Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Talos Secureboot ISO doesn't adhere to spec #9565

Closed
Tracked by #9249
frezbo opened this issue Oct 24, 2024 · 1 comment · Fixed by #9580 or siderolabs/image-factory#158
Closed
Tracked by #9249

Talos Secureboot ISO doesn't adhere to spec #9565

frezbo opened this issue Oct 24, 2024 · 1 comment · Fixed by #9580 or siderolabs/image-factory#158

Comments

@frezbo
Copy link
Member

frezbo commented Oct 24, 2024

Bug Report

Talos Secureboot ISO doesn't adhere to spec, ref: #9397

See the difference below:

❯ iso-info -l _out/metal-amd64.iso 
iso-info version 2.1.0 x86_64-redhat-linux-gnu
Copyright (c) 2003-2005, 2007-2008, 2011-2015, 2017 R. Bernstein
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
__________________________________
ISO 9660 image: _out/metal-amd64.iso
Preparer    : XORRISO-1.5.6 2023.06.07.180001, LIBISOBURN-1.5.6, LIBISOFS-1.5.6, LIBBURN-1.5.6
Volume      : TALOS_V1_8_0_ALPHA_2_18_GD739D40
Volume Set  : Talos-v1.8.0-alpha.2-18-gd739d40db
No Joliet extensions
__________________________________
ISO-9660 Information
/:
  dr-xr-xr-x   1 0 0 [LSN     19]      2048 Sep 11 2024 17:08:04  .
  dr-xr-xr-x   1 0 0 [LSN     19]      2048 Sep 11 2024 17:08:04  ..
  dr-xr-xr-x   1 0 0 [LSN     21]      2048 Sep 11 2024 17:08:04  boot
  -r--r--r--   1 0 0 [LSN   1665]      2048 Sep 11 2024 17:08:04  boot.catalog
  dr-xr-xr-x   1 0 0 [LSN     76]      2048 Sep 11 2024 17:08:04  efi
  -r--r--r--   1 0 0 [LSN     84]   2949120 Sep 11 2024 17:08:04  efi.img
  -r--r--r--   1 0 0 [LSN   1664]         0 Sep 11 2024 17:08:04  mach_kernel
  dr-xr-xr-x   1 0 0 [LSN     78]      2048 Sep 11 2024 17:08:04  System
  dr-xr-xr-x   1 0 0 [LSN     81]      2048 Sep 11 2024 17:08:04  .disk

/boot/:
  dr-xr-xr-x   1 0 0 [LSN     21]      2048 Sep 11 2024 17:08:04  .
  dr-xr-xr-x   1 0 0 [LSN     19]      2048 Sep 11 2024 17:08:04  ..
  dr-xr-xr-x   1 0 0 [LSN     22]      2048 Sep 11 2024 17:08:04  grub
  -r--r--r--   1 0 0 [LSN   3700]  79073396 Sep 11 2024 17:08:04  initramfs.xz
  -r--r--r--   1 0 0 [LSN  42311]  18727936 Sep 11 2024 17:08:04  vmlinuz

<truncated>...

/efi/:
  dr-xr-xr-x   1 0 0 [LSN     76]      2048 Sep 11 2024 17:08:04  .
  dr-xr-xr-x   1 0 0 [LSN     19]      2048 Sep 11 2024 17:08:04  ..
  dr-xr-xr-x   1 0 0 [LSN     77]      2048 Sep 11 2024 17:08:04  boot

/efi/boot/:
  dr-xr-xr-x   1 0 0 [LSN     77]      2048 Sep 11 2024 17:08:04  .
  dr-xr-xr-x   1 0 0 [LSN     76]      2048 Sep 11 2024 17:08:04  ..
  -r--r--r--   1 0 0 [LSN  51456]    266240 Sep 11 2024 17:08:04  bootaa64.efi
  -r--r--r--   1 0 0 [LSN  51586]    241664 Sep 11 2024 17:08:04  bootx64.efi

/System/:
  dr-xr-xr-x   1 0 0 [LSN     78]      2048 Sep 11 2024 17:08:04  .
  dr-xr-xr-x   1 0 0 [LSN     19]      2048 Sep 11 2024 17:08:04  ..
  dr-xr-xr-x   1 0 0 [LSN     79]      2048 Sep 11 2024 17:08:04  Library

/System/Library/:
  dr-xr-xr-x   1 0 0 [LSN     79]      2048 Sep 11 2024 17:08:04  .
  dr-xr-xr-x   1 0 0 [LSN     78]      2048 Sep 11 2024 17:08:04  ..
  dr-xr-xr-x   1 0 0 [LSN     80]      2048 Sep 11 2024 17:08:04  CoreServices

/System/Library/CoreServices/:
  dr-xr-xr-x   1 0 0 [LSN     80]      2048 Sep 11 2024 17:08:04  .
  dr-xr-xr-x   1 0 0 [LSN     79]      2048 Sep 11 2024 17:08:04  ..
  -r--r--r--   1 0 0 [LSN  51704]    241664 Sep 11 2024 17:08:04  boot.efi
  -r--r--r--   1 0 0 [LSN  51822]       236 Sep 11 2024 17:08:04  SystemVersion.plist
  -r--r--r--   1 0 0 [LSN  51823]      1399 Sep 11 2024 17:08:04  .disk_label
  -r--r--r--   1 0 0 [LSN  51824]        10 Sep 11 2024 17:08:04  .disk_label.contentDetails

/.disk/:
  dr-xr-xr-x   1 0 0 [LSN     81]      2048 Sep 11 2024 17:08:04  .
  dr-xr-xr-x   1 0 0 [LSN     19]      2048 Sep 11 2024 17:08:04  ..
  -r--r--r--   1 0 0 [LSN   1664]         0 Sep 11 2024 17:08:04  2024-09-11-12-06-19-00.uuid
❯ iso-info -l _out/metal-amd64-secureboot.iso 
iso-info version 2.1.0 x86_64-redhat-linux-gnu
Copyright (c) 2003-2005, 2007-2008, 2011-2015, 2017 R. Bernstein
This is free software; see the source for copying conditions.
There is NO warranty; not even for MERCHANTABILITY or FITNESS FOR A
PARTICULAR PURPOSE.
__________________________________
ISO 9660 image: _out/metal-amd64-secureboot.iso
Preparer    : XORRISO-1.5.6 2023.06.07.180001, LIBISOBURN-1.5.6, LIBISOFS-1.5.6, LIBBURN-1.5.6
Volume      : TALOS_SB_V1_9_0_ALPHA_0_19_G62D1
Volume Set  : Talos-SB-v1.9.0-alpha.0-19-g62d185473
No Joliet extensions
__________________________________
ISO-9660 Information
/:
  drwxr-xr-x   1 0 0 [LSN     19]      2048 Oct 24 2024 19:49:22  .
  drwxr-xr-x   1 0 0 [LSN     19]      2048 Oct 24 2024 19:49:22  ..
  -r--r--r--   1 0 0 [LSN     33]      2048 Oct 24 2024 19:49:22  boot.catalog
  -rw-r--r--   1 0 0 [LSN     34] 114294784 Oct 24 2024 19:49:22  efiboot.img
This was referenced Oct 24, 2024
Open
Closed
frezbo added a commit to frezbo/talos that referenced this issue Oct 27, 2024
@frezbo
fix: generation of SecureBoot iso
232618a 
The Secureboot ISO previously generated has just an EFI parition.

Now generate iso with both the EFI partition and also having ISO
filesystem having the content so *File System transposition* also works.

Fixes: siderolabs#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Oct 27, 2024
@frezbo
fix: generation of SecureBoot iso
948d57a 
The Secureboot ISO previously generated has just an EFI parition.

Now generate iso with both the EFI partition and also having ISO
filesystem having the content so *File System transposition* also works.

Fixes: siderolabs#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
@frezbo frezbo mentioned this issue Oct 27, 2024
Merged
@albert849
Copy link

Can you fix it

frezbo added a commit to frezbo/talos that referenced this issue Oct 28, 2024
@frezbo
fix: generation of SecureBoot iso
2dce1f1 
The Secureboot ISO previously generated has just an EFI parition.

Now generate iso with both the EFI partition and also having ISO
filesystem having the content so *File System transposition* also works.

Fixes: siderolabs#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Oct 28, 2024
@frezbo
fix: generation of SecureBoot iso
40fc882 
The Secureboot ISO previously generated has just an EFI parition.

Now generate iso with both the EFI partition and also having ISO
filesystem having the content so *File System transposition* also works.

Fixes: siderolabs#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Oct 28, 2024
@frezbo
fix: generation of SecureBoot iso
6f47bb5 
The Secureboot ISO previously generated has just an EFI parition.

Now generate iso with both the EFI partition and also having ISO
filesystem having the content so *File System transposition* also works.

Fixes: siderolabs#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/talos that referenced this issue Oct 28, 2024
@frezbo
fix: generation of SecureBoot iso
24791b5 
The Secureboot ISO previously generated has just an EFI parition.

Now generate iso with both the EFI partition and also having ISO
filesystem having the content so *File System transposition* also works.

Fixes: siderolabs#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
@frezbo frezbo mentioned this issue Nov 12, 2024
Closed
smira pushed a commit to smira/talos that referenced this issue Nov 13, 2024
@frezbo @smira
fix: generation of SecureBoot iso
ea19f15 
The Secureboot ISO previously generated has just an EFI parition.

Now generate iso with both the EFI partition and also having ISO
filesystem having the content so *File System transposition* also works.

Fixes: siderolabs#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
(cherry picked from commit 9db7a36)
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
19326bf 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
@frezbo frezbo mentioned this issue Nov 13, 2024
Merged
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
957da0f 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
a28b55b 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
1c94087 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
c535e67 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
da42b31 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
7f89077 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
08550a1 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
a514318 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 13, 2024
@frezbo
fix: secureboot iso gen
81c8c81 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 14, 2024
@frezbo
fix: secureboot iso gen
b44cc36 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 14, 2024
@frezbo
fix: secureboot iso gen
c361d6e 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 14, 2024
@frezbo
fix: secureboot iso gen
17b5eb0 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
frezbo added a commit to frezbo/image-factory that referenced this issue Nov 14, 2024
@frezbo
fix: secureboot iso gen
0ca8240 
Fix:

* secureboot iso gen
* extensions constraint validation

Fixes: siderolabs#157
Fixes: siderolabs/talos#9565

Signed-off-by: Noel Georgi <git@frezbo.dev>
@smira smira mentioned this issue Dec 9, 2024
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

fix: generation of SecureBoot iso frezbo/talos
fix: secureboot iso gen frezbo/image-factory
2 participants
@frezbo @albert849