sicherboot postinst script fails on new kernel on artful
tdaitx opened this issue · 5 comments
tdaitx commented
Sicherboot postinst script failed to run today with a new kernel in Ubuntu 17.10 (artful, the development release). This is a somewhat new install and this is the first kernel update I got since installing sicherboot.
The error was (see full log on the bottom)
Setting up linux-image-4.10.0-26-generic (4.10.0-26.30) ...
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/dkms 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/dracut 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
sicherboot: Installing 4.10.0-26-generic to ESP
objcopy: cannot open: /boot//initrd.img-4.10.0-26-generic: No such file or directory
run-parts: /etc/kernel/postinst.d/dracut exited with return code 1
Failed to process /etc/kernel/postinst.d at /var/lib/dpkg/info/linux-image-4.10.0-26-generic.postinst line 1052.
dpkg: error processing package linux-image-4.10.0-26-generic (--configure):
subprocess installed post-installation script returned error exit status 2
This is caused by a missing initrd.img for the kernel. The initramfs update is postponed as it is called from the /etc/kernel/postinst.d/initramfs-tools script, which is called after dracut (alphabetical order).
To solve it I had to remove the sicherboot call from the dracut script and moved it to a zz-update-sicherboot (following grub's naming)
--- /etc/kernel/postinst.d/dracut.orig
+++ /etc/kernel/postinst.d/dracut
@@ -9,7 +9,3 @@
if [ -e /etc/kernel/postinst.d/dracut.SecureBoot ]; then
/etc/kernel/postinst.d/dracut.SecureBoot "$@"
fi
-
-echo "sicherboot: Installing $1 to ESP"
-
-sicherboot install-kernel "$1"
--- /dev/null
+++ /etc/kernel/postinst.d/zz-update-sicherboot
@@ -0,0 +1,6 @@
+#!/bin/sh
+set -e
+
+echo "sicherboot: Installing $1 to ESP"
+
+sicherboot install-kernel "$1"
After that the new install was successful:
Setting up linux-image-4.10.0-26-generic (4.10.0-26.30) ...
Running depmod.
update-initramfs: deferring update (hook will be called later)
Not updating initrd symbolic links since we are being updated/reinstalled
(4.10.0-26.30 was configured last, according to dpkg)
Not updating image symbolic links since we are being updated/reinstalled
(4.10.0-26.30 was configured last, according to dpkg)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/dkms 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/dracut 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
update-initramfs: Generating /boot/initrd.img-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/update-notifier 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/x-grub-legacy-ec2 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
Searching for GRUB installation directory ... found: /boot/grub
Searching for default file ... found: /boot/grub/default
Testing for an existing GRUB menu.lst file ... found: /boot/grub/menu.lst
Searching for splash image ... none found, skipping ...
Found kernel: /boot/vmlinuz-4.10.0-26-generic
Found kernel: /boot/vmlinuz-4.10.0-22-generic
Found kernel: /boot/vmlinuz-4.10.0-21-generic
Found kernel: /boot/vmlinuz-4.10.0-26-generic
Found kernel: /boot/vmlinuz-4.10.0-22-generic
Found kernel: /boot/vmlinuz-4.10.0-21-generic
Updating /boot/grub/menu.lst ... done
run-parts: executing /etc/kernel/postinst.d/zz-update-bootctl 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
Generating grub configuration file ...
Warning: Setting GRUB_TIMEOUT to a non-zero value when GRUB_HIDDEN_TIMEOUT is set is no longer supported.
Found linux image: /boot/vmlinuz-4.10.0-26-generic
Found initrd image: /boot/initrd.img-4.10.0-26-generic
Found linux image: /boot/vmlinuz-4.10.0-22-generic
Found initrd image: /boot/initrd.img-4.10.0-22-generic
Found linux image: /boot/vmlinuz-4.10.0-21-generic
Found initrd image: /boot/initrd.img-4.10.0-21-generic
Adding boot menu entry for EFI firmware configuration
done
run-parts: executing /etc/kernel/postinst.d/zz-update-sicherboot 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
The full error log is
Performing actions...
(Reading database ... 200348 files and directories currently installed.)
Preparing to unpack .../linux-image-4.10.0-26-generic_4.10.0-26.30_amd64.deb ...
Done.
Unpacking linux-image-4.10.0-26-generic (4.10.0-26.30) ...
Selecting previously unselected package linux-firmware.
Preparing to unpack .../linux-firmware_1.167_all.deb ...
Unpacking linux-firmware (1.167) ...
Selecting previously unselected package linux-image-generic.
Preparing to unpack .../linux-image-generic_4.10.0.26.28_amd64.deb ...
Unpacking linux-image-generic (4.10.0.26.28) ...
Selecting previously unselected package linux-generic.
Preparing to unpack .../linux-generic_4.10.0.26.28_amd64.deb ...
Unpacking linux-generic (4.10.0.26.28) ...
Preparing to unpack .../thermald_1.6.0-4_amd64.deb ...
Unpacking thermald (1.6.0-4) ...
Processing triggers for ureadahead (0.100.0-19) ...
Setting up thermald (1.6.0-4) ...
Setting up linux-image-4.10.0-26-generic (4.10.0-26.30) ...
Running depmod.
update-initramfs: deferring update (hook will be called later)
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/dkms 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/dracut 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
sicherboot: Installing 4.10.0-26-generic to ESP
objcopy: cannot open: /boot//initrd.img-4.10.0-26-generic: No such file or directory
run-parts: /etc/kernel/postinst.d/dracut exited with return code 1
Failed to process /etc/kernel/postinst.d at /var/lib/dpkg/info/linux-image-4.10.0-26-generic.postinst line 1052.
dpkg: error processing package linux-image-4.10.0-26-generic (--configure):
subprocess installed post-installation script returned error exit status 2
Processing triggers for systemd (233-8ubuntu2) ...
Processing triggers for man-db (2.7.6.1-2) ...
Processing triggers for dbus (1.10.18-1ubuntu2) ...
dpkg: dependency problems prevent configuration of linux-image-generic:
linux-image-generic depends on linux-image-4.10.0-26-generic; however:
Package linux-image-4.10.0-26-generic is not configured yet.
linux-image-generic depends on linux-image-extra-4.10.0-26-generic; however:
Package linux-image-extra-4.10.0-26-generic is not installed.
dpkg: error processing package linux-image-generic (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
Setting up linux-firmware (1.167) ...
update-initramfs: Generating /boot/initrd.img-4.10.0-22-generic
warning: data remaining[50002432 vs 50010712]: gaps between PE/COFF sections?
update-initramfs: Generating /boot/initrd.img-4.10.0-21-generic
warning: data remaining[49989632 vs 49997912]: gaps between PE/COFF sections?
dpkg: dependency problems prevent configuration of linux-generic:
linux-generic depends on linux-image-generic (= 4.10.0.26.28); however:
Package linux-image-generic is not configured yet.
dpkg: error processing package linux-generic (--configure):
dependency problems - leaving unconfigured
No apport report written because the error message indicates its a followup error from a previous failure.
Errors were encountered while processing:
linux-image-4.10.0-26-generic
linux-image-generic
linux-generic
E: Sub-process /usr/bin/dpkg returned an error code (1)
Setting up linux-image-4.10.0-26-generic (4.10.0-26.30) ...
Running depmod.
update-initramfs: deferring update (hook will be called later)
The link /initrd.img is a dangling linkto /boot/initrd.img-4.10.0-26-generic
vmlinuz(/boot/vmlinuz-4.10.0-26-generic
) points to /boot/vmlinuz-4.10.0-26-generic
(/boot/vmlinuz-4.10.0-26-generic) -- doing nothing at /var/lib/dpkg/info/linux-image-4.10.0-26-generic.postinst line 491.
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/dkms 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
run-parts: executing /etc/kernel/postinst.d/dracut 4.10.0-26-generic /boot/vmlinuz-4.10.0-26-generic
sicherboot: Installing 4.10.0-26-generic to ESP
objcopy: cannot open: /boot//initrd.img-4.10.0-26-generic: No such file or directory
run-parts: /etc/kernel/postinst.d/dracut exited with return code 1
Failed to process /etc/kernel/postinst.d at /var/lib/dpkg/info/linux-image-4.10.0-26-generic.postinst line 1052.
dpkg: error processing package linux-image-4.10.0-26-generic (--configure):
subprocess installed post-installation script returned error exit status 2
dpkg: dependency problems prevent configuration of linux-image-generic:
linux-image-generic depends on linux-image-4.10.0-26-generic; however:
Package linux-image-4.10.0-26-generic is not configured yet.
linux-image-generic depends on linux-image-extra-4.10.0-26-generic; however:
Package linux-image-extra-4.10.0-26-generic is not installed.
dpkg: error processing package linux-image-generic (--configure):
dependency problems - leaving unconfigured
dpkg: dependency problems prevent configuration of linux-generic:
linux-generic depends on linux-image-generic (= 4.10.0.26.28); however:
Package linux-image-generic is not configured yet.
dpkg: error processing package linux-generic (--configure):
dependency problems - leaving unconfigured
Errors were encountered while processing:
linux-image-4.10.0-26-generic
linux-image-generic
linux-generic
julian-klode commented
Hmm, not sure what to do here. There's a reason it hijacked the dracut file - dracut does not support hooks.
But then I'm confused - how can you have both dracut and initramfs-tool installed? Both create a initramfs, and for dracut we hack around the missing hook, while for initramfs-tools it's done as an initramfs-tools hook.
julian-klode commented
Ah, I see, you probably don't have dracut - the dracut hack does not check if dracut is actually installed.
tdaitx commented
Indeed, I don't have it installed.
$ ls -l /etc/kernel/postinst.d/dracut*
-rwxr-xr-x 1 root root 262 Jul 5 16:45 /etc/kernel/postinst.d/dracut
$ dpkg -S /etc/kernel/postinst.d/dracut
diversion by sicherboot from: /etc/kernel/postinst.d/dracut
diversion by sicherboot to: /etc/kernel/postinst.d/dracut.SecureBoot
sicherboot: /etc/kernel/postinst.d/dracut
Then maybe the right way is to modify how sicherboot gets called from the dracut postinst script, how about this:
--- /etc/kernel/postinst.d/dracut.orig 2017-07-05 17:30:23.944058660 -0300
+++ /etc/kernel/postinst.d/dracut 2017-07-06 12:39:12.950788522 -0300
@@ -5,10 +5,11 @@
set -e
-# Run the real dracut first if it exists
-if [ -e /etc/kernel/postinst.d/dracut.SecureBoot ]; then
- /etc/kernel/postinst.d/dracut.SecureBoot "$@"
-fi
+# Do nothing if the diverted dracut does not exist
+[ -e /etc/kernel/postinst.d/dracut.SecureBoot ] || exit 0
+
+# Run the real dracut first
+/etc/kernel/postinst.d/dracut.SecureBoot "$@"
echo "sicherboot: Installing $1 to ESP"
julian-klode commented
No, that would be the wrong fix, it breaks on removed, but not purged dracut. I think I should divert /usr/bin/dracut, and not the kernel install hook, I'm not entirely sure why I did what I did.
A more correct fix is to look for /usr/bin/dracut, but there are some other cases where dracut does not generate the initramfs.
Deleted user commented
First of all thanks for this great tool! Unfortunately this issue isn't fixed.
The problem is scripts in /etc/kernel/postinst.d/ are executed in alphabetical order which means /etc/kernel/postinst.d/dracut is executed before /etc/kernel/postinst.d/initramfs-tools. That means sicherboot will be executed before initramfs is created which obviously fail.
For solution dracut hook should be renamed to zz-dracut or something like that.