13 files changed, 170 insertions, 22 deletions
diff --git a/.github/workflows/trigger_rebuild_packages.yml b/.github/workflows/trigger_rebuild_packages.yml
index 8b93e636..33679a76 100644
--- a/.github/workflows/trigger_rebuild_packages.yml
+++ b/.github/workflows/trigger_rebuild_packages.yml
@@ -23,6 +23,10 @@ jobs:
         with:
           base: ${{ github.ref_name }}
           filters: |
+            amazon-cloudwatch-agent:
+              - 'scripts/package-build/amazon-cloudwatch-agent/**'
+            amazon-ssm-agent:
+              - 'scripts/package-build/amazon-ssm-agent/**'
             aws-gwlbtun:
               - 'scripts/package-build/aws-gwlbtun/**'
             ddclient:
@@ -101,6 +105,14 @@ jobs:
           }
 
           # Trigger builds based on detected changes
+          if [ "${{ steps.changes.outputs.amazon-cloudwatch-agent }}" == "true" ]; then
+            trigger_build "amazon-cloudwatch-agent"
+          fi
+
+          if [ "${{ steps.changes.outputs.amazon-ssm-agent }}" == "true" ]; then
+            trigger_build "amazon-ssm-agent"
+          fi
+
           if [ "${{ steps.changes.outputs.aws-gwlbtun }}" == "true" ]; then
             trigger_build "aws-gwlbtun"
           fi
diff --git a/data/defaults.toml b/data/defaults.toml
index f0a7d83d..b97a2de8 100644
--- a/data/defaults.toml
+++ b/data/defaults.toml
@@ -14,7 +14,7 @@ vyos_mirror = "https://packages.vyos.net/repositories/current"
 vyos_branch = "current"
 release_train = "current"
 
-kernel_version = "6.6.56"
+kernel_version = "6.6.62"
 kernel_flavor = "vyos"
 bootloaders = "syslinux,grub-efi"
 
diff --git a/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry
new file mode 100644
index 00000000..49f4afc4
--- /dev/null
+++ b/data/live-build-config/includes.chroot/opt/vyatta/etc/grub/default-union-grub-entry
@@ -0,0 +1,20 @@
+menuentry "VyOS  (KVM console)" {
+        linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0
+        initrd /boot//initrd.img
+}
+
+menuentry "VyOS  (Serial console)" {
+        linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200
+        initrd /boot//initrd.img
+}
+
+menuentry "Lost password change  (KVM console)" {
+        linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=ttyS0,115200 console=tty0 init=/opt/vyatta/sbin/standalone_root_pw_reset
+        initrd /boot//initrd.img
+}
+
+menuentry "Lost password change  (Serial console)" {
+        linux /boot//vmlinuz boot=live quiet rootdelay=5 noautologin net.ifnames=0 biosdevname=0 udev.exec_delay=3 vyos-union=/boot/ console=tty0 console=ttyS0,115200 init=/opt/vyatta/sbin/standalone_root_pw_reset
+        initrd /boot//initrd.img
+}
+
diff --git a/docker/Dockerfile b/docker/Dockerfile
index ddda5ff8..9b700e0e 100644
--- a/docker/Dockerfile
+++ b/docker/Dockerfile
@@ -103,6 +103,7 @@ RUN apt-get update && apt-get install -y \
       python3-flake8 \
       python3-autopep8 \
       python3-tomli \
+      python3-tomli-w \
       yq \
       debootstrap \
       live-build \
diff --git a/scripts/image-build/build-vyos-image b/scripts/image-build/build-vyos-image
index 044a9055..dfa5dfbe 100755
--- a/scripts/image-build/build-vyos-image
+++ b/scripts/image-build/build-vyos-image
@@ -63,7 +63,7 @@ except Exception as e:
 # Checkout vyos-1x under build directory
 try:
     branch_name = build_defaults['vyos_branch']
-    url_vyos_1x = 'https://github.com/vyos/vyos-1x'
+    url_vyos_1x = os.getenv('VYOS1X_REPO_URL', default='https://github.com/vyos/vyos-1x')
     path_vyos_1x = os.path.join(defaults.BUILD_DIR, 'vyos-1x')
     try:
         repo_vyos_1x = git.Repo.clone_from(url_vyos_1x, path_vyos_1x, no_checkout=True)
@@ -192,7 +192,7 @@ if __name__ == "__main__":
        'pbuilder-debian-mirror': ('Debian repository mirror for pbuilder env bootstrap', None),
        'vyos-mirror': ('VyOS package mirror', None),
        'build-type': ('Build type, release or development', lambda x: x in ['release', 'development']),
-       'version': ('Version number (release builds only)', None),
+       'version': ('Version string', None),
        'build-comment': ('Optional build comment', None),
        'build-hook-opts': ('Custom options for the post-build hook', None)
     }
@@ -269,19 +269,11 @@ if __name__ == "__main__":
     if pre_build_config['pbuilder_debian_mirror'] is None:
         args['pbuilder_debian_mirror'] = pre_build_config['pbuilder_debian_mirror'] = pre_build_config['debian_mirror']
 
-    # Version can only be set for release builds,
-    # for dev builds it hardly makes any sense
-    if pre_build_config['build_type'] == 'development':
-        if args['version'] is not None:
-            print("E: Version can only be set for release builds")
-            print("Use --build-type=release option if you want to set version number")
-            sys.exit(1)
-
     # Validate characters in version name
-    if 'version' in args and args['version'] != None:
+    if args.get('version'):
         allowed = string.ascii_letters + string.digits + '.' + '-' + '+'
         if not set(args['version']) <= set(allowed):
-            print(f'Version contained illegal character(s), allowed: {allowed}')
+            print(f'Version string contains illegal character(s), allowed: {allowed}')
             sys.exit(1)
 
     ## Inject some useful hardcoded options
@@ -413,8 +405,10 @@ if __name__ == "__main__":
             build_git = ""
             git_branch = ""
 
-        # Create the build version string
-        if build_config['build_type'] == 'development':
+        # Create the build version string, if it's not explicitly given
+        if build_config.get('version'):
+            version = build_config['version']
+        else:
             try:
                 if not git_branch:
                     raise ValueError("git branch could not be determined")
@@ -429,9 +423,6 @@ if __name__ == "__main__":
             except Exception as e:
                 print("W: Could not build a version string specific to git branch, falling back to default: {0}".format(str(e)))
                 version = "999.{0}".format(build_timestamp)
-        else:
-            # Release build, use the version from ./configure arguments
-            version = build_config['version']
 
         version_data = {
             'version': version,
@@ -674,7 +665,7 @@ Pin-Priority: 600
     # If not, build additional flavors from the ISO.
     if build_config["image_format"] != ["iso"]:
         # For all non-iso formats, we always build a raw image first
-        raw_image = raw_image.create_raw_image(build_config, iso_file, "tmp/")
+        version_data, raw_image = raw_image.create_raw_image(build_config, iso_file, "tmp/")
         manifest['artifacts'].append(raw_image)
 
         # If there are other formats in the flavor, the assumptions is that
@@ -704,8 +695,10 @@ Pin-Priority: 600
                 hook_opts = build_config["build_hook_opts"]
             else:
                 hook_opts = ""
-            custom_image = rc_cmd(f"./build_hook {raw_image} {build_config['version']} \
-              {build_config['architecture']} {hook_opts}")
+            build_hook_command = f"./build_hook {raw_image} {version_data['version']} \
+              {build_config['architecture']} {hook_opts}"
+            print(f'I: executing build hook command: {build_hook_command}')
+            custom_image = rc_cmd(build_hook_command)
             manifest['artifacts'].append(custom_image)
 
     # Filter out unwanted files from the artifact list
diff --git a/scripts/image-build/raw_image.py b/scripts/image-build/raw_image.py
index dedb6f5e..d850eead 100644
--- a/scripts/image-build/raw_image.py
+++ b/scripts/image-build/raw_image.py
@@ -210,4 +210,4 @@ def create_raw_image(build_config, iso_file, work_dir):
         install_image(con, version)
         install_grub(con, version)
 
-        return raw_file
+        return (version_data, raw_file)
diff --git a/scripts/package-build/amazon-cloudwatch-agent/.gitignore b/scripts/package-build/amazon-cloudwatch-agent/.gitignore
new file mode 100644
index 00000000..7f8e0127
--- /dev/null
+++ b/scripts/package-build/amazon-cloudwatch-agent/.gitignore
@@ -0,0 +1,7 @@
+amazon-cloudwatch-agent/
+*.buildinfo
+*.build
+*.changes
+*.deb
+*.dsc
+*.tar.gz
diff --git a/scripts/package-build/amazon-cloudwatch-agent/build.py b/scripts/package-build/amazon-cloudwatch-agent/build.py
new file mode 120000
index 00000000..3c76af73
--- /dev/null
+++ b/scripts/package-build/amazon-cloudwatch-agent/build.py
@@ -0,0 +1 @@
+../build.py
+\ No newline at end of file
diff --git a/scripts/package-build/amazon-cloudwatch-agent/package.toml b/scripts/package-build/amazon-cloudwatch-agent/package.toml
new file mode 100644
index 00000000..833096d4
--- /dev/null
+++ b/scripts/package-build/amazon-cloudwatch-agent/package.toml
@@ -0,0 +1,14 @@
+[[packages]]
+name = "amazon-cloudwatch-agent"
+commit_id = "v1.300050.0"
+scm_url = "https://github.com/aws/amazon-cloudwatch-agent"
+
+build_cmd = """
+
+make prepackage package-deb
+ARCH=$(dpkg --print-architecture)
+TAG=$(git describe --tags --abbrev=0)
+COMMIT=$(git rev-parse --short HEAD)
+cp ./build/bin/linux/${ARCH}/*.deb ../amazon-cloudwatch-agent_${TAG}_${COMMIT}_${ARCH}.deb
+
+"""
diff --git a/scripts/package-build/amazon-ssm-agent/.gitignore b/scripts/package-build/amazon-ssm-agent/.gitignore
new file mode 100644
index 00000000..f70728cf
--- /dev/null
+++ b/scripts/package-build/amazon-ssm-agent/.gitignore
@@ -0,0 +1,7 @@
+amazon-ssm-agent/
+*.buildinfo
+*.build
+*.changes
+*.deb
+*.dsc
+*.tar.gz
diff --git a/scripts/package-build/amazon-ssm-agent/build.py b/scripts/package-build/amazon-ssm-agent/build.py
new file mode 120000
index 00000000..3c76af73
--- /dev/null
+++ b/scripts/package-build/amazon-ssm-agent/build.py
@@ -0,0 +1 @@
+../build.py
+\ No newline at end of file
diff --git a/scripts/package-build/amazon-ssm-agent/package.toml b/scripts/package-build/amazon-ssm-agent/package.toml
new file mode 100644
index 00000000..ecd2fdf6
--- /dev/null
+++ b/scripts/package-build/amazon-ssm-agent/package.toml
@@ -0,0 +1,16 @@
+[[packages]]
+name = "amazon-ssm-agent"
+commit_id = "3.3.1311.0"
+scm_url = "https://github.com/aws/amazon-ssm-agent"
+
+build_cmd = """
+
+ARCH=$(dpkg --print-architecture)
+TAG=$(git describe --tags --abbrev=0)
+COMMIT=$(git rev-parse --short HEAD)
+
+make build-linux
+make package-deb
+cp ./bin/debian_${ARCH}/*.deb ../amazon-ssm-agent_${TAG}_${COMMIT}_${ARCH}.deb
+
+"""
diff --git a/scripts/utils/merge-flavors b/scripts/utils/merge-flavors
new file mode 100755
index 00000000..79f8180e
--- /dev/null
+++ b/scripts/utils/merge-flavors
@@ -0,0 +1,76 @@
+#!/usr/bin/env python3
+#
+# Copyright (C) 2024 VyOS maintainers and contributors
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License version 2 or later as
+# published by the Free Software Foundation.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program.  If not, see <http://www.gnu.org/licenses/>.
+#
+# Purpose: merges multiple flavor files into one
+
+import sys
+
+import tomli
+import tomli_w
+
+def load_flavor(file_path):
+    with open(file_path, 'rb') as f:
+        flavor_def = tomli.load(f)
+
+    return flavor_def
+
+# XXX: at the moment, this script is only used
+# to produce a meta-flavor for collecting packages
+# used in multiple flavors,
+# so it ignores all other flavor fields for now
+def merge_flavors(l, r):
+    if 'packages' in r:
+        l['packages'] += r['packages']
+
+    for arch in r.get('architectures', []):
+        if arch not in l['architectures']:
+            l['architectures'][arch] = {}
+
+        if 'packages' not in l['architectures'][arch]:
+            l['architectures'][arch]['packages'] = []
+
+        if 'packages' in r['architectures'][arch]:
+            l['architectures'][arch]['packages'] += \
+              r['architectures'][arch]['packages']
+
+    return l
+
+if __name__ == '__main__':
+    if len(sys.argv) < 3:
+        print("Please specify a base flavor and a list of flavor files to merge!")
+        sys.exit(1)
+
+    base_flavor = load_flavor(sys.argv[1])
+
+    if 'architectures' not in base_flavor:
+        base_flavor['architectures'] = {}
+
+    if 'packages' not in base_flavor:
+        base_flavor['packages'] = []
+
+    flavor_files = sys.argv[2:]
+    flavor_defs = map(load_flavor, flavor_files)
+
+    for fd in flavor_defs:
+        merge_flavors(base_flavor, fd)
+
+    base_flavor['packages'] = list(set(base_flavor['packages']))
+    for arch in base_flavor.get('architectures'):
+        if 'packages' in base_flavor['architectures'][arch]:
+            base_flavor['architectures'][arch]['packages'] = \
+              list(set(base_flavor['architectures'][arch]['packages']))
+
+    print(tomli_w.dumps(base_flavor))