From 8e86e2d981664716458bd01e33e108a206dce2ff Mon Sep 17 00:00:00 2001 From: sonicaj Date: Fri, 19 Sep 2025 21:55:20 +0500 Subject: [PATCH] NAS-137225 / 26.04 / Fix scale build for trixie (#925) * Trixie related changes for scale-build * Point to HM mirrors * Update apt preferences for trixie * Update debootstrap changes for trixie * Minor fix * Remove python3 package * Remove mandatory explicit dep * Use openjdk-21-jdk for kernel * Update passwd * There is no need for custom openssl now * Move from libssl3 to libssl3t64 * Remove util-linux from build manifest * Set env variable for spdk * Don't buidl spdk for now * ipmctl is not available in stable * Remove legacy sysv unit stuff * Comment out netdata for now * Small umount fix * Also umount efivars * Update build manifest to reflect updated branches * Remove nfs entry from mtree * Make sure to umount efivars * Properly have apt sources fixed in update image * Pull in grub2-common * Add netdata mirror * Fix url * Make sure corepack is non-interactive * Update netdata groups * Fix efivars mounting * Properly use clean_mounts * Add fixme for netdata * Properly comment out spdk explicit deps * Remove grub-efi-amd64-signed from iso * Make sure efivarfs is definitely mounted * Bring in isc-dhcp-client for now * Revert "Bring in isc-dhcp-client for now" This reverts commit 259ffebba573ee56845ccc0d9f2e01cbce88159b. * Only try to umount efivarfs if host is actually efi based * Update repo's branches --- conf/build.manifest | 119 +++++++++++--------------- conf/reference-files/etc/group | 8 +- conf/reference-files/etc/passwd | 1 + scale_build/bootstrap/bootstrapdir.py | 70 ++++++++++----- scale_build/extensions.py | 2 +- scale_build/image/bootstrap.py | 2 + scale_build/image/iso.py | 2 +- scale_build/image/mtree.py | 2 +- scale_build/image/update.py | 44 +++++----- scale_build/iso.py | 4 +- scale_build/packages/package.py | 4 +- scale_build/update_image.py | 7 +- truenas_install/__main__.py | 4 +- 13 files changed, 133 insertions(+), 136 deletions(-) diff --git a/conf/build.manifest b/conf/build.manifest index ce6f14c..22479fa 100644 --- a/conf/build.manifest +++ b/conf/build.manifest @@ -1,6 +1,6 @@ --- code_name: "Halfmoon" -debian_release: "bookworm" +debian_release: "trixie" identity_file_path_default: "~/.ssh/id_rsa" # # List of apt repositories that are used and setup inside the build environment @@ -10,24 +10,27 @@ identity_file_path_default: "~/.ssh/id_rsa" apt-repos: base-url: https://apt.sys.truenas.net/ base-url-internal: http://apt-mirror.tn.ixsystems.net/ - url: goldeye/nightlies/debian/ - distribution: bookworm + url: halfmoon/nightlies/debian/ + distribution: trixie components: main additional: - - url: goldeye/nightlies/debian-security/ - distribution: bookworm-security + - url: halfmoon/nightlies/debian-security/ + distribution: trixie-security component: main - - url: goldeye/nightlies/debian-backports/ - distribution: bookworm-backports + - url: halfmoon/nightlies/debian-backports/ + distribution: trixie-backports component: "main contrib non-free non-free-firmware" - - url: goldeye/nightlies/debian-debug/ - distribution: bookworm-debug + - url: halfmoon/nightlies/debian-debug/ + distribution: trixie-debug component: main - - url: goldeye/nightlies/yarn/ + - url: halfmoon/nightlies/yarn/ distribution: stable component: main - - url: goldeye/nightlies/docker/ - distribution: bookworm + - url: halfmoon/nightlies/netdata/ + distribution: trixie + component: main + - url: halfmoon/nightlies/docker/ + distribution: trixie component: stable key: keys/docker.gpg @@ -36,9 +39,9 @@ apt-repos: # NOTE: Installed in the order listed ############################################################################ base-packages: -- name: libssl3 +- name: libssl3t64 install_recommends: true -- name: openssl +- name: openssl-provider-fips install_recommends: true - name: dosfstools install_recommends: true @@ -86,6 +89,8 @@ base-packages: install_recommends: true - name: grub-efi-amd64-bin install_recommends: true +- name: grub2-common + install_recommends: true - name: htop install_recommends: true - name: incus @@ -117,8 +122,8 @@ base-packages: install_recommends: true - name: truenas-ipaclient install_recommends: true -- name: truenas-spdk - install_recommends: true +# - name: truenas-spdk +# install_recommends: true - name: cifs-utils install_recommends: true - name: nfs4xdr-acl-tools @@ -208,7 +213,7 @@ build-epoch: 13 ############################################################################ apt_preferences: - Package: "*" - Pin: "release n=bookworm-backports" + Pin: "release n=trixie" Pin-Priority: 900 - Package: "*" Pin: "origin \"\"" @@ -217,7 +222,7 @@ apt_preferences: Pin: "version 525.89*" Pin-Priority: 1000 - Package: "*curl*" - Pin: "release n=bookworm-security" + Pin: "release n=trixie-security" Pin-Priority: 1000 - Package: "*libcrypto*" Pin: "origin \"\"" @@ -229,22 +234,22 @@ apt_preferences: Pin: "origin \"\"" Pin-Priority: 1050 - Package: "*node*" - Pin: "release n=bookworm-security" + Pin: "release n=trixie-security" Pin-Priority: 1000 - Package: "*policykit*" - Pin: "release n=bookworm-security" + Pin: "release n=trixie-security" Pin-Priority: 1000 - Package: "*polkit*" - Pin: "release n=bookworm-security" + Pin: "release n=trixie-security" Pin-Priority: 1000 - Package: "*ssh*" - Pin: "release n=bookworm-security" + Pin: "release n=trixie-security" Pin-Priority: 1000 - Package: "*ssl*" Pin: "origin \"\"" Pin-Priority: 1050 - Package: "*tls*" - Pin: "release n=bookworm-security" + Pin: "release n=trixie-security" Pin-Priority: 1000 - Package: "*zfs*" Pin: "version 2.1.*" @@ -288,9 +293,9 @@ additional-packages: - name: ndctl comment: requested by community (NAS-108490) install_recommends: true -- name: ipmctl - comment: requested by community (NAS-108490) - install_recommends: true +# - name: ipmctl +# comment: requested by community (NAS-108490) +# install_recommends: true - name: acpica-tools comment: requested by platform team (NAS-118432) install_recommends: true @@ -348,14 +353,6 @@ iso-packages: # to be built ############################################################################ sources: -- name: openssl - repo: https://github.com/truenas/openssl - branch: master - generate_version: false - batch_priority: 0 - predepscmd: - - "apt install -y wget xz-utils" - - "./pull.sh" - name: kernel repo: https://github.com/truenas/linux branch: truenas/linux-6.12 @@ -364,12 +361,10 @@ sources: env: EXTRAVERSION: "-production" PYTHON: "python3" - explicit_deps: - - python3 predepscmd: - "apt install -y flex bison dwarves libssl-dev devscripts" # Install dependencies to build perf - - "apt install -y libelf-dev libdw-dev systemtap-sdt-dev libunwind-dev libslang2-dev libperl-dev binutils-dev libiberty-dev python3 python3-setuptools python3-dev liblzma-dev libzstd-dev libcap-dev libnuma-dev libbabeltrace-dev openjdk-17-jdk libcapstone-dev llvm-dev" + - "apt install -y libelf-dev libdw-dev systemtap-sdt-dev libunwind-dev libslang2-dev libperl-dev binutils-dev libiberty-dev python3 python3-setuptools python3-dev liblzma-dev libzstd-dev libcap-dev libnuma-dev libbabeltrace-dev openjdk-21-jdk libcapstone-dev llvm-dev" # We remove git files because kernel makefile tries to interact with git for determining version # which results in misconfigured version due to our debian based changes - "rm -rf .git .gitattributes .gitignore" @@ -432,7 +427,6 @@ sources: explicit_deps: - kernel - kernel-dbg - - openssl generate_version: false subpackages: - name: openzfs-dbg @@ -459,7 +453,6 @@ sources: explicit_deps: - kernel - kernel-dbg - - openssl generate_version: false - name: truenas_pylibzfs repo: https://github.com/truenas/truenas_pylibzfs @@ -497,21 +490,22 @@ sources: - "sh -x fetch.sh" explicit_deps: - openzfs - - python3 - truenas_samba - truenas_sssd -- name: truenas_spdk - repo: https://github.com/truenas/truenas_spdk - branch: master - generate_version: false - predepscmd: - - "apt install -y rsync" - - "sh -x fetch.sh" - - "scripts/pkgdep.sh --rdma" - explicit_deps: - - python3 - - kernel - - kernel-dbg +# spdk does not support debian trixie now on upstream side for now +# - name: truenas_spdk +# repo: https://github.com/truenas/truenas_spdk +# branch: master +# generate_version: false +# env: +# PIP_BREAK_SYSTEM_PACKAGES: "1" +# predepscmd: +# - "apt install -y rsync" +# - "sh -x fetch.sh" +# - "scripts/pkgdep.sh --rdma" +# explicit_deps: +# - kernel +# - kernel-dbg - name: avahi repo: https://github.com/truenas/avahi branch: SCALE-v0.8 @@ -575,6 +569,8 @@ sources: branch: master - name: truenas_webui repo: https://github.com/truenas/webui + env: + COREPACK_ENABLE_DOWNLOAD_PROMPT: "0" predepscmd: - "apt -y install wget" prebuildcmd: @@ -692,25 +688,6 @@ sources: - "./pull.sh" deoptions: nocheck generate_version: false -- name: util-linux - repo: https://github.com/truenas/util-linux - branch: master - debian_fork: true - predepscmd: - - "apt install -y wget xz-utils" - - "./pull.sh" - deoptions: nocheck - generate_version: false -- name: python3 - repo: https://github.com/truenas/python.git - branch: master - batch_priority: 0 - deoptions: nocheck - generate_version: false - predepscmd: - - "apt install -y python3-docs-theme python3-sphinx texinfo wget" - - "wget https://www.python.org/ftp/python/3.11.9/Python-3.11.9.tar.xz" - - "tar --strip-components=1 -xvf Python-3.11.9.tar.xz" - name: truenas_audit_rules repo: https://github.com/truenas/audit_rules.git branch: master diff --git a/conf/reference-files/etc/group b/conf/reference-files/etc/group index 8e3e791..66bafcf 100644 --- a/conf/reference-files/etc/group +++ b/conf/reference-files/etc/group @@ -11,7 +11,7 @@ mail:x:8: news:x:9: uucp:x:10: man:x:12: -proxy:x:13: +proxy:x:13:netdata ftp:x:14: kmem:x:15: dialout:x:20:nut @@ -39,7 +39,7 @@ staff:x:50: games:x:60: users:x:100: nogroup:x:65534: -nobody:x:65534: +nobody:x:65534:netdata systemd-timesync:x:101: systemd-journal:x:102: systemd-network:x:103: @@ -76,9 +76,9 @@ apps:x:568: webdav:x:666: truenas_readonly_administrators:x:951: truenas_sharing_administrators:x:952: -docker:x:999: +docker:x:999:netdata libvirt-qemu:x:986:libvirt-qemu -haproxy:x:130: +haproxy:x:130:netdata uuidd:x:131: i2c:x:132: sgx:x:133: diff --git a/conf/reference-files/etc/passwd b/conf/reference-files/etc/passwd index 22c8ea8..cfe1690 100644 --- a/conf/reference-files/etc/passwd +++ b/conf/reference-files/etc/passwd @@ -54,3 +54,4 @@ polkitd:x:998:998:polkit:/var/empty:/usr/sbin/nologin netdata:x:999:997::/var/lib/netdata:/bin/sh sssd:x:117:122:SSSD system user:/var/lib/sss:/usr/sbin/nologin caddy:x:997:994:Caddy web server:/var/lib/caddy:/usr/sbin/nologin +dhcpcd:x:119:65534:DHCP Client Daemon:/usr/lib/dhcpcd:/bin/false diff --git a/scale_build/bootstrap/bootstrapdir.py b/scale_build/bootstrap/bootstrapdir.py index 2741c03..7daf8a5 100644 --- a/scale_build/bootstrap/bootstrapdir.py +++ b/scale_build/bootstrap/bootstrapdir.py @@ -30,9 +30,16 @@ class BootstrapDir(CacheMixin, HashMixin): def debootstrap_debian(self): manifest = get_manifest() + # Debootstrap needs binary format key, convert ASCII-armored to binary + keyring_path = os.path.join(BUILDER_DIR, 'keys/truenas.gpg') + binary_keyring = '/tmp/truenas-binary.gpg' + + # Convert ASCII-armored key to binary format for debootstrap + run(['sh', '-c', f'gpg --dearmor < {keyring_path} > {binary_keyring}']) + run( ['debootstrap'] + self.deopts + [ - '--keyring', '/etc/apt/trusted.gpg.d/debian-archive-truenas-automatic.gpg', + '--keyring', binary_keyring, manifest['debian_release'], self.chroot_basedir, get_apt_repos(check_custom=True)['url'] ] @@ -44,7 +51,6 @@ class BootstrapDir(CacheMixin, HashMixin): self.logger.debug('Basechroot cache is intact and does not need to be changed') return - self.add_trusted_apt_key() apt_repos = get_apt_repos(check_custom=True) self.debootstrap_debian() self.setup_mounts() @@ -52,34 +58,51 @@ class BootstrapDir(CacheMixin, HashMixin): self.logger.debug('Updating apt preferences') apt_path = os.path.join(self.chroot_basedir, 'etc/apt') apt_sources_path = os.path.join(apt_path, 'sources.list') - # Set bullseye repo as the priority + + # Set up apt preferences with open(os.path.join(apt_path, 'preferences'), 'w') as f: f.write(get_apt_preferences()) - run(['chroot', self.chroot_basedir, 'apt', 'update']) - # We need to have gnupg installed before adding apt mirrors because apt-key needs it - run(['chroot', self.chroot_basedir, 'apt', 'install', '-y', 'gnupg']) + # Create keyrings directory in chroot + keyring_dir = os.path.join(self.chroot_basedir, 'etc/apt/keyrings') + os.makedirs(keyring_dir, exist_ok=True) - # Save the correct repo in sources.list - apt_sources = [f'deb {apt_repos["url"]} {apt_repos["distribution"]} {apt_repos["components"]}'] + # Copy TrueNAS key to chroot keyrings + truenas_key = os.path.join(keyring_dir, 'truenas-archive.gpg') + shutil.copy(os.path.join(BUILDER_DIR, 'keys/truenas.gpg'), truenas_key) + + # Build sources.list with signed-by directives + # Main repository + apt_sources = [ + 'deb [signed-by=/etc/apt/keyrings/truenas-archive.gpg] ' + f'{apt_repos["url"]} {apt_repos["distribution"]} {apt_repos["components"]}' + ] # Add additional repos for repo in apt_repos['additional']: self.logger.debug('Adding additional repo: %r', repo['url']) if repo.get('key'): - shutil.copy(os.path.join(BUILDER_DIR, repo['key']), os.path.join(self.chroot_basedir, 'apt.key')) - run(['chroot', self.chroot_basedir, 'apt-key', 'add', '/apt.key']) - os.unlink(os.path.join(self.chroot_basedir, 'apt.key')) - - apt_sources.append(f'deb {repo["url"]} {repo["distribution"]} {repo["component"]}') + # Copy specific key to chroot keyrings + key_name = os.path.basename(repo['key']) + shutil.copy(os.path.join(BUILDER_DIR, repo['key']), os.path.join(keyring_dir, key_name)) + # Add repo with its specific key + apt_sources.append( + f'deb [signed-by=/etc/apt/keyrings/{key_name}] ' + f'{repo["url"]} {repo["distribution"]} {repo["component"]}' + ) + else: + # Repo without specific key - uses TrueNAS key + apt_sources.append( + f'deb [signed-by=/etc/apt/keyrings/truenas-archive.gpg] ' + f'{repo["url"]} {repo["distribution"]} {repo["component"]}' + ) + # Write initial sources.list with open(apt_sources_path, 'w') as f: f.write('\n'.join(apt_sources)) - # Update apt + # Update and upgrade run(['chroot', self.chroot_basedir, 'apt', 'update']) - # Upgrade apt so that packages which were pulled in by debootstrap i.e libssl, they also - # respect the apt preferences we have specified run(['chroot', self.chroot_basedir, 'apt', 'upgrade', '-y']) if self.extra_packages_to_install: @@ -100,12 +123,6 @@ class BootstrapDir(CacheMixin, HashMixin): def after_extra_packages_installation_steps(self): pass - def add_trusted_apt_key(self): - run([ - 'apt-key', '--keyring', '/etc/apt/trusted.gpg.d/debian-archive-truenas-automatic.gpg', 'add', - os.path.join(BUILDER_DIR, 'keys/truenas.gpg') - ]) - @property def extra_packages_to_install(self): raise NotImplementedError @@ -147,9 +164,16 @@ class RootfsBootstrapDir(BootstrapDir): def debootstrap_debian(self): manifest = get_manifest() + # Debootstrap needs binary format key, convert ASCII-armored to binary + keyring_path = os.path.join(BUILDER_DIR, 'keys/truenas.gpg') + binary_keyring = '/tmp/truenas-binary.gpg' + + # Convert ASCII-armored key to binary format for debootstrap + run(['sh', '-c', f'gpg --dearmor < {keyring_path} > {binary_keyring}']) + run( ['debootstrap'] + self.deopts + [ - '--foreign', '--keyring', '/etc/apt/trusted.gpg.d/debian-archive-truenas-automatic.gpg', + '--foreign', '--keyring', binary_keyring, manifest['debian_release'], self.chroot_basedir, get_apt_repos(check_custom=True)['url'] ] diff --git a/scale_build/extensions.py b/scale_build/extensions.py index 91254fc..8b9ff7d 100644 --- a/scale_build/extensions.py +++ b/scale_build/extensions.py @@ -117,7 +117,7 @@ class DevToolsExtension(Extension): class NvidiaExtension(Extension): - binaries = ("apt", "apt-config", "apt-key", "dpkg") + binaries = ("apt", "apt-config", "dpkg") temporary_packages = ["gcc", "make", "pkg-config"] permanent_packages = ["libvulkan1", "nvidia-container-toolkit", "vulkan-validationlayers"] diff --git a/scale_build/image/bootstrap.py b/scale_build/image/bootstrap.py index 50445d0..cd57c2e 100644 --- a/scale_build/image/bootstrap.py +++ b/scale_build/image/bootstrap.py @@ -33,6 +33,8 @@ def umount_chroot_basedir(): for command in ( ['umount', '-f', PACKAGE_PATH], ['umount', '-f', os.path.join(CHROOT_BASEDIR, 'proc')], + # Need to unmount efivarfs before sys (automatically mounted under sys) + ['umount', '-f', os.path.join(CHROOT_BASEDIR, 'sys/firmware/efi/efivars')], ['umount', '-f', os.path.join(CHROOT_BASEDIR, 'sys')], ): run(command, check=False, log=False) diff --git a/scale_build/image/iso.py b/scale_build/image/iso.py index 4d8e32d..f88905d 100644 --- a/scale_build/image/iso.py +++ b/scale_build/image/iso.py @@ -128,7 +128,7 @@ def make_iso_file(): run_in_chroot(['apt-get', 'update'], check=False) run_in_chroot([ 'apt-get', 'install', '-y', 'grub-common', 'grub2-common', 'grub-efi-amd64-bin', - 'grub-efi-amd64-signed', 'grub-pc-bin', 'mtools', 'xorriso' + 'grub-pc-bin', 'mtools', 'xorriso' ]) # Debian GRUB EFI searches for GRUB config in a different place diff --git a/scale_build/image/mtree.py b/scale_build/image/mtree.py index 6814144..6c93e77 100644 --- a/scale_build/image/mtree.py +++ b/scale_build/image/mtree.py @@ -32,7 +32,7 @@ ETC_FILES_TO_REMOVE = [ 'etc/avahi/services/nut.service', 'etc/chrony/chrony.conf', 'etc/default/rpcbind', - 'etc/netdata/netdata.conf', + # 'etc/netdata/netdata.conf', # FIXME: please fix this once aligned with newer netdata packages 'etc/nginx/nginx.conf', 'etc/nvme/hostid', 'etc/nvme/hostnqn', diff --git a/scale_build/image/update.py b/scale_build/image/update.py index de0909f..2c26060 100644 --- a/scale_build/image/update.py +++ b/scale_build/image/update.py @@ -3,7 +3,6 @@ import itertools import logging import os import platform -import textwrap import shutil import stat import tempfile @@ -136,9 +135,28 @@ def install_rootfs_packages_impl(): def get_apt_sources(): # We want the final sources.list to be in the rootfs image apt_repos = get_apt_repos(check_custom=False) - apt_sources = [f'deb {apt_repos["url"]} {apt_repos["distribution"]} {apt_repos["components"]}'] + + # Main repository with TrueNAS key + apt_sources = [ + 'deb [signed-by=/etc/apt/keyrings/truenas-archive.gpg] ' + f'{apt_repos["url"]} {apt_repos["distribution"]} {apt_repos["components"]}' + ] + + # Add additional repos for repo in apt_repos['additional']: - apt_sources.append(f'deb {repo["url"]} {repo["distribution"]} {repo["component"]}') + if repo.get('key'): + # Repo with specific key + key_name = os.path.basename(repo['key']) + apt_sources.append( + f'deb [signed-by=/etc/apt/keyrings/{key_name}] ' + f'{repo["url"]} {repo["distribution"]} {repo["component"]}' + ) + else: + # Repo without specific key - uses TrueNAS key + apt_sources.append( + f'deb [signed-by=/etc/apt/keyrings/truenas-archive.gpg] ' + f'{repo["url"]} {repo["distribution"]} {repo["component"]}' + ) return apt_sources @@ -313,26 +331,6 @@ def custom_rootfs_setup(): run_in_chroot(['update-initramfs', '-k', kernel_name, '-u']) - # Generate native systemd unit files for SysV services that lack ones to prevent systemd-sysv-generator warnings - tmp_systemd = os.path.join(CHROOT_BASEDIR, 'tmp/systemd') - os.makedirs(tmp_systemd) - run_in_chroot([ - '/usr/lib/systemd/system-generators/systemd-sysv-generator', '/tmp/systemd', '/tmp/systemd', '/tmp/systemd' - ]) - for unit_file in filter(lambda f: f.endswith('.service'), os.listdir(tmp_systemd)): - with open(os.path.join(tmp_systemd, unit_file), 'a') as f: - f.write(textwrap.dedent('''\ - [Install] - WantedBy=multi-user.target - ''')) - - for f in os.listdir(os.path.join(tmp_systemd, 'multi-user.target.wants')): - file_path = os.path.join(tmp_systemd, f) - if os.path.isfile(file_path) and not os.path.islink(file_path): - os.unlink(file_path) - - run_in_chroot(['rsync', '-av', '/tmp/systemd/', '/usr/lib/systemd/system/']) - shutil.rmtree(tmp_systemd) run_in_chroot(['depmod'], check=False) # /usr will be readonly, and so we want the ca-certificates directory to diff --git a/scale_build/iso.py b/scale_build/iso.py index 3ce68c0..cc39538 100644 --- a/scale_build/iso.py +++ b/scale_build/iso.py @@ -4,7 +4,7 @@ import os from .bootstrap.bootstrapdir import CdromBootstrapDirectory from .exceptions import CallError -from .image.bootstrap import clean_mounts, setup_chroot_basedir, umount_tmpfs_and_clean_chroot_dir +from .image.bootstrap import clean_mounts, setup_chroot_basedir from .image.iso import install_iso_packages, make_iso_file from .image.manifest import get_image_version, update_file_path from .utils.logger import LoggingContext @@ -47,6 +47,6 @@ def build_impl(): with LoggingContext('cdrom-iso', 'w'): make_iso_file() finally: - umount_tmpfs_and_clean_chroot_dir() + clean_mounts() logger.info('Success! CD/USB: %s/TrueNAS-SCALE-%s.iso', RELEASE_DIR, image_version) diff --git a/scale_build/packages/package.py b/scale_build/packages/package.py index d109857..ac30f97 100644 --- a/scale_build/packages/package.py +++ b/scale_build/packages/package.py @@ -22,8 +22,6 @@ from .utils import ( logger = logging.getLogger(__name__) -MANDATORY_EXPLICIT_DEPS = frozenset(['python3']) - class Package(BootstrapMixin, BuildPackageMixin, BuildCleanMixin, CCacheMixin, GitPackageMixin, OverlayMixin): def __init__( @@ -42,7 +40,7 @@ class Package(BootstrapMixin, BuildPackageMixin, BuildCleanMixin, CCacheMixin, G self.buildcmd = buildcmd or [] self.build_constraints = build_constraints or [] self.depscmd = depscmd or [] - self.explicit_deps = set(explicit_deps or set()) | MANDATORY_EXPLICIT_DEPS + self.explicit_deps = set(explicit_deps or set()) self.generate_version = generate_version self.predepscmd = predepscmd or [] self.deps_path = deps_path diff --git a/scale_build/update_image.py b/scale_build/update_image.py index e10ce4b..af3e450 100644 --- a/scale_build/update_image.py +++ b/scale_build/update_image.py @@ -3,9 +3,7 @@ import os from .bootstrap.bootstrapdir import RootfsBootstrapDir from .exceptions import CallError -from .image.bootstrap import ( - clean_mounts, setup_chroot_basedir, umount_chroot_basedir, umount_tmpfs_and_clean_chroot_dir -) +from .image.bootstrap import clean_mounts, setup_chroot_basedir from .image.manifest import update_file_path from .image.update import install_rootfs_packages, build_rootfs_image from .utils.logger import LoggingContext @@ -78,7 +76,6 @@ def build_update_image_impl(): with LoggingContext('rootfs-image', 'w'): build_rootfs_image() finally: - umount_chroot_basedir() - umount_tmpfs_and_clean_chroot_dir() + clean_mounts() logger.info('Success! Update image created at: %s', update_file_path()) diff --git a/truenas_install/__main__.py b/truenas_install/__main__.py index 3010c79..81617dc 100644 --- a/truenas_install/__main__.py +++ b/truenas_install/__main__.py @@ -535,6 +535,8 @@ def main(): run_command(["mount", "-t", "sysfs", "none", f"{root}/sys"]) undo.append(["umount", f"{root}/sys"]) + if os.path.exists("/sys/firmware/efi"): + undo.append(["umount", f"{root}/sys/firmware/efi/efivars"]) run_command(["mount", "-t", "zfs", f"{pool_name}/grub", f"{root}/boot/grub"]) undo.append(["umount", f"{root}/boot/grub"]) @@ -596,8 +598,6 @@ def main(): if os.path.exists("/sys/firmware/efi"): run_command(["mount", "-t", "efivarfs", "efivarfs", f"{root}/sys/firmware/efi/efivars"]) - undo.append(["umount", f"{root}/sys/firmware/efi/efivars"]) - # Clean up dumps from NVRAM to prevent # "failed to register the EFI boot entry: No space left on device" for item in os.listdir("/sys/firmware/efi/efivars"):