Ugly backtraces for non-bootspec generations #55

New issue

Closed

opened 2023-01-08 23:19:23 +00:00 by blitz · 1 comment

blitz commented 2023-01-08 23:19:23 +00:00 (Migrated from github.com)

Copy link

Lanzatool outputs some intimidating backtraces when it encounters non-bootspec generations. This should be handled more gracefully by having an actionable log messages. Something like "Failed to sign generation X, because it is not bootspec compliant."

Installing generation 351
Appending secrets to initrd...
/boot/EFI/BOOT/BOOTX64.EFI already exists, skipping...
/boot/EFI/systemd/systemd-bootx64.efi already exists, skipping...
/boot/EFI/nixos/0n01vj3mq06pc31i2yhxndvhv4kwl2vp-linux-6.1.3-bzImage.efi already exists, skipping...
/boot/EFI/nixos/lzxjx9ykfzhv5c2r4v36v2w7b69yrpc1-initrd-linux-6.1.3-initrd.efi already exists, skipping...
Signing and installing /boot/EFI/Linux/nixos-generation-351.efi...
Successfully installed lanzaboote to '/boot'
Malformed generation: Failed to build generation from link: GenerationLink { version: 350, path: "/nix/var/nix/profiles/system-350-link" }

Caused by:
    0: Failed to read bootspec file
    1: No such file or directory (os error 2)

Stack backtrace:
   0: anyhow::context::<impl anyhow::Context<T,E> for core::result::Result<T,E>>::context
   1: lanzatool::generation::Generation::from_link
   2: lanzatool::install::Installer::install
   3: lanzatool::cli::Cli::call
   4: lanzatool::main
   5: std::sys_common::backtrace::__rust_begin_short_backtrace
   6: std::rt::lang_start::{{closure}}
   7: std::rt::lang_start_internal
   8: main
   9: __libc_start_call_main
  10: __libc_start_main_alias_1
  11: _start
Malformed generation: Failed to build generation from link: GenerationLink { version: 349, path: "/nix/var/nix/profiles/system-349-link" }

Caused by:
    0: Failed to read bootspec file
    1: No such file or directory (os error 2)

Stack backtrace:
   0: anyhow::context::<impl anyhow::Context<T,E> for core::result::Result<T,E>>::context
   1: lanzatool::generation::Generation::from_link
   2: lanzatool::install::Installer::install
   3: lanzatool::cli::Cli::call
   4: lanzatool::main
   5: std::sys_common::backtrace::__rust_begin_short_backtrace
   6: std::rt::lang_start::{{closure}}
   7: std::rt::lang_start_internal
   8: main
   9: __libc_start_call_main
  10: __libc_start_main_alias_1
  11: _start
'/boot/EFI/nixos/qalw2n6bvbsbvrhz9q9ax82fzxg5xhj0-linux-6.1.2-bzImage.efi' not in use anymore. Removing...
'/boot/EFI/nixos/81r7ygqb3hrzvhqgp0wzm1zmvhj1pzvf-initrd-linux-6.1.2-initrd.efi' not in use anymore. Removing...
'/boot/EFI/nixos/.extra-files' not in use anymore. Removing...

Lanzatool outputs some intimidating backtraces when it encounters non-bootspec generations. This should be handled more gracefully by having an actionable log messages. Something like "Failed to sign generation X, because it is not bootspec compliant." ``` Installing generation 351 Appending secrets to initrd... /boot/EFI/BOOT/BOOTX64.EFI already exists, skipping... /boot/EFI/systemd/systemd-bootx64.efi already exists, skipping... /boot/EFI/nixos/0n01vj3mq06pc31i2yhxndvhv4kwl2vp-linux-6.1.3-bzImage.efi already exists, skipping... /boot/EFI/nixos/lzxjx9ykfzhv5c2r4v36v2w7b69yrpc1-initrd-linux-6.1.3-initrd.efi already exists, skipping... Signing and installing /boot/EFI/Linux/nixos-generation-351.efi... Successfully installed lanzaboote to '/boot' Malformed generation: Failed to build generation from link: GenerationLink { version: 350, path: "/nix/var/nix/profiles/system-350-link" } Caused by: 0: Failed to read bootspec file 1: No such file or directory (os error 2) Stack backtrace: 0: anyhow::context::<impl anyhow::Context<T,E> for core::result::Result<T,E>>::context 1: lanzatool::generation::Generation::from_link 2: lanzatool::install::Installer::install 3: lanzatool::cli::Cli::call 4: lanzatool::main 5: std::sys_common::backtrace::__rust_begin_short_backtrace 6: std::rt::lang_start::{{closure}} 7: std::rt::lang_start_internal 8: main 9: __libc_start_call_main 10: __libc_start_main_alias_1 11: _start Malformed generation: Failed to build generation from link: GenerationLink { version: 349, path: "/nix/var/nix/profiles/system-349-link" } Caused by: 0: Failed to read bootspec file 1: No such file or directory (os error 2) Stack backtrace: 0: anyhow::context::<impl anyhow::Context<T,E> for core::result::Result<T,E>>::context 1: lanzatool::generation::Generation::from_link 2: lanzatool::install::Installer::install 3: lanzatool::cli::Cli::call 4: lanzatool::main 5: std::sys_common::backtrace::__rust_begin_short_backtrace 6: std::rt::lang_start::{{closure}} 7: std::rt::lang_start_internal 8: main 9: __libc_start_call_main 10: __libc_start_main_alias_1 11: _start '/boot/EFI/nixos/qalw2n6bvbsbvrhz9q9ax82fzxg5xhj0-linux-6.1.2-bzImage.efi' not in use anymore. Removing... '/boot/EFI/nixos/81r7ygqb3hrzvhqgp0wzm1zmvhj1pzvf-initrd-linux-6.1.2-initrd.efi' not in use anymore. Removing... '/boot/EFI/nixos/.extra-files' not in use anymore. Removing... ```

blitz commented 2023-01-08 23:24:31 +00:00 (Migrated from github.com)

Copy link

This also seems to prevent signing systemd-boot:

$ sudo sbctl verify
Verifying file database and EFI images in /boot...
✗ /boot/EFI/BOOT/BOOTX64.EFI is not signed
✓ /boot/EFI/Linux/nixos-generation-351.efi is signed
✗ /boot/EFI/nixos/0n01vj3mq06pc31i2yhxndvhv4kwl2vp-linux-6.1.3-bzImage.efi is not signed
✗ /boot/EFI/systemd/systemd-bootx64.efi is not signed

This also seems to prevent signing `systemd-boot`: ```console $ sudo sbctl verify Verifying file database and EFI images in /boot... ✗ /boot/EFI/BOOT/BOOTX64.EFI is not signed ✓ /boot/EFI/Linux/nixos-generation-351.efi is signed ✗ /boot/EFI/nixos/0n01vj3mq06pc31i2yhxndvhv4kwl2vp-linux-6.1.3-bzImage.efi is not signed ✗ /boot/EFI/systemd/systemd-bootx64.efi is not signed ```

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

test

qm3ster/patch-1

blitz/npins

enroll-keys

github-actions

systemd-sb-enroll

fix-ci

bump-edk2

global-credentials

signing-client

in-memory-assembling

cpio-packing

uboot

netboot

experiment-sd-addons

insecure-boot

refactor-building

tpm2-pcr-sections

bootsplash

sd-stub-dtb

bzimage-load

configuration-limit-test

boot-file-integrity-investigation

crane-uefi

v0.4.2

v0.4.1

v0.4.0

v0.3.0

v0.2.0

v0.1.0

Labels

Clear labels   

bug

Something isn't working

  

dependency

Issues related to our dependencies

  

documentation

Improvements or additions to documentation

  

duplicate

This issue or pull request already exists

  

enhancement

New feature or request

  

good first issue

Good for newcomers

  

help wanted

Extra attention is needed

  

invalid

This doesn't seem right

  

question

Further information is requested

  

review-next

  

security

  

stub

  

tool

  

wontfix

This will not be worked on

No labels

bug

dependency

documentation

duplicate

enhancement

good first issue

help wanted

invalid

question

review-next

security

stub

tool

wontfix

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference: raito/lanzaboote#55

No description provided.