Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using Checksum=true seems to generate incorrect output #3027

Open
justinvreeland opened this issue Sep 13, 2024 · 5 comments
Open

Using Checksum=true seems to generate incorrect output #3027

justinvreeland opened this issue Sep 13, 2024 · 5 comments
Labels
bug

Comments

@justinvreeland
Copy link
Contributor

mkosi commit the issue has been seen with

main

Used host distribution

Archlinux

Used target distribution

default

Linux kernel version used

6.10.8-arch1-1

CPU architectures issue was seen on

x86_64

Unexpected behaviour you saw

I expected to see a SHA256SUMS file or image.sha256 file that would be compatible with importctl. Instead files with names like image.SHA256SUMS are generated. When using the configuration attached I see:

ls mkosi.output
total 34188
    0 lrwxrwxrwx 1 root root        9 Sep 13 12:31 image -> image.raw
34184 -rw-r--r-- 1 root root 36028416 Sep 13 12:31 image.raw
    4 -rw-r--r-- 1 root root       76 Sep 13 12:31 image.SHA256SUMS

The mkosi docs lead me to believe the file should be created as a standalone file. From the mkosi docs:

Generate a SHA256SUMS file of all generated artifacts after the build is complete.

The importctl docs seem to agree:

Verification is done either via an
inline signed file with the name of the image and the suffix
.sha256 or via separate SHA256SUMS and SHA256SUMS.gpg files.

This also applies to the image.SHA256SUMS.gpg file.

Used mkosi config

[Validation]
Checksum=true

mkosi output

No response
@behrmann
Copy link
Contributor

Unfortunately we have to bake the image name into the output, otherwise when generating multiple outputs they would clobber each other. You will have to do some post processing after invoking mkosi or maybe you can hack this with a postoutput script.

@justinvreeland
Copy link
Contributor Author

Ahh I can understand how that causes problem. Were I making a lot of images in the same directory though I'd like have the option to concatenate and re-sign the file for all the images built into that directory. I can see people wanting things either way depending on how much post processing they want to do. I think it'd be ideal for mkosi to be able to produce working output to be consumed by related tools though.

@septatrix
Copy link
Contributor

Most importantly the docs should at least get updated

@davide125
Copy link
Contributor

Related to this, it looks like we currently prefix an asterisk before each filename in the generated SHA256SUMS, but there's no mention of this in the documentation (and it's unclear to me why it's done in the first place).

@septatrix
Copy link
Contributor

Related to this, it looks like we currently prefix an asterisk before each filename in the generated SHA256SUMS, but there's no mention of this in the documentation (and it's unclear to me why it's done in the first place).

That symbolizes a binary file (see the man page of sha256sum et al) but that is mostly a convention and not done by all tools

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug
Milestone
No milestone
Development

No branches or pull requests
4 participants
@davide125 @behrmann @justinvreeland @septatrix