B
blendOS7mo ago
UberPopTart

/usr/share mutability

Hi All~! I'm trying to use sbctl to sign the kernel image for Secure Boot after it's generated in each update. Unfortunately sbctl hardcodes the path at which it stores it's database and keys as /usr/share/..., which is mounted as RO in blend. I can modify the source to store it elsewhere, but where can I put the a) modified binary b) secureboot keys and sbctl database such that I can access it from a commands entry in system.yaml that runs after the system is buillt?
Solution:
If there isn’t an existing mechanism would we be willing to add something like this to akshara? Maybe as a /persist directory that gets moved into the new root early in the build
Jump to solution
23 Replies
フ卂ㄖ卄乇卂卄
フ卂ㄖ卄乇卂卄7mo ago
@Rudra
🎄 Asterisk
🎄 Asterisk7mo ago
use mount just remount /usr as rw or add a commands: entry
UberPopTart
UberPopTartOP7mo ago
you mean a commands entry to remount it?
🎄 Asterisk
🎄 Asterisk7mo ago
no, do it in your shell right now
UberPopTart
UberPopTartOP7mo ago
Also I tried remounting as rw, did not work. Not sure if I am doing it wrong: 
[uberpoptart@blend ~]$ sudo mount -o remount,rw /usr
[sudo] password for romanp:            
mount: /usr: fsconfig system call failed: overlay: No changes allowed in reconfigure.
       dmesg(1) may have more information after failed mount system call.
[uberpoptart@blend ~]$ sudo mount -o remount,rw /usr
[sudo] password for romanp:            
mount: /usr: fsconfig system call failed: overlay: No changes allowed in reconfigure.
       dmesg(1) may have more information after failed mount system call.
🎄 Asterisk
🎄 Asterisk7mo ago
that might work :( run the creation commands through system.yaml is it not rw during build? if you need to move files add them as commands too all of it
UberPopTart
UberPopTartOP7mo ago
but I need to move files from /home, which build does not seem to have access to
🎄 Asterisk
🎄 Asterisk7mo ago
store them elsewhere try a flash drive
UberPopTart
UberPopTartOP7mo ago
Hence my question in the original post - store them where - that is both writable at run time and readable at build time? oh that I have to keep plugged in forever?
🎄 Asterisk
🎄 Asterisk7mo ago
mounted as root just temporarily
UberPopTart
UberPopTartOP7mo ago
oh just to get it into /usr/share the one time?
🎄 Asterisk
🎄 Asterisk7mo ago
/etc I remember now that is writeable should be there during build
UberPopTart
UberPopTartOP7mo ago
ooooh
🎄 Asterisk
🎄 Asterisk7mo ago
scrap the drive
UberPopTart
UberPopTartOP7mo ago
build does not seem to see the same /etc as I do during build: 
bash: line 1: /etc/secureboot/sbctl: No such file or directory
bash: line 1: /etc/secureboot/sbctl: No such file or directory
Before/After build: 
sudo ls -la /etc/secureboot
total 9172
drwxr-xr-x  4 root root    4096 Jun 19 20:33 .
drwxr-xr-x 97 root root    4096 Jun 19 20:31 ..
-rw-r--r--  1 root root    1427 Jun 19 20:32 files.db
-rw-r--r--  1 root root      36 Jun 19 20:32 GUID
drwxr-xr-x  5 root root    4096 Jun 19 20:32 keys
-rwxr-xr-x  1 root root 9365220 Jun 19 20:32 sbctl
drwxr-xr-x  2 root root    4096 Jun 19 20:33 .secureboot
sudo ls -la /etc/secureboot
total 9172
drwxr-xr-x  4 root root    4096 Jun 19 20:33 .
drwxr-xr-x 97 root root    4096 Jun 19 20:31 ..
-rw-r--r--  1 root root    1427 Jun 19 20:32 files.db
-rw-r--r--  1 root root      36 Jun 19 20:32 GUID
drwxr-xr-x  5 root root    4096 Jun 19 20:32 keys
-rwxr-xr-x  1 root root 9365220 Jun 19 20:32 sbctl
drwxr-xr-x  2 root root    4096 Jun 19 20:33 .secureboot
🎄 Asterisk
🎄 Asterisk7mo ago
right it's staring at /.new_etc generated during build you could also use network storage with wget/curl to the build env that is /etc you'd have to copy them in yourself mid-build
UberPopTart
UberPopTartOP7mo ago
There's gotta be a less sketchy way to share some files between builds (that the build also has access to)
🎄 Asterisk
🎄 Asterisk7mo ago
0x0.st troll~1
フ卂ㄖ卄乇卂卄
フ卂ㄖ卄乇卂卄7mo ago
0x0.st is self hostable BTW https://git.0x0.st/mia/0x0
git.0x0.st
0x0
No-bullshit file hosting and URL shortening service
🎄 Asterisk
🎄 Asterisk7mo ago
I was half joking
フ卂ㄖ卄乇卂卄
フ卂ㄖ卄乇卂卄7mo ago
Ah
🎄 Asterisk
🎄 Asterisk7mo ago
it's sketchy because I don't think it was designed for these kinds of file operations it would work even under the main instance
Solution
UberPopTart
UberPopTart7mo ago
If there isn’t an existing mechanism would we be willing to add something like this to akshara? Maybe as a /persist directory that gets moved into the new root early in the build
Want results from more Discord servers?
Add your server