Hardened Source Image throws: `cannot stat ‘/tmp/worker/configure-clocksource.service’: No such file or directory`

Question

Hardened Source Image throws: `cannot stat ‘/tmp/worker/configure-clocksource.service’: No such file or directory`

Opened this issue 6 months ago · 0 comments

What happened:

When using make 1.28 enable_fips=true source_ami_filter_name=<CIS STIG HARDENED Image> source_ami_owners=<OWNERID> aws_region=$AWS_REGION the packer build errors off on the install-worker.sh after the reboot for fips with the following error.

2024-04-16T11:18:22-04:00:     amazon-ebs: mv: cannot stat ‘/tmp/worker/configure-clocksource.service’: No such file or directory

What you expected to happen:

The image to build without any issues.

Anything else we need to know?:

I have been watching other hardened issues and have not seen a reference to this specific issue. I will have a PR with a suggested fix. The assumed problem is around the ordering the provisioners. Specifically the order for creating the /tmp/worker and mounting of all the scripts before the reboot. While running the packer output in -debug and connecting to the image it was seen that /tmp/worker did not exist after reboot it did exist before reboot. Reordering the creation of the /tmp/worker directory and the file provisioners after the reboot fixes this.