[neon/neon/livecd-rootfs/Neon/release_jammy] /: merge latest jammy upstream changes

Carlos De Maine null at kde.org
Fri Aug 23 01:36:59 BST 2024


Git commit df2a4209da55c1ac8442bd6e9489cf1d53b35b77 by Carlos De Maine.
Committed on 23/08/2024 at 00:36.
Pushed by carlosdem into branch 'Neon/release_jammy'.

merge latest jammy upstream changes

M  +14   -1    debian/changelog
A  +0    -0    live-build/apparmor/6.8/capability
A  +0    -0    live-build/apparmor/6.8/caps/extended
A  +0    -0    live-build/apparmor/6.8/caps/mask
A  +0    -0    live-build/apparmor/6.8/dbus/mask
A  +0    -0    live-build/apparmor/6.8/domain/attach_conditions/xattr
A  +0    -0    live-build/apparmor/6.8/domain/change_hat
A  +0    -0    live-build/apparmor/6.8/domain/change_hatv
A  +0    -0    live-build/apparmor/6.8/domain/change_onexec
A  +0    -0    live-build/apparmor/6.8/domain/change_profile
A  +0    -0    live-build/apparmor/6.8/domain/computed_longest_left
A  +0    -0    live-build/apparmor/6.8/domain/disconnected.path
A  +0    -0    live-build/apparmor/6.8/domain/fix_binfmt_elf_mmap
A  +0    -0    live-build/apparmor/6.8/domain/interruptible
A  +0    -0    live-build/apparmor/6.8/domain/kill.signal
A  +0    -0    live-build/apparmor/6.8/domain/post_nnp_subset
A  +0    -0    live-build/apparmor/6.8/domain/stack
A  +0    -0    live-build/apparmor/6.8/domain/unconfined_allowed_children
A  +0    -0    live-build/apparmor/6.8/domain/version
A  +0    -0    live-build/apparmor/6.8/file/mask
A  +0    -0    live-build/apparmor/6.8/io_uring/mask
A  +0    -0    live-build/apparmor/6.8/ipc/posix_mqueue
A  +0    -0    live-build/apparmor/6.8/mount/mask
A  +0    -0    live-build/apparmor/6.8/mount/move_mount
A  +0    -0    live-build/apparmor/6.8/namespaces/mask
A  +0    -0    live-build/apparmor/6.8/namespaces/pivot_root
A  +0    -0    live-build/apparmor/6.8/namespaces/profile
A  +0    -0    live-build/apparmor/6.8/namespaces/userns_create
A  +0    -0    live-build/apparmor/6.8/network/af_mask
A  +0    -0    live-build/apparmor/6.8/network/af_unix
A  +0    -0    live-build/apparmor/6.8/network_v8/af_inet
A  +0    -0    live-build/apparmor/6.8/network_v8/af_mask
A  +0    -0    live-build/apparmor/6.8/policy/outofband
A  +0    -0    live-build/apparmor/6.8/policy/permstable32
A  +0    -0    live-build/apparmor/6.8/policy/permstable32_version
A  +0    -0    live-build/apparmor/6.8/policy/set_load
A  +0    -0    live-build/apparmor/6.8/policy/unconfined_restrictions/change_profile
A  +0    -0    live-build/apparmor/6.8/policy/unconfined_restrictions/io_uring
A  +0    -0    live-build/apparmor/6.8/policy/unconfined_restrictions/userns
A  +0    -0    live-build/apparmor/6.8/policy/versions/v5
A  +0    -0    live-build/apparmor/6.8/policy/versions/v6
A  +0    -0    live-build/apparmor/6.8/policy/versions/v7
A  +0    -0    live-build/apparmor/6.8/policy/versions/v8
A  +0    -0    live-build/apparmor/6.8/policy/versions/v9
A  +0    -0    live-build/apparmor/6.8/ptrace/mask
A  +0    -0    live-build/apparmor/6.8/query/label/data
A  +0    -0    live-build/apparmor/6.8/query/label/multi_transaction
A  +0    -0    live-build/apparmor/6.8/query/label/perms
A  +0    -0    live-build/apparmor/6.8/rlimit/mask
A  +0    -0    live-build/apparmor/6.8/signal/mask
A  +30   -0    live-build/ubuntu-server/hooks/05-remove-openssh-server.chroot

https://invent.kde.org/neon/neon/livecd-rootfs/-/commit/df2a4209da55c1ac8442bd6e9489cf1d53b35b77

diff --git a/debian/changelog b/debian/changelog
index 34bd7680..7157a24a 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,18 @@
+livecd-rootfs (2.765.46) jammy; urgency=medium
+
+  * Add 6.8 kernel apparmor features' preseeds. (LP: #2074204)
+
+ -- Ankush Pathak <ankush.pathak at canonical.com>  Fri, 26 Jul 2024 19:59:25 +0530
+
 livecd-rootfs (2.765.45) jammy; urgency=medium
 
+  * Remove openssh-server and ssh-import-id from the ubuntu-server
+    minimal and full layers (LP: #1974483).
+
+ -- Chris Peterson <chris.peterson at canonical.com>  Tue, 30 Jul 2024 13:58:15 -0700
+
+livecd-rootfs (2.765.44) jammy; urgency=medium
+
   [ Rémy Martin ]
   * Backport support for building tegra-igx Server and Core images;
     LP: #2070070.
@@ -8144,4 +8157,4 @@ livecd-rootfs (0.1) hoary; urgency=low
 
   * Initial revision
 
- -- LaMont Jones <lamont at canonical.com>  Thu,  6 Jan 2005 21:24:08 -0700
+ -- LaMont Jones <lamont at canonical.com>  Thu,  6 Jan 2005 21:24:08 -0700
\ No newline at end of file
diff --git a/live-build/apparmor/6.8/capability b/live-build/apparmor/6.8/capability
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/caps/extended b/live-build/apparmor/6.8/caps/extended
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/caps/mask b/live-build/apparmor/6.8/caps/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/dbus/mask b/live-build/apparmor/6.8/dbus/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/attach_conditions/xattr b/live-build/apparmor/6.8/domain/attach_conditions/xattr
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/change_hat b/live-build/apparmor/6.8/domain/change_hat
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/change_hatv b/live-build/apparmor/6.8/domain/change_hatv
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/change_onexec b/live-build/apparmor/6.8/domain/change_onexec
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/change_profile b/live-build/apparmor/6.8/domain/change_profile
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/computed_longest_left b/live-build/apparmor/6.8/domain/computed_longest_left
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/disconnected.path b/live-build/apparmor/6.8/domain/disconnected.path
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/fix_binfmt_elf_mmap b/live-build/apparmor/6.8/domain/fix_binfmt_elf_mmap
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/interruptible b/live-build/apparmor/6.8/domain/interruptible
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/kill.signal b/live-build/apparmor/6.8/domain/kill.signal
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/post_nnp_subset b/live-build/apparmor/6.8/domain/post_nnp_subset
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/stack b/live-build/apparmor/6.8/domain/stack
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/unconfined_allowed_children b/live-build/apparmor/6.8/domain/unconfined_allowed_children
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/domain/version b/live-build/apparmor/6.8/domain/version
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/file/mask b/live-build/apparmor/6.8/file/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/io_uring/mask b/live-build/apparmor/6.8/io_uring/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/ipc/posix_mqueue b/live-build/apparmor/6.8/ipc/posix_mqueue
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/mount/mask b/live-build/apparmor/6.8/mount/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/mount/move_mount b/live-build/apparmor/6.8/mount/move_mount
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/namespaces/mask b/live-build/apparmor/6.8/namespaces/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/namespaces/pivot_root b/live-build/apparmor/6.8/namespaces/pivot_root
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/namespaces/profile b/live-build/apparmor/6.8/namespaces/profile
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/namespaces/userns_create b/live-build/apparmor/6.8/namespaces/userns_create
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/network/af_mask b/live-build/apparmor/6.8/network/af_mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/network/af_unix b/live-build/apparmor/6.8/network/af_unix
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/network_v8/af_inet b/live-build/apparmor/6.8/network_v8/af_inet
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/network_v8/af_mask b/live-build/apparmor/6.8/network_v8/af_mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/outofband b/live-build/apparmor/6.8/policy/outofband
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/permstable32 b/live-build/apparmor/6.8/policy/permstable32
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/permstable32_version b/live-build/apparmor/6.8/policy/permstable32_version
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/set_load b/live-build/apparmor/6.8/policy/set_load
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/unconfined_restrictions/change_profile b/live-build/apparmor/6.8/policy/unconfined_restrictions/change_profile
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/unconfined_restrictions/io_uring b/live-build/apparmor/6.8/policy/unconfined_restrictions/io_uring
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/unconfined_restrictions/userns b/live-build/apparmor/6.8/policy/unconfined_restrictions/userns
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/versions/v5 b/live-build/apparmor/6.8/policy/versions/v5
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/versions/v6 b/live-build/apparmor/6.8/policy/versions/v6
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/versions/v7 b/live-build/apparmor/6.8/policy/versions/v7
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/versions/v8 b/live-build/apparmor/6.8/policy/versions/v8
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/policy/versions/v9 b/live-build/apparmor/6.8/policy/versions/v9
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/ptrace/mask b/live-build/apparmor/6.8/ptrace/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/query/label/data b/live-build/apparmor/6.8/query/label/data
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/query/label/multi_transaction b/live-build/apparmor/6.8/query/label/multi_transaction
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/query/label/perms b/live-build/apparmor/6.8/query/label/perms
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/rlimit/mask b/live-build/apparmor/6.8/rlimit/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/apparmor/6.8/signal/mask b/live-build/apparmor/6.8/signal/mask
new file mode 100644
index 00000000..e69de29b
diff --git a/live-build/ubuntu-server/hooks/05-remove-openssh-server.chroot b/live-build/ubuntu-server/hooks/05-remove-openssh-server.chroot
new file mode 100755
index 00000000..b66432b6
--- /dev/null
+++ b/live-build/ubuntu-server/hooks/05-remove-openssh-server.chroot
@@ -0,0 +1,30 @@
+#!/bin/bash -ex
+
+# LP: #1974483
+# We want to make sure that openssh-server is not installed by default.
+# Due to ssh-import-id being part of the server-minimal task, and the fact
+# task headers can't be updated post-release, we need to do clean-up
+# of the layers to ensure openssh-server is not part of a layer that curtin
+# will copy to the target.
+#
+# In practice this means ubuntu-server-minimal (minimal) and
+# ubuntu-server-minimal.ubuntu-server (full) need to be cleaned up.
+# ubuntu-server-minimal.ubuntu-server.installer (live) _needs_ these
+# packages so Subiquity can utilize them, so don't modify that layer.
+
+case ${PASS} in
+    ubuntu-server-minimal)
+        ;;
+    ubuntu-server-minimal.ubuntu-server)
+        ;;
+    *)
+        exit 0
+        ;;
+esac
+
+
+# Remove openssh-server packages and ssh-import-id
+apt-get remove --purge --yes openssh-server openssh-sftp-server ssh-import-id
+# Chroot hooks are run after autoremove step, re-run autoremove to get rid
+# of openssh-server dependencies
+apt-get autoremove --purge --yes


More information about the Neon-commits mailing list