B
blendOS2w ago
UberPopTart

/usr/share mutability

Hi All~! I'm trying to use sbctl to sign the kernel image for Secure Boot after it's generated in each update. Unfortunately sbctl hardcodes the path at which it stores it's database and keys as /usr/share/..., which is mounted as RO in blend. I can modify the source to store it elsewhere, but where can I put the a) modified binary b) secureboot keys and sbctl database such that I can access it from a commands entry in system.yaml that runs after the system is buillt?
Solution:
If there isn’t an existing mechanism would we be willing to add something like this to akshara? Maybe as a /persist directory that gets moved into the new root early in the build
Jump to solution
23 Replies
フ卂ㄖ卄乇卂卄
フ卂ㄖ卄乇卂卄2w ago
@Rudra
Asterisk
Asterisk2w ago
use mount just remount /usr as rw or add a commands: entry
UberPopTart
UberPopTart2w ago
you mean a commands entry to remount it?
Asterisk
Asterisk2w ago
no, do it in your shell right now
UberPopTart
UberPopTart2w ago
Also I tried remounting as rw, did not work. Not sure if I am doing it wrong: 
[uberpoptart@blend ~]$ sudo mount -o remount,rw /usr
[sudo] password for romanp:            
mount: /usr: fsconfig system call failed: overlay: No changes allowed in reconfigure.
       dmesg(1) may have more information after failed mount system call.
[uberpoptart@blend ~]$ sudo mount -o remount,rw /usr
[sudo] password for romanp:            
mount: /usr: fsconfig system call failed: overlay: No changes allowed in reconfigure.
       dmesg(1) may have more information after failed mount system call.
Asterisk
Asterisk2w ago
that might work :( run the creation commands through system.yaml is it not rw during build? if you need to move files add them as commands too all of it
UberPopTart
UberPopTart2w ago
but I need to move files from /home, which build does not seem to have access to
Asterisk
Asterisk2w ago
store them elsewhere try a flash drive
UberPopTart
UberPopTart2w ago
Hence my question in the original post - store them where - that is both writable at run time and readable at build time? oh that I have to keep plugged in forever?
Asterisk
Asterisk2w ago
mounted as root just temporarily
UberPopTart
UberPopTart2w ago
oh just to get it into /usr/share the one time?
Asterisk
Asterisk2w ago
/etc I remember now that is writeable should be there during build
UberPopTart
UberPopTart2w ago
ooooh
Asterisk
Asterisk2w ago
scrap the drive
UberPopTart
UberPopTart2w ago
build does not seem to see the same /etc as I do during build: 
bash: line 1: /etc/secureboot/sbctl: No such file or directory
bash: line 1: /etc/secureboot/sbctl: No such file or directory
Before/After build: 
sudo ls -la /etc/secureboot
total 9172
drwxr-xr-x  4 root root    4096 Jun 19 20:33 .
drwxr-xr-x 97 root root    4096 Jun 19 20:31 ..
-rw-r--r--  1 root root    1427 Jun 19 20:32 files.db
-rw-r--r--  1 root root      36 Jun 19 20:32 GUID
drwxr-xr-x  5 root root    4096 Jun 19 20:32 keys
-rwxr-xr-x  1 root root 9365220 Jun 19 20:32 sbctl
drwxr-xr-x  2 root root    4096 Jun 19 20:33 .secureboot
sudo ls -la /etc/secureboot
total 9172
drwxr-xr-x  4 root root    4096 Jun 19 20:33 .
drwxr-xr-x 97 root root    4096 Jun 19 20:31 ..
-rw-r--r--  1 root root    1427 Jun 19 20:32 files.db
-rw-r--r--  1 root root      36 Jun 19 20:32 GUID
drwxr-xr-x  5 root root    4096 Jun 19 20:32 keys
-rwxr-xr-x  1 root root 9365220 Jun 19 20:32 sbctl
drwxr-xr-x  2 root root    4096 Jun 19 20:33 .secureboot
Asterisk
Asterisk2w ago
right it's staring at /.new_etc generated during build you could also use network storage with wget/curl to the build env that is /etc you'd have to copy them in yourself mid-build
UberPopTart
UberPopTart2w ago
There's gotta be a less sketchy way to share some files between builds (that the build also has access to)
Asterisk
Asterisk2w ago
0x0.st troll~1
フ卂ㄖ卄乇卂卄
フ卂ㄖ卄乇卂卄2w ago
0x0.st is self hostable BTW https://git.0x0.st/mia/0x0
git.0x0.st
0x0
No-bullshit file hosting and URL shortening service
Asterisk
Asterisk2w ago
I was half joking
フ卂ㄖ卄乇卂卄
フ卂ㄖ卄乇卂卄2w ago
Ah
Asterisk
Asterisk2w ago
it's sketchy because I don't think it was designed for these kinds of file operations it would work even under the main instance
Solution
UberPopTart
UberPopTart2w ago
If there isn’t an existing mechanism would we be willing to add something like this to akshara? Maybe as a /persist directory that gets moved into the new root early in the build
Want results from more Discord servers?
Add your server
More Posts
Secure downloadHello, how could I check sha256sum of iso file and is this iso file signed?Epson xp-2150 wifi printer not workingHello i have this this printer is not working when I click on jet direcy print or LPD printer are naurora store not working blend os v4 versiondownloaded blend os v4 gnome version the aurora store once installed when I click on it to open it Boot problem with manual partitioningI have tried several times to install the OS with manual partitioning, with a boot partition, I triePlasma track is brokenI chrooted in my system disk, edited system.yaml but akshara fails to verify the checksumsddm user missing in plasma track? | PLASMA ISSUESHOW TO REPRODUCE - Downloaded the latest (4636db55) iso - Successfully installed via ventoy and reboOpenVPNAny advice on how to get an openvpn client working via networkmanager? I know they are different, bError 1101/500 in cloudflaremirrors.comI can't run ``` akshara update ``` without it failing to download core.dbMissing required signatureHi, I'm trying BlendOS v4 for the first time and I prefer to go in a VirtualBox instance. Unfortunatdevice did not show uphello. after installing icewm, xorg, xorg-xinit, noto-fonts and noto-fonts-cjk and then rebooting,