raito/lanzaboote
0
0
Fork 0
Code Issues 45 Pull requests 6 Projects Releases 6 Packages Wiki Activity Actions

lanzaboote_tool fails to build on current unstable #140

New issue
Closed
opened 2023-03-28 14:41:58 +00:00 by mxkrsv · 9 comments
mxkrsv commented 2023-03-28 14:41:58 +00:00 (Migrated from github.com)
Copy link
error: builder for '/nix/store/nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv' failed with exit code 101;
       last 10 log lines:
       > thread 'overwrite_unsigned_images' panicked at 'assertion failed: verify_signature(&image1)?', tests/install.rs:63:5
       > note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
       >
       >
       > failures:
       >     overwrite_unsigned_images
       >
       > test result: FAILED. 2 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.31s
       >
       > error: test failed, to rerun pass `--test install`
``` error: builder for '/nix/store/nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv' failed with exit code 101; last 10 log lines: > thread 'overwrite_unsigned_images' panicked at 'assertion failed: verify_signature(&image1)?', tests/install.rs:63:5 > note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace > > > failures: > overwrite_unsigned_images > > test result: FAILED. 2 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.31s > > error: test failed, to rerun pass `--test install` ```
👍 8
NickCao commented 2023-03-28 14:53:54 +00:00 (Migrated from github.com)
Copy link

Same here, tracked it down to TEST_SYSTEMD, something is wrong with lib/systemd/boot/linuxx64.efi.stub in systemd 253.

Same here, tracked it down to `TEST_SYSTEMD`, something is wrong with `lib/systemd/boot/linuxx64.efi.stub` in systemd 253.
RaitoBezarius commented 2023-03-28 18:27:06 +00:00 (Migrated from github.com)
Copy link

@nikstur when you will be back, if you have time to look into this?

@nikstur when you will be back, if you have time to look into this?
👍 1
cyclic-pentane commented 2023-03-31 11:06:39 +00:00 (Migrated from github.com)
Copy link

Possibly relevant observation: The build of /nix/store/nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv seems to fail non-reproducibly. Here's the log of a successful build from my machine:

nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv_build_log.txt

Possibly relevant observation: The build of `/nix/store/nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv` seems to fail non-reproducibly. Here's the log of a successful build from my machine: [nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv_build_log.txt](https://github.com/nix-community/lanzaboote/files/11121089/nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv_build_log.txt)
Myaats commented 2023-03-31 11:11:52 +00:00 (Migrated from github.com)
Copy link

Possibly relevant observation: The build of /nix/store/nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv seems to fail non-reproducibly. Here's the log of a successful build from my machine:

nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv_build_log.txt

Did you use the current nixos-unstable version? Try running nix flake update in the lanzaboote repo and test again.

> Possibly relevant observation: The build of `/nix/store/nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv` seems to fail non-reproducibly. Here's the log of a successful build from my machine: > > [nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv_build_log.txt](https://github.com/nix-community/lanzaboote/files/11121089/nhhd04plbhyv6akld7banyhnh34rj3z0-lanzaboote_tool-0.1.0.drv_build_log.txt) Did you use the current nixos-unstable version? Try running `nix flake update` in the lanzaboote repo and test again.
cyclic-pentane commented 2023-03-31 11:13:03 +00:00 (Migrated from github.com)
Copy link

If I'm not mistaken, this shouldn't matter as long as the store hashes match.

If I'm not mistaken, this shouldn't matter as long as the store hashes match.
Myaats commented 2023-03-31 11:15:00 +00:00 (Migrated from github.com)
Copy link

If I'm not mistaken, this shouldn't matter as long as the store hashes match.

It does matter, as lanzaboote relies on external tools and libraries provided by nixpkgs, some which has been updated since the nixpkgs version currently locked. But I am not quite sure why the output derivation does match for you.

EDIT: The tools that was updated is added in checkInputs and in a seperate wrapper derivation, so the main output derivation hash matching makes sense.

> If I'm not mistaken, this shouldn't matter as long as the store hashes match. It does matter, as lanzaboote relies on external tools and libraries provided by nixpkgs, some which has been updated since the nixpkgs version currently locked. But I am not quite sure why the output derivation does match for you. EDIT: The tools that was updated is added in checkInputs and in a seperate wrapper derivation, so the main output derivation hash matching makes sense.
cyclic-pentane commented 2023-03-31 11:19:58 +00:00 (Migrated from github.com)
Copy link

Here's the relevant parts from my system config nix flake info:

├───lanzaboote: github:nix-community/lanzaboote/7c55847aaf804398c0cd1c75f20591075eafcdee
│   ├───crane: github:ipetkov/crane/2552a2d1ccf33d43259a9e00f93dbacb9e6d6bed
│   │   ├───flake-compat: github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9
│   │   ├───flake-utils follows input 'lanzaboote/flake-utils'
│   │   ├───nixpkgs follows input 'lanzaboote/nixpkgs'
│   │   └───rust-overlay follows input 'lanzaboote/rust-overlay'
│   ├───flake-compat: github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9
│   ├───flake-parts: github:hercules-ci/flake-parts/c13d60b89adea3dc20704c045ec4d50dd964d447
│   │   └───nixpkgs-lib: github:NixOS/nixpkgs/130fa0baaa2b93ec45523fdcde942f6844ee9f6e?dir=lib
│   ├───flake-utils: github:numtide/flake-utils/93a2b84fc4b70d9e089d029deacc3583435c2ed6
│   ├───nixpkgs follows input 'nixpkgs-unstable'
│   ├───nixpkgs-test: github:NixOS/nixpkgs/371d3778c4f9cee7d5cf014e6ce400d57366570f
│   ├───pre-commit-hooks-nix: github:cachix/pre-commit-hooks.nix/32b1dbedfd77892a6e375737ef04d8efba634e9e
│   │   ├───flake-compat: github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9
│   │   ├───flake-utils follows input 'lanzaboote/flake-utils'
│   │   ├───gitignore: github:hercules-ci/gitignore.nix/a20de23b925fd8264fd7fad6454652e142fd7f73
│   │   │   └───nixpkgs follows input 'lanzaboote/pre-commit-hooks-nix/nixpkgs'
│   │   ├───nixpkgs follows input 'lanzaboote/nixpkgs'
│   │   └───nixpkgs-stable: github:NixOS/nixpkgs/9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8
│   └───rust-overlay: github:oxalica/rust-overlay/c680a0a4144bb0931f6cebd601a3978bbafc4f64
│       ├───flake-utils follows input 'lanzaboote/flake-utils'
│       └───nixpkgs follows input 'lanzaboote/nixpkgs'
├───nixpkgs-stable: github:NixOS/nixpkgs/a575c243c23e2851b78c00e9fa245232926ec32f
└───nixpkgs-unstable: github:NixOS/nixpkgs/9a6aabc4740790ef3bbb246b86d029ccf6759658

i.e. I'm on the latest unstable and have pinned the lanzaboote nixpkgs input to my system nixpkgs-unstable. This results in the same store hash for lanzaboote_tool, which should ideally also result in identical build results across different machines due to the purity guarantees of Nix. However it doesn't, which indicates some sort of non-determinism like memory-related bugs in the build process.

Here's the relevant parts from my system config `nix flake info`: ``` ├───lanzaboote: github:nix-community/lanzaboote/7c55847aaf804398c0cd1c75f20591075eafcdee │ ├───crane: github:ipetkov/crane/2552a2d1ccf33d43259a9e00f93dbacb9e6d6bed │ │ ├───flake-compat: github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9 │ │ ├───flake-utils follows input 'lanzaboote/flake-utils' │ │ ├───nixpkgs follows input 'lanzaboote/nixpkgs' │ │ └───rust-overlay follows input 'lanzaboote/rust-overlay' │ ├───flake-compat: github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9 │ ├───flake-parts: github:hercules-ci/flake-parts/c13d60b89adea3dc20704c045ec4d50dd964d447 │ │ └───nixpkgs-lib: github:NixOS/nixpkgs/130fa0baaa2b93ec45523fdcde942f6844ee9f6e?dir=lib │ ├───flake-utils: github:numtide/flake-utils/93a2b84fc4b70d9e089d029deacc3583435c2ed6 │ ├───nixpkgs follows input 'nixpkgs-unstable' │ ├───nixpkgs-test: github:NixOS/nixpkgs/371d3778c4f9cee7d5cf014e6ce400d57366570f │ ├───pre-commit-hooks-nix: github:cachix/pre-commit-hooks.nix/32b1dbedfd77892a6e375737ef04d8efba634e9e │ │ ├───flake-compat: github:edolstra/flake-compat/35bb57c0c8d8b62bbfd284272c928ceb64ddbde9 │ │ ├───flake-utils follows input 'lanzaboote/flake-utils' │ │ ├───gitignore: github:hercules-ci/gitignore.nix/a20de23b925fd8264fd7fad6454652e142fd7f73 │ │ │ └───nixpkgs follows input 'lanzaboote/pre-commit-hooks-nix/nixpkgs' │ │ ├───nixpkgs follows input 'lanzaboote/nixpkgs' │ │ └───nixpkgs-stable: github:NixOS/nixpkgs/9b8e5abb18324c7fe9f07cb100c3cd4a29cda8b8 │ └───rust-overlay: github:oxalica/rust-overlay/c680a0a4144bb0931f6cebd601a3978bbafc4f64 │ ├───flake-utils follows input 'lanzaboote/flake-utils' │ └───nixpkgs follows input 'lanzaboote/nixpkgs' ├───nixpkgs-stable: github:NixOS/nixpkgs/a575c243c23e2851b78c00e9fa245232926ec32f └───nixpkgs-unstable: github:NixOS/nixpkgs/9a6aabc4740790ef3bbb246b86d029ccf6759658 ``` i.e. I'm on the latest unstable and have pinned the lanzaboote nixpkgs input to my system nixpkgs-unstable. This results in the same store hash for `lanzaboote_tool`, which should ideally also result in identical build results across different machines due to the purity guarantees of Nix. However it doesn't, which indicates some sort of non-determinism like memory-related bugs in the build process.
alx-alexpark commented 2023-04-03 01:35:23 +00:00 (Migrated from github.com)
Copy link

I also have this issue

I also have this issue
blitz commented 2023-04-04 08:23:56 +00:00 (Migrated from github.com)
Copy link

Me too. Full log of test of failed test:

lanzaboote_tool> test overwrite_unsigned_images ... FAILED
lanzaboote_tool> failures:
lanzaboote_tool> ---- overwrite_unsigned_images stdout ----
lanzaboote_tool> Installing Lanzaboote to "/build/.tmpFbPuQZ"...
lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/Linux/nixos-generation-1.efi"...
lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/Linux/nixos-generation-2.efi"...
lanzaboote_tool> Installing "/build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-bzImage.efi"...
lanzaboote_tool> Installing "/build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-initrd.efi"...
lanzaboote_tool> Installing "/build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-bzImage.efi"...
lanzaboote_tool> Installing "/build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-initrd.efi"...
lanzaboote_tool> Updating "/build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI"...
lanzaboote_tool> Error reading file /build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI: No such file or directory
lanzaboote_tool> Can't open image /build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI
lanzaboote_tool> sbverify failed with args: `["--cert", "tests/fixtures/uefi-keys/db.pem", "/build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI"]`.
lanzaboote_tool> $"/build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI" is not signed. Replacing it with a signed binary...
lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI"...
lanzaboote_tool> Updating "/build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi"...
lanzaboote_tool> Error reading file /build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi: No such file or directory
lanzaboote_tool> Can't open image /build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi
lanzaboote_tool> sbverify failed with args: `["--cert", "tests/fixtures/uefi-keys/db.pem", "/build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi"]`.
lanzaboote_tool> $"/build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi" is not signed. Replacing it with a signed binary...
lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi"...
lanzaboote_tool> Installing "/build/.tmpFbPuQZ/loader/loader.conf"...
lanzaboote_tool> Collecting garbage...
lanzaboote_tool> Successfully installed Lanzaboote.
lanzaboote_tool> /build/.tmpFbPuQZ
lanzaboote_tool> /build/.tmpFbPuQZ/loader
lanzaboote_tool> /build/.tmpFbPuQZ/loader/loader.conf
lanzaboote_tool> /build/.tmpFbPuQZ/EFI
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/systemd
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/BOOT
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-initrd.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-bzImage.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-initrd.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-bzImage.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux/nixos-generation-2.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux/nixos-generation-1.efi
lanzaboote_tool> Signature verification failed
lanzaboote_tool> No signature table present
lanzaboote_tool> Signature verification OK
lanzaboote_tool> Installing Lanzaboote to "/build/.tmpFbPuQZ"...
lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/Linux/nixos-generation-2.efi"...
lanzaboote_tool> Collecting garbage...
lanzaboote_tool> Successfully installed Lanzaboote.
lanzaboote_tool> /build/.tmpFbPuQZ
lanzaboote_tool> /build/.tmpFbPuQZ/loader
lanzaboote_tool> /build/.tmpFbPuQZ/loader/loader.conf
lanzaboote_tool> /build/.tmpFbPuQZ/EFI
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/systemd
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/BOOT
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-initrd.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-bzImage.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-initrd.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-bzImage.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux/nixos-generation-2.efi
lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux/nixos-generation-1.efi
lanzaboote_tool> Signature verification failed
lanzaboote_tool> No signature table present
lanzaboote_tool> thread 'overwrite_unsigned_images' panicked at 'assertion failed: verify_signature(&image1)?', tests/install.rs:63:5
lanzaboote_tool> note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace
lanzaboote_tool> failures:
lanzaboote_tool>     overwrite_unsigned_images
lanzaboote_tool> test result: FAILED. 2 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.13s
lanzaboote_tool> error: test failed, to rerun pass `--test install`
Me too. Full log of test of failed test: ``` lanzaboote_tool> test overwrite_unsigned_images ... FAILED lanzaboote_tool> failures: lanzaboote_tool> ---- overwrite_unsigned_images stdout ---- lanzaboote_tool> Installing Lanzaboote to "/build/.tmpFbPuQZ"... lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/Linux/nixos-generation-1.efi"... lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/Linux/nixos-generation-2.efi"... lanzaboote_tool> Installing "/build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-bzImage.efi"... lanzaboote_tool> Installing "/build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-initrd.efi"... lanzaboote_tool> Installing "/build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-bzImage.efi"... lanzaboote_tool> Installing "/build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-initrd.efi"... lanzaboote_tool> Updating "/build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI"... lanzaboote_tool> Error reading file /build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI: No such file or directory lanzaboote_tool> Can't open image /build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI lanzaboote_tool> sbverify failed with args: `["--cert", "tests/fixtures/uefi-keys/db.pem", "/build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI"]`. lanzaboote_tool> $"/build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI" is not signed. Replacing it with a signed binary... lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI"... lanzaboote_tool> Updating "/build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi"... lanzaboote_tool> Error reading file /build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi: No such file or directory lanzaboote_tool> Can't open image /build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi lanzaboote_tool> sbverify failed with args: `["--cert", "tests/fixtures/uefi-keys/db.pem", "/build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi"]`. lanzaboote_tool> $"/build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi" is not signed. Replacing it with a signed binary... lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi"... lanzaboote_tool> Installing "/build/.tmpFbPuQZ/loader/loader.conf"... lanzaboote_tool> Collecting garbage... lanzaboote_tool> Successfully installed Lanzaboote. lanzaboote_tool> /build/.tmpFbPuQZ lanzaboote_tool> /build/.tmpFbPuQZ/loader lanzaboote_tool> /build/.tmpFbPuQZ/loader/loader.conf lanzaboote_tool> /build/.tmpFbPuQZ/EFI lanzaboote_tool> /build/.tmpFbPuQZ/EFI/systemd lanzaboote_tool> /build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/BOOT lanzaboote_tool> /build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-initrd.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-bzImage.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-initrd.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-bzImage.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux/nixos-generation-2.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux/nixos-generation-1.efi lanzaboote_tool> Signature verification failed lanzaboote_tool> No signature table present lanzaboote_tool> Signature verification OK lanzaboote_tool> Installing Lanzaboote to "/build/.tmpFbPuQZ"... lanzaboote_tool> Signing and installing "/build/.tmpFbPuQZ/EFI/Linux/nixos-generation-2.efi"... lanzaboote_tool> Collecting garbage... lanzaboote_tool> Successfully installed Lanzaboote. lanzaboote_tool> /build/.tmpFbPuQZ lanzaboote_tool> /build/.tmpFbPuQZ/loader lanzaboote_tool> /build/.tmpFbPuQZ/loader/loader.conf lanzaboote_tool> /build/.tmpFbPuQZ/EFI lanzaboote_tool> /build/.tmpFbPuQZ/EFI/systemd lanzaboote_tool> /build/.tmpFbPuQZ/EFI/systemd/systemd-bootx64.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/BOOT lanzaboote_tool> /build/.tmpFbPuQZ/EFI/BOOT/BOOTX64.EFI lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-initrd.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-nrZ60dID-bzImage.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-initrd.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/nixos/toplevel-26xvPwpg-bzImage.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux/nixos-generation-2.efi lanzaboote_tool> /build/.tmpFbPuQZ/EFI/Linux/nixos-generation-1.efi lanzaboote_tool> Signature verification failed lanzaboote_tool> No signature table present lanzaboote_tool> thread 'overwrite_unsigned_images' panicked at 'assertion failed: verify_signature(&image1)?', tests/install.rs:63:5 lanzaboote_tool> note: run with `RUST_BACKTRACE=1` environment variable to display a backtrace lanzaboote_tool> failures: lanzaboote_tool> overwrite_unsigned_images lanzaboote_tool> test result: FAILED. 2 passed; 1 failed; 0 ignored; 0 measured; 0 filtered out; finished in 0.13s lanzaboote_tool> error: test failed, to rerun pass `--test install` ```
👍 2
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
test
qm3ster/patch-1
blitz/npins
enroll-keys
github-actions
systemd-sb-enroll
fix-ci
bump-edk2
global-credentials
signing-client
in-memory-assembling
cpio-packing
uboot
netboot
experiment-sd-addons
insecure-boot
refactor-building
tpm2-pcr-sections
bootsplash
sd-stub-dtb
bzimage-load
configuration-limit-test
boot-file-integrity-investigation
crane-uefi
v0.4.2
v0.4.1
v0.4.0
v0.3.0
v0.2.0
v0.1.0
Labels
Clear labels   
bug

Something isn't working

  
dependency

Issues related to our dependencies

  
documentation

Improvements or additions to documentation

  
duplicate

This issue or pull request already exists

  
enhancement

New feature or request

  
good first issue

Good for newcomers

  
help wanted

Extra attention is needed

  
invalid

This doesn't seem right

  
question

Further information is requested

  
review-next

   
security

   
stub

   
tool

   
wontfix

This will not be worked on

No labels
bug
dependency
documentation
duplicate
enhancement
good first issue
help wanted
invalid
question
review-next
security
stub
tool
wontfix
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: raito/lanzaboote#140
No description provided.
Delete branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?