Re: Guix bios installation: Grub error: unknown filesystem

[adanskana]

Hi Ludo',

On 5/1/24 10:06 PM, Ludovic Courtès  wrote:

Hi Ada,

Ada Stevenson  skribis:

> Basically, there is a compatibility issue regarding the ext4
> filesystem features that GRUB 2.06 supports and the features that
> `e2fsprogs@1.47.0` enables by default when creating your ext4
> filesystem. When these features are enabled, it changes the structure
> of the filesystem enough that GRUB can't recognise it properly and it
> fails.
>
> To fix this, you will need to make sure you create your ext4
> filesystem with the following features:
> `mkfs.ext4 /dev/you-partition-here -O
> 
has_journal,ext_attr,resize_inode,dir_index,filetype,needs_recovery,extent,flex_bg,sparse_super,large_file,huge_file,uninit_bg,dir_nlink,extra_isize`
>
> These are the features that worked for me. I had to do a lot of trial
> and error, and I used `tune2fs -l` to see what features weren't
> supported. The ones I can remember are the metadata_csum features, and
> some other ones (they showed up as FEATURE_X when running `tune2fs` on
> my Guix installation image, so I used a Gparted Live CD to get rid of
> the features that weren't recognised by tune2fs).
>
> This should allow grub to recognise your filesystem during the
> installation process. I think using a later version of grub would fix
> this, but that hasn't happened yet. I think there's a patch to upgrade
> it in `core-updates` somewhere, but I'm not sure.

Just recently I noticed that our installation tests had starting failing
with that exact same ‘grub-install’ error that was mentioned:

   https://ci.guix.gnu.org/build/3708453/details

Cuirass says the culprit is in the 4003c60..daab3da, which indeed
includes the e2fsprogs update to 1.47.0.

Okay, good to know!


Have you tried upgrading GRUB?  I see ‘guix refresh grub’ finds a new
version.  If fixing the bug is what it takes, we should do that.

I might try doing this. It's a little scary though, updating the bootloader... 
What do you think would be the best way to test it? Should I create a VM and 
test through that? Or is there a way I can invoke the 'installation tests' that 
have been failing locally?


Thanks for the investigation!

No worries! I'm very glad I've been able to help; I'd love for this to be 
resolved :)


Ludo’.

Thanks, 
Ada 

Re: xz backdoor

[adanskana]

Hi all,

On Tue, Apr 2 2024 at 08:23:40 AM +, Attila Lendvai 
 wrote:

 There's actually suspicious code by the xz attacker in one of our
 packages right now:

 

 Please help review that patch!



as for gpaste (one of the dependees of libarchive):

it doesn't build since the recent gnome merge. i've filed a patch for 
the necessary version bump:




which also gets rid of the libarchive dependency.

I mentioned this on the guix XMPP server. Thanks for fixing this!


it would be nice to get this fast tracked. although, judging from the 
(lack of) complaints, i might be the only user of it.


PS: and meanwhile we're packaging an alternative, namely 
gnome-shell-extension-clipboard-indicator, with an enormous security 
flaw: by default it saves the clipboard history in clear text, and 
calls the feature "cache only favorites", so that even if you look 
for it, you still don't realize it:




...and its author actively defends this situation.
I used gpaste up until the merge and went to use the extension. I had 
absolutely no idea this was the state of things; that is very worrying. 
I'm keen to see your patch fasttracked - you're not the only user, haha!


--
• attila lendvai
• PGP: 963F 5D5F 45C7 DFCD 0A39
--
“The noble-minded are calm and steady. Little people are forever 
fussing and fretting.”

— Confucius (551–479 BC), 'Analects of Confucius'


Thanks,
Ada