| Age | Commit message (Collapse) | Author |
|
Commit 75a495b237 ("sbom: T8542: create during ISO assembly") will shadow any
subsequent calls to vyos.utils.process.cmd() as cmd has be redefined as
variable to hold the CLI command strings for SBOM generation using the syft
binary.
This has been fixed by replacing the cmd variable with another name syft_cmd.
|
|
|
|
|
|
T8445: add support for extension of activation system
|
|
|
|
When building raw images, leave hint to indicate activiation init on
boot.
|
|
VyOS flavors might come with boot_settings which already provided additional
serial interface settings if required. Instead of using our own definitions,
re-use what's already existing.
scripts/image-build/build-vyos-image comes with an implicit default for
boot_settings like console number and speed, thus we do not need to redefine
the existing default - again.
|
|
In order for amd64 or arm64 images to know their serial console settings, we
embed a new file named "flavor.json" under "/usr/share/vyos" into the resulting
image. The file holds configuration parameters unique to the build flavor.
Corresponding library functions are available via a Python vyos.flavor module.
|
|
Fix typos and mistakes in the comments
No functional changes
|
|
T8311: move to GNU coreutils when building GLIBC multiarch variable
|
|
Revert in favor of alternative approach (T8335).
This reverts commit b92471d684f0131fb8885e766cd90ee80dc8ed38.
|
|
This reverts commit 673a2de05776656b70dc4803aa3579138e9fffca.
|
|
x86_64 and arm64 both use a different serial interface during Linux Kernel
boot. Define either ttyS0 or ttyAMA0 per CPU architecture. This could be
further overwritten by individual flavors.
|
|
Commit 88f11dc01bb6 ("T8311: De-hardcode arch for live-build-config
92-strip-symbols") added use on dpkg-architecture which is not present in the
normal chroot build environment.
To be able to use it we need the dpkg-dev in our build chroot environment.
|
|
The raw_image.py script as part of the build-image tools neglects to
leave the canonical hint file in the config install path. This is
standard in the op mode image_installer.py script and is used to detect
previous installations.
|
|
|
|
|
|
do not exist
|
|
|
|
|
|
|
|
|
|
```
vyos@r15:~$ show version | match dir
Build commit ID: d8038ded37fadb-dirty
```
Having uncommited files in vyos-build is completely normal:
custom configs, EULA files in official release builds,
anything else that flavor files may include.
However, many people are not familiar with the specific
meaning of "dirty" in git or with the build process and assume
that "dirty" means something went wrong with the image build.
|
|
|
|
Enhanced the raw image creation logic to dynamically detect and assign
EFI and root partitions based on the number of partitions created by kpartx.
- Supports both 2-partition and 3-partition layouts
- Adds debug output for mapped partitions
- Avoids hardcoded assumptions about partition order
- Improves resilience in cloud-init and containerized build contexts
Fixes build failure when /dev/loopXp3 is missing or not mapped properly.
Signed-off-by: Gabin-CC <gabin.laurent@rte-international.com>
|
|
Description
This pull request introduces improvements to the raw_image.py script responsible for building raw disk images in the VyOS build process.
Main Changes
Added use of kpartx to reliably map EFI and root partitions from the loop device.
Introduced disk_details as an attribute on the BuildContext object to pass partition metadata through the image build steps.
Improved the __exit__ method for BuildContext to unmount all mount points and clean up kpartx mappings and loop devices, even in failure cases.
Fixed a crash in mount_image() when con.disk_details was not set.
Added useful debug logs for loop device usage and partition mapping.
Motivation
The previous implementation assumed partitions like /dev/loopXp3 would appear automatically, which is unreliable across some environments (especially containers or newer systems).
This PR makes the process more reliable by explicitly mapping partitions with kpartx, a tool designed for this purpose.
It also ensures proper resource cleanup by unmounting and detaching everything cleanly, preventing leaked loop devices or stale mount points.
Test Instructions
Flavor : cloud-init.toml
packages = [
"cloud-init",
"qemu-guest-agent"
]
image_format = ["qcow2"]
disk_size = 10
[boot_settings]
console_type = "ttyS0"
Run:
sudo ./build-vyos-image --architecture amd64 \
--build-by "you@example.com" \
--reuse-iso vyos-1.5-rolling-*.iso \
cloud-init
Expected behavior:
The build completes without errors.
The .qcow2 image file is generated and bootable (e.g., in KVM or Proxmox).
Partitions are mounted correctly via /dev/mapper/loopXp*.
Signed-off-by: Gabin-CC <gabin.laurent@rte-international.com>
|
|
build: T7409: do not include MD5 checksums in the ISO image
|
|
|
|
It doesn't appear necessary anymore, if it ever was
|
|
|
|
|
|
|
|
|
|
|
|
VyOS is based on Debian
* VyOS 1.3 -> Debian Buster (VyOS equuleus)
* VyOS 1.4 -> Debian Bookworm (VyOS sagitta)
* VyOS 1.5 -> Debian Bookworm (and then trixie) (VyOS circinus)
* VyOS rolling -> Debian Bookworm (and then trixie) (VyOS t.b.d.)
When running
vyos@vyos:~$ lsb_release -a
Distributor ID: VyOS
Description: VyOS 1.5-rolling-202501031241 (current)
Release: 1.5-rolling-202501031241
Codename: bookworm
The codename in use is the Debian base distribution. This should be changed to
the VyOS release name.
|
|
build: T6923: use the Debian mirror for security updates if it's specified explicitly
|
|
|
|
explicitly
but the security mirror is not
|
|
build: T6904: allow development builds to have version strings
|
|
|
|
|
|
|
|
|
|
build: T6738: add build_type field to version data instead of the very limited and unused lts_build
|
|
instead of the very limited and unused lts_build
|
|
|
|
so that the manifest only contains files considered build artifacts,
and those artifacts can be automatically picked up by CI jobs and the like
|
|
|
|
|
|
This adds support for UEFI Secure Boot. It adds the missing pieces to the Linux
Kernel and enforces module signing. This results in an additional security
layer where untrusted (unsigned) Kernel modules can no longer be loaded into
the live system.
NOTE: This commit will not work unless signing keys are present. Arbitrary
keys can be generated using instructions found in:
data/live-build-config/includes.chroot/var/lib/shim-signed/mok/README.md
|