Qubes-builder issues

kenosen · April 29, 2023, 11:06pm

In my pursuit of achieving a more seamless integration/installation of Qubes for journalists, I wanted to offer Salt scripts at installation by altering the ISO (adding new salt files and altering the anaconda-addon) similar to one user’s easy-install-of-qubes scripts. So I’ve attempted to setup a qubes-builder environment/AppVM but have run into issues, despite following all requisite documentation. My template is Fedora-32 and I’ve added all signing keys, and have modified the .conf file for no_sign, and I’ve also changed setenforce.

Whenever I run make get-sources, I encounter the below errors.

I’m at a loss and have tried on different templates, following both Qubes-Builder documentation and Qubes-ISO documentation.

I apologize in advance if this is the wrong sub-forum for this.
-ken

Your branch is up to date with 'origin/release4.1'.
--> Downloading additional sources for vmm-xen...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/vmm-xen'
git submodule update --init --recursive
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/vmm-xen'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/vmm-xen'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/vmm-xen'
--> Downloading additional sources for core-libvirt...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/core-libvirt'
curl --proto '=https' --proto-redir '=https' --tlsv1.2 --http1.1 -sSfL -o libvirt-6.6.0.tar.xz.asc https://libvirt.org/sources/libvirt-6.6.0.tar.xz.asc
curl --proto '=https' --proto-redir '=https' --tlsv1.2 --http1.1 -sSfL -o libvirt-6.6.0.tar.xz.UNTRUSTED -- https://libvirt.org/sources/libvirt-6.6.0.tar.xz
gpgv --keyring core-libvirt-trustedkeys.gpg libvirt-6.6.0.tar.xz.asc libvirt-6.6.0.tar.xz.UNTRUSTED 2>/dev/null || \
	{ echo "Wrong signature on libvirt-6.6.0.tar.xz.UNTRUSTED!"; exit 1; }
mv libvirt-6.6.0.tar.xz.UNTRUSTED libvirt-6.6.0.tar.xz
curl --proto '=https' --proto-redir '=https' --tlsv1.2 --http1.1 -sSfL -o libvirt-python-6.6.0.tar.gz.asc https://libvirt.org/sources/python/libvirt-python-6.6.0.tar.gz.asc
curl --proto '=https' --proto-redir '=https' --tlsv1.2 --http1.1 -sSfL -o libvirt-python-6.6.0.tar.gz.UNTRUSTED -- https://libvirt.org/sources/python/libvirt-python-6.6.0.tar.gz
gpgv --keyring core-libvirt-trustedkeys.gpg libvirt-python-6.6.0.tar.gz.asc libvirt-python-6.6.0.tar.gz.UNTRUSTED 2>/dev/null || \
	{ echo "Wrong signature on libvirt-python-6.6.0.tar.gz.UNTRUSTED!"; exit 1; }
mv libvirt-python-6.6.0.tar.gz.UNTRUSTED libvirt-python-6.6.0.tar.gz
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/core-libvirt'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/core-libvirt'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/core-libvirt'
--> Downloading additional sources for python-xcffib...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-xcffib'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-xcffib'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-xcffib'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-xcffib'
--> Downloading additional sources for python-objgraph...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-objgraph'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-objgraph'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-objgraph'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-objgraph'
--> Downloading additional sources for python-u2flib-host...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-u2flib-host'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-u2flib-host'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-u2flib-host'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-u2flib-host'
--> Downloading additional sources for python-qasync...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-qasync'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-qasync'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-qasync'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-qasync'
--> Downloading additional sources for python-panflute...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-panflute'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-panflute'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/python-panflute'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/python-panflute'
--> Downloading additional sources for intel-microcode...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/intel-microcode'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/intel-microcode'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/intel-microcode'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/intel-microcode'
--> Downloading additional sources for linux-firmware...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/linux-firmware'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/linux-firmware'
--> Verifying the sources...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/linux-firmware'
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/linux-firmware'
--> Downloading additional sources for linux-kernel...
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/linux-kernel'
if [ -f /usr/bin/qvm-run-vm ]; \
        then qvm-run-vm --no-gui --dispvm 2>/dev/null xzcat <linux-6.1.26.tar.xz.UNTRUSTED > linux-6.1.26.tar.UNTRUSTED; \
else xzcat <linux-6.1.26.tar.xz.UNTRUSTED > linux-6.1.26.tar.UNTRUSTED; fi
make[1]: *** [Makefile:74: linux-6.1.26.tar.UNTRUSTED] Error 127
rm linux-6.1.26.tar.UNTRUSTED
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/linux-kernel'
make: *** [Makefile:226: linux-kernel.get-sources-extra] Error 2
[user@qubes-builder qubes-builder]$

kenosen · April 30, 2023, 8:47am

I’ve also tried setting qubes-prefs default_dispvm between D11, F37, and whonix-ws-16

disp6252 · April 30, 2023, 9:00am

Try to run with verbose, maybe there would be more info:
make get-sources DEBUG=1 VERBOSE=2

kenosen · April 30, 2023, 9:09am

The latest output and error:

--> Downloading additional sources for linux-kernel...
+ make -C qubes-src/linux-kernel get-sources
make[1]: Entering directory '/home/user/qubes-builder/qubes-src/linux-kernel'
if [ -f /usr/bin/qvm-run-vm ]; \
        then qvm-run-vm --no-gui --dispvm 2>/dev/null xzcat <linux-6.1.26.tar.xz.UNTRUSTED > linux-6.1.26.tar.UNTRUSTED; \
else xzcat <linux-6.1.26.tar.xz.UNTRUSTED > linux-6.1.26.tar.UNTRUSTED; fi
cat kernel.org-1-key.asc kernel.org-2-key.asc | gpg --dearmor >linux-keyring.gpg
gpgv --keyring ./linux-keyring.gpg linux-6.1.26.tar.sign linux-6.1.26.tar.UNTRUSTED || \
  { echo "Wrong signature on linux-6.1.26.tar.UNTRUSTED!"; exit 1; }
gpgv: Signature made Wed Apr 26 08:29:49 2023 EDT
gpgv:                using RSA key 647F28654894E3BD457199BE38DBBDC86092693E
gpgv: Good signature from "Greg Kroah-Hartman (Linux kernel stable release signing key) <greg@kroah.com>"
mv linux-6.1.26.tar.UNTRUSTED linux-6.1.26.tar
if [ -f /usr/bin/qvm-run-vm ]; \
        then qvm-run-vm --no-gui --dispvm 2>/dev/null zcat <macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.gz.UNTRUSTED > macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.UNTRUSTED; \
else zcat <macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.gz.UNTRUSTED > macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.UNTRUSTED; fi
/bin/sh: -c: line 0: syntax error near unexpected token `('
/bin/sh: -c: line 0: `sha256sum --status --strict -c <(printf "1641a09e8ae4fc494b8e44f1bc86d19cefcdc5ad74722ce058148b35a194aeb6  -\n") <macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.UNTRUSTED || \'
make[1]: *** [Makefile:100: macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar] Error 1
rm macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.UNTRUSTED linux-keyring.gpg
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/linux-kernel'
make: *** [Makefile:226: linux-kernel.get-sources-extra] Error 2

disp6252 · April 30, 2023, 9:13am

Try to rename:

Quick update: renaming the files seems to fix the issue:

[user@localhost-live linux-kernel]$ pwd
/home/user/qubes-builder/qubes-src/linux-kernel
[user@localhost-live linux-kernel]$ mv macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.sha256 macbook12-spi-driver.tar.sha256
[user@localhost-live linux-kernel]$ mv macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.gz.UNTRUSTED macbook12-spi-driver.tar.gz.UNTRUSTED

Custom iso building: make fails at step "get-sources" · Issue #7977 · QubesOS/qubes-issues · GitHub

kenosen · April 30, 2023, 9:24am

After renaming, seems the same error persists:

if [ -f /usr/bin/qvm-run-vm ]; \
        then qvm-run-vm --no-gui --dispvm 2>/dev/null zcat <macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.gz.UNTRUSTED > macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.UNTRUSTED; \
else zcat <macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.gz.UNTRUSTED > macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.UNTRUSTED; fi
/bin/sh: -c: line 0: syntax error near unexpected token `('
/bin/sh: -c: line 0: `sha256sum --status --strict -c <(printf "1641a09e8ae4fc494b8e44f1bc86d19cefcdc5ad74722ce058148b35a194aeb6  -\n") <macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.UNTRUSTED || \'
make[1]: *** [Makefile:100: macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar] Error 1
rm macbook12-spi-driver-2905d318d1a3ee1a227052490bf20eddef2592f9.tar.UNTRUSTED linux-keyring.gpg
make[1]: Leaving directory '/home/user/qubes-builder/qubes-src/linux-kernel-latest'
make: *** [Makefile:226: linux-kernel-latest.get-sources-extra] Error 2

Contents of linux-kernel:

[user@qubes-builder qubes-src]$ cd linux-kernel
[user@qubes-builder linux-kernel]$ ls
0001-Re-enable-interrupts-before-loading-PNVM.patch
0001-sound-Disable-SG-buffer.patch
0001-usbip-tweak-clear-halt-with-simple-reset.patch
0002-mce-hide-EBUSY-initialization-error-on-Xen.patch
0003-Log-error-code-of-EVTCHNOP_bind_pirq-failure.patch
0004-pvops-respect-removable-xenstore-flag-for-block-devi.patch
0006-block-add-no_part_scan-module-parameter.patch
0013-xen-pcifront-pciback-Update-pciif.h-with-err-and-res.patch
Makefile
Makefile.builder
README.md
apply-patches
check-for-config-changes
config-base
config-qubes
config-qubes-minimal
dummy-backlight
dummy-psu
gen-config
get-fedora-latest-config
guards
increase-reclaim-speed.patch
kernel-devel.spec
kernel-updater.py
kernel.org-1-key.asc
kernel.org-2-key.asc
kernel.spec.in
linux-6.1.26.tar
linux-6.1.26.tar.sign
linux-6.1.26.tar.xz.UNTRUSTED
linux-utils
macbook12-spi-driver.tar.gz.UNTRUSTED
macbook12-spi-driver.tar.sha256
mod-sign.sh
rel
series.conf
update-sources
v3-0001-efi-memmap-Disregard-bogus-entries-instead-of-ret.patch
v3-0002-efi-xen-Implement-memory-descriptor-lookup-based-.patch
v3-0003-efi-Apply-allowlist-to-EFI-configuration-tables-w.patch
v3-0004-efi-Actually-enable-the-ESRT-under-Xen.patch
v3-0005-efi-Warn-if-trying-to-reserve-memory-under-Xen.patch
v4l2loopback
version

disp6252 · April 30, 2023, 10:18am

According to this commit from 3 weeks ago:
Disable downloading macbook12-spi-driver · QubesOS/qubes-linux-kernel@d46caa9 · GitHub
The macbook12-spi-driver shouldn’t be downloaded or built.
Maybe try to update qubes-builder or qubes-linux-kernel.
Or run make clean-all and start to build from the beginning.

kenosen · April 30, 2023, 10:35am

The linux-kernel .qubesbuilder file has the macbook12-spi-driver commented out, same as the commit. But it still attempts a download. Is there somewhere else from where it’d be pulling the command? I’m going to run get-sources with the -k flag to see how far it goes.

kenosen · April 30, 2023, 10:48am

The process completed with the -k flag, with only the macbook error. Should that have taken care of the entire get-sources process? I still can’t determine why the script would try and pull the macbook driver if it’s not present after the latest commit.

disp6252 · April 30, 2023, 11:03am

There are also references to macbook12-spi-driver here:
qubes-linux-kernel/Makefile at main · QubesOS/qubes-linux-kernel · GitHub
qubes-linux-kernel/kernel.spec.in at main · QubesOS/qubes-linux-kernel · GitHub
But I’m not sure if macbook12-spi-driver is still used or is it unnecessary and @marmarek just forgot to remove it from these files.

kenosen · April 30, 2023, 12:36pm

Tried to rebuild qubes-builder from scratch, now getting a new set of errors along with the old. I’ve commented on the issue here.