~xnox/ubuntu/+source/linux-snap/+git/focal:master

Branch merges

Related source package recipes

No recipes using this branch. (?)

Create packaging recipe

Related snap packages

Related charm recipes

Related rock recipes

280f0cb... by Dimitri John Ledkov on 2019-08-06

Pin any PPAs to the same priority as -updates.

PPAs only have "release" pocket, and do not have -updates, thus at the
moment they get pinned down lower than -updates. Normally, the
snappy-dev/image ppa should be treated on the same priority as
-updates.

Signed-off-by: Dimitri John Ledkov <email address hidden>
Acked-by: Paolo Pisati <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>

48a5d09... by Paolo Pisati on 2019-07-30

Enable initramfs-tools framebuffer script

BugLink: https://launchpad.net/bugs/1838429

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>

9a768b1... by Paolo Pisati on 2019-07-30

Revert "Initrd modules: fbdev/hdmi out support for psplash"

BugLink: https://launchpad.net/bugs/1838429

This reverts commit edd1f8914fded36d4739fd24cdbdd05c5cf37611.

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Kleber Sacilotto de Souza <email address hidden>

edd1f89... by Paolo Pisati on 2019-07-23

Initrd modules: fbdev/hdmi out support for psplash

BugLink: https://launchpad.net/bugs/1837209

Signed-off-by: Paolo Pisati <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Brad Figg <email address hidden>

b73543e... by Stefan Bader on 2019-07-16

Run one update after debootstrap

To add the key we need to install gnupg but we cannot do that
after copying in the external sources.list (which contains the
other archive already). So do one unmodified update run.

Signed-off-by: Stefan Bader <email address hidden>

7f24249... by Stefan Bader on 2019-07-16

Fix build with snap source already there

Inject the snap key as soon as possible.

Signed-off-by: Stefan Bader <email address hidden>

ea01634... by Tyler Hicks on 2019-07-16

Use authenticated repositories and packages

BugLink: https://launchpad.net/bugs/1836041

Ensure that all of the additionally configured repositories and
installed packages needed to construct a kernel snap are authenticated
by apt.

The Makefile improperly used the --allow-insecure-repositories and
--allow-unauthenticated apt options when setting up the build chroot. An
attacker with control over the network between the build machine and the
Ubuntu archive or the snappy-dev/image PPA could use this to perform a
man-in-the-middle attack to install malicious packages in the build
chroot.

Such an attack is unlikely for the official Ubuntu kernel snap builds
since the Launchpad buildd infrastructure and the network communication
with the Ubuntu archive and Launchpad PPAs is tightly controlled.
However, end-users may use this Makefile to build their own kernel snaps
and have no guarantees about the communication with the archive or PPAs.

Store a copy of the snappy-dev/image PPA's public signing key alongside
the Makefile so that the public signing key can be added to apt as part
of the build process. Finally, remove all uses of
--allow-insecure-repositories and --allow-unauthenticated when invoking
apt commands.

CVE-2019-11480

Signed-off-by: Tyler Hicks <email address hidden>
Acked-by: Stefan Bader <email address hidden>
Acked-by: Andy Whitcroft <email address hidden>
Signed-off-by: Stefan Bader <email address hidden>

bf65d87... by Paolo Pisati on 2019-06-11

deb to snap: enable arm64 for linux-pc-image

Signed-off-by: Paolo Pisati <email address hidden>

a19c827... by Paolo Pisati on 2019-02-20

deb to snap: enable armhf for linux-pc-image

Signed-off-by: Paolo Pisati <email address hidden>

ce46037... by Stefan Bader on 2019-01-16

Undo changes to avoid second apt update

We were missing the one line which adds another source
in all cases.

Signed-off-by: Stefan Bader <email address hidden>