From b7c41fa5f2c5547de4e72e78c710359713e3ac45 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Wed, 21 Jun 2023 16:25:56 +0100 Subject: [PATCH 01/11] debian: do not compile systemd --- debian/control | 66 +++----------- debian/rules | 238 ++----------------------------------------------- 2 files changed, 15 insertions(+), 289 deletions(-) diff --git a/debian/control b/debian/control index 9d56f3c9..447fd622 100644 --- a/debian/control +++ b/debian/control @@ -3,73 +3,27 @@ Section: utils Priority: optional Maintainer: Dimitri John Ledkov Build-Depends: debhelper-compat (= 13), dh-python, python3:any, dracut-core, quilt, busybox-initramfs, - util-linux, - e2fsprogs, - fdisk, + amd64-microcode [amd64], dbus, - dosfstools, dmsetup, - mount, - pkg-config, - xsltproc, - docbook-xsl, - docbook-xml, + dosfstools, + e2fsprogs, + fakeroot, + fdisk, fonts-ubuntu, - meson (>= 0.52.1), - gettext, - gperf, git, - gnu-efi [amd64 i386 arm64 armhf riscv64], - libcap-dev (>= 1:2.24-9~), - libpam0g-dev, - libapparmor-dev (>= 2.13) , - libidn2-dev , - libiptc-dev , - libaudit-dev , - libdbus-1-dev (>= 1.3.2) , - libcryptsetup-dev (>= 2:1.6.0) , - libselinux1-dev (>= 2.1.9), - libacl1-dev, - liblzma-dev, - liblz4-dev (>= 0.0~r125), - liblz4-tool , - libbz2-dev , - zlib1g-dev | libz-dev , - libcurl4-gnutls-dev | libcurl-dev , - libmicrohttpd-dev , - libgnutls28-dev , - libpcre2-dev , - libgcrypt20-dev, - libkmod-dev (>= 15), - libblkid-dev (>= 2.24), - libmount-dev (>= 2.30), - libseccomp-dev (>= 2.3.1) [amd64 arm64 armel armhf i386 mips mipsel mips64 mips64el x32 powerpc ppc64 ppc64el riscv64 s390x], - libdw-dev (>= 0.158) , - libpolkit-gobject-1-dev , - libzstd-dev (>= 1.4.0), - linux-base , - acl , - plymouth-label-ft, - plymouth-theme-spinner, - python3:native, - python3-jinja2:native, - python3-lxml:native, - python3-pyparsing:native | python3-pyparsing , - python3-evdev:native , - tzdata , - libcap2-bin , - iproute2 , - zstd , - gawk , - amd64-microcode [amd64], intel-microcode [amd64], kmod, libgcc-s1, + mount, + plymouth-label-ft, + plymouth-theme-spinner, squashfs-tools, + systemd, systemd-bootchart, cryptsetup-bin, tar, - golang-go, indent, libapparmor-dev, libcap-dev, libfuse-dev, libglib2.0-dev, liblzma-dev, liblzo2-dev, libseccomp-dev, libudev-dev, openssh-client, pkg-config, python3, python3-docutils, python3-markdown, squashfs-tools, tzdata, udev, xfslibs-dev + util-linux Standards-Version: 4.4.1 Homepage: https://launchpad.net/ubuntu-core-initramfs diff --git a/debian/rules b/debian/rules index f76a2a7f..d42668d2 100755 --- a/debian/rules +++ b/debian/rules @@ -4,220 +4,7 @@ export DH_VERBOSE=1 include /usr/share/dpkg/default.mk %: - dh $@ --buildsystem=meson+ninja --sourcedirectory=vendor/systemd --with python3 - -CLEAN_PATHS= \ - etc/X11 \ - etc/kernel \ - etc/modules-load.d \ - etc/sysctl.d \ - etc/systemd/journald.conf \ - etc/systemd/logind.conf \ - etc/systemd/oomd.conf \ - etc/systemd/pstore.conf \ - etc/systemd/sleep.conf \ - etc/systemd/system.conf \ - etc/systemd/system/getty.target.wants \ - etc/systemd/user \ - etc/systemd/user.conf \ - etc/tmpfiles.d \ - etc/udev \ - etc/xdg \ - usr/bin/busctl \ - usr/bin/kernel-install \ - usr/bin/loginctl \ - usr/bin/oomctl \ - usr/bin/systemd-analyze \ - usr/bin/systemd-cgls \ - usr/bin/systemd-cgtop \ - usr/bin/systemd-dissect \ - usr/bin/systemd-escape \ - usr/bin/systemd-inhibit \ - usr/bin/systemd-nspawn \ - usr/include \ - usr/lib/*/pkgconfig \ - usr/lib/kernel \ - usr/lib/systemd/catalog \ - usr/lib/systemd/network \ - usr/lib/systemd/system-generators/systemd-gpt-auto-generator \ - usr/lib/systemd/system-preset \ - usr/lib/systemd/system/local-fs.target.wants/tmp.mount \ - usr/lib/systemd/system/multi-user.target.wants/systemd-logind.service \ - usr/lib/systemd/system/sysinit.target.wants/systemd-hwdb-update.service \ - usr/lib/systemd/system/sysinit.target.wants/systemd-journal-catalog-update.service \ - usr/lib/systemd/system/sysinit.target.wants/systemd-update-done.service \ - usr/lib/systemd/system/dbus-org.freedesktop.login1.service \ - usr/lib/systemd/system/systemd-hwdb-update.service \ - usr/lib/systemd/system/systemd-journal-catalog-update.service \ - usr/lib/systemd/system/systemd-logind.service \ - usr/lib/systemd/system/systemd-nspawn@.service \ - usr/lib/systemd/system/systemd-oomd.service \ - usr/lib/systemd/system/systemd-update-done.service \ - usr/lib/systemd/system/tmp.mount \ - usr/lib/systemd/systemd-logind \ - usr/lib/systemd/systemd-oomd \ - usr/lib/systemd/systemd-update-done \ - usr/lib/systemd/systemd-user-runtime-dir \ - usr/lib/systemd/user \ - usr/lib/systemd/user-preset \ - usr/lib/sysusers.d \ - usr/lib/tmpfiles.d/etc.conf \ - usr/lib/udev/rules.d/70-power-switch.rules \ - usr/lib/udev/rules.d/70-uaccess.rules \ - /usr/lib/$(DEB_HOST_MULTIARCH)/security \ - /usr/lib/$(DEB_HOST_MULTIARCH)/libpam_misc* \ - usr/share/dbus-1/system-services/org.freedesktop.login1.service \ - usr/share/dbus-1/system-services/org.freedesktop.oom1.service \ - usr/share/dbus-1/system.d/org.freedesktop.login1.conf \ - usr/share/dbus-1/system.d/org.freedesktop.oom1.conf \ - usr/share/doc \ - usr/share/factory \ - usr/share/locale \ - usr/share/pkgconfig \ - usr/share/polkit-1 - -override_dh_auto_configure: - cd vendor/systemd; \ - QUILT_PATCHES=debian/patches quilt push -a --fuzz=0 - - # Quilt import patches after the last applied patch. - # Because we will apply the patches after they are all imported, - # we need to add them reversed order. - cd vendor/systemd; \ - find ../systemd-patches/ -name "*.patch" -print0 | \ - sort -rz | \ - QUILT_PATCHES=debian/patches xargs -0 -n1 quilt import - - cd vendor/systemd; QUILT_PATCHES=debian/patches quilt push -a --fuzz=0 - - sed -i '/"minix"/s/^/\/\//' vendor/systemd/src/test/test-path-util.c - - dh_auto_configure --buildsystem=meson+ninja --sourcedirectory=vendor/systemd -- \ - -Db_lto=true \ - -Db_pie=true \ - -Ddebug=false \ - -Dstrip=true \ - -Dsplit-usr=false \ - -Dsplit-bin=true \ - -Dntp-servers=ntp.ubuntu.com \ - -Ddns-servers='' \ - --libdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ - -Drootlibdir=/usr/lib/$(DEB_HOST_MULTIARCH) \ - -Dsysvinit-path='' \ - -Dsysvrcnd-path='' \ - -Dsulogin-path='/usr/bin/sh' \ - -Drpmmacrosdir=no \ - -Dlink-udev-shared=true \ - -Dlink-systemctl-shared=true \ - -Dstatic-libsystemd=false \ - -Dstatic-libudev=false \ - -Ddebug-shell='/usr/bin/sh' \ - -Dvalgrind=false \ - -Dutmp=false \ - -Dhibernate=false \ - -Dldconfig=false \ - -Dresolve=false \ - -Defi=true \ - -Dtpm=true \ - -Dtpm-pcrindex=12 \ - -Denvironment-d=false \ - -Dbinfmt=false \ - -Dcoredump=false \ - -Dlogind=true \ - -Dhostnamed=false \ - -Dlocaled=false \ - -Dmachined=false \ - -Dportabled=false \ - -Dnetworkd=false \ - -Dtimedated=false \ - -Dtimesyncd=false \ - -Dremote=false \ - -Dnss-myhostname=false \ - -Dnss-mymachines=false \ - -Dnss-resolve=false \ - -Dnss-systemd=true \ - -Dfirstboot=false \ - -Drandomseed=false \ - -Dbacklight=false \ - -Dvconsole=false \ - -Dquotacheck=false \ - -Dsysusers=true \ - -Dtmpfiles=true \ - -Dimportd=false \ - -Dhwdb=true \ - -Drfkill=false \ - -Dman=false \ - -Dhtml=false \ - -Dfallback-hostname=ubuntu \ - -Dsystem-uid-max=999 \ - -Dsystem-gid-max=999 \ - -Dadm-group=true \ - -Dwheel-group=false \ - -Ddev-kvm-mode=0660 \ - -Dgroup-render-mode=0660 \ - -Ddefault-dnssec=no \ - -Dselinux=true \ - -Ddefault-kill-user-processes=false \ - -Ddefault-hierarchy=unified \ - -Ddefault-locale=C.UTF-8 \ - -Dnobody-user=nobody \ - -Dnobody-group=nogroup \ - -Dbump-proc-sys-fs-nr-open=false \ - -Dsupport-url=https://www.ubuntu.com/support \ - -Dseccomp=true \ - -Dapparmor=true \ - -Dsmack=false \ - -Dpolkit=false \ - -Dima=false \ - -Dacl=true \ - -Daudit=true \ - -Dblkid=true \ - -Dkmod=true \ - -Dpam=true \ - -Dpamconfdir=no \ - -Dmicrohttpd=false \ - -Dlibcryptsetup=true \ - -Dlibcurl=false \ - -Dlibidn2=true \ - -Dlibiptc=true \ - -Dqrencode=false \ - -Dgcrypt=false \ - -Dgnutls=false \ - -Dopenssl=false \ - -Delfutils=false \ - -Dzlib=false \ - -Dbzip2=false \ - -Dxz=false \ - -Dlz4=true \ - -Dxkbcommon=false \ - -Dpcre2=true \ - -Dglib=false \ - -Ddbus=false \ - -Dgnu-efi=true \ - -Duserdb=false \ - -Dbashcompletiondir=no \ - -Dzshcompletiondir=no \ - -Dinstall-tests=false - -override_dh_auto_test: - LD_LIBRARY_PATH= LD_PRELOAD= dh_auto_test --buildsystem=meson+ninja --sourcedirectory=vendor/systemd || : - -override_dh_auto_clean: - dh_auto_clean --buildsystem=meson+ninja --sourcedirectory=vendor/systemd - - sed -i '/"minix"/s/^\/*//' vendor/systemd/src/test/test-path-util.c - - find vendor/systemd-patches -name "*.patch" -print0 | \ - cut -z -d/ -f3 | \ - sort -rz | \ - (cd vendor/systemd; \ - QUILT_PATCHES=debian/patches xargs -0 -n1 quilt delete -r) \ - || true - - cd vendor/systemd; \ - QUILT_PATCHES=debian/patches quilt pop -a || true - - rm -rf vendor/systemd/.pc + dh $@ INSTALL_FILES_FROM_HOST= \ /bin/kmod \ @@ -260,7 +47,6 @@ INSTALL_FILES_FROM_HOST= \ /usr/share/plymouth/themes/bgrt/* \ /usr/share/plymouth/themes/spinner/* -override_dh_auto_install: TEMPLIBDIR := $(shell mktemp -d) override_dh_auto_install: rm -rf debian/tmp mkdir debian/tmp @@ -276,15 +62,12 @@ override_dh_auto_install: cp /usr/share/fonts/truetype/ubuntu/Ubuntu-R.ttf \ debian/tmp/usr/share/fonts/Plymouth.ttf - dh_auto_install --destdir=debian/tmp --buildsystem=meson+ninja --sourcedirectory=vendor/systemd - for p in $(CLEAN_PATHS); do \ - rm -r debian/tmp/$$p ; \ - done touch debian/tmp/etc/machine-id # This hack should be removed with #113 sed -i '/^After=/{;s, *plymouth-start[.]service *, ,;/^After= *$$/d;}' debian/tmp/usr/lib/systemd/system/systemd-ask-password-* - LD_LIBRARY_PATH=`pwd`/debian/tmp/usr/lib/*/:`pwd`/debian/tmp/usr/lib/systemd `pwd`/debian/tmp/usr/bin/systemd-hwdb --root debian/tmp update --usr --strict + LD_LIBRARY_PATH=$(pwd)/debian/tmp/usr/lib/*/:$(pwd)/debian/tmp/usr/lib/systemd \ + $(pwd)/debian/tmp/usr/bin/systemd-hwdb --root debian/tmp update --usr --strict rm -rf debian/tmp/usr/lib/udev/hwdb.d /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd /usr/lib/initramfs-tools/bin/busybox usr/bin/busybox @@ -293,14 +76,7 @@ override_dh_auto_install: ln -v -s busybox debian/tmp/usr/bin/$$alias; \ done - # We want the deps from the systemd libs we have compiled, not from the ones - # installed in the system. Copy them around so we can point LD_LIBRARY_PATH - # to them. - for lib in libudev.so libnss_systemd.so libsystemd.so; do \ - cp -a $(CURDIR)/debian/tmp/lib/$(DEB_HOST_MULTIARCH)/$$lib* $(TEMPLIBDIR); \ - done - cp -a $(CURDIR)/debian/tmp/usr/lib/systemd/libsystemd-shared* $(TEMPLIBDIR) - LD_PRELOAD= LD_LIBRARY_PATH=$(TEMPLIBDIR) /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd $(INSTALL_FILES_FROM_HOST) + LD_PRELOAD= /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd $(INSTALL_FILES_FROM_HOST) dpkg -L dmsetup | grep rules.d | xargs -L1 /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd ln -v -s e2fsck debian/tmp/usr/sbin/fsck.ext4 @@ -308,14 +84,10 @@ override_dh_auto_install: for e in $$(find debian/tmp -type f -executable) \ /usr/lib/$(DEB_HOST_MULTIARCH)/plymouth/*.so \ /usr/lib/$(DEB_HOST_MULTIARCH)/plymouth/renderers/*.so; do \ - LD_PRELOAD= LD_LIBRARY_PATH=$(TEMPLIBDIR) \ + LD_PRELOAD= \ /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --resolvelazy $$e ; \ done ldconfig -r debian/tmp - rm -rf $(TEMPLIBDIR) - # dracut has installed the libraries from TEMPLIBDIR inside the packaging - # folder, remove that artifact too. - rm -rf debian/tmp/tmp/ override_dh_install: dh_install From f81dfbbcbebb7c20f4b0d3dffca59c441f4492d7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Thu, 22 Jun 2023 17:33:23 +0100 Subject: [PATCH 02/11] Include needed systemd bits from the system --- debian/control | 3 +++ debian/install | 2 +- debian/rules | 29 +++++++++++++++++++++++++---- 3 files changed, 29 insertions(+), 5 deletions(-) diff --git a/debian/control b/debian/control index 447fd622..8da8d6cc 100644 --- a/debian/control +++ b/debian/control @@ -20,9 +20,12 @@ Build-Depends: debhelper-compat (= 13), dh-python, python3:any, dracut-core, qui plymouth-theme-spinner, squashfs-tools, systemd, + systemd-boot-efi, systemd-bootchart, cryptsetup-bin, + systemd-sysv, tar, + udev, util-linux Standards-Version: 4.4.1 Homepage: https://launchpad.net/ubuntu-core-initramfs diff --git a/debian/install b/debian/install index 062c9fc9..9c9cb39b 100644 --- a/debian/install +++ b/debian/install @@ -2,6 +2,6 @@ bin/ubuntu-core-initramfs usr/bin postinst.d etc/kernel/ snakeoil/* usr/lib/ubuntu-core-initramfs/snakeoil/ debian/tmp/* usr/lib/ubuntu-core-initramfs/main -debian/tmp/usr/lib/systemd/boot/efi/linux*.efi.stub usr/lib/ubuntu-core-initramfs/efi/ +debian/tmp-efi/* usr/lib/ubuntu-core-initramfs/efi/ debian/sbat.txt usr/lib/ubuntu-core-initramfs/efi/ modules usr/lib/ubuntu-core-initramfs/ diff --git a/debian/rules b/debian/rules index d42668d2..0cf66755 100755 --- a/debian/rules +++ b/debian/rules @@ -48,8 +48,8 @@ INSTALL_FILES_FROM_HOST= \ /usr/share/plymouth/themes/spinner/* override_dh_auto_install: - rm -rf debian/tmp - mkdir debian/tmp + rm -rf debian/tmp debian/tmp-efi + mkdir debian/tmp debian/tmp-efi cp -ar factory/* debian/tmp mkdir -p debian/tmp/usr/bin mkdir -p debian/tmp/usr/lib64 @@ -63,13 +63,31 @@ override_dh_auto_install: debian/tmp/usr/share/fonts/Plymouth.ttf touch debian/tmp/etc/machine-id + + # Include all needed systemd bits + set -e; \ + for f in $$(dpkg -L systemd | \ + grep -E '(^/lib/systemd/system|modprobe\.d/|sysctl\.d/|rules\.d/|tmpfiles\.d/|bin/)') \ + $$(dpkg -L systemd-sysv | grep sbin/) \ + /var/lib/systemd/ \ + $$(dpkg -L udev | grep -E '(bin/|lib/|rules\.d/)') \ + ; \ + do \ + LD_PRELOAD= \ + /usr/lib/dracut/dracut-install \ + -D $(CURDIR)/debian/tmp --ldd $$f; \ + done + # This hack should be removed with #113 sed -i '/^After=/{;s, *plymouth-start[.]service *, ,;/^After= *$$/d;}' debian/tmp/usr/lib/systemd/system/systemd-ask-password-* - LD_LIBRARY_PATH=$(pwd)/debian/tmp/usr/lib/*/:$(pwd)/debian/tmp/usr/lib/systemd \ - $(pwd)/debian/tmp/usr/bin/systemd-hwdb --root debian/tmp update --usr --strict + # XXX Is this still needed? + LD_LIBRARY_PATH=$$(pwd)/debian/tmp/usr/lib/*/:$$(pwd)/debian/tmp/usr/lib/systemd \ + $$(pwd)/debian/tmp/usr/bin/systemd-hwdb --root debian/tmp update --usr --strict rm -rf debian/tmp/usr/lib/udev/hwdb.d + # Use busybox shell instead of dash as in the past + rm debian/tmp/usr/bin/sh /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd /usr/lib/initramfs-tools/bin/busybox usr/bin/busybox set -e; \ for alias in `debian/tmp/usr/bin/busybox --list-long | grep -v -e busybox -e reboot -e mount -e umount`; do \ @@ -89,6 +107,9 @@ override_dh_auto_install: done ldconfig -r debian/tmp + # Include stub (used when building kernel.efi) + install /usr/lib/systemd/boot/efi/linux*.efi.stub $(CURDIR)/debian/tmp-efi/ + override_dh_install: dh_install rm -rf debian/ubuntu-core-initramfs/usr/lib/ubuntu-core-initramfs/main/usr/lib/systemd/boot From 02b34a8be0be75c82c075dd138e7b41668b5b15b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Mon, 26 Jun 2023 15:54:28 +0100 Subject: [PATCH 03/11] debian: bash is needed by debug-shell.service in mantic --- debian/control | 1 + debian/rules | 2 ++ 2 files changed, 3 insertions(+) diff --git a/debian/control b/debian/control index 8da8d6cc..9f93cf60 100644 --- a/debian/control +++ b/debian/control @@ -4,6 +4,7 @@ Priority: optional Maintainer: Dimitri John Ledkov Build-Depends: debhelper-compat (= 13), dh-python, python3:any, dracut-core, quilt, busybox-initramfs, amd64-microcode [amd64], + bash, dbus, dmsetup, dosfstools, diff --git a/debian/rules b/debian/rules index 0cf66755..867422cf 100755 --- a/debian/rules +++ b/debian/rules @@ -6,7 +6,9 @@ include /usr/share/dpkg/default.mk %: dh $@ +# bash is now used by debug-shell.service INSTALL_FILES_FROM_HOST= \ + /bin/bash \ /bin/kmod \ /bin/mount \ /bin/tar \ From ff7c872dcbbf552621e6fd1b31c68e2d1ca7ea8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Mon, 26 Jun 2023 15:55:12 +0100 Subject: [PATCH 04/11] debian: disable units failing on core systems Do not automount rootfs and prevent service failing due to missing kernel module. --- debian/rules | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index 867422cf..e6cc51ed 100755 --- a/debian/rules +++ b/debian/rules @@ -67,8 +67,8 @@ override_dh_auto_install: touch debian/tmp/etc/machine-id # Include all needed systemd bits - set -e; \ - for f in $$(dpkg -L systemd | \ + set -e; \ + for f in $$(dpkg -L systemd | \ grep -E '(^/lib/systemd/system|modprobe\.d/|sysctl\.d/|rules\.d/|tmpfiles\.d/|bin/)') \ $$(dpkg -L systemd-sysv | grep sbin/) \ /var/lib/systemd/ \ @@ -79,6 +79,10 @@ override_dh_auto_install: /usr/lib/dracut/dracut-install \ -D $(CURDIR)/debian/tmp --ldd $$f; \ done + # But we don't won't to automount the rootfs + rm debian/tmp/usr/lib/systemd/system-generators/systemd-gpt-auto-generator + # or this (binfmt_misc module is not in the initramfs) + rm debian/tmp/usr/lib/systemd/system/sysinit.target.wants/proc-sys-fs-binfmt_misc.automount # This hack should be removed with #113 sed -i '/^After=/{;s, *plymouth-start[.]service *, ,;/^After= *$$/d;}' debian/tmp/usr/lib/systemd/system/systemd-ask-password-* From c9101e2492f596dd4ed56efa69946a529a69d974 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Tue, 27 Jun 2023 09:26:51 +0100 Subject: [PATCH 05/11] spread.yaml: update workers to 23.10 --- spread.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/spread.yaml b/spread.yaml index c6f1ed28..9d1253bf 100644 --- a/spread.yaml +++ b/spread.yaml @@ -19,8 +19,8 @@ backends: plan: n2-standard-2 halt-timeout: 2h systems: - - ubuntu-22.04-64: - image: ubuntu-2204-64-virt-enabled + - ubuntu-23.10-64: + image: ubuntu-2310-64-v20230621 storage: 20G qemu-nested: From e1d5efaf9dd0478d29ab89a4a81f3d8bed325db0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Tue, 27 Jun 2023 12:25:19 +0100 Subject: [PATCH 06/11] Use sbat from efi stub The systemd stub from the systemd-boot-efi deb package includes now a sbat section, so we do not need to copy it from the ubuntu-core-initramfs script anymore. --- bin/ubuntu-core-initramfs | 5 ----- debian/install | 1 - debian/sbat.txt | 3 --- 3 files changed, 9 deletions(-) delete mode 100755 debian/sbat.txt diff --git a/bin/ubuntu-core-initramfs b/bin/ubuntu-core-initramfs index d366f392..256315c7 100755 --- a/bin/ubuntu-core-initramfs +++ b/bin/ubuntu-core-initramfs @@ -360,7 +360,6 @@ def create_efi(parser, args): parser.error("--stub is required, and one was not automatically detected") if args.root: args.stub = path_join_make_rel_paths(args.root, args.stub) - args.sbat = path_join_make_rel_paths(args.root, args.sbat) args.kernel = path_join_make_rel_paths(args.root, args.kernel) args.initrd = path_join_make_rel_paths(args.root, args.initrd) args.key = path_join_make_rel_paths(args.root, args.key) @@ -392,8 +391,6 @@ def create_efi(parser, args): ] # TODO add .splash objcopy_cmd += [ - "--add-section", ".sbat=%s" % args.sbat, - "--set-section-flags", ".sbat=readonly,data", "--add-section", ".linux=%s" % args.kernel, "--set-section-flags", ".linux=readonly,data", "--add-section", ".initrd=%s" % args.initrd, @@ -434,8 +431,6 @@ def main(): ) efi_parser.add_argument("--root", help="path to root") efi_parser.add_argument("--stub", help="path to stub") - efi_parser.add_argument("--sbat", help="path to sbat", - default="/usr/lib/ubuntu-core-initramfs/efi/sbat.txt") if suffix: efi_parser.set_defaults( stub="/usr/lib/ubuntu-core-initramfs/efi/linux%s.efi.stub" % suffix diff --git a/debian/install b/debian/install index 9c9cb39b..cf6ca62c 100644 --- a/debian/install +++ b/debian/install @@ -3,5 +3,4 @@ postinst.d etc/kernel/ snakeoil/* usr/lib/ubuntu-core-initramfs/snakeoil/ debian/tmp/* usr/lib/ubuntu-core-initramfs/main debian/tmp-efi/* usr/lib/ubuntu-core-initramfs/efi/ -debian/sbat.txt usr/lib/ubuntu-core-initramfs/efi/ modules usr/lib/ubuntu-core-initramfs/ diff --git a/debian/sbat.txt b/debian/sbat.txt deleted file mode 100755 index 60920331..00000000 --- a/debian/sbat.txt +++ /dev/null @@ -1,3 +0,0 @@ -sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md -systemd,1,The systemd Developers,systemd,245,https://www.freedesktop.org/wiki/Software/systemd -systemd.ubuntu,1,Ubuntu,systemd,245.4-4ubuntu3.6,https://bugs.launchpad.net/ubuntu/ From 22696dd6c5cc1bdb557441a4c34d5fb10fd2f5b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Tue, 27 Jun 2023 16:33:50 +0100 Subject: [PATCH 07/11] factory/debug-shell.service: run sh instead of bash --- .../systemd/system/debug-shell.service.d/core-override.conf | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/factory/usr/lib/systemd/system/debug-shell.service.d/core-override.conf b/factory/usr/lib/systemd/system/debug-shell.service.d/core-override.conf index ead9fbab..8fc94108 100644 --- a/factory/usr/lib/systemd/system/debug-shell.service.d/core-override.conf +++ b/factory/usr/lib/systemd/system/debug-shell.service.d/core-override.conf @@ -1,2 +1,6 @@ [Unit] AssertKernelCommandLine=dangerous + +[Service] +ExecStart= +ExecStart=/bin/sh From ac0bc7466f2bc93e90adbf288482a1765fa77329 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Tue, 27 Jun 2023 16:34:52 +0100 Subject: [PATCH 08/11] debian/control: we do not need quilt now --- debian/control | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/debian/control b/debian/control index 9f93cf60..cae183ca 100644 --- a/debian/control +++ b/debian/control @@ -2,9 +2,8 @@ Source: ubuntu-core-initramfs Section: utils Priority: optional Maintainer: Dimitri John Ledkov -Build-Depends: debhelper-compat (= 13), dh-python, python3:any, dracut-core, quilt, busybox-initramfs, +Build-Depends: debhelper-compat (= 13), dh-python, python3:any, dracut-core, busybox-initramfs, amd64-microcode [amd64], - bash, dbus, dmsetup, dosfstools, From 5d0cf77bef56b0b2d7afbb4625134f8dc3cabb47 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Tue, 27 Jun 2023 16:35:34 +0100 Subject: [PATCH 09/11] debian/rules: include sulogin but not bash, add comment and some minor clean-ups. --- debian/rules | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/rules b/debian/rules index e6cc51ed..196505d0 100755 --- a/debian/rules +++ b/debian/rules @@ -6,11 +6,10 @@ include /usr/share/dpkg/default.mk %: dh $@ -# bash is now used by debug-shell.service INSTALL_FILES_FROM_HOST= \ - /bin/bash \ /bin/kmod \ /bin/mount \ + /sbin/sulogin \ /bin/tar \ /lib/$(DEB_HOST_MULTIARCH)/libgcc_s.so.1 \ /lib/$(DEB_HOST_MULTIARCH)/libnss_compat.so.* \ @@ -69,7 +68,7 @@ override_dh_auto_install: # Include all needed systemd bits set -e; \ for f in $$(dpkg -L systemd | \ - grep -E '(^/lib/systemd/system|modprobe\.d/|sysctl\.d/|rules\.d/|tmpfiles\.d/|bin/)') \ + grep -E '(^/lib/systemd/system|/modprobe\.d/|/sysctl\.d/|/rules\.d/|/tmpfiles\.d/|/bin/)') \ $$(dpkg -L systemd-sysv | grep sbin/) \ /var/lib/systemd/ \ $$(dpkg -L udev | grep -E '(bin/|lib/|rules\.d/)') \ @@ -87,13 +86,14 @@ override_dh_auto_install: # This hack should be removed with #113 sed -i '/^After=/{;s, *plymouth-start[.]service *, ,;/^After= *$$/d;}' debian/tmp/usr/lib/systemd/system/systemd-ask-password-* - # XXX Is this still needed? + # Generate hw database (/usr/lib/udev/hwdb.bin) for udev and + # remove redundant definitions after that. LD_LIBRARY_PATH=$$(pwd)/debian/tmp/usr/lib/*/:$$(pwd)/debian/tmp/usr/lib/systemd \ $$(pwd)/debian/tmp/usr/bin/systemd-hwdb --root debian/tmp update --usr --strict rm -rf debian/tmp/usr/lib/udev/hwdb.d # Use busybox shell instead of dash as in the past - rm debian/tmp/usr/bin/sh + rm debian/tmp/usr/bin/sh debian/tmp/usr/bin/dash /usr/lib/dracut/dracut-install -D $(CURDIR)/debian/tmp --ldd /usr/lib/initramfs-tools/bin/busybox usr/bin/busybox set -e; \ for alias in `debian/tmp/usr/bin/busybox --list-long | grep -v -e busybox -e reboot -e mount -e umount`; do \ From 71b826f85498f75220478a02ab0e9b1da79afc54 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Wed, 28 Jun 2023 17:03:30 +0100 Subject: [PATCH 10/11] debian: remove unnecessary systemd-pcrphase bits --- debian/rules | 2 ++ 1 file changed, 2 insertions(+) diff --git a/debian/rules b/debian/rules index 196505d0..9704b2bc 100755 --- a/debian/rules +++ b/debian/rules @@ -82,6 +82,8 @@ override_dh_auto_install: rm debian/tmp/usr/lib/systemd/system-generators/systemd-gpt-auto-generator # or this (binfmt_misc module is not in the initramfs) rm debian/tmp/usr/lib/systemd/system/sysinit.target.wants/proc-sys-fs-binfmt_misc.automount + # Remove all pcrphase related bits for the moment (services and binary) + find debian/tmp/ -type f,l -name \*systemd-pcrphase\* -delete # This hack should be removed with #113 sed -i '/^After=/{;s, *plymouth-start[.]service *, ,;/^After= *$$/d;}' debian/tmp/usr/lib/systemd/system/systemd-ask-password-* From 14fe98b00430ce70b8f905971be89e54b92de7a9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Alfonso=20S=C3=A1nchez-Beato?= Date: Wed, 28 Jun 2023 17:06:02 +0100 Subject: [PATCH 11/11] debian: run systemd-hwdb from the system instead of the one copied around. --- debian/rules | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/debian/rules b/debian/rules index 9704b2bc..8e7fb580 100755 --- a/debian/rules +++ b/debian/rules @@ -90,8 +90,7 @@ override_dh_auto_install: # Generate hw database (/usr/lib/udev/hwdb.bin) for udev and # remove redundant definitions after that. - LD_LIBRARY_PATH=$$(pwd)/debian/tmp/usr/lib/*/:$$(pwd)/debian/tmp/usr/lib/systemd \ - $$(pwd)/debian/tmp/usr/bin/systemd-hwdb --root debian/tmp update --usr --strict + systemd-hwdb --root debian/tmp update --usr --strict rm -rf debian/tmp/usr/lib/udev/hwdb.d # Use busybox shell instead of dash as in the past