summaryrefslogtreecommitdiff
path: root/scripts/image-build
AgeCommit message (Collapse)Author
2026-06-04sbom: T8542: bugfix shadowing cmd() function with cmd variable nameChristian Breunig
Commit 75a495b237 ("sbom: T8542: create during ISO assembly") will shadow any subsequent calls to vyos.utils.process.cmd() as cmd has be redefined as variable to hold the CLI command strings for SBOM generation using the syft binary. This has been fixed by replacing the cmd variable with another name syft_cmd.
2026-06-02sbom: T8542: change result filenames to match ISO image filenameChristian Breunig
2026-06-01sbom: T8542: create during ISO assemblyChristian Breunig
2026-05-01Merge pull request #1156 from jestabro/extend-activation-systemDaniil Baturin
T8445: add support for extension of activation system
2026-04-20T8445: allow overriding activation init list in flavor filesJohn Estabrook
2026-04-20T8445: add activation init hint during raw image buildJohn Estabrook
When building raw images, leave hint to indicate activiation init on boot.
2026-04-20image: T8375: honor already existing boot_settingsChristian Breunig
VyOS flavors might come with boot_settings which already provided additional serial interface settings if required. Instead of using our own definitions, re-use what's already existing. scripts/image-build/build-vyos-image comes with an implicit default for boot_settings like console number and speed, thus we do not need to redefine the existing default - again.
2026-03-31flavor: T8375: add flavor.json during build into resulting imageChristian Breunig
In order for amd64 or arm64 images to know their serial console settings, we embed a new file named "flavor.json" under "/usr/share/vyos" into the resulting image. The file holds configuration parameters unique to the build flavor. Corresponding library functions are available via a Python vyos.flavor module.
2026-03-26T8410: Fix typos and mistakes in scripts and commentsViacheslav Hletenko
Fix typos and mistakes in the comments No functional changes
2026-03-03Merge pull request #1130 from c-po/multiarchJohn Estabrook
T8311: move to GNU coreutils when building GLIBC multiarch variable
2026-03-02Revert "T8265: leave config path hint in raw image install_image"John Estabrook
Revert in favor of alternative approach (T8335). This reverts commit b92471d684f0131fb8885e766cd90ee80dc8ed38.
2026-03-02Revert "T8311: add missing bootstrap binary dependency on dpkg-dev"Christian Breunig
This reverts commit 673a2de05776656b70dc4803aa3579138e9fffca.
2026-02-28T8120: define per architecture serial interface for Linux KernelChristian Breunig
x86_64 and arm64 both use a different serial interface during Linux Kernel boot. Define either ttyS0 or ttyAMA0 per CPU architecture. This could be further overwritten by individual flavors.
2026-02-26T8311: add missing bootstrap binary dependency on dpkg-devChristian Breunig
Commit 88f11dc01bb6 ("T8311: De-hardcode arch for live-build-config 92-strip-symbols") added use on dpkg-architecture which is not present in the normal chroot build environment. To be able to use it we need the dpkg-dev in our build chroot environment.
2026-02-12T8265: leave config path hint in raw image install_imageJohn Estabrook
The raw_image.py script as part of the build-image tools neglects to leave the canonical hint file in the config install path. This is standard in the op mode image_installer.py script and is used to detect previous installations.
2026-01-21Merge branch 'current' into T8193-better-build-type-arch-errorDaniil Baturin
2026-01-19build: T8194: fix a typo in the root privileges commentDaniil Baturin
2026-01-19build: T8193: handle the case when build type and architecture mix-in files ↵Daniil Baturin
do not exist
2026-01-19build: T8194: use an exception to simplify exception handlingDaniil Baturin
2026-01-17build: T8185: fix install path for default configs in [[include_chroot]]John Estabrook
2026-01-17build: T8185: correct the install path for entry [default_config]John Estabrook
2026-01-17build: T8185: add vyos-1x directories dict to local utilsJohn Estabrook
2025-07-22T7576: Remove unnecessary code for checking dirty build statusOleksandr Kuchmystyi
``` vyos@r15:~$ show version | match dir Build commit ID: d8038ded37fadb-dirty ``` Having uncommited files in vyos-build is completely normal: custom configs, EULA files in official release builds, anything else that flavor files may include. However, many people are not familiar with the specific meaning of "dirty" in git or with the build process and assume that "dirty" means something went wrong with the image build.
2025-06-10Remove a stray debug outputDaniil Baturin
2025-06-06T7453: handle dynamic partition mapping in raw image buildGabin-CC
Enhanced the raw image creation logic to dynamically detect and assign EFI and root partitions based on the number of partitions created by kpartx. - Supports both 2-partition and 3-partition layouts - Adds debug output for mapped partitions - Avoids hardcoded assumptions about partition order - Improves resilience in cloud-init and containerized build contexts Fixes build failure when /dev/loopXp3 is missing or not mapped properly. Signed-off-by: Gabin-CC <gabin.laurent@rte-international.com>
2025-06-06T7453: Enhance raw/qcow2 image creationGabin-CC
Description This pull request introduces improvements to the raw_image.py script responsible for building raw disk images in the VyOS build process. Main Changes Added use of kpartx to reliably map EFI and root partitions from the loop device. Introduced disk_details as an attribute on the BuildContext object to pass partition metadata through the image build steps. Improved the __exit__ method for BuildContext to unmount all mount points and clean up kpartx mappings and loop devices, even in failure cases. Fixed a crash in mount_image() when con.disk_details was not set. Added useful debug logs for loop device usage and partition mapping. Motivation The previous implementation assumed partitions like /dev/loopXp3 would appear automatically, which is unreliable across some environments (especially containers or newer systems). This PR makes the process more reliable by explicitly mapping partitions with kpartx, a tool designed for this purpose. It also ensures proper resource cleanup by unmounting and detaching everything cleanly, preventing leaked loop devices or stale mount points. Test Instructions Flavor : cloud-init.toml packages = [ "cloud-init", "qemu-guest-agent" ] image_format = ["qcow2"] disk_size = 10 [boot_settings] console_type = "ttyS0" Run: sudo ./build-vyos-image --architecture amd64 \ --build-by "you@example.com" \ --reuse-iso vyos-1.5-rolling-*.iso \ cloud-init Expected behavior: The build completes without errors. The .qcow2 image file is generated and bootable (e.g., in KVM or Proxmox). Partitions are mounted correctly via /dev/mapper/loopXp*. Signed-off-by: Gabin-CC <gabin.laurent@rte-international.com>
2025-04-29Merge pull request #957 from dmbaturin/T7409-no-md5Daniil Baturin
build: T7409: do not include MD5 checksums in the ISO image
2025-04-28build: T7409: do not include MD5 checksums in the ISO imageDaniil Baturin
2025-04-25build: T7399: remove the APT option to allow downgradesDaniil Baturin
It doesn't appear necessary anymore, if it ever was
2025-04-18build: T7372: correctly quote lb_config argumentsDaniil Baturin
2025-03-18T861: use secure-boot certificates from data/certificatesChristian Breunig
2025-03-18T861: disable colored output when using live-build - good for CIChristian Breunig
2025-01-30build: T7109: add support for includes_binary in flavorsT7109-binary-includesDaniil Baturin
2025-01-08Testsuite: T7031: add version to manifest if not explicitly setJohn Estabrook
2025-01-05T7019: use VyOS release train in /etc/os-release codename over Debian releaseChristian Breunig
VyOS is based on Debian * VyOS 1.3 -> Debian Buster (VyOS equuleus) * VyOS 1.4 -> Debian Bookworm (VyOS sagitta) * VyOS 1.5 -> Debian Bookworm (and then trixie) (VyOS circinus) * VyOS rolling -> Debian Bookworm (and then trixie) (VyOS t.b.d.) When running vyos@vyos:~$ lsb_release -a Distributor ID: VyOS Description: VyOS 1.5-rolling-202501031241 (current) Release: 1.5-rolling-202501031241 Codename: bookworm The codename in use is the Debian base distribution. This should be changed to the VyOS release name.
2024-11-30Merge pull request #849 from dmbaturin/T6923-deb-security-urlsChristian Breunig
build: T6923: use the Debian mirror for security updates if it's specified explicitly
2024-11-29build: T6922: add an option to specify bootloaders for the imageDaniil Baturin
2024-11-29build: T6923: use the Debian mirror for security updates if it's specified ↵Daniil Baturin
explicitly but the security mirror is not
2024-11-21Merge pull request #842 from dmbaturin/T6904-dev-build-versionsJohn Estabrook
build: T6904: allow development builds to have version strings
2024-11-20build: T6904: allow development builds to have version stringsDaniil Baturin
2024-11-20build: T6903: allow passing vyos-1x repo path in an environment variableDaniil Baturin
2024-11-06build: T6855: make the custom APT entry and key syntax more flexibleDaniil Baturin
2024-10-07T3303: fix location of os-release fileChristian Breunig
2024-09-30Merge pull request #773 from dmbaturin/T6738-build-type-fieldChristian Breunig
build: T6738: add build_type field to version data instead of the very limited and unused lts_build
2024-09-25build: T6738: add build_type field to version dataDaniil Baturin
instead of the very limited and unused lts_build
2024-09-22T861: VyOS image build should use UTC timestampsChristian Breunig
2024-09-20build: T3664: add an option to specify artifact extensionsDaniil Baturin
so that the manifest only contains files considered build artifacts, and those artifacts can be automatically picked up by CI jobs and the like
2024-09-18build: T3664: improve support for custom build hooksDaniil Baturin
2024-09-17build: T6653: fix a manifest generation error when using --reuse-isoDaniil Baturin
2024-09-14T861: add UEFI Secure Boot supportChristian Breunig
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux Kernel and enforces module signing. This results in an additional security layer where untrusted (unsigned) Kernel modules can no longer be loaded into the live system. NOTE: This commit will not work unless signing keys are present. Arbitrary keys can be generated using instructions found in: data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md