Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

pacstrap fails due to mkinitcpio post hook #311

Closed
punoko opened this issue May 12, 2024 · 1 comment · Fixed by #312
Closed

pacstrap fails due to mkinitcpio post hook #311

punoko opened this issue May 12, 2024 · 1 comment · Fixed by #312

Comments

@punoko
Copy link
Contributor

punoko commented May 12, 2024
edited

Hello,

pacstrap exits with the following error when invoked with sbctl in the package list, as it is apparently trying to sign before keys have even been created :

# pacstrap -cKM ./sbctl base linux sbctl
...
==> Creating zstd-compressed initcpio image: '/boot/initramfs-linux-fallback.img'
  -> Early uncompressed CPIO image generation successful
==> Initcpio image generation successful
==> Running post hooks
  -> Running post hook: [sbctl]
Signing /boot/vmlinuz-linux
couldn't access /usr/share/secureboot/keys/db/db.pem: no such file or directory
==> ERROR: '/usr/lib/initcpio/post/sbctl' failed with exit code 1
error: command failed to execute correctly
Full log 
[root@60753b2172bf /]# truncate -s 2G sbctl.img

[root@60753b2172bf /]# losetup -fP --show sbctl.img
/dev/loop0

[root@60753b2172bf /]# mkfs.btrfs /dev/loop0
btrfs-progs v6.8.1
See https://btrfs.readthedocs.io for more information.

Performing full device TRIM /dev/loop0 (2.00GiB) ...
NOTE: several default settings have changed in version 5.15, please make sure
      this does not affect your deployments:
      - DUP for metadata (-m dup)
      - enabled no-holes (-O no-holes)
      - enabled free-space-tree (-R free-space-tree)

Label:              (null)
UUID:               7ca9a7f5-5c0a-49c1-a38d-10ceb86060fc
Node size:          16384
Sector size:        4096	(CPU page size: 4096)
Filesystem size:    2.00GiB
Block group profiles:
  Data:             single            8.00MiB
  Metadata:         DUP             102.38MiB
  System:           DUP               8.00MiB
SSD detected:       yes
Zoned device:       no
Features:           extref, skinny-metadata, no-holes, free-space-tree
Checksum:           crc32c
Number of devices:  1
Devices:
   ID        SIZE  PATH
    1     2.00GiB  /dev/loop0

[root@60753b2172bf /]# mkdir sbctl

[root@60753b2172bf /]# mount -o noatime,compress /dev/loop0 ./sbctl

[root@60753b2172bf /]# pacstrap -cKM ./sbctl base linux sbctl
==> Creating install root at ./sbctl
gpg: /./sbctl/etc/pacman.d/gnupg/trustdb.gpg: trustdb created
gpg: no ultimately trusted keys found
gpg: starting migration from earlier GnuPG versions
gpg: porting secret keys from '/./sbctl/etc/pacman.d/gnupg/secring.gpg' to gpg-agent
gpg: migration succeeded
==> Generating pacman master key. This may take some time.
gpg: Generating pacman keyring master key...
gpg: directory '/./sbctl/etc/pacman.d/gnupg/openpgp-revocs.d' created
gpg: revocation certificate stored as '/./sbctl/etc/pacman.d/gnupg/openpgp-revocs.d/242E2802084BE1EDF0C2926AE394949382F4D859.rev'
gpg: Done
==> Updating trust database...
gpg: marginals needed: 3  completes needed: 1  trust model: pgp
gpg: depth: 0  valid:   1  signed:   0  trust: 0-, 0q, 0n, 0m, 0f, 1u
==> Installing packages to ./sbctl
:: Synchronizing package databases...
 core downloading...
 extra downloading...
resolving dependencies...
:: There are 2 providers available for dbus-units:
:: Repository core
   1) dbus-broker-units  2) dbus-daemon-units

Enter a number (default=1):
:: There are 3 providers available for initramfs:
:: Repository core
   1) mkinitcpio
:: Repository extra
   2) booster  3) dracut

Enter a number (default=1):
looking for conflicting packages...

Package (124)                 New Version               Net Change  Download Size

core/acl                      2.3.2-1                     0.32 MiB
core/archlinux-keyring        20240429-1                  1.66 MiB
core/argon2                   20190702-5                  0.10 MiB       0.03 MiB
core/attr                     2.5.2-1                     0.21 MiB
core/audit                    4.0.1-3                     1.02 MiB
core/bash                     5.2.026-2                   9.20 MiB
core/binutils                 2.42+r91+g6224493e457-1    39.92 MiB       7.52 MiB
core/brotli                   1.1.0-2                     0.97 MiB
core/bzip2                    1.0.8-6                     0.14 MiB
core/ca-certificates          20220905-1                  0.00 MiB       0.00 MiB
core/ca-certificates-mozilla  3.100-1                     1.01 MiB
core/ca-certificates-utils    20220905-1                  0.01 MiB       0.01 MiB
core/coreutils                9.5-1                      15.47 MiB
core/cryptsetup               2.7.2-1                     2.81 MiB
core/curl                     8.7.1-6                     1.81 MiB
core/dbus                     1.14.10-2                   0.89 MiB
core/dbus-broker              36-2                        0.35 MiB
core/dbus-broker-units        36-2                        0.00 MiB
core/device-mapper            2.03.23-3                   0.73 MiB
core/diffutils                3.10-1                      1.48 MiB       0.34 MiB
core/e2fsprogs                1.47.0-2                    4.94 MiB
core/expat                    2.6.2-1                     0.41 MiB
core/file                     5.45-1                      8.33 MiB       0.39 MiB
core/filesystem               2024.04.07-1                0.02 MiB
core/findutils                4.9.0-3                     1.32 MiB       0.41 MiB
core/gawk                     5.3.0-1                     3.32 MiB       1.29 MiB
core/gcc-libs                 14.1.1+r1+g43b730b9134-1  143.27 MiB
core/gdbm                     1.23-2                      0.76 MiB       0.26 MiB
core/gettext                  0.22.4-1                    7.27 MiB       1.84 MiB
core/glib2                    2.80.2-1                   37.83 MiB
core/glibc                    2.39+r52+gf8e4623421-1     47.25 MiB
core/gmp                      6.3.0-2                     1.01 MiB
core/gnupg                    2.4.5-1                     9.62 MiB
core/gnutls                   3.8.5-1                     5.49 MiB
core/gpgme                    1.23.2-4                    1.47 MiB
core/grep                     3.11-1                      0.87 MiB       0.23 MiB
core/gzip                     1.13-2                      0.15 MiB       0.08 MiB
core/hwdata                   0.382-1                     9.11 MiB
core/iana-etc                 20240412-1                  3.98 MiB
core/icu                      74.2-2                     40.11 MiB
core/iproute2                 6.8.0-2                     2.88 MiB
core/iptables                 1:1.8.10-1                  2.38 MiB       0.43 MiB
core/iputils                  20240117-1                  0.49 MiB
core/jansson                  2.14-4                      0.18 MiB       0.05 MiB
core/json-c                   0.17-1                      0.18 MiB       0.06 MiB
core/kbd                      2.6.4-1                     3.14 MiB       1.25 MiB
core/keyutils                 1.6.3-2                     0.19 MiB       0.10 MiB
core/kmod                     32-1                        0.28 MiB
core/krb5                     1.21.2-2                    4.62 MiB       1.28 MiB
core/libarchive               3.7.4-1                     1.17 MiB
core/libassuan                2.5.7-2                     0.22 MiB
core/libbpf                   1.3.0-1                     0.78 MiB       0.24 MiB
core/libcap                   2.69-4                      1.72 MiB
core/libcap-ng                0.8.5-2                     0.12 MiB
core/libelf                   0.191-3                     2.92 MiB
core/libevent                 2.1.12-4                    1.12 MiB       0.26 MiB
core/libffi                   3.4.6-1                     0.09 MiB
core/libgcrypt                1.10.3-1                    1.50 MiB       0.58 MiB
core/libgpg-error             1.49-1                      1.06 MiB
core/libidn2                  2.3.7-1                     0.46 MiB
core/libksba                  1.6.6-1                     0.30 MiB
core/libldap                  2.6.7-2                     0.65 MiB
core/libmnl                   1.0.5-2                     0.03 MiB
core/libnetfilter_conntrack   1.0.9-2                     0.14 MiB
core/libnfnetlink             1.0.2-2                     0.05 MiB
core/libnftnl                 1.2.6-1                     0.25 MiB       0.07 MiB
core/libnghttp2               1.61.0-1                    0.40 MiB
core/libnghttp3               1.2.0-1                     0.23 MiB
core/libnl                    3.9.0-1                     2.11 MiB       0.41 MiB
core/libnsl                   2.0.1-1                     0.07 MiB
core/libp11-kit               0.25.3-1                    3.17 MiB       0.50 MiB
core/libpcap                  1.10.4-1                    0.63 MiB       0.28 MiB
core/libpsl                   0.21.5-2                    0.22 MiB
core/libsasl                  2.1.28-4                    0.50 MiB       0.14 MiB
core/libseccomp               2.5.5-3                     0.24 MiB
core/libsecret                0.21.4-1                    1.15 MiB
core/libssh2                  1.11.0-1                    0.45 MiB       0.23 MiB
extra/libsysprof-capture      46.0-3                      0.24 MiB
core/libtasn1                 4.19.0-1                    0.46 MiB       0.14 MiB
core/libtirpc                 1.3.4-1                     0.42 MiB       0.17 MiB
core/libunistring             1.2-1                       2.49 MiB
core/libusb                   1.0.27-1                    0.21 MiB
core/libverto                 0.3.2-5                     0.07 MiB
core/libxcrypt                4.4.36-1                    0.18 MiB       0.08 MiB
core/libxml2                  2.12.6-2                    3.46 MiB
core/licenses                 20240206-1                  1.54 MiB
core/linux-api-headers        6.8-1                       5.54 MiB
core/lz4                      1:1.9.4-3                   0.66 MiB
core/mkinitcpio               39-1                        0.20 MiB       0.06 MiB
core/mkinitcpio-busybox       1.36.1-1                    0.51 MiB       0.27 MiB
core/mpfr                     4.2.1-3                     1.01 MiB
core/ncurses                  6.4_20230520-3              3.94 MiB
core/nettle                   3.9.1-1                     1.04 MiB       0.45 MiB
core/npth                     1.7-1                       0.08 MiB
core/openssl                  3.3.0-1                    10.92 MiB
core/p11-kit                  0.25.3-1                    0.99 MiB       0.23 MiB
core/pacman                   6.1.0-3                     4.78 MiB
core/pacman-mirrorlist        20231001-1                  0.05 MiB       0.01 MiB
core/pam                      1.6.1-2                     3.20 MiB
core/pambase                  20230918-1                  0.00 MiB       0.00 MiB
core/pciutils                 3.12.0-1                    0.37 MiB
core/pcre2                    10.43-4                     6.36 MiB
core/pinentry                 1.3.0-1                     0.71 MiB
core/popt                     1.19-1                      0.23 MiB       0.07 MiB
core/procps-ng                4.0.4-3                     2.28 MiB
core/psmisc                   23.7-1                      0.76 MiB
core/readline                 8.2.010-1                   0.74 MiB
core/sed                      4.9-3                       0.70 MiB       0.21 MiB
core/shadow                   4.15.1-2                    3.75 MiB
core/sqlite                   3.45.3-1                    7.90 MiB
core/systemd                  255.6-1                    30.95 MiB
core/systemd-libs             255.6-1                     2.70 MiB
core/systemd-sysvcompat       255.6-1                     0.00 MiB
core/tar                      1.35-2                      2.80 MiB       0.76 MiB
core/tpm2-tss                 4.0.1-1                     3.61 MiB       0.94 MiB
core/tzdata                   2024a-2                     2.00 MiB
core/util-linux               2.40.1-1                   14.47 MiB
core/util-linux-libs          2.40.1-1                    1.27 MiB
core/xz                       5.6.1-3                     2.46 MiB
core/zlib                     1:1.3.1-2                   0.33 MiB
core/zstd                     1.5.5-1                     1.43 MiB       0.47 MiB
core/base                     3-2                         0.00 MiB       0.00 MiB
core/linux                    6.8.9.arch1-2             132.59 MiB     132.37 MiB
extra/sbctl                   0.14-1                      6.54 MiB       2.20 MiB

Total Download Size:   156.69 MiB
Total Installed Size:  707.72 MiB

:: Proceed with installation? [Y/n]
:: Retrieving packages...
 linux-6.8.9.arch1-2-x86_64 downloading...
 binutils-2.42+r91+g6224493e457-1-x86_64 downloading...
 sbctl-0.14-1-x86_64 downloading...
 gettext-0.22.4-1-x86_64 downloading...
 gawk-5.3.0-1-x86_64 downloading...
 krb5-1.21.2-2-x86_64 downloading...
 kbd-2.6.4-1-x86_64 downloading...
 tpm2-tss-4.0.1-1-x86_64 downloading...
 tar-1.35-2-x86_64 downloading...
 libgcrypt-1.10.3-1-x86_64 downloading...
 libp11-kit-0.25.3-1-x86_64 downloading...
 zstd-1.5.5-1-x86_64 downloading...
 nettle-3.9.1-1-x86_64 downloading...
 iptables-1:1.8.10-1-x86_64 downloading...
 findutils-4.9.0-3-x86_64 downloading...
 libnl-3.9.0-1-x86_64 downloading...
 file-5.45-1-x86_64 downloading...
 diffutils-3.10-1-x86_64 downloading...
 libpcap-1.10.4-1-x86_64 downloading...
 mkinitcpio-busybox-1.36.1-1-x86_64 downloading...
 libevent-2.1.12-4-x86_64 downloading...
 gdbm-1.23-2-x86_64 downloading...
 libbpf-1.3.0-1-x86_64 downloading...
 libssh2-1.11.0-1-x86_64 downloading...
 grep-3.11-1-x86_64 downloading...
 p11-kit-0.25.3-1-x86_64 downloading...
 sed-4.9-3-x86_64 downloading...
 libtirpc-1.3.4-1-x86_64 downloading...
 libsasl-2.1.28-4-x86_64 downloading...
 libtasn1-4.19.0-1-x86_64 downloading...
 keyutils-1.6.3-2-x86_64 downloading...
 libxcrypt-4.4.36-1-x86_64 downloading...
 gzip-1.13-2-x86_64 downloading...
 popt-1.19-1-x86_64 downloading...
 libnftnl-1.2.6-1-x86_64 downloading...
 mkinitcpio-39-1-any downloading...
 json-c-0.17-1-x86_64 downloading...
 jansson-2.14-4-x86_64 downloading...
 argon2-20190702-5-x86_64 downloading...
 ca-certificates-utils-20220905-1-any downloading...
 pacman-mirrorlist-20231001-1-any downloading...
 pambase-20230918-1-any downloading...
 base-3-2-any downloading...
 ca-certificates-20220905-1-any downloading...
checking keyring...
checking package integrity...
loading package files...
checking for file conflicts...
:: Processing package changes...
installing iana-etc...
installing filesystem...
installing linux-api-headers...
installing tzdata...
Optional dependencies for tzdata
    bash: for tzselect [pending]
    glibc: for zdump, zic [pending]
installing glibc...
Optional dependencies for glibc
    gd: for memusagestat
    perl: for mtrace
installing gcc-libs...
installing ncurses...
Optional dependencies for ncurses
    bash: for ncursesw6-config [pending]
installing readline...
installing bash...
Optional dependencies for bash
    bash-completion: for tab completion
installing acl...
installing attr...
installing gmp...
installing zlib...
installing sqlite...
installing util-linux-libs...
Optional dependencies for util-linux-libs
    python: python bindings to libmount
installing e2fsprogs...
Optional dependencies for e2fsprogs
    lvm2: for e2scrub
    util-linux: for e2scrub [pending]
    smtp-forwarder: for e2scrub_fail script
installing gdbm...
installing openssl...
Optional dependencies for openssl
    ca-certificates [pending]
    perl
installing libsasl...
installing libldap...
installing keyutils...
installing libevent...
Optional dependencies for libevent
    python: event_rpcgen.py
installing libverto...
installing krb5...
installing libtirpc...
installing pambase...
installing libcap-ng...
installing audit...
Optional dependencies for audit
    libldap: for audispd-zos-remote [installed]
    sh: for augenrules [installed]
installing libxcrypt...
installing libnsl...
installing pam...
installing libcap...
installing coreutils...
installing xz...
installing bzip2...
installing libseccomp...
installing lz4...
installing zstd...
installing file...
installing findutils...
installing mpfr...
installing gawk...
installing pcre2...
Optional dependencies for pcre2
    sh: for pcre2-config [installed]
installing grep...
installing libgpg-error...
installing libgcrypt...
installing systemd-libs...
installing procps-ng...
installing sed...
installing tar...
installing libunistring...
installing icu...
installing libxml2...
Optional dependencies for libxml2
    python: Python bindings
installing gettext...
Optional dependencies for gettext
    git: for autopoint infrastructure updates
installing hwdata...
installing kmod...
installing pciutils...
Optional dependencies for pciutils
    which: for update-pciids
    grep: for update-pciids [installed]
    curl: for update-pciids [pending]
installing psmisc...
installing shadow...
installing util-linux...
Optional dependencies for util-linux
    words: default dictionary for look
installing gzip...
Optional dependencies for gzip
    less: zless support
    util-linux: zmore support [installed]
    diffutils: zdiff/zcmp support [pending]
installing licenses...
installing libarchive...
installing libffi...
installing libtasn1...
installing libp11-kit...
installing p11-kit...
installing ca-certificates-utils...
installing ca-certificates-mozilla...
installing ca-certificates...
installing brotli...
installing libidn2...
installing libnghttp2...
installing libnghttp3...
installing libpsl...
installing libssh2...
installing curl...
installing nettle...
installing gnutls...
Optional dependencies for gnutls
    tpm2-tss: support for TPM2 wrapped keys [pending]
installing libksba...
installing libassuan...
installing libusb...
installing npth...
installing libsysprof-capture...
installing glib2...
Optional dependencies for glib2
    gvfs: most gio functionality
    libelf: gresource inspection tool [pending]
    python: gdbus-codegen, glib-genmarshal, glib-mkenums, gtester-report
    python-packaging: gdbus-codegen
installing json-c...
installing tpm2-tss...
installing libsecret...
Optional dependencies for libsecret
    org.freedesktop.secrets: secret storage backend
installing pinentry...
Optional dependencies for pinentry
    gtk2: gtk2 backend
    qt5-x11extras: qt backend
    kwayland5: qt backend
    gcr: gnome3 backend
installing gnupg...
Optional dependencies for gnupg
    pcsclite: for using scdaemon not with the gnupg internal card driver
installing gpgme...
installing pacman-mirrorlist...
installing pacman...
Optional dependencies for pacman
    perl-locale-gettext: translation support in makepkg-template
installing archlinux-keyring...
installing device-mapper...
installing popt...
installing argon2...
installing cryptsetup...
installing expat...
installing dbus...
installing dbus-broker...
installing dbus-broker-units...
installing kbd...
installing libelf...
installing systemd...
Initializing machine ID from random generator.
Creating group 'sys' with GID 3.
Creating group 'mem' with GID 8.
Creating group 'ftp' with GID 11.
Creating group 'mail' with GID 12.
Creating group 'log' with GID 19.
Creating group 'smmsp' with GID 25.
Creating group 'proc' with GID 26.
Creating group 'games' with GID 50.
Creating group 'lock' with GID 54.
Creating group 'network' with GID 90.
Creating group 'floppy' with GID 94.
Creating group 'scanner' with GID 96.
Creating group 'power' with GID 98.
Creating group 'nobody' with GID 65534.
Creating group 'adm' with GID 999.
Creating group 'wheel' with GID 998.
Creating group 'utmp' with GID 997.
Creating group 'audio' with GID 996.
Creating group 'disk' with GID 995.
Creating group 'input' with GID 994.
Creating group 'kmem' with GID 993.
Creating group 'kvm' with GID 992.
Creating group 'lp' with GID 991.
Creating group 'optical' with GID 990.
Creating group 'render' with GID 989.
Creating group 'sgx' with GID 988.
Creating group 'storage' with GID 987.
Creating group 'tty' with GID 5.
Creating group 'uucp' with GID 986.
Creating group 'video' with GID 985.
Creating group 'users' with GID 984.
Creating group 'groups' with GID 983.
Creating group 'systemd-journal' with GID 982.
Creating group 'rfkill' with GID 981.
Creating group 'bin' with GID 1.
Creating user 'bin' (n/a) with UID 1 and GID 1.
Creating group 'daemon' with GID 2.
Creating user 'daemon' (n/a) with UID 2 and GID 2.
Creating user 'mail' (n/a) with UID 8 and GID 12.
Creating user 'ftp' (n/a) with UID 14 and GID 11.
Creating group 'http' with GID 33.
Creating user 'http' (n/a) with UID 33 and GID 33.
Creating user 'nobody' (Kernel Overflow User) with UID 65534 and GID 65534.
Creating group 'dbus' with GID 81.
Creating user 'dbus' (System Message Bus) with UID 81 and GID 81.
Creating group 'systemd-coredump' with GID 980.
Creating user 'systemd-coredump' (systemd Core Dumper) with UID 980 and GID 980.
Creating group 'systemd-network' with GID 979.
Creating user 'systemd-network' (systemd Network Management) with UID 979 and GID 979.
Creating group 'systemd-oom' with GID 978.
Creating user 'systemd-oom' (systemd Userspace OOM Killer) with UID 978 and GID 978.
Creating group 'systemd-journal-remote' with GID 977.
Creating user 'systemd-journal-remote' (systemd Journal Remote) with UID 977 and GID 977.
Creating group 'systemd-resolve' with GID 976.
Creating user 'systemd-resolve' (systemd Resolver) with UID 976 and GID 976.
Creating group 'systemd-timesync' with GID 975.
Creating user 'systemd-timesync' (systemd Time Synchronization) with UID 975 and GID 975.
Creating group 'tss' with GID 974.
Creating user 'tss' (tss user for tpm2) with UID 974 and GID 974.
Creating group 'uuidd' with GID 68.
Creating user 'uuidd' (n/a) with UID 68 and GID 68.
Created symlink /etc/systemd/system/getty.target.wants/getty@tty1.service → /usr/lib/systemd/system/getty@.service.
Created symlink /etc/systemd/system/multi-user.target.wants/remote-fs.target → /usr/lib/systemd/system/remote-fs.target.
Created symlink /etc/systemd/system/sockets.target.wants/systemd-userdbd.socket → /usr/lib/systemd/system/systemd-userdbd.socket.
Optional dependencies for systemd
    libmicrohttpd: systemd-journal-gatewayd and systemd-journal-remote
    quota-tools: kernel-level quota management
    systemd-sysvcompat: symlink package to provide sysvinit binaries [pending]
    systemd-ukify: combine kernel and initrd into a signed Unified Kernel Image
    polkit: allow administration as unprivileged user
    curl: systemd-journal-upload, machinectl pull-tar and pull-raw [installed]
    gnutls: systemd-journal-gatewayd and systemd-journal-remote [installed]
    qrencode: show QR codes
    iptables: firewall features [pending]
    libbpf: support BPF programs [pending]
    libpwquality: check password quality
    libfido2: unlocking LUKS2 volumes with FIDO2 token
    libp11-kit: support PKCS#11 [installed]
    tpm2-tss: unlocking LUKS2 volumes with TPM2 [installed]
installing systemd-sysvcompat...
installing iputils...
installing libmnl...
installing libnftnl...
installing libnl...
installing libpcap...
installing libnfnetlink...
installing libnetfilter_conntrack...
installing iptables...
installing libbpf...
installing iproute2...
Optional dependencies for iproute2
    db5.3: userspace arp daemon
    linux-atm: ATM support
    python: for routel
installing base...
Optional dependencies for base
    linux: bare metal support [pending]
installing mkinitcpio-busybox...
installing jansson...
installing binutils...
Optional dependencies for binutils
    debuginfod: for debuginfod server/client functionality
installing diffutils...
installing mkinitcpio...
Optional dependencies for mkinitcpio
    gzip: Use gzip compression for the initramfs image [installed]
    xz: Use lzma or xz compression for the initramfs image [installed]
    bzip2: Use bzip2 compression for the initramfs image [installed]
    lzop: Use lzo compression for the initramfs image
    lz4: Use lz4 compression for the initramfs image [installed]
    mkinitcpio-nfs-utils: Support for root filesystem on NFS
installing linux...
Optional dependencies for linux
    wireless-regdb: to set the correct wireless channels of your country
    linux-firmware: firmware images needed for some devices
installing sbctl...
:: Running post-transaction hooks...
( 1/14) Creating system user accounts...
( 2/14) Updating journal message catalog...
( 3/14) Reloading system manager configuration...
  Skipped: Running in chroot.
( 4/14) Reloading user manager configuration...
  Skipped: Running in chroot.
( 5/14) Updating udev hardware database...
( 6/14) Applying kernel sysctl settings...
  Skipped: Running in chroot.
( 7/14) Creating temporary files...
( 8/14) Reloading device manager configuration...
  Skipped: Running in chroot.
( 9/14) Arming ConditionNeedsUpdate...
(10/14) Rebuilding certificate stores...
(11/14) Updating module dependencies...
(12/14) Updating linux initcpios...
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
==> Using default configuration file: '/etc/mkinitcpio.conf'
  -> -k /boot/vmlinuz-linux -g /boot/initramfs-linux.img
==> Starting build: '6.8.9-arch1-2'
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
  -> Running build hook: [microcode]
  -> Running build hook: [modconf]
  -> Running build hook: [kms]
==> WARNING: Possibly missing firmware for module: 'i915'
  -> Running build hook: [keyboard]
==> WARNING: Possibly missing firmware for module: 'xhci_pci'
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [block]
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> WARNING: No fsck helpers found. fsck will not be run on boot.
==> Generating module dependencies
==> Creating zstd-compressed initcpio image: '/boot/initramfs-linux.img'
==> WARNING: errors were encountered during the build. The image may not be complete.
==> Running post hooks
  -> Running post hook: [sbctl]
Signing /boot/vmlinuz-linux
couldn't access /usr/share/secureboot/keys/db/db.pem: no such file or directory
==> ERROR: '/usr/lib/initcpio/post/sbctl' failed with exit code 1
==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
==> Using default configuration file: '/etc/mkinitcpio.conf'
  -> -k /boot/vmlinuz-linux -g /boot/initramfs-linux-fallback.img -S autodetect
==> Starting build: '6.8.9-arch1-2'
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [microcode]
  -> Running build hook: [modconf]
  -> Running build hook: [kms]
==> WARNING: Possibly missing firmware for module: 'amdgpu'
==> WARNING: Possibly missing firmware for module: 'ast'
==> WARNING: Possibly missing firmware for module: 'i915'
==> WARNING: Possibly missing firmware for module: 'nouveau'
==> WARNING: Possibly missing firmware for module: 'radeon'
==> WARNING: Possibly missing firmware for module: 'xe'
  -> Running build hook: [keyboard]
==> WARNING: Possibly missing firmware for module: 'xhci_pci'
  -> Running build hook: [keymap]
  -> Running build hook: [consolefont]
==> WARNING: consolefont: no font found in configuration
  -> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: 'advansys'
==> WARNING: Possibly missing firmware for module: 'aic94xx'
==> WARNING: Possibly missing firmware for module: 'bfa'
==> WARNING: Possibly missing firmware for module: 'cxgb4'
==> WARNING: Possibly missing firmware for module: 'csiostor'
==> WARNING: Possibly missing firmware for module: 'cxgb3'
==> WARNING: Possibly missing firmware for module: 'isci'
==> WARNING: Possibly missing firmware for module: 'qed'
==> WARNING: Possibly missing firmware for module: 'qla1280'
==> WARNING: Possibly missing firmware for module: 'qla2xxx'
==> WARNING: Possibly missing firmware for module: 'wd719x'
==> WARNING: Possibly missing firmware for module: 'ums_eneub6250'
  -> Running build hook: [filesystems]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating zstd-compressed initcpio image: '/boot/initramfs-linux-fallback.img'
  -> Early uncompressed CPIO image generation successful
==> Initcpio image generation successful
==> Running post hooks
  -> Running post hook: [sbctl]
Signing /boot/vmlinuz-linux
couldn't access /usr/share/secureboot/keys/db/db.pem: no such file or directory
==> ERROR: '/usr/lib/initcpio/post/sbctl' failed with exit code 1
error: command failed to execute correctly
(13/14) Reloading system bus configuration...
  Skipped: Running in chroot.
(14/14) Signing EFI binaries...
Generating EFI bundles....

This used to work and I'm not sure what changed. I first noticed it from my weekly CI and reproduced on both my own machine and the official docker image. I suppose the hook should check for keys before attempting to sign?
Thanks, have a nice day
@punoko
Copy link
Contributor Author

punoko commented May 12, 2024
edited

Upon further investigation it seems that the post hook script (/usr/lib/initcpio/post/sbctl) changed from version 0.13-2 to 0.14-1 8e0e68b:

#!/usr/bin/bash
- echo "Signing EFI binaries..."
- /usr/bin/sbctl sign-all -g
+ 
+ KERENEL_FILE="$1"
+ UKI_FILE="$3"
+ 
+ IMAGE_FILE="$KERENEL_FILE"
+ if [ -n "$KERNELDESTINATION" ] && [ -f "$KERNELDESTINATION" ]; then
+     IMAGE_FILE="$KERNELDESTINATION"
+ fi
+ if [ -n "$UKI_FILE" ]; then
+     IMAGE_FILE="$UKI_FILE"
+ fi
+ 
+ if [ -z "$IMAGE_FILE" ]; then
+     echo "No kernel or UKI found for signing"
+     exit 0
+ fi
+ 
+ echo "Signing $IMAGE_FILE"
+ sbctl sign -s "$IMAGE_FILE"

sign-all behaved nicely and returned 0 since nothing had been enrolled yet, but sign -s "$IMAGE_FILE" fails as it expects keys to exist

@punoko punoko mentioned this issue May 12, 2024
Merged
@punoko punoko changed the title pacstrap fails due to sbctl post hook pacstrap fails due to mkinitcpio post hook May 12, 2024
@haplo haplo mentioned this issue May 21, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Update the mkinitcpio post hook to return 0 when no keys are found punoko/sbctl
1 participant
@punoko