Re: [kiwi] Digest for kiwi-images@googlegroups.com - 6 updates in 4 topics

[austin new]

Hi,

I am getting the following errors while trying to install 24.04. Please let me know if anything is missing.

I changed the description config. It works fine. kiwi-descriptions

On Wed, Sep 11, 2024 at 5:22 AM <kiwi-...@googlegroups.com> wrote:

kiwi-...@googlegroups.com

Google Groups

Topic digest
View all topics

• Kiwi NG hangs on RPM installation that is using /dev/urandom - 1 Update
• Boxbuild questions - 3 Updates
• How to enable UEFI support - 1 Update
• Digest for kiwi-...@googlegroups.com - 6 updates in 2 topics - 1 Update

Kiwi NG hangs on RPM installation that is using /dev/urandom

sebastiaan...@gmail.com <sebastiaan...@gmail.com>: Sep 11 01:55AM -0700 Hi,   I'm facing a weird issue with building a SLES 15 SP5 VMX flavour. The build process just hangs on installing my own compiled freeradius RPM:   [ DEBUG ]: 10:42:09 | system: (492/530) Installing: freeradius-server-3.2.6-150500.155.199.1.NIVO.SLES15.x86_64   The same RPM installs fine when the VM is build without this RPM and installing it after first boot. Further investigation shows me that Kiwi hangs on my %post section inside the RPM. The Kiwi process causes high load on running:   root 26287 96.3 0.0 2564 712 pts/0 R 10:42 4:33 \_ tr -cd [:alnum:]   My relevant part of the RPM %post section:   PASSWD=$(tr -cd '[:alnum:]' < /dev/urandom | fold -w16 | head -n1)   Are there any known problem with using urandom inside the chroot? Or has this something to do with the subshell? I'm using KIWI (next generation) version 9.25.22.   Thanks!   Sebastiaan

Back to top

Boxbuild questions

Marcus Schäfer <marcus....@gmail.com>: Sep 10 01:42PM +0200 Hi,   > thank you for the offer. In a real productive scenario I would probably > prefer to use a package mirror in our local network to eliminate the > proxy alltogether.   Yes sounds good   > But since I'm not sure if our apt-cacher has a > glitch or if it is a problem with the kiwi config I tried to use > upstream servers to eliminate the possibility of a faulty apt-cache.   ok got it   > issue. As it stands now it seems it does not.   > I'm a bit stuck now. I have no idea how to verify if the altered NM > connection is used by the kiwi build or if there is an issue with it.   ok makes sense. So yes a proxy setup varies from one system to the other and it is probably not possible to let kiwi do the job to serve them all. I think we need to clarify first where exactly we have the connection issue.   kiwi operates in two stages to build up the new root tree:   1. bootstrap 2. system   In the bootstrap phase all tools are called directly from the build host. The build host in your case is the box.   My first question here is:   Q: Independent of kiwi, can the box network setup reach the endpoints you are targeting ?   In the system phase all tools are called as chroot() operation. This means all required steps to let the build host connect via the proxy also needs to be done in the new root such that a "chroot new-root apt ..." has a chance to succeed. As you know from the issue report, at this stage kiwi is limited in a way that we only copy "/etc/sysconfig/proxy" into the new root and that is not enough for Debian based distros. To allow you to run the required changes in the new root kiwi has a script hook called:   post_bootstrap.sh   which allows you to do whatever is needed to complete the system installation phase. Also see:   https://osinside.github.io/kiwi/concept_and_workflow/shell_scripts.html   From my experience so far users followed these steps   1. Run the box in debug mode with --box-debug 2. Come up with a setup such that the proxy based network is reachable. This is not related to kiwi. All steps needed to access the network they encode as additional data below the extra boxroot/ tree and add boxroot/etc/boxprofile code/variables when needed. If additional software was required that is not part of the box, we can add anything you need 3. Once the box can connect, the same steps needs to be applied to a post_bootstrap.sh such that chroot tasks will work   Brings me to my next question:   Q: Where in the above procedure are we ?     Please note I have zero knowledge on your network situation, thus I assume I'm not of great help with a solution. A complete build log of a failed attempt would also be helpful   Thanks   Regards, Marcus -- Public Key available via: https://keybase.io/marcus_schaefer/key.asc keybase search marcus_schaefer ------------------------------------------------------- Marcus Schäfer Brunnenweg 18 Tel: +49 7562 905437 D-88260 Argenbühl Germany -------------------------------------------------------

Sven Wölfel <woelfe...@gmail.com>: Sep 10 09:37PM -0700 As always, thanks for your detailed answer.   > Q: Where in the above procedure are we ?   At the moment I'm at point 2. The box can reach our internal network, If I set the environment variables (http_proxy, https_proxy, etc...) wget and other cmd tools use the company proxy and are able to reach the outside world. So far I'm fine. But altering the network manager connection of the boxbuild vm as mentioned above was not successfull yet. I will try to do this step in the post_bootstrap.sh and see if it works. As an alternative I try to build the vm on my own machine at home without proxy constraints to see if there is an issue.   > Please note I have zero knowledge on your network situation, >thus I assume I'm not of great help with a solution. >A complete build log of a failed attempt would also be helpful   Yes and again Im more than grateful for your provided support. As stated before I realize proxy setups are a niche case and are highly company specific. I will provide a log of the build with after configuring NM to use a proxy asap.   Marcus schrieb am Dienstag, 10. September 2024 um 13:42:39 UTC+2:

Sven Woelfel <woelfe...@gmail.com>: Sep 11 09:36AM +0200 <?xml version="1.0" encoding="utf-8"?>   <image schemaversion="7.6" name="Ubuntu-24.04"> <description type="system"> <author>Marcus Schaefer</author> <contact>m...@suse.com</contact> <specification>Image description for Ubuntu 24.04</specification> </description> <profiles> <profile name="Live" description="Live image" import="true"/> <profile name="Disk" description="Expandable Disk image"/> <profile name="MS-HyperV" description="Hyper-V Disk Image" arch="x86_64"/> </profiles> <preferences> <version>1.0.0</version> <packagemanager>apt</packagemanager> <!-- <bootsplash-theme>none</bootsplash-theme> <bootloader-theme>none</bootloader-theme> --> <locale>en_US</locale> <!-- <keytable>us</keytable> --> <timezone>Europe/Berlin</timezone> <rpm-check-signatures>false</rpm-check-signatures> </preferences> <preferences profiles="Live"> <type image="iso" flags="overlay" hybridpersistent_filesystem="ext4" hybridpersistent="true" firmware="efi"/> </preferences> <preferences profiles="Disk"> <type image="oem" filesystem="ext4" initrd_system="dracut" firmware="efi" installiso="true"> <oemconfig> <oem-swap>true</oem-swap> <oem-device-filter>/dev/ram</oem-device-filter> <oem-multipath-scan>false</oem-multipath-scan> </oemconfig> </type> </preferences> <preferences profiles="MS-HyperV"> <type image="oem" filesystem="ext4" format="vhdx" kernelcmdline="" firmware="uefi" editbootconfig="editbootconfig_hyperv.sh"> <bootloader name="grub2" /> <oemconfig> <oem-resize>false</oem-resize> </oemconfig> </type> </preferences> <repository type="apt-deb" repository_gpgcheck="false" imageinclude="true"> <source path="http://download.opensuse.org/repositories/Virtualization:/Appliances:/Builder/xUbuntu_24.04/"/> </repository> <repository type="apt-deb" alias="noble-security" distribution="noble-security" components="main multiverse restricted universe" repository_gpgcheck="false"> <source path="http://packages.oth-regensburg.de/ubuntu/"/> </repository> <repository type="apt-deb" alias="noble-updates" distribution="noble-updates" components="main multiverse restricted universe" repository_gpgcheck="false"> <source path="http://packages.oth-regensburg.de/ubuntu/"/> </repository> <repository type="apt-deb" alias="noble" distribution="noble" components="main multiverse restricted universe" repository_gpgcheck="false"> <source path="http://packages.oth-regensburg.de/ubuntu/"/> </repository> <packages type="image"> <package name="grub-efi-amd64"/> <package name="grub-common"/> <package name="grub2-common"/> <package name="grub-pc-bin"/> <package name="syslinux"/> <package name="syslinux-common"/> <package name="systemd"/> <package name="dracut"/> <package name="init"/> <package name="gnupg"/> <package name="iproute2"/> <package name="iptables"/> <package name="iputils-ping"/> <package name="ifupdown"/> <package name="isc-dhcp-client"/> <package name="netbase"/> <package name="locales"/> <package name="dbus"/> <package name="xz-utils"/> <package name="btrfs-progs"/> <package name="ntp"/> <package name="ssh"/> <package name="sudo"/> <package name="curl"/> <package name="cron"/> <package name="ca-certificates"/> <package name="shim"/> <package name="vim"/> <package name="shim-signed"/> <package name="locales-all"/> <package name="tzdata"/> </packages> <packages type="iso"> <package name="dracut-kiwi-live"/> </packages> <packages type="oem"> <package name="dracut-kiwi-oem-repart"/> <package name="dracut-kiwi-oem-dump"/> </packages> <packages type="image" profiles="MS-HyperV"> <package name="linux-virtual"/> <package name="linux-cloud-tools-virtual"/> <package name="cloud-init"/> <package name="cloud-utils"/> <package name="linux-tools-virtual"/> </packages> <packages type="image" profiles="Live"> <package name="isolinux"/> <package name="linux-generic"/> </packages> <packages type="image" profiles="Disk"> <package name="linux-generic"/> </packages> <packages type="bootstrap"> <package name="apt"/> </packages> </image>

Back to top

How to enable UEFI support

M.S. Varadharajan Nadar <msraj...@gmail.com>: Sep 10 01:07PM -0700 Hi Team,   I am trying to build an Ova image with secure UEFI support, I can build and run an Ova image but am not able to switch from "Legacy BIOS" to UEFI   Every time I change from "Legacy BIOS" to "UEFI" the VM fails to boot, I removed the signed grubx86.efi from the root folder but I am still not able to boot the VM   Error: EFI VMware SCSI Hard Drive (0.0) ... No compatible bootloader found.   Thank you Varadharajan Nadar

Back to top

Digest for kiwi-...@googlegroups.com - 6 updates in 2 topics

austin new <austi...@gmail.com>: Sep 10 12:56PM -0500 <?xml version="1.0" encoding="utf-8"?>   <image schemaversion="7.6" name="Ubuntu-24.04_appliance"> <description type="system"> <author>Marcus Schaefer</author> <contact>m...@suse.com</contact> <specification>Image description for Ubuntu 24.04</specification> </description> <profiles> <profile name="Live" description="Live image" import="true"/> <profile name="Virtual" description="Simple Disk image"/> <profile name="Disk" description="Expandable Disk image"/> </profiles> <preferences> <version>1.16.4</version> <packagemanager>apt</packagemanager> <bootsplash-theme>sabily</bootsplash-theme> <bootloader-theme>ubuntu-mate</bootloader-theme> <locale>en_US</locale> <timezone>UTC</timezone> <rpm-check-signatures>false</rpm-check-signatures> </preferences> <preferences profiles="Live"> <type image="iso" flags="overlay" hybridpersistent_filesystem="ext4" hybridpersistent="true" firmware="efi"/> </preferences> <preferences profiles="Virtual"> <type image="oem" filesystem="ext4" kernelcmdline="console=ttyS0" firmware="uefi"> <oemconfig> <oem-resize>false</oem-resize> </oemconfig> <bootloader name="grub2"/> </type> </preferences> <preferences profiles="Disk"> <type image="oem" filesystem="ext4" initrd_system="dracut" firmware="efi" installiso="true"> <oemconfig> <oem-swap>true</oem-swap> <oem-device-filter>/dev/ram</oem-device-filter> <oem-multipath-scan>false</oem-multipath-scan> </oemconfig> </type> </preferences> <users> <user password="$1$wYJUgpM5$RXMMeASDc035eX.NbYWFl0" home="/root" name="root" groups="root"/> </users> <repository type="apt-deb" repository_gpgcheck="false" package_gpgcheck="false" imageinclude="true"> <source path="obs://Virtualization:Appliances:Builder/xUbuntu_24.04"/> </repository> <repository type="apt-deb" alias="Noble-updates" distribution="noble-updates" components="main multiverse restricted universe" repository_gpgcheck="false"> <source path="http://us.archive.ubuntu.com/ubuntu/"/> </repository> <repository type="apt-deb" alias="Noble" distribution="noble" components="main multiverse restricted universe" repository_gpgcheck="false"> <source path="http://us.archive.ubuntu.com/ubuntu/"/> </repository> <packages type="image"> <package name="libpam-runtime"/> <package name="grub2-themes-ubuntu-mate"/> <package name="plymouth-theme-sabily"/> <package name="plymouth"/> <package name="grub-efi-amd64"/> <package name="grub-common"/> <package name="grub2-common"/> <package name="grub-pc-bin"/> <package name="linux-generic"/> <package name="isolinux"/> <package name="syslinux"/> <package name="syslinux-common"/> <package name="systemd"/> <package name="dracut"/> <package name="init"/> <package name="gnupg"/> <package name="iproute2"/> <package name="iptables"/> <package name="iputils-ping"/> <package name="ifupdown"/> <package name="isc-dhcp-client"/> <package name="netbase"/> <package name="dbus"/> <package name="xz-utils"/> <package name="btrfs-progs"/> <package name="shim"/> <package name="shim-signed"/> <package name="locales-all"/> <package name="tzdata"/> <package name="language-pack-en"/> </packages> <packages type="iso"> <package name="dracut-kiwi-live"/> </packages> <packages type="oem"> <package name="dracut-kiwi-oem-repart"/> <package name="dracut-kiwi-oem-dump"/> </packages> <packages type="bootstrap"/> </image>

Back to top

You received this digest because you're subscribed to updates for this group. You can change your settings on the group membership page. To unsubscribe from this group and stop receiving emails from it send an email to kiwi-images...@googlegroups.com.

[austin new]

Hi, I am trying to build without arch with kiwi 9v.  It's been some issues. I have installed dracut. still running into this issue.  Could you please share the issue resolve. Thank you.

[ INFO    ]: Processing: [                                        ] 0%[ DEBUG   ]: 18:25:26 | system: Reading package lists...
[ DEBUG   ]: 18:25:26 | system: Building dependency tree...
[ INFO    ]: Processing: [########################################] 100%
[ ERROR   ]: 18:25:26 | KiwiInstallPhaseFailed: System package installation failed: E: Unable to locate package dracut-kiwi-live

[ INFO    ]: 18:25:26 | Cleaning up SystemPrepare instance

[austin new]

That has been resolved in kiwi v10,

I got an error when executing build tests .Build didn't work, how can we solve this?

W: https://download.opensuse.org/repositories/Virtualization:/Appliances:/Builder/xUbuntu_24.04_x86_64/amd64/dracut-kiwi-live_10.1.11-1.1_amd64.deb: No system certificates available. Try installing ca-certificates.
E: Failed to fetch https://download.opensuse.org/repositories/Virtualization:/Appliances:/Builder/xUbuntu_24.04_x86_64/amd64/dracut-kiwi-live_10.1.11-1.1_amd64.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification.

[Marcus Schäfer]

Hi

> https://download.opensuse.org/repositories/Virtualization:/Appliances:/
> Builder/xUbuntu_24.04_x86_64/amd64/dracut-kiwi-live_10.1.11-1.1_amd64.d

> eb Certificate verification failed: The certificate is NOT trusted.
> The certificate issuer is unknown. Could not handshake: Error in the
> certificate verification.

Some information to this issue can be found on the following page:

https://askubuntu.com/questions/1095266/apt-get-update-failed-because-certificate-verification-failed-because-handshake

Which of the proposed solutions matches your use case I can't tell.
I did not investigate deeper on this issue and hope the above
information helps you

[austin new]

I just noticed 2 issues. It seems to be having issues with public key setup.

1.  W: GPG error: http://us.archive.ubuntu.com/ubuntu noble-updates InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C
W: GPG error: https://download.opensuse.org/repositories/Virtualization:/Appliances:/Builder/xUbuntu_24.04_x86_64 ./ InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 0739B8027BF939EF
W: GPG error: http://us.archive.ubuntu.com/ubuntu noble InRelease: The following signatures couldn't be verified because the public key is not available: NO_PUBKEY 871920D1991BC93C

2, W: https://download.opensuse.org/repositories/Virtualization:/Appliances:/Builder/xUbuntu_24.04_x86_64/amd64/dracut-kiwi-live_10.1.11-1.1_amd64.deb: No system certificates available. Try installing ca-certificates.

E: Failed to fetch https://download.opensuse.org/repositories/Virtualization:/Appliances:/Builder/xUbuntu_24.04_x86_64/amd64/dracut-kiwi-live_10.1.11-1.1_amd64.deb  Certificate verification failed: The certificate is NOT trusted. The certificate issuer is unknown.  Could not handshake: Error in the certificate verification.

--
You received this message because you are subscribed to a topic in the Google Groups "kiwi" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/kiwi-images/9AqdoESd9wY/unsubscribe.
To unsubscribe from this group and all its topics, send an email to kiwi-images...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/kiwi-images/0841e778-3347-4936-b407-9dcc2a76b527n%40googlegroups.com.

[austin new]

Hi,

Cool, trying to follow the previous threads, documentation. This works now. thanks for the help. Will see any issues.