Project

General

Profile

Bug #2833

[linux-libre-lts][linux-libre-hardened]: can not be installed together

infinite_recursion - over 3 years ago - . Updated over 3 years ago.

Status:
unconfirmed
Priority:
bug
Assignee:
% Done:

0%


Description

I have 3 kernels installed, linux-libre, linux-libre-hardened, and linux-libre-lts. Ideally, I would use lts for everything but it is not detected. Also, it depends on which kernel is last installed. If I have linux-libre-lts installed last, it will not have initramfs. Grub detects only n-1 entries.

Currently, at grub, it shows me 2 initramfs, 3 kernel entries of which if I choose to go ahead with the one which doesn't display initramfs, it doesn't boot properly.

It doesn't affect me at all today but it's a bug.

History

#1

Updated by bill-auger over 3 years ago

verbal descriptions of a problem are usually not very helpful -
for example, what you described very likely is not related to
grub - i have three kernels installed now and they all boot

it would be important to see what is in the /boot dir

$ ls /boot/

if some kernel or initrd are missing, then perhaps the pacman log

$ sudo pacman -S linux-libre linux-libre-hardened linux-libre-lts

if all of the kernels and initrd are present, then perhaps
grub-mkconfig log - this command will show exactly what
grub detects:

$ sudo grub-mkconfig -o /boot/grub/grub.cfg

and if that looks good, then perhaps the resulting cfg file

$ cat /boot/grub/grub.cfg
#2

Updated by infinite_recursion over 3 years ago

initramfs and initramfs fallback image is present for hardened and linux-libre. There is no linux-libre-lts initramfs and fallback image in boot directory. I faced something similar with hardened before.

$ sudo pacman -S linux-libre-lts 
warning: linux-libre-lts-5.4.48-1 is up to date -- reinstalling
resolving dependencies...
looking for conflicting packages...

Packages (1) linux-libre-lts-5.4.48-1

Total Installed Size:  70.93 MiB
Net Upgrade Size:       0.00 MiB

:: Proceed with installation? [Y/n] 
(1/1) checking keys in keyring                            [##############################] 100%
(1/1) checking package integrity                          [##############################] 100%
(1/1) loading package files                               [##############################] 100%
(1/1) checking for file conflicts                         [##############################] 100%
(1/1) checking available disk space                       [##############################] 100%
:: Processing package changes...
(1/1) reinstalling linux-libre-lts                        [##############################] 100%
:: Running post-transaction hooks...
(1/2) Updating module dependencies...
(2/2) Updating linux initcpios...
$

Even after the above execution, there are no initramfs and fallback images of lts in /boot/ directory.

$ sudo mkinitcpio -p linux-libre-lts
$

Above execution of linux-libre-lts too gives absolutely no prompts in konsole.

#3

Updated by bill-auger over 3 years ago

  • Assignee set to Megver83
  • Subject changed from Grub detects n-1 kernels to [linux-libre-lts][linux-libre-hardened]: can not be installed together

i assigned this to megver to see if he has any advice about this - again, i have those same three kernels installed now (x86_64); and they all boot

if you remove linux-libre-hardened, then is it able to build the mkinitcpio for linux-libre-lts ?

please show what files you have in /boot

$ ls /boot
#4

Updated by infinite_recursion over 3 years ago

I removed hardened and then reinstalled lts, I was unable to get lts images in /boot/ directory. The img are not generated for lts. I was able to install pck correctly.

I removed pacman cache and again reinstalled linux-libre-lts and I get this

(1/1) installing linux-libre-lts                                           [##########################################] 100%
Optional dependencies for linux-libre-lts
    crda: to set the correct wireless channels of your country
    linux-libre-firmware: firmware images needed for some devices
:: Running post-transaction hooks...
(1/2) Updating module dependencies...
(2/2) Updating linux initcpios...
$

For pck or linux-libre or hardened, such is the output:

(2/2) Updating linux initcpios...
==> Building image from preset: /etc/mkinitcpio.d/linux-libre-hardened.preset: 'default'
  -> -k /boot/vmlinuz-linux-libre-hardened -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-libre-hardened.img
==> Starting build: 5.7.8.a-gnu-1-hardened
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [autodetect]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
  -> Running build hook: [filesystems]
  -> Running build hook: [keyboard]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-libre-hardened.img
==> Image generation successful
==> Building image from preset: /etc/mkinitcpio.d/linux-libre-hardened.preset: 'fallback'
  -> -k /boot/vmlinuz-linux-libre-hardened -c /etc/mkinitcpio.conf -g /boot/initramfs-linux-libre-hardened-fallback.img -S autodetect
==> Starting build: 5.7.8.a-gnu-1-hardened
  -> Running build hook: [base]
  -> Running build hook: [udev]
  -> Running build hook: [modconf]
  -> Running build hook: [block]
==> WARNING: Possibly missing firmware for module: isci
  -> Running build hook: [filesystems]
  -> Running build hook: [keyboard]
  -> Running build hook: [fsck]
==> Generating module dependencies
==> Creating gzip-compressed initcpio image: /boot/initramfs-linux-libre-hardened-fallback.img
==> Image generation successful
$
$ ls /boot/
efi                                          initramfs-linux-libre-hardened.img      vmlinuz-linux-libre
grub                                         initramfs-linux-libre.img               vmlinuz-linux-libre-hardened
initramfs-linux-libre-fallback.img           initramfs-linux-libre-pck-fallback.img  vmlinuz-linux-libre-lts
initramfs-linux-libre-hardened-fallback.img  initramfs-linux-libre-pck.img           vmlinuz-linux-libre-pck
$

#5

Updated by Megver83 over 3 years ago

This is strange. Did you try doing pacman -R linux-libre-lts and then doing pacman -S again? what's in your /etc/mkinitcpio.d directory?

#6

Updated by infinite_recursion over 3 years ago

$ ls /etc/mkinitcpio.d/
linux-libre-hardened.preset  linux-libre-lts.preset  linux-libre-pck.preset  linux-libre.preset
#7

Updated by Megver83 over 3 years ago

can you `cat` the presets? also, try what I told you (pacman -R and then pacman -S)

#8

Updated by infinite_recursion over 3 years ago

linux-libre-lts.preset is completely empty. Others have content. I already tried that.

infinite_recursion wrote:

I removed pacman cache and again reinstalled linux-libre-lts

#9

Updated by Megver83 over 3 years ago

removing the cache and reinstalling is not the same as doing pacman -R and pacman -S

when you install a new kernel, mkinitcpio copy-pastes a kernel preset, and removes it when you delete a kernel, unless you use another initramfs like dracut, to which I'm not familiar with.

I'm almost sure that this is very likely to solve your problem:

1) pacman -Rdd mkinitcpio linux-libre-lts linux-libre-hardened
2) pacman -S mkinitcpio
3) pacman -S linux-libre-lts linux-libre-hardened

#10

Updated by infinite_recursion over 3 years ago

My bad. I said reinstall in the English sense, not in parabola command line sense. I tried the 3 commands. Nope, didn't solve my problem. Same thing. No preset and initramfs. Now that I installed pck, I think it's not an issue of hardened vs lts. It is just lts. How is the preset file created of linux-libre-lts?

#11

Updated by Megver83 over 3 years ago

infinite_recursion wrote:

My bad. I said reinstall in the English sense, not in parabola command line sense. I tried the 3 commands. Nope, didn't solve my problem. Same thing. No preset and initramfs. Now that I installed pck, I think it's not an issue of hardened vs lts. It is just lts. How is the preset file created of linux-libre-lts?

Whenever you install a kernel for the first time, mkinitcpio runs the /usr/share/libalpm/scripts/mkinitcpio-install script in a pacman hook. It basically copies /usr/share/mkinitcpio/hook.preset to /etc/mkinitcpio.d, with the respective kernel name and replaces PKGBASE with the package name

#12

Updated by infinite_recursion over 3 years ago

Something is strange, are preset files deleted by parabola ever? I haven't even touched linux-libre and linux-libre-pck and their presets are gone from /etc/mkinitcpio.d . Can it happen that when I boot with a different kernel, presets change? Because only 1 thing has changed, I have booted in linux-libre instead of hardened.

if ! read -r pkgbase > /dev/null 2>&1 < "${line%/vmlinuz}/pkgbase"; then
        # if the kernel has no pkgbase, we skip it
        continue
    fi

What does the if line do, it should go to False, this is True in my case. Kernel has no pkgbase, which is why it skips. Where is pkgbase taken from?

#13

Updated by bill-auger over 3 years ago

which file is that code in?

#14

Updated by infinite_recursion over 3 years ago

/usr/share/libalpm/scripts/mkinitcpio-install

#15

Updated by Megver83 over 3 years ago

infinite_recursion wrote:

Something is strange, are preset files deleted by parabola ever? I haven't even touched linux-libre and linux-libre-pck and their presets are gone from /etc/mkinitcpio.d . Can it happen that when I boot with a different kernel, presets change? Because only 1 thing has changed, I have booted in linux-libre instead of hardened.

[...]

What does the if line do, it should go to False, this is True in my case. Kernel has no pkgbase, which is why it skips. Where is pkgbase taken from?

pkgbase is in /usr/lib/modules/$(uname -r)/pkgbase

https://git.parabola.nu/abslibre.git/tree/libre/linux-libre/PKGBUILD#n195

infinite_recursion, if mkinitcpio is becoming a PITA, then I suggest you to try dracut

#16

Updated by infinite_recursion over 3 years ago

I'll see these codes. Script for lts and linux-libre is different. I'll read and find the difference. I haven't seen such bash scripts. What's PITA?

P.S. MegVer83, I see that you're in hyperbola too. Can you help us build guix for hyperbola? It will solve the problem of ancient packages on parabola. It will make hyperbola usable for many people. Guix is available for parabola, how different is hyperbola? Will the same PKGBUILD work?

#17

Updated by Megver83 over 3 years ago

infinite_recursion wrote:

What's PITA?

Here is the answer ;)

P.S. MegVer83, I see that you're in hyperbola too. Can you help us build guix for hyperbola? It will solve the problem of ancient packages on parabola. It will make hyperbola usable for many people. Guix is available for parabola, how different is hyperbola? Will the same PKGBUILD work?

I haven't used Guix in Parabola, and I only use Hyperbola in a VPS which I almost never touch. Although I'm involved in Hyperbola, I'm not a packager, I'm just a forum moderator and sometimes report bugs which I find in my VPS.

If Hyperbola ships Guix's dependencies, then it would just be a matter of modifying the PKGBUILD to comply the FHS, which is one of the things that Hyperbola does with its pkgs. If you want to talk about this, I'd suggest getting in touch in IRC or email, as this is a bug report :)

#18

Updated by bill-auger over 3 years ago

On Thu, 16 Jul 2020 20:14:49 +0000 wrote:

help us build guix for hyperbola? It will solve the problem of
ancient packages on parabola

just to be pedantic, presumably, you meant "ancient packages on
hyperbola" - that perceived problem can not exist with parabola
- if some "ancient package" becomes a problem for a parabola
system, it would be a "broken package" - likewise, upgrading a
hyperbola package to a newer version, may make it broken - that
would be a real problem - the version of any hyperbola package,
is the version that is chosen precisely because it works
properly with that system - it is the opposite of a problem :)

#19

Updated by infinite_recursion over 3 years ago

Yeah I meant hyperbola. I thought that packages are not so strongly related to the base system. I mistakenly thought that my older Ubuntu LTS system had newer packages now that I dug a bit more.

I am currently coding a site for which I wanted python-cryptography algorithm Scrypt. Hyperbola's package didn't execute that algo instruction. There was an error. They currently have python-cryptography 2.3. Scrypt was supported after 1.6. I had to leave hyperbola due to that. Of course I could've build it myself but installing OSes is easier for me than building packages. I thought it was unavailability of recent versions but it is broken package in reality I guess. Hyperbola's installation is beautiful, a piece of cake. For installing DE, I do "pacman -S xenocara sddm plasma" and then rc-update add. Done!! Even the base installation is awesome.

MegVer, they wouldn't allow me to their IRC. Getting to their IRC is a huge PITA. ;D I mailed Andre earlier. No reply. I always workaround the people who don't reply or say "I'm busy". They feel they're too important if people press their questions or suggestions.

#20

Updated by Megver83 over 3 years ago

infinite_recursion wrote:

MegVer, they wouldn't allow me to their IRC. Getting to their IRC is a huge PITA. ;D I mailed Andre earlier. No reply. I always workaround the people who don't reply or say "I'm busy". They feel they're too important if people press their questions or suggestions.

did you try getting help in their forum? Be patient if they don't answer to you quickly, Hyperbola is still a young project and its community is small, and they've many things to do to achieve their ultimate goal (HyperbolaBSD).

#21

Updated by bill-auger over 3 years ago

On Fri, 17 Jul 2020 18:17:09 +0000 wrote:

There was an error. They
currently have python-cryptography 2.3. Scrypt was supported
after 1.6. I had to leave hyperbola due to that.

that is no reason to use another distro, or guix - python has
its own package repos and package manager 'pip'; and python
programs should be built in a virtual-env, to isolate it from
the system (and to isolate the system from it) - it is among
the main advantages to working in an interpreted language, that
the programs and libraries may assume nothing of the underlying
system, making them highly portable

secondly, even if it were absolutely necessary to use a
different distro for that task, you could have kept your
existing system, exactly as it was, and done the work in a VM;
which is a very good idea anyways

#22

Updated by bill-auger over 3 years ago

pardon this digression; but i think it is important to illuminate the implications of this quote:

I had to leave hyperbola due to that

in reality, you are probably sitting in the very same chair, running parabola on the same computer as you were running hyperbola - so, you have not really "left from" nor "gone to" any places - you merely changed some of the supporting tools, that you are using to accomplish your primary task of writing a python program - just as a carpenter buying a new hammer, it does not need to be seen as a fundamental transition - porting your program to C, would be a fundamental transition, like a carpenter deciding that the next project will be made of 100% marble - a different set of tools may be needed for that; but there would be no need to move into a new work-shop

when i read that sentence, i perceive an underlying sentiment which implies the same as:

i had to divorce my wife, because she was too old for my purposes; and i moved to a new city - therefore, i do not interact with her relatives or neighbors anymore

choosing an operating system is not at all like a marriage, nor like moving to a new city - one is at liberty (indeed, encouraged) to be promiscuous and adventurous, to find the tools which best serve ones goals

i already refuted the more practical: "due to that" bit; which changes the analogy from: "... because she was to old", to: "... because her shoes were too old" - it is the philosophical: "i had to leave" bit, that i find most problematic for the free software community - that "motion" could only be referring to the community of people who use the distro - but i prefer to consider users of all FSDG distros, as members of the very same, larger "free software" community, "under the same roof" so to speak

so, to unpack that a bit further, it becomes:

i had to divorce my wife, because her shoes were too old; so i married her sister, who gets new shoes delivered every month - however, i moved only two houses away on the same street, and i still interact with my ex-wife and her relatives and neighbors; because they are the very same set of people as before - therefore, my life-style and familial loyalties have not been changed in any significant way by this "movement"

when viewed that way, choosing a distro is merely a matter of preference, and not a fundamental matter of necessity or life-style change - perhaps, to "red-sox fans" and "yankees fans", that subtle distinction/aligence may be significant; but to the rest of the world, at a very short distance, they are all barely distinguishable "baseball fans" - the more emphasis people place on such personal preferences, the more likely there are to be animosities between those who are fundamentally part of the same community

#23

Updated by infinite_recursion over 3 years ago

Sometimes, some semantics spill over from one language to other. If I think in one language and express in another, framing is a bit faulty. I don't focus too much on language as it is not expressive enough to describe experience. Some experiences can just not be described with words.
Yes, that pip thing is helpful. I have used pip for a while but since pip wasn't available in hyperbola, I thought temporarily there must be some problem with it. I use python packages provided on OS package manager nowadays. This confines my trust a bit.

https://www.hyperbola.info/packages/community/x86_64/python-reportlab/

Above, it's written "nonfree pip" but I saw just now that it's MIT licensed. I'm confused now but I believed Hyperbola guys then since they're smarter than me here.

For me, OS is very important. Obviously, Intel, AMD and ARM have bugged with ME, PSP and TrustZone but with Linux-Libre, and strict OSes, I can control my life a bit more. I fight on the principle itself. I have absolutely no sensitive data yet I strive real hard to be secure. Ideally I want libre hardware with Qubes on it having Hyperbola like OS at dom0 and hyperbola, parabola, and guix template VMs. This week I read "Free as in Freedom by Richard Stallman" and was shocked how any binary without source can be bugged! Qubes prevents me from giving away my system security by compartmentalization and hyperbola would provide security by correctness in dom0 with everything libre. I optimize my use case as much as I can.

@MegVer Their forum is great. I love it. I'm incredibly excited for HyperbolaBSD. Andre's ego is one thing but his code is great. And the want of freedom and perfection that hyperbola demands is awesome! They're small is all the more reason they should treat potential contributors well. It seems they've set up a Navy Seals like barrier for getting to the IRC.

#24

Updated by bill-auger over 3 years ago

there are programs such as firejail, which will give you most of the benefit of a "big hammer" solution like qubes, but without the over-head costs

i can only assume that the barrier of entry to the #hyperbola IRC channel, is the requirement of a registered nickname - you can not blame channel operators for requiring it - freenode is a popular service, so it gets a lot of spam; and requiring a registered nick is the simplest and most effective way to reduce spam - that is not uncommon - many (perhaps most) other IRC channels have the same restriction - almost every website which allows people to post, does too; but it is quite easy to register a nickname on freenode, just as it is to do on a website

any network service which allows everyone to post without registration, is going to attract spam - the more popular that service is, the more spam it will get, until it becomes unusable for everyone - every admin must strike a balance between the barriers to entry, and the amount of spam that the service can absorb if entry is too easy

it would be very difficult to find any website which allows unregistered users to post anything at all - the fact some IRC channels allow it, is quite rare on the internet - the only channels which can do that, are the least popular or private ones, and ones where the operator expends a lot of effort filtering the unwanted noise - that effort is counter-productive and would be better spent doing the important work of improving the software, for which the channel exists

#25

Updated by infinite_recursion over 3 years ago

Qubes is more than sandboxing, it protects against drivers. In 4.1 they're coming up with GUIVM, which means all graphical interface code won't be trusted further and PCI passthrough. Network connection is isolated in NetVM. Joanna is absolutely correct in the assumption that bugs and backdoors are here to stay. We must isolate them and not keep the system completely connected.

For an end user, Qubes makes it difficult to install a malware by mistake ourselves. Obviously, I can be secure with parabola or hyperbola but I need to have sysadmin skills. With Qubes, it's much easier.

In my view dom0 should not have proprietary blobs as they have with Fedora and Linux. They should atleast use linux-libre for Fedora.

I tried hyperbola IRC with my id, I can't get in.

Also available in: Atom PDF