When creating partitions using `parted`, the API is:
- MBR: `parted mkpart <partition-type> <fs-type> ...`
- GPT: `parted mkpart <partition-label> <fs-type> ...`
But currently we are treating the first param as always being the `<partition-type>`, when for GPT it is `<partition-label>`. This has the effect that GPT partitions are given a default label of "primary", which is a tad silly. (If an explicit label is provided by the user, then the label is overridden in a subsequent step.)
This change fixes this behavior so that GPT partitions have a default label of nothing ("").
Moving batch of configs that were built-in to be modules to maintain flexibility, though reduce kernel size and boot speed.
These modules are already set as modules on x86 and only targeted to change on arm64.
Signed-off-by: Kelsey Steele <kelseysteele@microsoft.com>
Ubuntu seems to like to call dumpe2fs on ext4 partitions when you mount a disk (even if you don't mount any of the partitions). Depending the size of partition, this can take a little bit of time to run, which can block the loopback from detaching.
The Image Customizer tool uses loopback devices a lot, some of which are only used for a short period of time. So, it can timeout waiting for the loopback to detach. So, this change increases the timeout.
The gpg command, and by extension, the tdnf command expects the USER and HOME environment variables to be valid for the OS they are running under (including under chroot). Since, the image customizer tool is typically run under `sudo` and since root is always a valid user, this generally isn't a problem. But this isn't true if `sudo -E` is used. And this can result in strange difficult to diganose errors in tdnf. So, this change verifies that `sudo -E` isn't being used.
The verity hash partition must be given a placeholder filesystem type. This should probably be `fat32` for simplicty's sake. But currently, the verity example config uses `ext4`. This causes a problem when the `--shrink-filesystems` is set because it means the verity hash partition gets shrunk to almost nothing and therefore isn't big enough to store the hash tree.
This change fixes this problem by ensuring that the verity hash partition is never subject to being shrunk regardless of its placeholder filesystem type. A test is added to verify this.
When you implement a custom unmarshaller, the `KnownFields()` option to the YAML parser is ignored when you call `yaml.Node.Decode()`. So, we have to manually enforce this check.
Use OS_VERSION=3.0 for invocation of the UVM image builder. Needed to fix an issue where UVM builder tried to pull from PMC/azurelinux/2.0, which 404s. The correct path is PMC/azurelinux/3.0.
TPM Event log does not appear to be passed to the kernel when Secure Boot is enforcing. To restore this critical functionality, revert back to our previous 2.06 grub2 which has this support and all SBAT-related CVEs patched.
This reverts commit 26d9bca
Daniel McIlvaney
Sam Meluch
Chris Gunn
Kelsey Steele
Andrew Phelps
CBL-Mariner-Bot
Muhammad Falak R Wani
joejoew
Henry Li
Chris PeBenito
Hideyuki Nagase
Betty
xiaohong
Aditya Dubey
Cameron E Baird
Pawel Winogrodzki
Minghe Ren
Riken Maharjan
Christopher Co
suresh-thelkar
ms-mahuber