Merge branch 'debian' into kali/master
Sophie Brun
2 years ago
0 | live-build (1:20210329) unstable; urgency=medium | |
1 | ||
2 | The 'filesystem.size' file is no longer created and included in the image, | |
3 | as it is often incorrect and variates depending on the build environment, | |
4 | breaking reproducibility. For more information see the following thread: | |
5 | https://lists.debian.org/debian-live/2021/03/msg00008.html | |
6 | ||
7 | -- Luca Boccassi <[email protected]> Mon, 29 Mar 2021 10:49:43 +0100 | |
8 | ||
0 | 9 | live-build (1:20180411) unstable; urgency=medium |
1 | 10 | |
2 | 11 | The live-boot mount points have been moved from /lib/live/mount to |
0 | live-build (1:20210407) unstable; urgency=medium | |
1 | ||
2 | * Upload to unstable. | |
3 | ||
4 | -- Luca Boccassi <[email protected]> Wed, 07 Apr 2021 18:52:50 +0100 | |
5 | ||
6 | live-build (1:20210405) experimental; urgency=medium | |
7 | ||
8 | * Firmware download: skip architecture if not found (Closes: #986278) | |
9 | * Autopkgtest: build a buster image | |
10 | * Autopkgtest: remove architecture restriction | |
11 | ||
12 | -- Luca Boccassi <[email protected]> Mon, 05 Apr 2021 13:04:04 +0100 | |
13 | ||
14 | live-build (1:20210330) unstable; urgency=medium | |
15 | ||
16 | * security: do not append /updates for Bullseye and newer. | |
17 | (Closes: #986148) | |
18 | ||
19 | -- Luca Boccassi <[email protected]> Tue, 30 Mar 2021 16:17:38 +0100 | |
20 | ||
21 | live-build (1:20210329) unstable; urgency=medium | |
22 | ||
23 | [ Ryan Finnie ] | |
24 | * Use --apt-http-proxy/--apt-ftp-proxy for debootstrap | |
25 | * No mksquashfs progress bar if stdin is not a terminal | |
26 | ||
27 | [ Unit 193 ] | |
28 | * firmwarelists.sh: Search Contents-all for firmware too. | |
29 | ||
30 | [ Roland Clobus ] | |
31 | * Support security for bullseye. See | |
32 | https://wiki.debian.org/NewInBullseye. Closes: #964914 | |
33 | * Fixed handling of checksums in combination with the d-i installer. | |
34 | * Removed filesystem.size for squashfs images. | |
35 | ||
36 | -- Luca Boccassi <[email protected]> Mon, 29 Mar 2021 10:49:43 +0100 | |
37 | ||
0 | 38 | live-build (1:20210216kali1) kali-dev; urgency=medium |
1 | 39 | |
2 | 40 | * Drop debian/live-build.links, the symlinks are now in Debian |
0 | #!/bin/bash | |
1 | ||
2 | set -eu | |
3 | set -o pipefail | |
4 | ||
5 | cd "${AUTOPKGTEST_TMP}" | |
6 | lb config --verbose --updates true --security true --distribution buster | |
7 | lb build --verbose | |
8 | ls -l |
0 | 0 | Tests: build-default-image |
1 | 1 | Depends: live-build, |
2 | 2 | Restrictions: needs-root, allow-stderr, needs-internet |
3 | Architecture: amd64 i386 | |
3 | ||
4 | Tests: build-stable-image | |
5 | Depends: live-build, | |
6 | Restrictions: needs-root, allow-stderr, needs-internet | |
4 | 7 | |
5 | 8 | Tests: build-kali-image |
6 | 9 | Depends: live-build, git, ca-certificates, curl, apt-utils, bzip2, cpio, file, wget, xz-utils |
7 | 10 | Restrictions: needs-root, allow-stderr, flaky, needs-internet |
8 | Architecture: amd64 i386 |
349 | 349 | then |
350 | 350 | LB_DEBIAN_INSTALLER="netinst" |
351 | 351 | Echo_warning "A value of 'true' for option LB_DEBIAN_INSTALLER is deprecated, please use 'netinst' in future." |
352 | fi | |
353 | ||
354 | # cdrom-checker in d-i requires a md5 checksum file | |
355 | if [ "${LB_DEBIAN_INSTALLER}" != "none" ] | |
356 | then | |
357 | if [ "${LB_CHECKSUMS}" = "none" ] | |
358 | then | |
359 | LB_CHECKSUMS="md5" | |
360 | else | |
361 | if ! In_list md5 ${LB_CHECKSUMS}; then | |
362 | LB_CHECKSUMS=${LB_CHECKSUMS}" md5" | |
363 | fi | |
364 | fi | |
352 | 365 | fi |
353 | 366 | |
354 | 367 | LB_DEBIAN_INSTALLER_DISTRIBUTION="${LB_DEBIAN_INSTALLER_DISTRIBUTION:-${LB_DISTRIBUTION}}" |
647 | 660 | fi |
648 | 661 | done |
649 | 662 | |
650 | if ! In_list "${LB_CHECKSUMS}" md5 sha1 sha224 sha256 sha384 sha512 none; then | |
651 | Echo_error "You have specified an invalid value for LB_CHECKSUMS (--checksums)." | |
652 | exit 1 | |
663 | local CHECKSUM | |
664 | if [ "${LB_CHECKSUMS}" != "none" ]; then | |
665 | for CHECKSUM in ${LB_CHECKSUMS}; do | |
666 | if ! In_list "${CHECKSUM}" md5 sha1 sha224 sha256 sha384 sha512; then | |
667 | Echo_error "You have specified an invalid value for LB_CHECKSUMS (--checksums): '%s'" "${CHECKSUM}" | |
668 | exit 1 | |
669 | fi | |
670 | done | |
653 | 671 | fi |
654 | 672 | |
655 | 673 | if ! In_list "${LB_CHROOT_FILESYSTEM}" ext2 ext3 ext4 squashfs jffs2 none; then |
21 | 21 | local _ARCHIVE_AREA |
22 | 22 | for _ARCHIVE_AREA in ${ARCHIVE_AREAS} |
23 | 23 | do |
24 | local CONTENTS_URL="${MIRROR_CHROOT}/dists/${DISTRO_CHROOT}/${_ARCHIVE_AREA}/Contents-${LB_ARCHITECTURE}.gz" | |
25 | 24 | local CONTENTS_FILEDIR="cache/contents.chroot/${DISTRO_CHROOT}/${_ARCHIVE_AREA}" |
26 | local CONTENTS_FILE="${CONTENTS_FILEDIR}/contents-${LB_ARCHITECTURE}.gz" | |
27 | ||
28 | 25 | mkdir -p "${CONTENTS_FILEDIR}" |
29 | 26 | |
30 | # Purge from cache if not wanting to use from cache, ensuring fresh copy | |
31 | if [ "${LB_CACHE}" != "true" ] | |
32 | then | |
33 | rm -f "${CONTENTS_FILE}" | |
34 | fi | |
27 | local _ARCH | |
28 | for _ARCH in all ${LB_ARCHITECTURE} | |
29 | do | |
30 | local CONTENTS_URL="${MIRROR_CHROOT}/dists/${DISTRO_CHROOT}/${_ARCHIVE_AREA}/Contents-${_ARCH}.gz" | |
31 | local CONTENTS_FILE="${CONTENTS_FILEDIR}/contents-${_ARCH}.gz" | |
35 | 32 | |
36 | # If not cached, download | |
37 | if [ ! -e "${CONTENTS_FILE}" ] | |
38 | then | |
39 | wget ${WGET_OPTIONS} "${CONTENTS_URL}" -O "${CONTENTS_FILE}" | |
40 | fi | |
33 | # Purge from cache if not wanting to use from cache, ensuring fresh copy | |
34 | if [ "${LB_CACHE}" != "true" ] | |
35 | then | |
36 | rm -f "${CONTENTS_FILE}" | |
37 | fi | |
41 | 38 | |
42 | local PACKAGES | |
43 | PACKAGES="$(gunzip -c "${CONTENTS_FILE}" | awk '/^lib\/firmware/ { print $2 }' | sort -u )" | |
44 | FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} ${PACKAGES}" | |
39 | # If not cached, download | |
40 | if [ ! -e "${CONTENTS_FILE}" ] | |
41 | then | |
42 | # Contents-all.gz does not exist in Buster and other older versions | |
43 | if ! wget --quiet --spider ${WGET_OPTIONS} "${CONTENTS_URL}"; then | |
44 | continue | |
45 | fi | |
46 | wget ${WGET_OPTIONS} "${CONTENTS_URL}" -O "${CONTENTS_FILE}" | |
47 | fi | |
45 | 48 | |
46 | # Don't waste disk space, if not making use of caching | |
47 | if [ "${LB_CACHE}" != "true" ] | |
48 | then | |
49 | rm -f "${CONTENTS_FILE}" | |
50 | fi | |
49 | local PACKAGES | |
50 | PACKAGES="$(gunzip -c "${CONTENTS_FILE}" | awk '/^lib\/firmware/ { print $2 }' | sort -u )" | |
51 | FIRMWARE_PACKAGES="${FIRMWARE_PACKAGES} ${PACKAGES}" | |
52 | ||
53 | # Don't waste disk space, if not making use of caching | |
54 | if [ "${LB_CACHE}" != "true" ] | |
55 | then | |
56 | rm -f "${CONTENTS_FILE}" | |
57 | fi | |
58 | done | |
51 | 59 | done |
52 | 60 | } |
82 | 82 | # do nothing |
83 | 83 | ;; |
84 | 84 | |
85 | *) | |
85 | buster|jessie|stretch) | |
86 | 86 | echo "deb ${PARENT_MIRROR_SECURITY} ${PARENT_DISTRIBUTION}/updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}" |
87 | 87 | echo "deb-src ${PARENT_MIRROR_SECURITY} ${PARENT_DISTRIBUTION}/updates ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}" |
88 | ;; | |
89 | *) | |
90 | echo "deb ${PARENT_MIRROR_SECURITY} ${PARENT_DISTRIBUTION}-security ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}" | |
91 | echo "deb-src ${PARENT_MIRROR_SECURITY} ${PARENT_DISTRIBUTION}-security ${LB_PARENT_ARCHIVE_AREAS}" >> "${PARENT_LIST_FILE}" | |
88 | 92 | ;; |
89 | 93 | esac |
90 | 94 |
238 | 238 | .IP "\fB\-\-apt\fR apt|apt-get|aptitude" 4 |
239 | 239 | defines if apt\-get or aptitude is used to install packages when building the image. The default is apt. |
240 | 240 | .IP "\fB\-\-apt\-ftp\-proxy\fR \fIURL\fR" 4 |
241 | sets the FTP proxy to be used by apt. By default, this is empty. Note that this variable is only for the proxy that gets used by apt internally within the chroot, it is not used for anything else. | |
241 | sets the FTP proxy to be used by apt. By default, this is empty. Note that this variable is only for the proxy that gets used by initial debootstrap, and by apt internally within the chroot. It is not used for anything else. | |
242 | 242 | .IP "\fB\-\-apt\-http\-proxy\fR \fIURL\fR" 4 |
243 | sets the HTTP proxy to be used by apt. By default, this is empty. Note that this variable is only for the proxy that gets used by apt internally within the chroot, it is not used for anything else. | |
243 | sets the HTTP proxy to be used by apt. By default, this is empty. Note that this variable is only for the proxy that gets used by initial debootstrap, and by apt internally within the chroot. It is not used for anything else. | |
244 | 244 | .IP "\fB\-\-apt\-indices\fR true|false" 4 |
245 | 245 | defines if the resulting images should have apt indices or not and defaults to true. |
246 | 246 | .IP "\fB\-\-apt\-options\fR \fIOPTION\fR|""\fIOPTIONS\fR""" 4 |
54 | 54 | \! -path './boot/grub/stage2_eltorito' \ |
55 | 55 | \! -path './*SUMS' \ |
56 | 56 | \! -path './*sum.txt' \ |
57 | -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ../${CHECKSUMS} | |
57 | \! -path './*sum.README' \ | |
58 | -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ${CHECKSUMS} | |
58 | 59 | |
59 | cat > ${CHECKSUMS} << EOF | |
60 | ## This file contains the list of ${CHECKSUM} checksums of all files on this | |
61 | ## medium. | |
62 | ## | |
63 | ## You can verify them automatically with the 'verify-checksums' boot parameter, | |
64 | ## or, manually with: '${CHECKSUM}sum -c ${CHECKSUMS}'. | |
65 | ## | |
66 | ## | |
60 | cat > ${CHECKSUM}sum.README << EOF | |
61 | The file ${CHECKSUMS} contains the ${CHECKSUM} checksums of all files on this medium. | |
62 | ||
63 | You can verify them automatically with the 'verify-checksums' boot parameter, | |
64 | or, manually with: '${CHECKSUM}sum -c ${CHECKSUMS}'. | |
67 | 65 | EOF |
68 | ||
69 | cat ../${CHECKSUMS} >> ${CHECKSUMS} | |
70 | rm -f ../${CHECKSUMS} | |
71 | 66 | |
72 | 67 | cd "${OLDPWD}" |
73 | 68 | done |
264 | 264 | # Remove stale squashfs image |
265 | 265 | rm -f chroot/filesystem.squashfs |
266 | 266 | |
267 | if [ "${_QUIET}" = "true" ] | |
267 | # Do not display progress bar if: | |
268 | # - Run with --quiet, or | |
269 | # - stdin is not a terminal (e.g. in CI, cron, etc) | |
270 | if [ "${_QUIET}" = "true" ] || [ ! -t 0 ] | |
268 | 271 | then |
269 | 272 | MKSQUASHFS_OPTIONS="-no-progress ${MKSQUASHFS_OPTIONS}" |
270 | 273 | fi |
316 | 319 | |
317 | 320 | rm -f chroot/excludes |
318 | 321 | |
319 | du -B 1 -s chroot/chroot | cut -f1 > binary/${INITFS}/filesystem.size | |
320 | ||
321 | 322 | # Move image |
322 | 323 | mv chroot/filesystem.squashfs binary/${INITFS} |
323 | 324 | rm -f chroot/squashfs.sort |
350 | 351 | fi |
351 | 352 | |
352 | 353 | nice -n 19 mksquashfs chroot binary/${INITFS}/filesystem.squashfs ${MKSQUASHFS_OPTIONS} |
353 | ||
354 | du -B 1 -s chroot | cut -f1 > binary/${INITFS}/filesystem.size | |
355 | 354 | ;; |
356 | 355 | esac |
357 | 356 |
85 | 85 | |
86 | 86 | Print_breakage |
87 | 87 | Echo_message "Running debootstrap (download-only)..." |
88 | debootstrap ${DEBOOTSTRAP_OPTIONS} --download-only "${LB_PARENT_DISTRIBUTION_CHROOT}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT} | |
88 | /usr/bin/env http_proxy="${LB_APT_HTTP_PROXY}" ftp_proxy="${LB_APT_FTP_PROXY}" debootstrap ${DEBOOTSTRAP_OPTIONS} --download-only "${LB_PARENT_DISTRIBUTION_CHROOT}" chroot "${LB_PARENT_MIRROR_BOOTSTRAP}" ${DEBOOTSTRAP_SCRIPT} | |
89 | 89 | |
90 | 90 | # Removing old cache |
91 | 91 | rm -f cache/packages.bootstrap/*.deb |
962 | 962 | # Set package manager |
963 | 963 | LB_APT="${LB_APT}" |
964 | 964 | |
965 | # Set apt/aptitude ftp proxy | |
965 | # Set apt/aptitude/debootstrap ftp proxy | |
966 | 966 | LB_APT_FTP_PROXY="${LB_APT_FTP_PROXY}" |
967 | 967 | |
968 | # Set apt/aptitude http proxy | |
968 | # Set apt/aptitude/debootstrap http proxy | |
969 | 969 | LB_APT_HTTP_PROXY="${LB_APT_HTTP_PROXY}" |
970 | 970 | |
971 | 971 | # Set apt/aptitude pipeline depth |
58 | 58 | find . -type f \ |
59 | 59 | \! -path './*SUMS' \ |
60 | 60 | \! -path './*sum.txt' \ |
61 | -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ../${CHECKSUMS} | |
61 | \! -path './*sum.README' \ | |
62 | -print0 | sort -z | xargs -0 ${CHECKSUM}sum > ${CHECKSUMS} | |
62 | 63 | |
63 | cat > ${CHECKSUMS} << EOF | |
64 | ## This file contains the list of ${CHECKSUM} checksums of all files on this | |
65 | ## medium. | |
66 | ## | |
67 | ## You can verify them automatically with the 'verify-checksums' boot parameter, | |
68 | ## or, manually with: '${CHECKSUM}sum -c ${CHECKSUMS}'. | |
69 | ## | |
70 | ## | |
64 | cat > ${CHECKSUM}sum.README << EOF | |
65 | The file ${CHECKSUMS} contains the ${CHECKSUM} checksums of all files on this medium. | |
66 | ||
67 | You can verify them automatically with the 'verify-checksums' boot parameter, | |
68 | or, manually with: '${CHECKSUM}sum -c ${CHECKSUMS}'. | |
71 | 69 | EOF |
72 | ||
73 | cat ../${CHECKSUMS} >> ${CHECKSUMS} | |
74 | rm -f ../${CHECKSUMS} | |
75 | 70 | |
76 | 71 | cd "${OLDPWD}" |
77 | 72 | done |