[Merge] ~juliank/livecd-rootfs:deb822-sources into livecd-rootfs:ubuntu/master

Michael Hudson-Doyle mp+458366 at code.launchpad.net
Wed Jan 24 01:51:52 UTC 2024 

I think this is mostly OK apart from the bit where it doesn't work (I have a few suggestions on how to fix that). I do wonder if we can delete the functionality from magic-proxy that isn't used during livefs builds on Launchpad.

Diff comments:

> diff --git a/live-build/auto/build b/live-build/auto/build
> index 5429a2f..86b3a45 100755
> --- a/live-build/auto/build
> +++ b/live-build/auto/build
> @@ -432,7 +432,7 @@ EOF
>  				mkdir -p chroot/var/lib/preinstalled-pool/dists/$LB_DISTRIBUTION/$component/binary-$LB_ARCHITECTURES
>  			done
>  			apt-ftparchive generate config/indices/apt.conf
> -			cat << @@EOF > chroot/etc/apt/sources.list.preinstall
> +			cat << @@EOF > chroot/etc/apt/sources.list.d/preinstalled-pool.sources

fwiw I think this code is dead. i certainly hope so!

>  # This is a sources.list entry for a small pool of packages
>  # provided on your preinstalled filesystem for your convenience.
>  #
> diff --git a/live-build/functions b/live-build/functions
> index fe93c71..c162b6f 100644
> --- a/live-build/functions
> +++ b/live-build/functions
> @@ -95,30 +95,30 @@ use_lp_archives_in_sourceslist(){

As your test found, this function is called (around configuration of snaps) during the 'chroot' stage, when the apt config is that created by live-build.

This is a bit surprising as live-build does most of the setup that this function does! I think the reason for using this around configuration of snaps is the faking of apparmor features so preseeding works properly. We could add some other way to add that faking and use that for these "early" snap configurations or you could make this function handle both sources.list and ubuntu.sources configurations (or patch live-build to create ubuntu.sources instead of sources.list, I guess...)

(I hate our image build pipeline btw)

>      # recover_sourceslist
>  
>      mountpoint="${1}"
> -    MOUNTPOINT_BACKUP_SOURCES_LIST="sources.list.tmp"
> +    MOUNTPOINT_BACKUP_UBUNTU_SOURCES="ubuntu.sources.tmp"
>      . config/bootstrap  # For the LB_MIRROR_* variables
> -    cp -a "${mountpoint}/etc/apt/sources.list" "${MOUNTPOINT_BACKUP_SOURCES_LIST}"
> +    cp -a "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources" "${MOUNTPOINT_BACKUP_UBUNTU_SOURCES}"
>      sed -i "s#http://archive.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \
> -        "${mountpoint}/etc/apt/sources.list"
> +        "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources"
>      sed -i "s#http://security.ubuntu.com/ubuntu#${LB_PARENT_MIRROR_CHROOT}#g" \
> -        "${mountpoint}/etc/apt/sources.list"
> +        "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources"
>  
> -    sha256sum "${mountpoint}/etc/apt/sources.list" > sources.list.sha
> +    sha256sum "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources" > ubuntu.sources.sha
>  }
>  
>  recover_sourceslist(){
>      # Remove the build environment apt mirror from the image
>  
> -    # Check that the sources.list has not changed.  If it has changed then the
> +    # Check that the ubuntu.sources has not changed.  If it has changed then the
>      # binary hook has modified the file that will be discarded.  If the build
> -    # fails here the binary hook needs to alter sources.list.tmp and regenerate
> -    # sources.list.sha
> +    # fails here the binary hook needs to alter ubuntu.sources.tmp and regenerate
> +    # ubuntu.sources.sha
>  
>      mountpoint="${1}"
> -    sha256sum --check sources.list.sha
> +    sha256sum --check ubuntu.sources.sha
>  
> -    mv "${MOUNTPOINT_BACKUP_SOURCES_LIST}" "${mountpoint}/etc/apt/sources.list"
> -    unset MOUNTPOINT_BACKUP_SOURCES_LIST
> +    mv "${MOUNTPOINT_BACKUP_UBUNTU_SOURCES}" "${mountpoint}/etc/apt/sources.list.d/ubuntu.sources"
> +    unset MOUNTPOINT_BACKUP_UBUNTU_SOURCES
>  }
>  
>  setup_mountpoint() {
> @@ -860,49 +860,52 @@ configure_universe() {
>          # preinstalled being slightly different in what it doesn't ask) from

I think this function will need to remove the etc/apt/sources.list that live-build will have created?

>          # debian-installer's apt-setup:
>  
> -        cat > chroot/etc/apt/sources.list << EOF
> +        cat > chroot/etc/apt/sources.list.d/ubuntu.sources << EOF
>  # See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
>  # newer versions of the distribution.
> -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted
> -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION main restricted
> -
> -## Major bug fix updates produced after the final release of the
> -## distribution.
> -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted
> -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates main restricted
> -
> -## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
> -## team. Also, please note that software in universe WILL NOT receive any
> -## review or updates from the Ubuntu security team.
> -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe
> -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION universe
> -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe
> -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates universe
> -
> -## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
> -## team, and may not be under a free licence. Please satisfy yourself as to
> -## your rights to use the software. Also, please note that software in
> -## multiverse WILL NOT receive any review or updates from the Ubuntu
> -## security team.
> -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse
> -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION multiverse
> -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse
> -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-updates multiverse
> -
> -## N.B. software from this repository may not have been tested as
> -## extensively as that contained in the main release, although it includes
> -## newer versions of some applications which may provide useful features.
> -## Also, please note that software in backports WILL NOT receive any review
> -## or updates from the Ubuntu security team.
> -deb $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse
> -# deb-src $LB_PARENT_MIRROR_BINARY $LB_DISTRIBUTION-backports main restricted universe multiverse
> -
> -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted
> -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security main restricted
> -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe
> -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security universe
> -deb $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse
> -# deb-src $LB_PARENT_MIRROR_BINARY_SECURITY $LB_DISTRIBUTION-security multiverse
> +
> +## Ubuntu distribution repository
> +##
> +## The following settings can be adjusted to configure which packages to use from Ubuntu.
> +## Mirror your choices (except for URIs and Suites) in the security section below to
> +## ensure timely security updates.
> +##
> +## Types: Append deb-src to enable the fetching of source package.
> +## URIs: A URL to the repository (you may add multiple URLs)
> +## Suites: The following additional suites can be configured
> +##   <name>-updates   - Major bug fix updates produced after the final release of the
> +##                      distribution.
> +##   <name>-backports - software from this repository may not have been tested as
> +##                      extensively as that contained in the main release, although it includes
> +##                      newer versions of some applications which may provide useful features.
> +##                      Also, please note that software in backports WILL NOT receive any review
> +##                      or updates from the Ubuntu security team.
> +## Components: Aside from main, the following components can be added to the list
> +##   restricted  - Software that may not be under a free license, or protected by patents.
> +##   universe    - Community maintained packages.
> +##                 Software from this repository is only maintained and supported by Canonical
> +##                 for machines with Ubuntu Pro subscriptions. Without Ubuntu Pro, the Ubuntu
> +##                 community provides best-effort security maintenance.
> +##   multiverse  - Community maintained of restricted. Software from this repository is
> +##                 ENTIRELY UNSUPPORTED by the Ubuntu team, and may not be under a free
> +##                 licence. Please satisfy yourself as to your rights to use the software.
> +##                 Also, please note that software in multiverse WILL NOT receive any
> +##                 review or updates from the Ubuntu security team.
> +##
> +## See the sources.list(5) manual page for further settings.
> +Types: deb
> +URIs: $LB_PARENT_MIRROR_BINARY
> +Suites: $LB_DISTRIBUTION $LB_DISTRIBUTION-updates $LB_DISTRIBUTION-backports
> +Components: main universe restricted multiverse
> +Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
> +
> +## Ubuntu security updates. Aside from URIs and Suites,
> +## this should mirror your choices in the previous section.
> +Types: deb
> +URIs: $LB_PARENT_MIRROR_BINARY_SECURITY
> +Suites: $LB_DISTRIBUTION-security
> +Components: main universe restricted multiverse
> +Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg
>  EOF
>  
>  fi
> diff --git a/magic-proxy b/magic-proxy
> index af765c3..598ad69 100755
> --- a/magic-proxy
> +++ b/magic-proxy
> @@ -85,7 +85,7 @@ def get_uri(host, path):
>  
>  def initialize_auth():
>      auth_handler = urllib.request.HTTPBasicAuthHandler()
> -    with open('/etc/apt/sources.list') as f:
> +    with open('/etc/apt/sources.list.d/ubuntu.sources') as f:

FWIW, I think this is operating on the configuration of the machine running live-build, not the chroot we are creating. But also it's not functionality that us going to be used on the launchpad builders so meh.

>          for line in f.readlines():
>              for word in line.split():
>                  if not word.startswith('http'):
> @@ -643,6 +643,11 @@ class LPInReleaseIndexCli:
>          """Inject by-hash and inrelease-path settings into a sources.list."""
>          sources_list = self._infile
>  
> +        if sources_list.endswith(".sources"):

FWIW, I'm not sure this functionality is in use at all any more.

> +            sys.stderr.write("{}: Injection not supported for deb822: {}.\n"
> +                    .format(self._name, sources_list))
> +            sys.exit(EXIT_ERR)
> +
>          if not os.path.exists(sources_list):
>              sys.stderr.write("{}: No such file: {}.\n"
>                      .format(self._name, sources_list))


-- 
https://code.launchpad.net/~juliank/livecd-rootfs/+git/livecd-rootfs/+merge/458366
Your team Ubuntu Core Development Team is subscribed to branch livecd-rootfs:ubuntu/master.

More information about the Ubuntu-reviews mailing list