snapcore / core-initrd Goto Github PK
View Code? Open in Web Editor NEWinitrd implementation in ubuntu core
Home Page: https://ubuntu.com/core/docs
License: GNU General Public License v3.0
initrd implementation in ubuntu core
Home Page: https://ubuntu.com/core/docs
License: GNU General Public License v3.0
stock .link files that are normally shipped in systemd do not seem to be included in the initrd, as reported elsewhere.
vendoring static copies of packages is ok, but causes a lot of churn.
we should attempt to have more dynamic tree of depends, instead of static copies.
Currently main, core23.10, core22, core20 have incomplete or incorrect handling of the factory mode.
As per #213
@kubiko are you going to provide updated merge request for main
first? or do you want someone else to take over?
The likely intention is to consistently do https://github.com/snapcore/core-initrd/pull/213/files in all active code branches
Good day,
It appears that building Ubuntu Core 20 image with custom kernel is missing the libpthread.so.0 library, using latest 66.1 arm64 deb package from ubuntu image PPA. (Jammy?)
Booting with snapd/edge version -> 2.59.4+git895.g5aeeeae
Starting Wait for the Ubuntu Core chooser trigger...
[ 5.446717] caam 30900000.crypto: device ID = 0x0a16040100000100 (Era 9)
[ 5.455275] caam 30900000.crypto: job rings = 1, qi = 0
[ 5.408604] systemd[1]: Condition check resulted in Daily Cleanup of Temporary Directories being skipped.
[FAILED] Failed to start Wait for the Ubuntu Core chooser trigger.
See 'systemctl status snapd.recovery-chooser-trigger.service' for details.
[ 5.485836] systemd[1]: Reached target Basic System.
[ 5.528596] systemd[1]: Reached target Timer Units.
[ 5.540693] snap-bootstrap[294]: @snap-bootstrap: error while loading shared libraries: libpthread.so.0: cannot open shared object file: No such file or directory
[ 5.565044] systemd[1]: Condition check resulted in Show Plymouth Boot Screen being skipped.
[ 5.584506] systemd[1]: Starting Wait for the Ubuntu Core chooser trigger...
[ 5.600359] systemd[1]: snapd.recovery-chooser-trigger.service: Main process exited, code=exited, status=127/n/a
[ 5.620379] systemd[1]: snapd.recovery-chooser-trigger.service: Failed with result 'exit-code'.
[ 5.640325] systemd[1]: Failed to start Wait for the Ubuntu Core chooser trigger.
[ 5.656818] systemd-udevd[282]: Using default interface naming scheme 'v249'.
[ 5.672802] systemd-udevd[283]: Using default interface naming scheme 'v249'.
Checking inside that deb, it appears that libpthread is not present, but present in a older ubuntu-core-initramfs v55 package.
@alfonsosanchezbeato Could you verify this on a ARM64 platform?
Currently we build snap-bootstrap
from https://github.com/xnox/snapd/tree/run-cloudimg-rootfs-draft-1 instead of using https://github.com/snapcore/snapd so cloud images are supported. Use master as soon as that branch is merged.
spread tests were merged.
Please add keys/actions/stuff to this repo to start running tests.
version: ubuntu core 22
Using combination of
${skeleton}/modules/main/extra-modules.conf
${skeleton}/main/usr/lib/modules-load.d/ubuntu-core-initramfs.conf
If those two lists contain the same kernel module(s), it makes ubuntu-core-initramfs create-initrd
fail with the following error:
Traceback (most recent call last):
File "/home/ondrak/kernel-snap/parts/kernel/build/ubuntu-core-initramfs/usr/bin/ubuntu-core-initramfs", line 490, in <module>
main()
File "/home/ondrak/kernel-snap/parts/kernel/build/ubuntu-core-initramfs/usr/bin/ubuntu-core-initramfs", line 486, in main
globals()[args.subcmd.replace("-", "_")](parser, args)
File "/home/ondrak/kernel-snap/parts/kernel/build/ubuntu-core-initramfs/usr/bin/ubuntu-core-initramfs", line 310, in create_initrd
add_modules_from_file(main, kernel_root, modules, firmware, module_load, db,
File "/home/ondrak/kernel-snap/parts/kernel/build/ubuntu-core-initramfs/usr/bin/ubuntu-core-initramfs", line 251, in add_modules_from_file
db.mark_installed(module, conf_file)
File "/home/ondrak/kernel-snap/parts/kernel/build/ubuntu-core-initramfs/usr/bin/ubuntu-core-initramfs", line 135, in mark_installed
elif old_mode == ModuleDb.IMPLICIT:
AttributeError: type object 'ModuleDb' has no attribute 'IMPLICIT'
in #182 we are adding sulogin, where sh was previously used, figure out if that's all correct going forward.
During the boot there are a bunch of warnings like this:
emergency.target: Requested dependency OnFailure=reboot.target ignored (target units cannot fail).
which indicates that the factory/usr/lib/systemd/system/emergency.target.d/core-override.conf
file is not quite correct.
Building kernel snaps in Mantic produces the following warnings:
amd64 generic
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module squashfs is builtin
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module kmod-nls-cp437 not found
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module dwc2 is builtin
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module cryptomgr is builtin
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module dm_mod is builtin
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module cbc is builtin
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module xts is builtin
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module i2c-bcm2708 not found
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module sdhci-iproc not found
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module vc4 not found
NOTE: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module =drivers/hid not found
WARNING: /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf: Module xhci-pci-renesas exports symbols:
* symbol:renesas_xhci_check_request_fw
WARNING: Module xhci-pci-renesas installed by /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf, but is dependency of xhci-pci installed by /usr/lib/ubuntu-core-initramfs/modules/main/extra-modules.conf
Please review if above is correct and expected, and if you want to change anything.
Specifically:
Module =drivers/hid not found
sounds like a missing validation featureModule xhci-pci-renesas installed by ... dep of xhci-pci
maybe can be optimizedTrying to build a custom image for the Compulab Fitlet2 (just a extended pc-amd64-gadget) and kept getting this error. Using the original ubuntu-core-20-amd64.img.xz from https://cdimage.ubuntu.com/ubuntu-core/20/stable/current/ results in the same error. The device is booting of USB key.
Already have a working Core16 image, device can run regular Ubuntu 20.04 from USB. Image works on laptop and QEMU, just not on this device.
Error reads:
the-tool[237]: error: Failed to make path /dev/disk/by-partuuid/...: No such file or directory
Partition UUID matches the ubuntu-seed partition of the official image, on the custom image it points to the ubuntu-boot partition. Have tried different USB keys, but all of them report the same error.
Device specs:
Just to be sure I tried booting using UEFI and legacy mode, with and without secure boot enabled (not configured), all result in the same error.
USB is "hp v195b" which is logged at 2.7 in the screenshot, after the error has occurred. However other tests show that the error occurs after the message related to the USB key.
modules included by default in core initrd, should be by default in linux-modules package, not extra
We need to clearly describe code structure of this repository in the README.md or ARCHITECTURE.md files
Something like:
├── bin ---> Contains ubuntu-core-initramfs to build initrd.img
├── debian ---> debian directory to build deb package
├── factory ---> main skeleton of the initrd cpio archive
├── features
├── postinst.d
├── snakeoil
├── tests
├── vendor
├── COPYING
├── crypttab
├── grub.cfg
├── HACKING.md
├── initramfs.debug
├── LICENSE
├── README.md
└── spread.yaml
today dbx revocations are applied from the base snap upon install mode boot.
If install mode boot is never performed, dbx revocations must be applied before sealing luks key on EFI capable platforms.
mantic generic amd64 builds produce the following warning
depmod: WARNING: could not open modules.builtin.modinfo at /tmp/tmpgli9l1hl.ubuntu-core-initramfs/main/lib/modules/6.3.0-7-generic: No such file or directory
Maybe this means some new additional libkmod file from the kernel build is not copied over into the initrd?
snakeoil/OVMF_VARS.snakeoil.fd
might not match OVMF_CODE.secboot.fd
we use in tests.
Here are some ways we could handle it:
lockdown.efi
from efitools to install snakeoil keys on any OVMF_VARS.fd
for secure boot in Ubuntu core usign TPM2 it is necessary to have tpm_tis_spi module force loaded. adding in the config.txt to enable tpm does not automatically load the module.
arm stub fails to load dtb without a previous dtb present, due a bogus check for which we did not yet cherry-pick a fix for.
if one failed to include a module into initrd, do not load them.
cloudimg-rootfs feature is broken in Jammy. Needs fixing.
As pointed out in the review of #76
If doing sensitive changes in core-initrd, we need to create a draft branch in snapcore/snapd and trigger CI to run the spread tests. It would be better if the CI for core-initrd could trigger those tests as part of its CI.
cloudimg-rootfs is currently not tested in core-initrd project. But it should be. Ideally by self-building kernel.efi for generic or kvm kernel, and using nullboot to deploy bootloader and reboot.
Very new kernels support nested compressed EFI kernels on arm64.
I wonder if sd-boot can add support for that.
Separately, we should, for now, support generating valid arm64 kernel when a gz compressed kernel is supplied.
As at the moment, we do a lot of code in every arm64 kernel to decompress vmlinuz prior to creating kernel.efi.
must set MajorImageVersion
To insure kernel.efi is compatible with pure vmlinuz and pure grub MajorImageVersiona dn MinorImageVersion from vmlinuz should be copied into the kernel.efi.
The UC20 full-disk-encryption will provide a way to run helpers to support special hardware for the encryption. To support this we need to run a new "fde-reveal-key" binary as part of initramfs. We would like to run this binary with systemd-run to benefit from some of the systemd features like automatic kill after a certain timeout and doing some basic sandboxing around it. This is sketched in snapcore/snapd#9488
For this to work we would like to ask to include systemd-run inside the initramfs. If it's too much of an issue or too big we could as only the custom kernels to include it or we could drive systemd via the dbus API but for simplicity we would like to have the binary as our first choice.
currently ubuntu-core-initrd vendors in lots of binaries at build time.
to ensure they are up to date we should trigger rebuilds of ubuntu-core-initrd, or have regular schedule when they release.
also given the success of automatic builds & releases of mantic branch, we should consider enabling automatic releases upon merged to focal & jammy branches too.
and probably have github action to automatically generate weekly commits and thus core-initrd releases.
In classic Ubuntu we default to "most" modules which really is a very large kitchen sync.
I wonder what is a sensible and a reasonable set for server feature:
Recovery might want:
I am kind of concerned that in the classic & core initrd we force load lots of modules without any detection if they are needed or if any devices are present at all or not.
see comments in #1
To set the clock from /dev/rtc0 on a CM4 the rtc-pcf85063 module needs to be in the pi-kernel initrd ... since there are issues with calling hctosys from the kernel at module load time there probably also needs to be a udev rule like:
$ cat /etc/udev/rules.d/60-rtc.rules
ACTION=="add", SUBSYSTEM=="rtc", ATTRS{hctosys}=="0", RUN+="/usr/sbin/hwclock -s --utc"
and the hwclock binary to set the clock before trying to decrypt/mount the rootfs disk
a corresponding kernel bug has been opened as:
https://bugs.launchpad.net/ubuntu/+source/linux-raspi/+bug/1926911
A declarative, efficient, and flexible JavaScript library for building user interfaces.
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google ❤️ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.