diff --git a/bin/ubuntu-core-initramfs b/bin/ubuntu-core-initramfs index d366f392..256315c7 100755 --- a/bin/ubuntu-core-initramfs +++ b/bin/ubuntu-core-initramfs @@ -360,7 +360,6 @@ def create_efi(parser, args): parser.error("--stub is required, and one was not automatically detected") if args.root: args.stub = path_join_make_rel_paths(args.root, args.stub) - args.sbat = path_join_make_rel_paths(args.root, args.sbat) args.kernel = path_join_make_rel_paths(args.root, args.kernel) args.initrd = path_join_make_rel_paths(args.root, args.initrd) args.key = path_join_make_rel_paths(args.root, args.key) @@ -392,8 +391,6 @@ def create_efi(parser, args): ] # TODO add .splash objcopy_cmd += [ - "--add-section", ".sbat=%s" % args.sbat, - "--set-section-flags", ".sbat=readonly,data", "--add-section", ".linux=%s" % args.kernel, "--set-section-flags", ".linux=readonly,data", "--add-section", ".initrd=%s" % args.initrd, @@ -434,8 +431,6 @@ def main(): ) efi_parser.add_argument("--root", help="path to root") efi_parser.add_argument("--stub", help="path to stub") - efi_parser.add_argument("--sbat", help="path to sbat", - default="/usr/lib/ubuntu-core-initramfs/efi/sbat.txt") if suffix: efi_parser.set_defaults( stub="/usr/lib/ubuntu-core-initramfs/efi/linux%s.efi.stub" % suffix diff --git a/debian/control b/debian/control index 9d56f3c9..cae183ca 100644 --- a/debian/control +++ b/debian/control @@ -2,74 +2,31 @@ Source: ubuntu-core-initramfs Section: utils Priority: optional Maintainer: Dimitri John Ledkov -Build-Depends: debhelper-compat (= 13), dh-python, python3:any, dracut-core, quilt, busybox-initramfs, - util-linux, - e2fsprogs, - fdisk, +Build-Depends: debhelper-compat (= 13), dh-python, python3:any, dracut-core, busybox-initramfs, + amd64-microcode [amd64], dbus, - dosfstools, dmsetup, - mount, - pkg-config, - xsltproc, - docbook-xsl, - docbook-xml, + dosfstools, + e2fsprogs, + fakeroot, + fdisk, fonts-ubuntu, - meson (>= 0.52.1), - gettext, - gperf, git, - gnu-efi [amd64 i386 arm64 armhf riscv64], - libcap-dev (>= 1:2.24-9~), - libpam0g-dev, - libapparmor-dev (>= 2.13) , - libidn2-dev , - libiptc-dev , - libaudit-dev , - libdbus-1-dev (>= 1.3.2) , - libcryptsetup-dev (>= 2:1.6.0) , - libselinux1-dev (>= 2.1.9), - libacl1-dev, - liblzma-dev, - liblz4-dev (>= 0.0~r125), - liblz4-tool , - libbz2-dev , - zlib1g-dev | libz-dev , - libcurl4-gnutls-dev | libcurl-dev , - libmicrohttpd-dev , - libgnutls28-dev , - libpcre2-dev , - libgcrypt20-dev, - libkmod-dev (>= 15), - libblkid-dev (>= 2.24), - libmount-dev (>= 2.30), - libseccomp-dev (>= 2.3.1) [amd64 arm64 armel armhf i386 mips mipsel mips64 mips64el x32 powerpc ppc64 ppc64el riscv64 s390x], - libdw-dev (>= 0.158) , - libpolkit-gobject-1-dev , - libzstd-dev (>= 1.4.0), - linux-base , - acl , - plymouth-label-ft, - plymouth-theme-spinner, - python3:native, - python3-jinja2:native, - python3-lxml:native, - python3-pyparsing:native | python3-pyparsing , - python3-evdev:native , - tzdata , - libcap2-bin , - iproute2 , - zstd , - gawk , - amd64-microcode [amd64], intel-microcode [amd64], kmod, libgcc-s1, + mount, + plymouth-label-ft, + plymouth-theme-spinner, squashfs-tools, + systemd, + systemd-boot-efi, systemd-bootchart, cryptsetup-bin, + systemd-sysv, tar, - golang-go, indent, libapparmor-dev, libcap-dev, libfuse-dev, libglib2.0-dev, liblzma-dev, liblzo2-dev, libseccomp-dev, libudev-dev, openssh-client, pkg-config, python3, python3-docutils, python3-markdown, squashfs-tools, tzdata, udev, xfslibs-dev + udev, + util-linux Standards-Version: 4.4.1 Homepage: https://launchpad.net/ubuntu-core-initramfs diff --git a/debian/install b/debian/install index 062c9fc9..cf6ca62c 100644 --- a/debian/install +++ b/debian/install @@ -2,6 +2,5 @@ bin/ubuntu-core-initramfs usr/bin postinst.d etc/kernel/ snakeoil/* usr/lib/ubuntu-core-initramfs/snakeoil/ debian/tmp/* usr/lib/ubuntu-core-initramfs/main -debian/tmp/usr/lib/systemd/boot/efi/linux*.efi.stub usr/lib/ubuntu-core-initramfs/efi/ -debian/sbat.txt usr/lib/ubuntu-core-initramfs/efi/ +debian/tmp-efi/* usr/lib/ubuntu-core-initramfs/efi/ modules usr/lib/ubuntu-core-initramfs/ diff --git a/debian/rules b/debian/rules index f76a2a7f..8e7fb580 100755 --- a/debian/rules +++ b/debian/rules @@ -4,224 +4,12 @@ export DH_VERBOSE=1 include /usr/share/dpkg/default.mk %: - dh $@ --buildsystem=meson+ninja --sourcedirectory=vendor/systemd --with python3 - -CLEAN_PATHS= \ - etc/X11 \ - etc/kernel \ - etc/modules-load.d \ - etc/sysctl.d \ - etc/systemd/journald.conf \ - etc/systemd/logind.conf \ - etc/systemd/oomd.conf \ - etc/systemd/pstore.conf \ - etc/systemd/sleep.conf \ - etc/systemd/system.conf \ - etc/systemd/system/getty.target.wants \ - etc/systemd/user \ - etc/systemd/user.conf \ - etc/tmpfiles.d \ - etc/udev \ - etc/xdg \ - usr/bin/busctl \ - usr/bin/kernel-install \ - usr/bin/loginctl \ - usr/bin/oomctl \ - usr/bin/systemd-analyze \ - usr/bin/systemd-cgls \ - usr/bin/systemd-cgtop \ - usr/bin/systemd-dissect \ - usr/bin/systemd-escape \ - usr/bin/systemd-inhibit \ - usr/bin/systemd-nspawn \ - usr/include \ - usr/lib/*/pkgconfig \ - usr/lib/kernel \ - usr/lib/systemd/catalog \ - usr/lib/systemd/network \ - usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ - usr/lib/systemd/system-preset \ - usr/lib/systemd/system/local-fs.target.wants/tmp.mount \ - usr/lib/systemd/system/multi-user.target.wants/systemd-logind.service \ - usr/lib/systemd/system/sysinit.target.wants/systemd-hwdb-update.service \ - usr/lib/systemd/system/sysinit.target.wants/systemd-journal-catalog-update.service \ - usr/lib/systemd/system/sysinit.target.wants/systemd-update-done.service \ - usr/lib/systemd/system/dbus-org.freedesktop.login1.service \ - usr/lib/systemd/system/systemd-hwdb-update.service \ - usr/lib/systemd/system/systemd-journal-catalog-update.service \ - usr/lib/systemd/system/systemd-logind.service \ - usr/lib/systemd/system/systemd-nspawn@.service \ - usr/lib/systemd/system/systemd-oomd.service \ - usr/lib/systemd/system/systemd-update-done.service \ - usr/lib/systemd/system/tmp.mount \ - usr/lib/systemd/systemd-logind \ - usr/lib/systemd/systemd-oomd \ - usr/lib/systemd/systemd-update-done \ - usr/lib/systemd/systemd-user-runtime-dir \ - usr/lib/systemd/user \ - usr/lib/systemd/user-preset \ - usr/lib/sysusers.d \ - usr/lib/tmpfiles.d/etc.conf \ - usr/lib/udev/rules.d/70-power-switch.rules \ - usr/lib/udev/rules.d/70-uaccess.rules \ - /usr/lib/$(DEB_HOST_MULTIARCH)/security \ - /usr/lib/$(DEB_HOST_MULTIARCH)/libpam_misc* \ - usr/share/dbus-1/system-services/org.freedesktop.login1.service \ - usr/share/dbus-1/system-services/org.freedesktop.oom1.service \ - usr/share/dbus-1/system.d/org.freedesktop.login1.conf \ - usr/share/dbus-1/system.d/org.freedesktop.oom1.conf \ - usr/share/doc \ - usr/share/factory \ - usr/share/locale \ - usr/share/pkgconfig \ - usr/share/polkit-1 - -override_dh_auto_configure: - cd vendor/systemd; \ - QUILT_PATCHES=debian/patches quilt push -a --fuzz=0 - - # Quilt import patches after the last applied patch. - # Because we will apply the patches after they are all imported, - # we need to add them reversed order. - cd vendor/systemd; \ - find ../systemd-patches/ -name "*.patch" -print0 | \ - sort -rz | \ - QUILT_PATCHES=debian/patches xargs -0 -n1 quilt import - - cd vendor/systemd; QUILT_PATCHES=debian/patches quilt push -a --fuzz=0 - - sed -i '/"minix"/s/^/\/\//' vendor/systemd/src/test/test-path-util.c - - dh_auto_configure --buildsystem=meson+ninja --sourcedirectory=vendor/systemd -- \ - -Db_lto=true \ - -Db_pie=true \ - -Ddebug=false \ - -Dstrip=true \ - -Dsplit-usr=false \ - -Dsplit-bin=true \ - -Dntp-servers=ntp.ubuntu.com \ - -Ddns-servers='' \ - --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ - -Drootlibdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ - -Dsysvinit-path='' \ - -Dsysvrcnd-path='' \ - -Dsulogin-path='/usr/bin/sh' \ - -Drpmmacrosdir=no \ - -Dlink-udev-shared=true \ - -Dlink-systemctl-shared=true \ - -Dstatic-libsystemd=false \ - -Dstatic-libudev=false \ - -Ddebug-shell='/usr/bin/sh' \ - -Dvalgrind=false \ - -Dutmp=false \ - -Dhibernate=false \ - -Dldconfig=false \ - -Dresolve=false \ - -Defi=true \ - -Dtpm=true \ - -Dtpm-pcrindex=12 \ - -Denvironment-d=false \ - -Dbinfmt=false \ - -Dcoredump=false \ - -Dlogind=true \ - -Dhostnamed=false \ - -Dlocaled=false \ - -Dmachined=false \ - -Dportabled=false \ - -Dnetworkd=false \ - -Dtimedated=false \ - -Dtimesyncd=false \ - -Dremote=false \ - -Dnss-myhostname=false \ - -Dnss-mymachines=false \ - -Dnss-resolve=false \ - -Dnss-systemd=true \ - -Dfirstboot=false \ - -Drandomseed=false \ - -Dbacklight=false \ - -Dvconsole=false \ - -Dquotacheck=false \ - -Dsysusers=true \ - -Dtmpfiles=true \ - -Dimportd=false \ - -Dhwdb=true \ - -Drfkill=false \ - -Dman=false \ - -Dhtml=false \ - -Dfallback-hostname=ubuntu \ - -Dsystem-uid-max=999 \ - -Dsystem-gid-max=999 \ - -Dadm-group=true \ - -Dwheel-group=false \ - -Ddev-kvm-mode=0660 \ - -Dgroup-render-mode=0660 \ - -Ddefault-dnssec=no \ - -Dselinux=true \ - -Ddefault-kill-user-processes=false \ - -Ddefault-hierarchy=unified \ - -Ddefault-locale=C.UTF-8 \ - -Dnobody-user=nobody \ - -Dnobody-group=nogroup \ - -Dbump-proc-sys-fs-nr-open=false \ - -Dsupport-url=https://www.ubuntu.com/support \ - -Dseccomp=true \ - -Dapparmor=true \ - -Dsmack=false \ - -Dpolkit=false \ - -Dima=false \ - -Dacl=true \ - -Daudit=true \ - -Dblkid=true \ - -Dkmod=true \ - -Dpam=true \ - -Dpamconfdir=no \ - -Dmicrohttpd=false \ - -Dlibcryptsetup=true \ - -Dlibcurl=false \ - -Dlibidn2=true \ - -Dlibiptc=true \ - -Dqrencode=false \ - -Dgcrypt=false \ - -Dgnutls=false \ - -Dopenssl=false \ - -Delfutils=false \ - -Dzlib=false \ - -Dbzip2=false \ - -Dxz=false \ - -Dlz4=true \ - -Dxkbcommon=false \ - -Dpcre2=true \ - -Dglib=false \ - -Ddbus=false \ - -Dgnu-efi=true \ - -Duserdb=false \ - -Dbashcompletiondir=no \ - -Dzshcompletiondir=no \ - -Dinstall-tests=false - -override_dh_auto_test: - LD_LIBRARY_PATH= LD_PRELOAD= dh_auto_test --buildsystem=meson+ninja --sourcedirectory=vendor/systemd || : - -override_dh_auto_clean: - dh_auto_clean --buildsystem=meson+ninja --sourcedirectory=vendor/systemd - - sed -i '/"minix"/s/^\/*//' vendor/systemd/src/test/test-path-util.c - - find vendor/systemd-patches -name "*.patch" -print0 | \ - cut -z -d/ -f3 | \ - sort -rz | \ - (cd vendor/systemd; \ - QUILT_PATCHES=debian/patches xargs -0 -n1 quilt delete -r) \ - || true - - cd vendor/systemd; \ - QUILT_PATCHES=debian/patches quilt pop -a || true - - rm -rf vendor/systemd/.pc + dh $@ INSTALL_FILES_FROM_HOST= \ /bin/kmod \ /bin/mount \ + /sbin/sulogin \ /bin/tar \ /lib/$(DEB_HOST_MULTIARCH)/libgcc_s.so.1 \ /lib/$(DEB_HOST_MULTIARCH)/libnss_compat.so.* \ @@ -260,10 +48,9 @@ INSTALL_FILES_FROM_HOST= \ /usr/share/plymouth/themes/bgrt/* \ /usr/share/plymouth/themes/spinner/* -override_dh_auto_install: TEMPLIBDIR := $(shell mktemp -d) override_dh_auto_install: - rm -rf debian/tmp - mkdir debian/tmp + rm -rf debian/tmp debian/tmp-efi + mkdir debian/tmp debian/tmp-efi cp -ar factory/* debian/tmp mkdir -p debian/tmp/usr/bin mkdir -p debian/tmp/usr/lib64 @@ -276,31 +63,45 @@ override_dh_auto_install: cp /usr/share/fonts/truetype/ubuntu/Ubuntu-R.ttf \ debian/tmp/usr/share/fonts/Plymouth.ttf - dh_auto_install --destdir=debian/tmp --buildsystem=meson+ninja --sourcedirectory=vendor/systemd - for p in $(CLEAN_PATHS); do \ - rm -r debian/tmp/$$p ; \ - done touch debian/tmp/etc/machine-id + + # Include all needed systemd bits + set -e; \ + for f in $$(dpkg -L systemd | \ + grep -E '(^/lib/systemd/system|/modprobe\.d/|/sysctl\.d/|/rules\.d/|/tmpfiles\.d/|/bin/)') \ + $$(dpkg -L systemd-sysv | grep sbin/) \ + /var/lib/systemd/ \ + $$(dpkg -L udev | grep -E '(bin/|lib/|rules\.d/)') \ + ; \ + do \ + LD_PRELOAD= \ + /usr/lib/dracut/dracut-install \ + -D $(CURDIR)/debian/tmp --ldd $$f; \ + done + # But we don't won't to automount the rootfs + rm debian/tmp/usr/lib/systemd/system-generators/systemd-gpt-auto-generator + # or this (binfmt_misc module is not in the initramfs) + rm debian/tmp/usr/lib/systemd/system/sysinit.target.wants/proc-sys-fs-binfmt_misc.automount + # Remove all pcrphase related bits for the moment (services and binary) + find debian/tmp/ -type f,l -name \*systemd-pcrphase\* -delete + # This hack should be removed with #113 sed -i '/^After=/{;s, *plymouth-start[.]service *, ,;/^After= *$$/d;}' debian/tmp/usr/lib/systemd/system/systemd-ask-password-* - LD_LIBRARY_PATH=`pwd`/debian/tmp/usr/lib/*/:`pwd`/debian/tmp/usr/lib/systemd `pwd`/debian/tmp/usr/bin/systemd-hwdb --root debian/tmp update --usr --strict + # Generate hw database (/usr/lib/udev/hwdb.bin) for udev and + # remove redundant definitions after that. + systemd-hwdb --root debian/tmp update --usr --strict rm -rf debian/tmp/usr/lib/udev/hwdb.d + # Use busybox shell instead of dash as in the past + rm debian/tmp/usr/bin/sh debian/tmp/usr/bin/dash /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd /usr/lib/initramfs-tools/bin/busybox usr/bin/busybox set -e; \ for alias in `debian/tmp/usr/bin/busybox --list-long | grep -v -e busybox -e reboot -e mount -e umount`; do \ ln -v -s busybox debian/tmp/usr/bin/$$alias; \ done - # We want the deps from the systemd libs we have compiled, not from the ones - # installed in the system. Copy them around so we can point LD_LIBRARY_PATH - # to them. - for lib in libudev.so libnss_systemd.so libsystemd.so; do \ - cp -a $(CURDIR)/debian/tmp/lib/$(DEB_HOST_MULTIARCH)/$$lib* $(TEMPLIBDIR); \ - done - cp -a $(CURDIR)/debian/tmp/usr/lib/systemd/libsystemd-shared* $(TEMPLIBDIR) - LD_PRELOAD= LD_LIBRARY_PATH=$(TEMPLIBDIR) /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd $(INSTALL_FILES_FROM_HOST) + LD_PRELOAD= /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd $(INSTALL_FILES_FROM_HOST) dpkg -L dmsetup | grep rules.d | xargs -L1 /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd ln -v -s e2fsck debian/tmp/usr/sbin/fsck.ext4 @@ -308,14 +109,13 @@ override_dh_auto_install: for e in $$(find debian/tmp -type f -executable) \ /usr/lib/$(DEB_HOST_MULTIARCH)/plymouth/*.so \ /usr/lib/$(DEB_HOST_MULTIARCH)/plymouth/renderers/*.so; do \ - LD_PRELOAD= LD_LIBRARY_PATH=$(TEMPLIBDIR) \ + LD_PRELOAD= \ /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --resolvelazy $$e ; \ done ldconfig -r debian/tmp - rm -rf $(TEMPLIBDIR) - # dracut has installed the libraries from TEMPLIBDIR inside the packaging - # folder, remove that artifact too. - rm -rf debian/tmp/tmp/ + + # Include stub (used when building kernel.efi) + install /usr/lib/systemd/boot/efi/linux*.efi.stub $(CURDIR)/debian/tmp-efi/ override_dh_install: dh_install diff --git a/debian/sbat.txt b/debian/sbat.txt deleted file mode 100755 index 60920331..00000000 --- a/debian/sbat.txt +++ /dev/null @@ -1,3 +0,0 @@ -sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -systemd,1,The systemd Developers,systemd,245,https://www.freedesktop.org/wiki/Software/systemd -systemd.ubuntu,1,Ubuntu,systemd,245.4-4ubuntu3.6,https://bugs.launchpad.net/ubuntu/ diff --git a/factory/usr/lib/systemd/system/debug-shell.service.d/core-override.conf b/factory/usr/lib/systemd/system/debug-shell.service.d/core-override.conf index ead9fbab..8fc94108 100644 --- a/factory/usr/lib/systemd/system/debug-shell.service.d/core-override.conf +++ b/factory/usr/lib/systemd/system/debug-shell.service.d/core-override.conf @@ -1,2 +1,6 @@ [Unit] AssertKernelCommandLine=dangerous + +[Service] +ExecStart= +ExecStart=/bin/sh diff --git a/spread.yaml b/spread.yaml index c6f1ed28..9d1253bf 100644 --- a/spread.yaml +++ b/spread.yaml @@ -19,8 +19,8 @@ backends: plan: n2-standard-2 halt-timeout: 2h systems: - - ubuntu-22.04-64: - image: ubuntu-2204-64-virt-enabled + - ubuntu-23.10-64: + image: ubuntu-2310-64-v20230621 storage: 20G qemu-nested: