic v5.4 kernel apparmor features
+  * apparmor: mount more up-to-date apparmor features in the chroot.
+  * seccomp: add more up-to-date seccomp actions
+  * seccomp: mount more up-to-date seccomp features
+  * apparmor: compile all profiles
+
+  [ Robert C Jennings ]
+  * Avoid rbind /sys for chroot snap pre-seeding (cgroups fail to unmount)
+
+  [ Dimitri John Ledkov ]
+  * auto/build: use setup|teardown_mountpoint to reduce duplication
+  * functions: provide nss_systemd-less nsswitch.conf in chroots.
+
+ -- Dimitri John Ledkov <xnox at ubuntu.com>  Mon, 05 Oct 2020 10:33:02 +0100
+
 livecd-rootfs (2.664.7) focal; urgency=medium
 
   [ Stanislav German-Evtushenko <giner> / John Chittum ]
diff --git a/live-build/auto/build b/live-build/auto/build
index 16b9760c..5c62d8d6 100755
--- a/live-build/auto/build
+++ b/live-build/auto/build
@@ -106,14 +106,17 @@ fi
 Setup_cleanup
 
 preinstall_snaps() {
-	lb chroot_resolv install
+	setup_mountpoint chroot
+
 	snap_prepare chroot
 
 	for snap in "$@"; do
 		SNAP_NO_VALIDATE_SEED=1 snap_preseed chroot "${snap}"
 	done
+
 	snap_validate_seed chroot
-	lb chroot_resolv remove
+
+	teardown_mountpoint chroot
 }
 
 rm -f binary.success
diff --git a/live-build/functions b/live-build/functions
index 2e505949..17e42cd7 100644
--- a/live-build/functions
+++ b/live-build/functions
@@ -96,14 +96,25 @@ mount_image() {
 setup_mountpoint() {
     local mountpoint="$1"
 
+    if [ ! -c /dev/mem ]; then
+        mknod -m 660 /dev/mem c 1 1
+        chown root:kmem /dev/mem
+    fi
+
     mount --rbind /dev "$mountpoint/dev"
     mount proc-live -t proc "$mountpoint/proc"
     mount sysfs-live -t sysfs "$mountpoint/sys"
+    mount securityfs -t securityfs "$mountpoint/sys/kernel/security"
+    # Provide more up to date apparmor features, matching target kernel
+    mount -o bind /usr/share/livecd-rootfs/live-build/apparmor/generic "$mountpoint/sys/kernel/security/apparmor/features/"
+    mount -o bind /usr/share/livecd-rootfs/live-build/seccomp/generic.actions_avail "$mountpoint/proc/sys/kernel/seccomp/actions_avail"
     mount -t tmpfs none "$mountpoint/tmp"
     mount -t tmpfs none "$mountpoint/var/lib/apt"
     mount -t tmpfs none "$mountpoint/var/cache/apt"
     mv "$mountpoint/etc/resolv.conf" resolv.conf.tmp
     cp /etc/resolv.conf "$mountpoint/etc/resolv.conf"
+    mv "$mountpoint/etc/nsswitch.conf" nsswitch.conf.tmp
+    sed 's/systemd//g' nsswitch.conf.tmp > "$mountpoint/etc/nsswitch.conf"
     chroot "$mountpoint" apt-get update
 
 }
@@ -121,6 +132,7 @@ teardown_mountpoint() {
         umount $submount
     done
     mv resolv.conf.tmp "$mountpoint/etc/resolv.conf"
+    mv nsswitch.conf.tmp "$mountpoint/etc/nsswitch.conf"
 }
 
 mount_partition() {
@@ -682,6 +694,9 @@ snap_validate_seed() {
 
     if [ -e "${CHROOT_ROOT}/var/lib/snapd/seed/seed.yaml" ]; then
         snap debug validate-seed "${CHROOT_ROOT}/var/lib/snapd/seed/seed.yaml"
+        /usr/lib/snapd/snap-preseed --reset $(realpath "${CHROOT_ROOT}")
+        /usr/lib/snapd/snap-preseed $(realpath "${CHROOT_ROOT}")
+        chroot "${CHROOT_ROOT}" apparmor_parser --skip-read-cache --write-cache --skip-kernel-load --verbose  -j `nproc` /etc/apparmor.d
     fi
 }
 
diff --git a/live-build/ubuntu-server/hooks/032-installer-squashfs.binary b/live-build/ubuntu-server/hooks/032-installer-squashfs.binary
index b48149b1..c12c8bf1 100755
--- a/live-build/ubuntu-server/hooks/032-installer-squashfs.binary
+++ b/live-build/ubuntu-server/hooks/032-installer-squashfs.binary
@@ -21,10 +21,9 @@ if [ -n "$SUBARCH" ]; then
 	exit 0
 fi
 
+. config/binary
 . config/functions
 . config/common
-# somehow i don't have LB_DISTRIBUTION set ?!
-. config/bootstrap
 
 FILESYSTEM_ROOT=binary/boot/squashfs.dir
 INSTALLER_ROOT=binary/boot/installer.squashfs.dir
@@ -84,6 +83,12 @@ sed -i -e'N;/name: lxd/,+2d' $INSTALLER_ROOT/var/lib/snapd/seed/seed.yaml
 
 teardown_mountpoint "$INSTALLER_ROOT"
 
+# Drop core/lxd/snapd that got copied up from base layer, due to
+# snap-preseed tool doing --reset & speedup
+find $OVERLAY_ROOT/var/lib/snapd/ -name 'core*.snap' -delete
+find $OVERLAY_ROOT/var/lib/snapd/ -name 'snapd_*.snap' -delete
+find $OVERLAY_ROOT/var/lib/snapd/ -name 'lxd_*.snap' -delete
+
 squashfs_f="${PWD}/livecd.${PROJECT}.installer.squashfs"
 
 (cd "$OVERLAY_ROOT/" &&

More information about the Neon-commits mailing list