libera/#devuan-dev/ Monday, 2019-01-28

fsmithredRyushin, I recall clearly now that it said Devuan in the boot menu.03:10
fsmithredboth when I was booting from command line and after I fixed it03:11
Ryushinfsmithred: Let me check my VM.03:28
RyushinMy grub menu shows Devuan.  The UEFI has an entry for devuan and debian.  So that is why my vm probably booted just fine.  If it could not boot one, it booted the other.03:31
Ryushinrunning efibootmgr on my laptop shows Debian, Windows Boot Manager, refind, and devuan.  Hmm... no wonder booting got messed up.03:34
RyushinWondering if grub should be forked to keep thing like this from happening in the future.  Seems a bit like over kill though.03:35
fsmithredmight be a simple fix03:42
RyushinI'm thinking so.03:44
RyushinIn the VM, I deleted the debian UEFI entry and its /boot/efi/EFI/debian directory.03:46
fsmithredrm or efibootmgr?03:46
RyushinI did a grub-reinstall again, and it did not create a /boot/efi/EFI/debian folder.  But now, during boot, it drops to a grub shell and shows the prefix as (hd0,gpt1)/EFI/debian03:47
Ryushinlet me see if it created a debian uefi entry.03:47
fsmithredoh, so now it knows where the efi partition is03:47
fsmithredother than that, it's expected behavior03:48
fsmithredor consistent with my experience, anyway03:48
RyushinSo now the prefix is wrong and it will no longer boot.  devuan uefi entry and /boot/efi/EFI/debian.03:48
RyushinBut if the debian folder was there, it would boot.  At least I think it will.  Let me try.03:49
RyushinYep, I just copied the /boot/efi/EFI/devuan to /boot/efi/EFI/debian and now the system boots.03:50
RyushinSo the prefix is pulling from the debian folder.  Who knows how long both folders were there.03:51
fsmithredediting that grub.cfg should also work to fix it03:52
RyushinAnd there is only one UEFI entry for devuan.03:52
RyushinAre you thinking bout removing the prefix and hard coding it?03:53
RyushinEditing /boot/efi/EFI/devuan/grub.cfg or /boot/grub/grub.cfg?03:54
fsmithredEFI/devuan/grub.cfg03:55
fsmithredI don't really want to do that03:55
fsmithredbut might do it anyway, just to see03:55
fsmithredbut not tonight. almost time for me to sleep.03:55
RyushinI'm testing, but I'm thinking the /boot/efi/EFI/devuan/grub.cfg is never even read yet.  As it's entry is set prefix=($root)'/boot/grub04:00
RyushinLet me look at the efibootmgr04:01
Ryushinefibootmgr -v shows Boot0001* devuanHD(1,GPT,5ae879c2-723d-46be-8696-ae9fb5d90e62,0x800,0xee000)/File(\EFI\devuan\grubx64.efi)04:09
RyushinAnd echo $prefix shows (hd0,gpt1)/EFI/debian04:10
RyushinSo I'm really thinking now that debian had hard coded that in the prefix somewhere in the code.04:11
RyushinSo tomorrow then.  At least I think we are getting closer.04:15
fsmithredyeah, thanks04:15
Ryushinfsmithred: Need to look closer, but this might be our bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76917213:56
RyushinIn version: 2.02+dfsg1-513:57
fsmithredLooks like that's the right place. I'm getting the source package now.14:07
RyushinI think you will need to change line 32: efi_vendor="${6:-$(dpkg-vendor --query vendor | tr '[:upper:]' '[:lower:]')}"14:11
RyushinI think Devuan will need to fork the package actually for the new signed package grub-efi-amd64-signed14:12
fsmithredoh, maybe14:13
fsmithredwonder what happens if I remove that package14:13
RyushinReading that bug, I don't think it matters as they hard coded the prefix now.14:13
fsmithredthat needs to change14:14
fsmithredunless they're planning to drop the --bootloader-id option14:14
fsmithrednot sure then what happens if you have two debian installs on the same box14:15
fsmithredthey compete for bootloader, I guess14:15
RyushinI think it's because of the whole signing issue.  And that was the signed package that I noticed between my old version of grub that I was installing and the new one.14:15
fsmithredyeah, I saw that and wondered about it14:15
fsmithreddamn, cloning the git is  s l o w14:17
RyushinI don't think having the two debian installs would affect it.  It's just going to start one grub.cfg file and you will need a chainloader to point to boot the other debian distro.14:18
onefangThat's how my Magic Pixie Dust USB stick works.  20 odd distros, some of them Debian based.14:19
RyushinI think that this is just a nature of having a signed distro now?14:19
onefangIt doesn't do EFI though.14:20
RyushinI guess refind or a unsigned grub will have to be used.14:20
onefangDevuan ASCII is the main one that controls grub.14:20
fsmithredonefang, don't go away - I'm gonna give you a link14:21
onefangI gotta stay up for at least the next hour.14:21
fsmithredhttps://get.refracta.org/files/experimental/dev1usb_2019-01-25.img14:22
fsmithredtest build of a live usb that uses grub14:22
fsmithredbios/uefi, devuan desktop-live, minimal-live, netinstall and mini.iso14:23
fsmithredum, maybe not mini.iso on that one14:23
RyushinNot sure if devuan wants to build the EFI signing infrastructure or not.14:24
fsmithredanyway, minimal-live fails to boot and netinstall requires dropping to console and running a few commands to get the installer to find the cd14:24
fsmithredno devuan devs are looking for more work to do14:24
onefangI probably wont get to look at it until Wednesday, but I'm downloading it now.14:24
onefangSlowly.  lol14:25
Ryushinfsmithred: I would not think the devs would want any more to do as well, especially something like grub to manage.  But I don't see a way out unless you fork the package and remove all the signing components.14:27
RyushinThe easiest path might be to create the signing infrastructure and that way you can just keep using the debian source.14:28
RyushinI really have no interest in needing secure boot to work.14:28
fsmithredsame here14:28
onefangI'm only interested in having something that boots on legacy and EFI, without having to diddle with the BIOS settings.14:29
fsmithredI have to reboot to do this, but I'll try removing the -signed package14:29
onefangBonus if it can boot on a Mac.14:29
fsmithredonefang, you're talking about a live or installer disk?14:30
onefangUSB stick I carry with me, tat has the 20 odd distros, boot on what ever computer I need no work on, choose the distro depending on what I need at the time.  Sometimes that might be to install something.  My swiss army knife.14:31
fsmithredwhat does it use for booting?14:32
fsmithred(which bootloader)14:32
onefangBIOS Grub at the moment.14:32
onefangA grub that is controlled from the main distro, ASCII.14:33
fsmithredyjsy14:33
fsmithredoops14:34
fsmithredthat's a regular installation, or a live system?14:34
onefangRegular install, though some of the others are live systems.14:34
onefangHEADS is a live system.  Most of the Red Hat ones are to, but that's coz the RH installer can't handle sharing a GPT with others.  The exception there is QUBES.14:36
fsmithredI couldn't get heads to boot on my multi-boot live-usb14:37
fsmithreddrops to initramfs shell14:37
fsmithredI'd like to see your boot menu entry for that14:38
Ryushinfsmithred: Going to rebuild the grub source package.14:41
fsmithredoh, good luck. You changed something in it?14:41
RyushinNope.  I think it will pick up the devuan line just fine.  This line should show devuan: dpkg-vendor --query vendor | tr '[:upper:]' '[:lower:]')14:43
onefangI need a new SD card reader.  lol14:46
fsmithredRyushin, I removed the devuan and debian bootloaders and the grub-efi-amd64-signed package14:48
fsmithredran grub-install and update-grub and it boots correctly14:49
fsmithredit created a devuan boot dir on the efi partition, and that works14:49
RyushinYou also deleted the /boot/efi/EFI/debian directory?14:50
fsmithredyes14:50
Ryushinnice.14:50
fsmithredI used efibootmgr -b XXXX -B XXXX14:50
fsmithredon both devuan and debian bootloaders14:50
fsmithredwhich removed those dirs14:50
onefangThe relevant lines are -14:50
fsmithredgrub-install made a new devuan dir, and it works14:51
RyushinI did not know that.  I manually deleted the directories but used the efibootmgr to delete the UEFI entires.14:51
onefangsearch -n -l "heads amd64" -s14:51
onefangchainloader +114:51
fsmithredyou have the intact iso file on the usb, or you unpacked it?14:52
fsmithred^^^ onefang14:53
onefangIt's an ext4 partition with /isolinux and /live.14:55
onefangSo the chainloader is running isolinux.14:55
onefangAh, I run extlinux on that partition to make it bootable.14:58
fsmithredyeah, extlinux with ext14:58
fsmithreddo you know if chainloader would work to boot an iso file?15:00
fsmithredneed food. brb15:01
onefangI think I have some of those on there.15:01
onefangHmmm, I used to have some of those, but I ended up unpacking them.  So that's a yes in theory, I managed it somehow or other, just can't recall the details.  It was years ago.15:07
Ryushinfsmithred: Holy smokes, the grub compile tests take a LONG time to run.  They are still running.15:10
RyushinSo compiling the source did not produce the grub-efi-amd64-signed package.  It produced a grub-efi-amd64-signed-template_2.02+dfsg1-10_amd64.deb package.15:29
fsmithredso it can be modified for any distro?15:29
fsmithred(if you can figure out what to do with it)15:30
RyushinWell, I'm thinking that debian has another step that creates the grub-efi-amd64-signed package.15:30
fsmithredyeah, probably some secret command15:30
RyushinJust compiling the grub package does not produce it.15:30
RyushinWell, I think it is that signing infrastructure that was mentioned in the bug.15:30
RyushinLet me remove that signed package like you did and run your same tests.15:31
fsmithredyes, I think that's what puts the grub.cfg in the efi partition15:31
fsmithredwait!15:32
Ryushinwaiting....  :)15:32
fsmithredrun 'aptitude why grub-efi-amd64-signed'15:32
fsmithredI forgot to do that to see what pulled it in15:32
Ryushini   grub-efi-amd64     Depends    grub-efi-amd64-bin (= 2.02+dfsg1-10)                    i A grub-efi-amd64-bin Recommends grub-efi-amd64-signed15:33
RyushinSo another recommended package.  Just like apparmor and the kernel.15:33
fsmithredah, ok. first part of my install did not exclude recommends15:34
RyushinBut just doing an apt upgrade if there is a new grub package will install grub-efi-amd64-signed package.15:34
fsmithredwill it?15:35
RyushinSo can Devuan just exclude the file in the merged?15:35
fsmithredoh, maybe dist-upgrade will do it. Upgrade should not install any new packages15:35
RyushinYep, it will.  Found that out the hard way with apparmor.15:35
fsmithreddamn15:36
fsmithredwe might want to keep the package available in case someone needs secure boot15:36
RyushinSo perhaps with the merged packages the signed package can be blacklisted15:36
fsmithredpretty sure it can15:36
RyushinIt's useless without providing the back end for creating the signed package for devuan.15:37
fsmithredwon't it work if you use --bootloader-id=debian?15:37
RyushinWell, there has to be a /boot/efi/EFI/devuan|debian folders to work.15:38
RyushinLet me test removing the signed package like you did.15:39
fsmithredok15:39
Ryushinfsmithred: Yep, so removing the signed package removes the forced prefix.15:45
RyushinSo just have that package blacklisted15:45
RyushinBTW, it seems that efibootmgr -b XXXX -B XXXX did not delete the folders in /boot/efi/EFI.  I had to do that manually.15:46
fsmithredmaybe different uefi implementations15:46
fsmithredI'm using a toshiba laptop15:46
fsmithredthe efibootmgr command to change the order of the bootloaders works, but then it reverts to the old order when I reboot. So really, it doesn't work.15:47
RyushinOkay, so problem solved.  Someone just needs to blacklist the package.15:50
KatolaZI hope you can summarise the discussion later15:51
KatolaZ:)15:51
fsmithredsummary of the first part is in my email to devuan-dev yesterday15:51
fsmithredmini.iso install boots to grub prompt15:52
KatolaZfsmithred: but that is about mini.iso, not minimal-live right?15:52
fsmithredright15:52
fsmithredit's about grub15:52
KatolaZfsmithred: in which case, in particular?15:52
KatolaZ('cause I have used it several times already)15:52
fsmithrednew grub includes grub-efi-amd64-signed, which puts a grub.cfg in the devuan dir on the efi partition15:53
fsmithredbut that grub.cfg wants to find a debian dir on that partition15:53
KatolaZin the debian partition15:53
fsmithredyes15:53
fsmithredno15:53
KatolaZwe have not forked grub15:53
fsmithreddevuan partition15:53
KatolaZso where does the "devuan" come from?15:53
fsmithredgrub15:53
KatolaZmmmhhh15:53
KatolaZhow?15:53
fsmithredit knows we're running devuan15:53
fsmithredgrub magic15:53
KatolaZoh son of a bitch, that grub15:54
fsmithredlol15:54
KatolaZbadass chap :D15:54
onefangThat's grub 2, it's twice as bad.15:54
fsmithredI think most people would agree with that15:54
Ryushingrub-efi-amd64-signed forced a grub prefix of (root)/EFI/debian and it will never find the (root)EFI/devuan folder.15:54
KatolaZwell, let's just convince grub to use a debian/ folder15:55
KatolaZ(obvious and, I guess, not immediate)15:55
fsmithredyou can do 'grub-install --bootloader-id=debian' and it will work15:55
KatolaZI wonder where grub takes that info from15:55
fsmithredbut really, grub needs to be fixed upstream15:55
KatolaZis this related to lsb maybe?15:55
fsmithredKatolaZ, I've seen the code, and it looks at a lot of things15:55
fsmithredsomewhat15:55
KatolaZthe only sane way to fix grub is to ditch it15:55
RyushinDoing the --bootloader-id=debian creates the EFI/debian folder, which then will have the EFI/devuan work.15:56
KatolaZfsmithred: but is it a grub thing or something in the debian package?15:56
fsmithredyeah, but the bootloader-id option should work no matter what I want to call my bootloader15:56
fsmithreddebian15:56
fsmithredpretty sure15:56
KatolaZok15:56
KatolaZthen let's dig it out15:56
fsmithredRyushin, you don't need to have EFI/devuan15:57
fsmithredjust EFI/debian will work15:57
RyushinIt's from this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=76917215:57
fsmithredbut will be a problem if you want to have devuan and debian installed on the same box15:57
fsmithredwell, just one will run the boot15:57
RyushinTrue, if you want to just keep EFI/debian, then sure.15:57
KatolaZRyushin, fsmithred: please put up a pad15:57
KatolaZto collect this info15:58
fsmithredcan't we discuss it on the ml?15:58
KatolaZyes, as well15:58
fsmithredI'm considering making a bug report to debian15:58
KatolaZok15:58
fsmithredfucking --bootloader-id should work15:59
KatolaZit's worth trying15:59
RyushinBut if you want to have EFI/devuan, then we just need to black list the grub-efi-amd64-signed package.  Since devuan does not have the signed boot loader infrastructure anyway, it can be removed.15:59
fsmithredyeah, that's an easy fix15:59
KatolaZRyushin: but this will make booting Devuan on secureboot impossible, right?15:59
KatolaZ(well, it seems to be screwed up atm anyway)16:00
fsmithredyes16:00
fsmithredas it is now16:00
fsmithredwell, you can do your own signing, but I've never tried that16:00
fsmithredRod Smith has instructions16:00
fsmithredrEFInd guy16:00
RyushinKatolaZ: I've never done any secureboot.  First things I've always disabled.  I was thinking in order for it to work, there would be a debian UEFI boot entry and not devuan.16:02
KatolaZRyushin: it looks like we need to have our own signed package16:03
RyushinI have no idea how much work is involved in creating the signed infrastructure to create the grub-efi-amd64-signed package as just compiling the grub deb source does not produce it, but a template file.16:04
fsmithredtemplate package16:04
fsmithredwhat's in it?16:04
RyushinSo in my eyes, the two ways forward for devuan is to black list the signed package and keep grub working the way it always has, or create the infrastructure and fork the package and compile it and create the signed package.16:05
fsmithredhaving our own signed package would be the better solution16:05
RyushinDon't know what is in it.  I guess I should find out.  :)16:05
RyushinDEBIAN/control: This package contains template files for grub-efi-amd64-signed.  This is only needed for Secure Boot signing.16:09
RyushinOther files look like they are just part of the template.  I'll put the deb up on my cloud so you can extract it and see for yourselves.16:13
fsmithredthe template package is in the repo16:13
fsmithredI'm going to install it16:13
RyushinGood solution.16:14
fsmithredmaybe it will let me make my own signing files16:14
RyushinNeed to go get ready.  I started working on this first thing when I got up.16:14
Ryushinbe back in awhile.16:14
fsmithredok, see you later16:14
Ryushinfsmithred: Did you get signing to work?17:38
fsmithredHAHA17:38
fsmithredI installed the template package and it seems to only have the files for a debian directory (for packaging)17:38
fsmithredhere's the file list: https://termbin.com/qavb17:40
RyushinHmm... So right now it's magic on how that signed package is created?17:42
fsmithredyeah17:42
fsmithredI'm working on other stuff now, so I didn't look inside any of those files17:42
RyushinI wonder if the Debian devs have any documentation on what they did to create the package.17:43
fsmithredor how to use it17:43
fsmithredmight find more looking in ubuntu - they did it first, and they tend to have explanations17:43
RyushinReading the meta bug on secure boot: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=82003617:44
RyushinBoy, that thing gets ugly in a hurry.17:46
RyushinJust blacklist the signed package.17:46
fsmithredlol17:47
fsmithredI'm ok with that. If you must run windows, run it on another machine on another subnet, please.17:47
RyushinIf one of the Devuan devs gets bored out of their skull and is has to scratch a new itch, then have at it.  Otherwise, the path of less resistance.17:49
KatolaZRyushin: less resistance is fine, but a longish-term plan would be better17:50
KatolaZwe now know that secureboot won't work Devuan17:50
RyushinKatolaZ: Well, not without a dev taking the time to do it.  Perhaps it would not be so bad if you could have an copy of the infrastructure how debian or ubuntu does it.  But it still will require forking the package, getting a shim key from Microsoft, etc.  I think it only makes sense if an infrastructure was in place for smaller distros.17:54
RyushinOtherwise, far too much work.  Unless it was paid for by a company that needs it to be in Devuan for their infrastructure.17:55

Generated by irclog2html.py 2.17.0 by Marius Gedminas - find it at https://mg.pov.lt/irclog2html/!