From c337b7e7f15c4a4f36a46636e485195bf84106ee Mon Sep 17 00:00:00 2001 From: Blieque Mariguan Date: Thu, 6 Feb 2025 23:41:19 +0000 Subject: [PATCH] feat: Use deb822 APT sources - Replace `armbian.list` with `armbian.sources`. This holds the same information in a newer format, deb822. - Replace HTTP with HTTPS for Armbian repositories. --- config/boards/ayn-odin2.csc | 6 +- config/boards/oneplus-kebab.conf | 4 +- config/boards/xiaomi-elish.conf | 4 +- config/boards/xiaomi-umi.eos | 4 +- config/sources/families/bcm2711.conf | 4 +- lib/functions/main/rootfs-image.sh | 6 +- lib/functions/rootfs/distro-agnostic.sh | 4 +- lib/functions/rootfs/distro-specific.sh | 150 ++++++++++++------------ 8 files changed, 94 insertions(+), 88 deletions(-) diff --git a/config/boards/ayn-odin2.csc b/config/boards/ayn-odin2.csc index 148ac2b137ae..a29f4f5f495c 100644 --- a/config/boards/ayn-odin2.csc +++ b/config/boards/ayn-odin2.csc @@ -43,7 +43,7 @@ function post_family_tweaks__enable_services() { fi # We need unudhcpd from armbian repo, so enable it - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.list + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.sources # Add Gamepad udev rule echo 'SUBSYSTEM=="input", ATTRS{name}=="Ayn Odin2 Gamepad", MODE="0666", ENV{ID_INPUT_MOUSE}="0", ENV{ID_INPUT_JOYSTICK}="1"' > "${SDCARD}"/etc/udev/rules.d/99-ignore-gamepad.rules @@ -59,7 +59,7 @@ function post_family_tweaks__enable_services() { do_with_retries 3 chroot_sdcard_apt_get_install alsa-ucm-conf unudhcpd mkbootimg git # Disable armbian repo back - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled do_with_retries 3 chroot_sdcard_apt_get_update do_with_retries 3 chroot_sdcard_apt_get_install mesa-vulkan-drivers qbootctl qrtr-tools protection-domain-mapper tqftpserv @@ -133,7 +133,7 @@ function post_family_tweaks_bsp__firmware_in_initrd() { # Extra one for bt for f in /lib/firmware/qca/* ; do add_firmware "${f#/lib/firmware/}" - done + done FIRMWARE_HOOK run_host_command_logged chmod -v +x "${file_added_to_bsp_destination}" } diff --git a/config/boards/oneplus-kebab.conf b/config/boards/oneplus-kebab.conf index 4a84613037dd..d78c2c764213 100644 --- a/config/boards/oneplus-kebab.conf +++ b/config/boards/oneplus-kebab.conf @@ -65,14 +65,14 @@ function post_family_tweaks__oneplus-kebab_enable_services() { fi # we need unudhcpd from armbian repo, so enable it - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.list + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.sources do_with_retries 3 chroot_sdcard_apt_get_update display_alert "$BOARD" "Installing board tweaks" "info" do_with_retries 3 chroot_sdcard_apt_get_install alsa-ucm-conf qbootctl qrtr-tools unudhcpd mkbootimg dropbear-bin # disable armbian repo back - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled do_with_retries 3 chroot_sdcard_apt_get_update chroot_sdcard systemctl enable qbootctl.service diff --git a/config/boards/xiaomi-elish.conf b/config/boards/xiaomi-elish.conf index dc39783794db..66ece1e2e207 100644 --- a/config/boards/xiaomi-elish.conf +++ b/config/boards/xiaomi-elish.conf @@ -68,7 +68,7 @@ function post_family_tweaks__xiaomi-elish_enable_services() { fi # we need unudhcpd from armbian repo, so enable it - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.list + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.sources do_with_retries 3 chroot_sdcard_apt_get_update display_alert "$BOARD" "Installing board tweaks" "info" @@ -80,7 +80,7 @@ function post_family_tweaks__xiaomi-elish_enable_services() { chroot_sdcard systemctl enable hexagonrpcd-sdsp.service fi # disable armbian repo back - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled do_with_retries 3 chroot_sdcard_apt_get_update chroot_sdcard systemctl enable qbootctl.service diff --git a/config/boards/xiaomi-umi.eos b/config/boards/xiaomi-umi.eos index e4775c0ccb7d..b559a084a05d 100644 --- a/config/boards/xiaomi-umi.eos +++ b/config/boards/xiaomi-umi.eos @@ -58,14 +58,14 @@ function post_family_tweaks__xiaomi-umi_enable_services() { fi # We need unudhcpd from armbian repo, so enable it - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.list + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.sources do_with_retries 3 chroot_sdcard_apt_get_update display_alert "$BOARD" "Installing board tweaks" "info" do_with_retries 3 chroot_sdcard_apt_get_install alsa-ucm-conf qbootctl qrtr-tools unudhcpd mkbootimg # Disable armbian repo back - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled do_with_retries 3 chroot_sdcard_apt_get_update chroot_sdcard systemctl enable qbootctl.service diff --git a/config/sources/families/bcm2711.conf b/config/sources/families/bcm2711.conf index 93ba9f21014a..9518f7a24b86 100644 --- a/config/sources/families/bcm2711.conf +++ b/config/sources/families/bcm2711.conf @@ -222,11 +222,11 @@ function pre_install_distribution_specific__add_rpi_packages() { # we store Rpi firmware packages in our repository # https://github.com/armbian/os/wiki/Import-3rd-party-packages display_alert "Enable Armbian repository to fetch Rpi packages" "" "info" - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.list + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled "${SDCARD}"/etc/apt/sources.list.d/armbian.sources do_with_retries 3 chroot_sdcard_apt_get_update chroot_sdcard_apt_get_install rpi-eeprom linux-firmware-raspi pi-bluetooth libraspberrypi-bin busybox raspi-config ## disable armbian repository - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled fi } diff --git a/lib/functions/main/rootfs-image.sh b/lib/functions/main/rootfs-image.sh index 455b774aa24c..be11bfef69cc 100644 --- a/lib/functions/main/rootfs-image.sh +++ b/lib/functions/main/rootfs-image.sh @@ -47,9 +47,9 @@ function build_rootfs_and_image() { create_sources_list_and_deploy_repo_key "image-late" "${RELEASE}" "${SDCARD}/" # We call this above method too many times. @TODO: find out why and fix the same - # We may have a armbian.list.disabled file lying around. Remove the same - if [[ -e "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled ]]; then - rm "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled + # We may have a armbian.sources.disabled file lying around. Remove the same + if [[ -e "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled ]]; then + rm "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled fi LOG_SECTION="post_repo_apt_update" do_with_logging post_repo_apt_update diff --git a/lib/functions/rootfs/distro-agnostic.sh b/lib/functions/rootfs/distro-agnostic.sh index 83361914a184..c733ac5044e1 100644 --- a/lib/functions/rootfs/distro-agnostic.sh +++ b/lib/functions/rootfs/distro-agnostic.sh @@ -400,8 +400,8 @@ function install_distribution_agnostic() { [[ -f "${SDCARD}"/lib/systemd/system/armbian-led-state.service ]] && chroot_sdcard systemctl --no-reload enable armbian-led-state.service # switch to beta repository at this stage if building nightly images - if [[ $IMAGE_TYPE == nightly && -f "${SDCARD}"/etc/apt/sources.list.d/armbian.list ]]; then - sed -i 's/apt/beta/' "${SDCARD}"/etc/apt/sources.list.d/armbian.list + if [[ $IMAGE_TYPE == nightly && -f "${SDCARD}"/etc/apt/sources.list.d/armbian.sources ]]; then + sed -i 's/apt/beta/' "${SDCARD}"/etc/apt/sources.list.d/armbian.sources fi # fix for https://bugs.launchpad.net/ubuntu/+source/blueman/+bug/1542723 @TODO: from ubuntu 15. maybe gone? diff --git a/lib/functions/rootfs/distro-specific.sh b/lib/functions/rootfs/distro-specific.sh index 216b08aefda5..5f7358b8d052 100644 --- a/lib/functions/rootfs/distro-specific.sh +++ b/lib/functions/rootfs/distro-specific.sh @@ -78,91 +78,88 @@ function create_sources_list_and_deploy_repo_key() { declare basedir="${3}" # @TODO: rpardini: this is SDCARD in all practical senses. Why not just use SDCARD? [[ -z $basedir ]] && exit_with_error "No basedir passed to create_sources_list_and_deploy_repo_key" - case $release in - buster) - cat <<- EOF > "${basedir}"/etc/apt/sources.list - deb http://${DEBIAN_MIRROR} $release main contrib non-free - #deb-src http://${DEBIAN_MIRROR} $release main contrib non-free - - deb http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free - #deb-src http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free - - deb http://${DEBIAN_SECURTY} ${release}/updates main contrib non-free - #deb-src http://${DEBIAN_SECURTY} ${release}/updates main contrib non-free - EOF - ;; + declare distro="" - bullseye) - cat <<- EOF > "${basedir}"/etc/apt/sources.list - deb http://${DEBIAN_MIRROR} $release main contrib non-free - #deb-src http://${DEBIAN_MIRROR} $release main contrib non-free - - deb http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free - #deb-src http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free - - deb http://${DEBIAN_MIRROR} ${release}-backports main contrib non-free - #deb-src http://${DEBIAN_MIRROR} ${release}-backports main contrib non-free - - deb http://${DEBIAN_SECURTY} ${release}-security main contrib non-free - #deb-src http://${DEBIAN_SECURTY} ${release}-security main contrib non-free - EOF - ;; + # Add upstream (Debian/Ubuntu) APT repository + case $release in + buster | bullseye | bookworm | trixie) + distro="debian" - bookworm | trixie) - # non-free firmware in bookworm and later has moved from the non-free archive component to a new non-free-firmware component (alongside main/contrib/non-free). This was implemented on 2023-01-27, see also https://lists.debian.org/debian-boot/2023/01/msg00235.html - cat <<- EOF > "${basedir}"/etc/apt/sources.list - deb http://${DEBIAN_MIRROR} $release main contrib non-free non-free-firmware - #deb-src http://${DEBIAN_MIRROR} $release main contrib non-free non-free-firmware + declare -a suites=("${release}" "${release}-updates") + declare -a security_suites=("${release}-security") + declare -a components=(main contrib non-free) - deb http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free non-free-firmware - #deb-src http://${DEBIAN_MIRROR} ${release}-updates main contrib non-free non-free-firmware + if [[ "$release" == "buster" ]]; then + security_suites=("${release}/updates") + else + suites+=("${release}-backports") + fi - deb http://${DEBIAN_MIRROR} ${release}-backports main contrib non-free non-free-firmware - #deb-src http://${DEBIAN_MIRROR} ${release}-backports main contrib non-free non-free-firmware + if [[ "$release" != "buster" && "$release" != "bullseye" ]]; then + components+=("non-free-firmware") + fi - deb http://${DEBIAN_SECURTY} ${release}-security main contrib non-free non-free-firmware - #deb-src http://${DEBIAN_SECURTY} ${release}-security main contrib non-free non-free-firmware + cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources" + Types: deb + URIs: http://${DEBIAN_MIRROR} + Suites: ${suites[@]} + Components: ${components[@]} + Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg + + Types: deb + URIs: http://${DEBIAN_SECURTY} + Suites: ${security_suites[@]} + Components: ${components[@]} + Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg EOF ;; - sid | unstable) # sid is permanent unstable development and has no such thing as updates or security - cat <<- EOF > "${basedir}"/etc/apt/sources.list - deb http://${DEBIAN_MIRROR} $release main contrib non-free non-free-firmware - #deb-src http://${DEBIAN_MIRROR} $release main contrib non-free non-free-firmware + sid | unstable) + distro="debian" + # sid is permanent unstable development and has no such thing as updates or security + cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources" + Types: deb + URIs: http://${DEBIAN_MIRROR} + Suites: ${release} + Components: main contrib non-free non-free-firmware + Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg EOF - # Exception: with riscv64 not everything was moved from ports - # https://lists.debian.org/debian-riscv/2023/07/msg00053.html + # Required for some packages on riscv64. + # See: http://lists.debian.org/debian-riscv/2023/07/msg00053.html if [[ "${ARCH}" == riscv64 ]]; then - echo "deb http://deb.debian.org/debian-ports/ sid main " >> "${basedir}"/etc/apt/sources.list + cat <<- EOF >> "${basedir}/etc/apt/sources.list.d/${distro}.sources" + + Types: deb + URIs: http://deb.debian.org/debian-ports/ + Suites: ${release} + Components: main + Signed-By: /usr/share/keyrings/debian-archive-keyring.gpg + Architectures: riscv64 + EOF fi ;; focal | jammy | noble | oracular | plucky) - cat <<- EOF > "${basedir}"/etc/apt/sources.list - deb http://${UBUNTU_MIRROR} $release main restricted universe multiverse - #deb-src http://${UBUNTU_MIRROR} $release main restricted universe multiverse - - deb http://${UBUNTU_MIRROR} ${release}-security main restricted universe multiverse - #deb-src http://${UBUNTU_MIRROR} ${release}-security main restricted universe multiverse - - deb http://${UBUNTU_MIRROR} ${release}-updates main restricted universe multiverse - #deb-src http://${UBUNTU_MIRROR} ${release}-updates main restricted universe multiverse - - deb http://${UBUNTU_MIRROR} ${release}-backports main restricted universe multiverse - #deb-src http://${UBUNTU_MIRROR} ${release}-backports main restricted universe multiverse + distro="ubuntu" + + cat <<- EOF > "${basedir}/etc/apt/sources.list.d/${distro}.sources" + Types: deb + URIs: http://${UBUNTU_MIRROR} + Suites: ${release} ${release}-security ${release}-updates ${release}-backports + Components: main restricted universe multiverse + Signed-By: /usr/share/keyrings/ubuntu-archive-keyring.gpg EOF ;; esac # add armbian key - display_alert "Adding Armbian repository and authentication key" "${when} :: /etc/apt/sources.list.d/armbian.list" "info" + display_alert "Adding Armbian repository and authentication key" "${when} :: /etc/apt/sources.list.d/armbian.sources" "info" mkdir -p "${basedir}"/usr/share/keyrings # change to binary form APT_SIGNING_KEY_FILE="/usr/share/keyrings/armbian.gpg" gpg --dearmor < "${SRC}"/config/armbian.key > "${basedir}${APT_SIGNING_KEY_FILE}" - SIGNED_BY="[signed-by=${APT_SIGNING_KEY_FILE}] " # lets keep old way for old distributions if [[ "${RELEASE}" =~ (focal|bullseye) ]]; then @@ -170,6 +167,7 @@ function create_sources_list_and_deploy_repo_key() { chroot "${basedir}" /bin/bash -c "cat armbian.key | apt-key add - > /dev/null 2>&1" fi + # Add Armbian APT repository declare -a components=() if [[ "${when}" == "image"* ]]; then # only include the 'main' component when deploying to image (early or late) components+=("main") @@ -178,23 +176,31 @@ function create_sources_list_and_deploy_repo_key() { components+=("${RELEASE}-desktop") # desktop contains packages Igor picks from other repos # stage: add armbian repository and install key - if [[ $DOWNLOAD_MIRROR == "china" ]]; then - echo "deb ${SIGNED_BY}https://mirrors.tuna.tsinghua.edu.cn/armbian $RELEASE ${components[*]}" > "${basedir}"/etc/apt/sources.list.d/armbian.list + # armbian_mirror="http://$([[ $BETA == yes ]] && echo "beta" || echo "apt").armbian.com" + declare armbian_mirror="apt.armbian.com" + if [[ -n $LOCAL_MIRROR ]]; then + armbian_mirror="$LOCAL_MIRROR" + elif [[ $DOWNLOAD_MIRROR == "china" ]]; then + armbian_mirror="mirrors.tuna.tsinghua.edu.cn/armbian" elif [[ $DOWNLOAD_MIRROR == "bfsu" ]]; then - echo "deb ${SIGNED_BY}http://mirrors.bfsu.edu.cn/armbian $RELEASE ${components[*]}" > "${basedir}"/etc/apt/sources.list.d/armbian.list - else - echo "deb ${SIGNED_BY}http://$([[ $BETA == yes ]] && echo "beta" || echo "apt").armbian.com $RELEASE ${components[*]}" > "${basedir}"/etc/apt/sources.list.d/armbian.list + armbian_mirror="mirrors.bfsu.edu.cn/armbian" + elif [[ $BETA == "yes" ]]; then + armbian_mirror="beta.armbian.com" fi - - # replace local package server if defined. Suitable for development - [[ -n $LOCAL_MIRROR ]] && echo "deb ${SIGNED_BY}http://$LOCAL_MIRROR $RELEASE ${components[*]}" > "${basedir}"/etc/apt/sources.list.d/armbian.list + cat <<- EOF > "${basedir}"/etc/apt/sources.list.d/armbian.sources + Types: deb + URIs: https://${armbian_mirror} + Suites: $RELEASE + Components: ${components[*]} + Signed-By: ${APT_SIGNING_KEY_FILE} + EOF # disable repo if DISTRIBUTION_STATUS==eos, or if SKIP_ARMBIAN_REPO==yes, or if when==image-early. if [[ "${when}" == "image-early" || "$(cat "${SRC}/config/distributions/${RELEASE}/support")" == "eos" || "${SKIP_ARMBIAN_REPO}" == "yes" ]]; then display_alert "Disabling Armbian repo" "${ARCH}-${RELEASE} :: skip:${SKIP_ARMBIAN_REPO:-"no"} when:${when}" "info" - mv "${SDCARD}"/etc/apt/sources.list.d/armbian.list "${SDCARD}"/etc/apt/sources.list.d/armbian.list.disabled + mv "${SDCARD}"/etc/apt/sources.list.d/armbian.sources "${SDCARD}"/etc/apt/sources.list.d/armbian.sources.disabled fi declare CUSTOM_REPO_WHEN="${when}" @@ -202,9 +208,9 @@ function create_sources_list_and_deploy_repo_key() { # Let user customize call_extension_method "custom_apt_repo" <<- 'CUSTOM_APT_REPO' *customize apt sources.list.d and/or deploy repo keys* - Called after core Armbian has finished setting up SDCARD's sources.list and sources.list.d/armbian.list. - If SKIP_ARMBIAN_REPO=yes, armbian.list.disabled is present instead. - The global Armbian GPG key has been deployed to SDCARD's /usr/share/keyrings/armbian.gpg, de-armored. + Called after core Armbian has finished setting up SDCARD's debian.sources/ubuntu.sources and armbian.sources in /etc/apt/sources.list.d/. + If SKIP_ARMBIAN_REPO=yes, armbian.sources.disabled is present instead. + The global Armbian GPG key has been deployed to SDCARD's ${APT_SIGNING_KEY_FILE}, de-armored. You can implement this hook to add, remove, or modify sources.list.d entries, and/or deploy additional GPG keys. Important: honor $CUSTOM_REPO_WHEN; if it's ==rootfs, don't add repos/components that carry the .debs produced by armbian/build. Ideally, also don't add any possibly-conflicting repo if `$CUSTOM_REPO_WHEN==image-early`.