[neon/neon/livecd-rootfs/Neon/release_jammy] live-build/ubuntu-server/hooks: ubuntu-server: remove openssh-server (LP: #1974483)

Chris Peterson null at kde.org
Mon Sep 16 10:33:56 BST 2024


Git commit b94a944e80d5b1fd3eb43dab133fd5f8fec89960 by Chris Peterson.
Committed on 31/07/2024 at 22:24.
Pushed by jriddell into branch 'Neon/release_jammy'.

ubuntu-server: remove openssh-server (LP: #1974483)

ssh-import-id is part of the server-minimal task, which means it and
openssh-server are always installed by Subiquity regardless of user
choice. Since we can't update the Task headers post release,
ensure that openssh-server, openssh-sftp-server, and ssh-import-id
are not included in the minimal and full layers by purging them
in a dedicated hook.

A  +30   -0    live-build/ubuntu-server/hooks/05-remove-openssh-server.chroot

https://invent.kde.org/neon/neon/livecd-rootfs/-/commit/b94a944e80d5b1fd3eb43dab133fd5f8fec89960

diff --git a/live-build/ubuntu-server/hooks/05-remove-openssh-server.chroot b/live-build/ubuntu-server/hooks/05-remove-openssh-server.chroot
new file mode 100755
index 00000000..b66432b6
--- /dev/null
+++ b/live-build/ubuntu-server/hooks/05-remove-openssh-server.chroot
@@ -0,0 +1,30 @@
+#!/bin/bash -ex
+
+# LP: #1974483
+# We want to make sure that openssh-server is not installed by default.
+# Due to ssh-import-id being part of the server-minimal task, and the fact
+# task headers can't be updated post-release, we need to do clean-up
+# of the layers to ensure openssh-server is not part of a layer that curtin
+# will copy to the target.
+#
+# In practice this means ubuntu-server-minimal (minimal) and
+# ubuntu-server-minimal.ubuntu-server (full) need to be cleaned up.
+# ubuntu-server-minimal.ubuntu-server.installer (live) _needs_ these
+# packages so Subiquity can utilize them, so don't modify that layer.
+
+case ${PASS} in
+    ubuntu-server-minimal)
+        ;;
+    ubuntu-server-minimal.ubuntu-server)
+        ;;
+    *)
+        exit 0
+        ;;
+esac
+
+
+# Remove openssh-server packages and ssh-import-id
+apt-get remove --purge --yes openssh-server openssh-sftp-server ssh-import-id
+# Chroot hooks are run after autoremove step, re-run autoremove to get rid
+# of openssh-server dependencies
+apt-get autoremove --purge --yes



More information about the Neon-commits mailing list