1. Forum
  2. Usenet
  3. LINUX.DEBIAN.BUGS.DIST

  • Bug#1104488: live-boot: Segmentation fault when trying to mount filesys

    From Richard Ulrich@21:1/5 to All on Thu May 1 10:10:01 2025
    Package: live-boot
    Version: 1:20250225
    Severity: normal
    X-Debbugs-Cc: richi+debian@ulrichard.ch

    Dear Maintainer,

    We have a live DVD based on Debian that we build inside a docker container using mmdebstrap. The whole DVD builds reproducibly. Now we want to add secureboot
    and dm-verity. Secureboot looks good, but we are strugling with dm-verity.

    "veritysetup format" and "veritysetup verify" seem to work fine. But when
    the system boots, I always get "segmentation faults" (for trixie) or "operation not supported" (for bookworm) when it tries to mount the verity squashfs.

    The full source can be found at https://github.com/AminaBank/livedeb/
    To reproduce the error, just run:
    git checkout feature/verity && make iso && make run

    The error happens at: https://salsa.debian.org/live-team/live-boot/-/blob/master/components/9990-overlay.sh?ref_type=heads#L179

    I found the following in boot.log

    Begin: Mounting "/run/live/medium/live/filesystem.squashfs" on "/run/live/rootfs/filesystem.squashfs" via "/dev/loop0" ... + return 0
    + mount -t squashfs -o ro,noatime -o 'verity.hashdevice=/dev/loop1' -o 'verity.roothashfile=/run/live/medium/live/filesystem.squashfs.roothash' -o 'verity.oncorruption=panic' /dev/loop0 /run/live/rootfs/filesystem.squashfs
    Segmentation fault
    + panic 'Can not mount /dev/loop0 (/run/live/medium/live/filesystem.squashfs) on /run/live/rootfs/filesystem.squashfs'


    -- Package-specific info:

    -- System Information:
    Debian Release: trixie/sid
    APT prefers testing
    APT policy: (500, 'testing')
    Architecture: amd64 (x86_64)

    Kernel: Linux 6.12.22-amd64 (SMP w/16 CPU threads; PREEMPT)
    Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), LANGUAGE=de_CH:de
    Shell: /bin/sh linked to /usr/bin/dash
    Init: systemd (via /run/systemd/system)
    LSM: AppArmor: enabled

    Versions of packages live-boot depends on:
    ii live-boot-initramfs-tools [live-boot-backend] 1:20250225

    Versions of packages live-boot recommends:
    ii live-boot-doc 1:20250225
    ii live-tools 1:20240525
    ii rsync 3.4.1+ds1-3
    ii uuid-runtime 2.41-4

    Versions of packages live-boot suggests:
    ii cryptsetup 2:2.7.5-1
    pn curlftpfs <none>
    pn httpfs2 <none>
    ii wget 1.25.0-2

    -- no debconf information

    --- SoupGate-Win32 v1.05
    * Origin: fsxNet Usenet Gateway (21:1/5)