manjaro-tools issueshttps://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues2024-03-27T13:24:36Zhttps://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/345Avoid the /dev/loop0 busy condition.2024-03-27T13:24:36ZphoepsilonixAvoid the /dev/loop0 busy condition.When using the loopback device, the losetup command is used to resolve permission issues.
```diff:0001-losetup.patch
diff --git a/lib/util-iso-mount.sh b/lib/util-iso-mount.sh
index 0c3e05b..b776b0d 100644
--- a/lib/util-iso-mount.sh
++...When using the loopback device, the losetup command is used to resolve permission issues.
```diff:0001-losetup.patch
diff --git a/lib/util-iso-mount.sh b/lib/util-iso-mount.sh
index 0c3e05b..b776b0d 100644
--- a/lib/util-iso-mount.sh
+++ b/lib/util-iso-mount.sh
@@ -11,7 +11,8 @@
track_img() {
info "mount: [%s]" "$2"
- mount "$@" && IMG_ACTIVE_MOUNTS=("$2" "${IMG_ACTIVE_MOUNTS[@]}")
+ LOOPBACK=$(losetup --show -f "$1")
+ mount $LOOPBACK "$2" && IMG_ACTIVE_MOUNTS=("$2" "${IMG_ACTIVE_MOUNTS[@]}")
}
mount_img() {
@@ -24,6 +25,7 @@ umount_img() {
if [[ -n ${IMG_ACTIVE_MOUNTS[@]} ]]; then
info "umount: [%s]" "${IMG_ACTIVE_MOUNTS[@]}"
umount "${IMG_ACTIVE_MOUNTS[@]}"
+ losetup -d $LOOPBACK
unset IMG_ACTIVE_MOUNTS
rm -r "$1"
fi
```
```diff
diff --git a/lib/util-iso.sh b/lib/util-iso.sh
index edf50a0..8154067 100644
--- a/lib/util-iso.sh
+++ b/lib/util-iso.sh
@@ -323,6 +323,7 @@ make_image_root() {
msg "Prepare [Base installation] (rootfs)"
local path="${work_dir}/rootfs"
mkdir -p ${path}
+ sync
chroot_create "${path}" "${packages}" || die
@@ -349,6 +350,7 @@ make_image_desktop() {
msg "Prepare [Desktop installation] (desktopfs)"
local path="${work_dir}/desktopfs"
mkdir -p ${path}
+ sync
mount_fs_root "${path}"
@@ -393,6 +395,7 @@ make_image_live() {
msg "Prepare [Live installation] (livefs)"
local path="${work_dir}/livefs"
mkdir -p ${path}
+ sync
mount_fs_select "${path}"
@@ -434,6 +437,7 @@ make_image_mhwd() {
msg "Prepare [drivers repository] (mhwdfs)"
local path="${work_dir}/mhwdfs"
mkdir -p ${path}${mhwd_repo}
+ sync
mount_fs_select "${path}"
@@ -463,6 +467,7 @@ make_image_boot() {
local boot="${iso_root}/boot"
mkdir -p ${boot}
+ sync
cp ${work_dir}/rootfs/boot/vmlinuz* ${boot}/vmlinuz-${target_arch}
```https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/343In the new kernel package, extramodules have been removed from the PATH.2024-01-28T13:08:26ZphoepsilonixIn the new kernel package, extramodules have been removed from the PATH.In the new kernel package, extramodules have been removed from the PATH.
Therefore, the following action will need to be taken.
You may need the KERNEL-headers package for Packages-Root.
Other proposed fixes
```
local _kernver=$(cat ...In the new kernel package, extramodules have been removed from the PATH.
Therefore, the following action will need to be taken.
You may need the KERNEL-headers package for Packages-Root.
Other proposed fixes
```
local _kernver=$(cat $1/boot/*.kver|awk '{print $1}')
```
```
diff --git a/lib/util-iso-boot.sh b/lib/util-iso-boot.sh
index aa012b7..29a22c3 100644
--- a/lib/util-iso-boot.sh
+++ b/lib/util-iso-boot.sh
@@ -18,7 +18,7 @@ prepare_initcpio(){
prepare_initramfs(){
cp ${DATADIR}/mkinitcpio.conf $1/etc/mkinitcpio-${iso_name}.conf
- local _kernver=$(cat $1/usr/lib/modules/*/version)
+ local _kernver=$(cat $1/usr/lib/modules/*/build/version)
if [[ -n ${gpgkey} ]]; then
su ${OWNER} -c "gpg --export ${gpgkey} >${USERCONFDIR}/gpgkey"
exec 17<>${USERCONFDIR}/gpgkey
```https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/342update tool box2023-12-16T08:08:31ZFrede Hupdate tool box`https://forum.manjaro.org/t/suggest-remove-lib32-from-minimal/147500`
There is several small issues which can be fixed the the attached patch
[feat-no-multilib-bugfix-defaults-conf.patch](/uploads/c8f3aa4cdf051badd9a922efe3b6ebf4/feat...`https://forum.manjaro.org/t/suggest-remove-lib32-from-minimal/147500`
There is several small issues which can be fixed the the attached patch
[feat-no-multilib-bugfix-defaults-conf.patch](/uploads/c8f3aa4cdf051badd9a922efe3b6ebf4/feat-no-multilib-bugfix-defaults-conf.patch)
1. issue #341 (shell check)
2. issue #340 (cosmetics for data/mkinitcpio.conf)
3. feature to disable multilib from command line `-n` - affecting bin/buildiso.in, lib/util.sh, lib/util-iso.sh
4. makefile missing cleanup check-yaml
5. data/pacman-default.conf -> removed community, enable ParallelDownloads
6. data/pacman-multilib.conf -> removed community, enable ParallelDownloads
@philm all is tested and fully functional - but please check my patchhttps://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/340[data/mkinitcpio.conf] old bash array style fix2023-12-16T07:57:56ZFrede H[data/mkinitcpio.conf] old bash array style fixPlease these forum topics for discussions on the syntax
```
https://forum.manjaro.org/t/mkinitcpio-conf-correct-hooks-and-syntax/152025
https://forum.manjaro.org/t/mkinitcpio-conf-correct-hooks-and-syntax/152025/21
```
[01-fix-mkinitcp...Please these forum topics for discussions on the syntax
```
https://forum.manjaro.org/t/mkinitcpio-conf-correct-hooks-and-syntax/152025
https://forum.manjaro.org/t/mkinitcpio-conf-correct-hooks-and-syntax/152025/21
```
[01-fix-mkinitcpio-old-array-style.patch](/uploads/d36732e3e58949b11ee90d36abf1d0c7/01-fix-mkinitcpio-old-array-style.patch)https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/341[lib/util.sh] fix invalid brackets2023-12-16T07:57:31ZFrede H[lib/util.sh] fix invalid bracketsIn function init_profiles() there is invalid brackets `]]`
[02-remove-invalid-brackets.patch](/uploads/f2ac23be6ad6b82723ac71e99b92b01c/02-remove-invalid-brackets.patch)In function init_profiles() there is invalid brackets `]]`
[02-remove-invalid-brackets.patch](/uploads/f2ac23be6ad6b82723ac71e99b92b01c/02-remove-invalid-brackets.patch)https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/339manjaro tools2023-06-18T09:51:40ZRobin Wheelermanjaro toolsPlease Change "multilib.conf" in the data folder and pacman-default.conf also in the data folder as per
https://github.com/robin0800/manjaro-tools
the link contains detailsPlease Change "multilib.conf" in the data folder and pacman-default.conf also in the data folder as per
https://github.com/robin0800/manjaro-tools
the link contains detailshttps://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/337failed retrieving file2023-01-10T17:10:54ZTiofailed retrieving fileWhen `buildiso -p xfce` I get this error recently:
```
-> Installing packages to /var/lib/manjaro-tools/buildiso/xfce/x86_64/rootfs
:: Synchronizing package databases...
core.db failed to download
error: failed retrieving file 'core.db...When `buildiso -p xfce` I get this error recently:
```
-> Installing packages to /var/lib/manjaro-tools/buildiso/xfce/x86_64/rootfs
:: Synchronizing package databases...
core.db failed to download
error: failed retrieving file 'core.db' from manjaro.moson.eu : Failed to connect to manjaro.moson.eu port 443 after 289 ms: Couldn't connect to server
error: failed to synchronize all databases (download library error)
==> ERROR: Failed to install packages to new root
==> ERROR: Failed to install all packages
```
I refreshed the mirrors and all that. Does not work. Used to work well. Where could the issue be? I tried different VPN connections to change the IP but same exact error. I cannot access manjaro.moson.eu from my machine it seems.https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/336change default build repo server2023-01-10T17:10:05ZVitor Lopeschange default build repo serversince october 23rd 2022 https://manjaro.moson.eu is offline according to this information
(https://forum.manjaro.org/t/mirror-removal-manjaro-moson-eu-2022-10-23/122625)
this repo is set as default in manjaro-tools.conf
please change ...since october 23rd 2022 https://manjaro.moson.eu is offline according to this information
(https://forum.manjaro.org/t/mirror-removal-manjaro-moson-eu-2022-10-23/122625)
this repo is set as default in manjaro-tools.conf
please change to active repo or set additional info to set up the repo before build imagehttps://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/338Time to update manjaro-tools and buildiso?2023-01-10T17:10:05ZRoel VanraepenbuschTime to update manjaro-tools and buildiso?When i tried to buid plasma-mobile, I first got this message:
error: failed retrieving file 'core.db' from manjaro.moson.eu : Could not resolve host: manjaro.moson.eu
After changing the mirror to one that exists, I got this messagees:
...When i tried to buid plasma-mobile, I first got this message:
error: failed retrieving file 'core.db' from manjaro.moson.eu : Could not resolve host: manjaro.moson.eu
After changing the mirror to one that exists, I got this messagees:
error: target not found: ipw2100-fw
error: target not found: ipw2200-fw
error: target not found: manjaro-firmware
If I do a manual search tot the packages, they do not seem to exist.https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/170we need a rework on 'machineid'2022-12-06T06:58:27ZPhilip Müllerwe need a rework on 'machineid'*Created by: philmmanjaro*
This is the default settings of **Calamares**
```
---
# Whether to create /etc/machine-id for systemd.
systemd: true
# Whether to create /var/lib/dbus/machine-id for D-Bus.
dbus: true
# Whether /var/lib/dbus...*Created by: philmmanjaro*
This is the default settings of **Calamares**
```
---
# Whether to create /etc/machine-id for systemd.
systemd: true
# Whether to create /var/lib/dbus/machine-id for D-Bus.
dbus: true
# Whether /var/lib/dbus/machine-id should be a symlink to /etc/machine-id
# (ignored if dbus is false, or if there is no /etc/machine-id to point to).
symlink: true
```
However we set **openrc** basics by default, even on **systemd** systems:
```
write_calamares_machineid_conf(){
local conf="$1/etc/calamares/modules/machineid.conf"
echo "systemd: false" > $conf
echo "dbus: true" >> $conf
echo "symlink: false" >> $conf
}
```
So we have to investigate why we changed it and correct it for both **init systems**!
https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/333Another error whole building the ISO2022-11-02T18:09:42ZTioAnother error whole building the ISOI get this error while trying to build a manjaro gnome spin:
```
cp: cannot stat '/var/lib/manjaro-tools/buildiso/gnome/x86_64/bootfs/usr/share/licenses/amd-ucode/LICENSE': No such file or directory
==> ERROR: A failure occurred in make...I get this error while trying to build a manjaro gnome spin:
```
cp: cannot stat '/var/lib/manjaro-tools/buildiso/gnome/x86_64/bootfs/usr/share/licenses/amd-ucode/LICENSE': No such file or directory
==> ERROR: A failure occurred in make_image_boot().
```
But the git version of manjaro-tools-iso-git seems to workhttps://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/324miso_mount_handler() > _mnt_sfs() > _mnt_dev() failing on livefs2022-05-30T07:24:17ZGuido Maria Serra+Fenarolimiso_mount_handler() > _mnt_sfs() > _mnt_dev() failing on livefsI downloaded the latest Manjaro image for i3 201, the livecd bootstrap is failing miserably at this line
https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/blob/master/initcpio/hooks/miso#L95
when attempting to mount liv...I downloaded the latest Manjaro image for i3 201, the livecd bootstrap is failing miserably at this line
https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/blob/master/initcpio/hooks/miso#L95
when attempting to mount livefs (md5 signatures are correct: also tried on different media, I created the bootable usb via dd of the iso)
...plus the same usb stick works on my laptop (Huawei w29c), on the workstation instead is presenting such problem<br/>
(I did had to struggle to get a bootable BIOS configuration... the motherboard is an "MSI z270-a pro carbon")
also... nice the interactive shell, but I have no idea how to attempt the resume of the procedure
for reference, the message looks like
```
:: Mounting overlay root (tmpfs) filesystem, size=75%...:: Mounting '/dev/loop0' to '/run/miso/sfs/livefs'
mount: /run/miso/sfs/livefs: wrong fs type, bad option, bad superblock on /dev/loop0, missing codepage or helper programm, or other error.
ERROR; Failed to mount '/dev/loop'
```https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/329User is not in the sudoers file2021-07-24T00:54:19ZTioUser is not in the sudoers fileBuilding our custom iso with the latest Manjaro Tools outputs that error when newly created users cannot perform a "sudo" task in the terminal. They are able to add/remove software, update the system, and so forth. I am wondering if this...Building our custom iso with the latest Manjaro Tools outputs that error when newly created users cannot perform a "sudo" task in the terminal. They are able to add/remove software, update the system, and so forth. I am wondering if this is a bug with the Manjaro Tools or not? It worked up until the change from the normal Calamares install to the new Gnome Greeting install.
Our spin files are pretty much in sync with the Manjaro Gnome files (packages and configs). So I wonder what is the issue.
Cheers!https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/332Error when creating a Manjaro custom ISO2021-07-14T21:44:45ZTioError when creating a Manjaro custom ISOThis is the error:
```
buildiso -p gnome
/usr/lib/manjaro-tools/util-iso.sh: line 201: syntax error near unexpected token `<<<'
/usr/lib/manjaro-tools/util-iso.sh: line 201: `<<<<<<< HEAD'
/usr/sbin/buildiso: line 203: check_requirement...This is the error:
```
buildiso -p gnome
/usr/lib/manjaro-tools/util-iso.sh: line 201: syntax error near unexpected token `<<<'
/usr/lib/manjaro-tools/util-iso.sh: line 201: `<<<<<<< HEAD'
/usr/sbin/buildiso: line 203: check_requirements: command not found
/usr/lib/manjaro-tools/util.sh: line 804: build: command not found
==> ERROR: An unknown error has occurred. Exiting...
User defined signal 1
```
I wonder if it is a bug with the manjaro-tools package.
Using manjaro-tools-iso 0.15.12-5 + manjaro-tools.base 0.15.12-1 + manjaro-tools-okg 0.15.12-1https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/307manjaro-efi-utils: where is locate2021-07-07T16:56:46ZStefano Capitanimanjaro-efi-utils: where is locate@philm @oberon just to play with our live isos to obtain more universal; where i can find the pkgbuild for the packages in the object? where we pick the EFI files? I can't find the pkgbuild in the old github repo :(@philm @oberon just to play with our live isos to obtain more universal; where i can find the pkgbuild for the packages in the object? where we pick the EFI files? I can't find the pkgbuild in the old github repo :(https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/305can this be forked and used to respin arch linux?2021-07-07T16:56:02ZAustcool-Walker0ajwalker@gmail.comcan this be forked and used to respin arch linux?Hi I was wondering if I could fork this tool and use it to respin arch linux? I want to make an arch respin but archiso seems to be older and is sort of like manjaro-iso which to my knowlage is no longer used.Hi I was wondering if I could fork this tool and use it to respin arch linux? I want to make an arch respin but archiso seems to be older and is sort of like manjaro-iso which to my knowlage is no longer used.https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/302Manjaro-tools stuck2021-07-07T16:55:43ZElrondo46Manjaro-tools stuckManjaro-tools stuck after: generating fallback image
Stuck with no errors waiting foreverManjaro-tools stuck after: generating fallback image
Stuck with no errors waiting foreverhttps://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/317Make changes on ISO volume Id for osinfo.2021-07-07T16:27:37ZVitor LopesMake changes on ISO volume Id for osinfo.This will allow it to work within virtualized environments like virt-install / virt-manager / cockpit-manachines / GNOME Boxes / KubeVirt
https://gitlab.com/libosinfo/osinfo-db/merge_requests/79This will allow it to work within virtualized environments like virt-install / virt-manager / cockpit-manachines / GNOME Boxes / KubeVirt
https://gitlab.com/libosinfo/osinfo-db/merge_requests/79https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/330Vulnerability: (x86_64) images are built with a pre-initialised (and thus com...2021-06-14T09:39:00ZAshley Newsonashleynewson@smartsim.org.ukVulnerability: (x86_64) images are built with a pre-initialised (and thus common) pacman local signing keyI initially discovered and submitted an issue for the ARM image build process (https://gitlab.manjaro.org/manjaro-arm/applications/manjaro-arm-tools/-/issues/33), which has since been addressed by Dan Johansen (@Strit). However, upon fur...I initially discovered and submitted an issue for the ARM image build process (https://gitlab.manjaro.org/manjaro-arm/applications/manjaro-arm-tools/-/issues/33), which has since been addressed by Dan Johansen (@Strit). However, upon further investigation, it was realised this issue affects x86_64 Manjaro installations also.
## Impact
Manjaro x86_64 installations can be tricked into installing maliciously signed packages by a network attacker, leading to code execution as root.
[CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H](https://www.first.org/cvss/calculator/3.1#CVSS:3.1/AV:A/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H) (7.1 High)
## Details
Manjaro ISO images, used for installation of Manjaro on x86_64 systems, contain pre-initialised pacman keyrings - i.e., the `/etc/pacman.d/gnupg` directory. When a Manjaro system is installed, its `/etc/pacman.d/gnupg` directory is inherited from the installation medium.
This is problematic because everyone who installs from these common installation mediums will inherit the same and non-secret local signing key (both private and public components). This is dangerous because the local signing key can be used to directly sign packages for installation via pacman - even those obtained from supposedly official mirrors.
I was able to confirm that a man-in-the-middle attacker (or a rogue mirror) can use the signing key extracted from a corresponding ISO image to serve modified databases and packages which would then appear authentic to pacman's signature checks and would thus be installed without any objection. As such, malware could be installed to a user's device by a man-in-the-middle attacker during an update or package installation.
(Note that, technically, databases don't need to be signed, but packages must be signed by a trusted key. The database typically contains package signatures, and so it probably needs to be modified by an attacker also.)
## Exploitability
- Use of plaintext HTTP mirrors (i.e. not HTTPS) are still commonplace and enabled by default, allowing database and package downloads to be subverted by a network-adjacent attacker. Note, however, that a freshly installed Manjaro installation may not always be configured with an HTTP mirror - it involves a little chance as I understand.
- It's my understanding that Manjaro can be configured to download updates automatically. I'm not sure if it will install them automatically (as that's generally not sensible for Arch-based platforms), but poisoning the database/package cache may be 50% of the way there.
- I have only tested the `manjaro-gnome-21.0.4-minimal-210506-linux510.iso` image, but it's my understanding that the issue arises from the build process and that all images and Manjaro installations are likely affected.
- Different installation mediums are initialised with different keys. An attacker would need to use the local signing key from the specific installation medium used to install a system in order to attack it. Though, I suspect that an attacker could try multiple signatures at once if multiple packages are to be installed/upgraded.
## Suggested Remediation
- [x] `/etc/pacman.d/gnupg` should be purged before the installation image is finalised.
- [x] Defer initialisation of the pacman keyring (`pacman-key --init`, `pacman-key --populate ...`) until the installation medium is booted. Note that it's probably sufficient to inherit keys from the installation medium so long as the installation medium's keys are generated uniquely for each boot.
- [x] Rebuild any affected images to exclude pre-initialised keyrings as soon as possible.
- [x] Retroactively revoke compromised local signing keys on affected hosts and individually regenerate the keyring from scratch, so that existing installations can be protected. ~~This list can be compiled from an archive of installation mediums.~~ (Keyring regenerated if system version below `20210612`)
## References
https://manjaro.org/downloads/official/gnome/
https://download.manjaro.org/gnome/21.0.4/manjaro-gnome-21.0.4-210506-linux510.iso.torrent
`magnet:?xt=urn:btih:828b80aff2ab11cba539200d9765333d627a10a0&dn=manjaro-gnome-21.0.4-minimal-210506-linux510.iso&tr=udp%3A%2F%2Ftracker.opentrackr.org%3A1337&ws=https%3A%2F%2Fdownload.manjaro.org%2Fgnome%2F21.0.4%2Fmanjaro-gnome-21.0.4-minimal-210506-linux510.iso`
Observe that `manjaro-gnome-21.0.4-210506-linux510.iso/manjaro/x86_64/rootfs.sfs/etc/pacman.d/gnupg/private-keys-v1.d/D10EEE9A774D88C46B3A7377E7DC6D84164E0959.key` is copied as-is to systems installed from this medium.https://gitlab.manjaro.org/tools/development-tools/manjaro-tools/-/issues/326Feature request: support masking services in live session2021-01-28T09:30:50ZMatti HyttinenFeature request: support masking services in live sessionSome services like tlp are unnecessary and cause issues in live sessions. It would be useful to be able to mask them in live overlay. Normal symlink in the live overlay directory does not work, it breaks the service enablement function i...Some services like tlp are unnecessary and cause issues in live sessions. It would be useful to be able to mask them in live overlay. Normal symlink in the live overlay directory does not work, it breaks the service enablement function in buildisoBernhard LandauerBernhard Landauer