create-keys fails with "mkdir : no such file or directory"

[su-ex]

I'm trying to get sbctlworking on Debian stable installed through go install github.com/foxboron/sbctl/cmd/sbctl@latest, but I'm already stuck on creating the keys:

# sbctl status     
Installed:  ✓ sbctl is installed
Setup Mode: ✗ Enabled
Secure Boot:    ✗ Disabled
Vendor Keys:    none
# sbctl create-keys                                                                                                                                     
mkdir : no such file or directory

Any clue what's missing? I've already tried mkdir -p /usr/share/secureboot/keys/{PK,KEK,db}.

strace if it's any help

``` # strace sbctl create-keys :( execve("/usr/local/sbin/sbctl", ["sbctl", "create-keys"], 0x7fff3e77efb8 /* 38 vars */) = 0 brk(NULL) = 0x1717000 mmap(NULL, 8192, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2039d0c000 access("/etc/ld.so.preload", R_OK) = -1 ENOENT (No such file or directory) openat(AT_FDCWD, "/etc/ld.so.cache", O_RDONLY|O_CLOEXEC) = 3 newfstatat(3, "", {st_mode=S_IFREG|0644, st_size=26138, ...}, AT_EMPTY_PATH) = 0 mmap(NULL, 26138, PROT_READ, MAP_PRIVATE, 3, 0) = 0x7f2039d05000 close(3) = 0 openat(AT_FDCWD, "/lib/x86_64-linux-gnu/libc.so.6", O_RDONLY|O_CLOEXEC) = 3 read(3, "\177ELF\2\1\1\3\0\0\0\0\0\0\0\0\3\0>\0\1\0\0\0\220s\2\0\0\0\0\0"..., 832) = 832 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 newfstatat(3, "", {st_mode=S_IFREG|0755, st_size=1922136, ...}, AT_EMPTY_PATH) = 0 pread64(3, "\6\0\0\0\4\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0@\0\0\0\0\0\0\0"..., 784, 64) = 784 mmap(NULL, 1970000, PROT_READ, MAP_PRIVATE|MAP_DENYWRITE, 3, 0) = 0x7f2039b24000 mmap(0x7f2039b4a000, 1396736, PROT_READ|PROT_EXEC, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x26000) = 0x7f2039b4a000 mmap(0x7f2039c9f000, 339968, PROT_READ, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x17b000) = 0x7f2039c9f000 mmap(0x7f2039cf2000, 24576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_DENYWRITE, 3, 0x1ce000) = 0x7f2039cf2000 mmap(0x7f2039cf8000, 53072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2039cf8000 close(3) = 0 mmap(NULL, 12288, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2039b21000 arch_prctl(ARCH_SET_FS, 0x7f2039b21740) = 0 set_tid_address(0x7f2039b21a10) = 18115 set_robust_list(0x7f2039b21a20, 24) = 0 rseq(0x7f2039b22060, 0x20, 0, 0x53053053) = 0 mprotect(0x7f2039cf2000, 16384, PROT_READ) = 0 mprotect(0x7f2039d3e000, 8192, PROT_READ) = 0 prlimit64(0, RLIMIT_STACK, NULL, {rlim_cur=8192*1024, rlim_max=RLIM64_INFINITY}) = 0 munmap(0x7f2039d05000, 26138) = 0 getrandom("\x33\x17\x97\xd3\x16\x31\x06\xb1", 8, GRND_NONBLOCK) = 8 brk(NULL) = 0x1717000 brk(0x1738000) = 0x1738000 sched_getaffinity(0, 8192, [0 1]) = 8 openat(AT_FDCWD, "/sys/kernel/mm/transparent_hugepage/hpage_pmd_size", O_RDONLY) = 3 read(3, "2097152\n", 20) = 8 close(3) = 0 mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2039ae1000 mmap(NULL, 131072, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2039ac1000 mmap(NULL, 1048576, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20399c1000 mmap(NULL, 8388608, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20391c1000 mmap(NULL, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20351c1000 mmap(NULL, 536870912, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20151c1000 mmap(NULL, 8388608, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20149c1000 mmap(0xc000000000, 67108864, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0xc000000000 mmap(NULL, 33554432, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20129c1000 mmap(NULL, 2165776, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20127b0000 mmap(0xc000000000, 4194304, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0xc000000000 mmap(0x7f2039ac1000, 131072, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2039ac1000 mmap(0x7f2039a41000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2039a41000 mmap(0x7f20395c7000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f20395c7000 mmap(0x7f20371f1000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f20371f1000 mmap(0x7f2025341000, 4096, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f2025341000 mmap(0x7f20149c1000, 4222976, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_FIXED|MAP_ANONYMOUS, -1, 0) = 0x7f20149c1000 madvise(0x7f2014a00000, 2097152, MADV_HUGEPAGE) = 0 mmap(NULL, 1048576, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20126b0000 mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f20126a0000 mmap(NULL, 65536, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2012690000 rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0 sigaltstack(NULL, {ss_sp=NULL, ss_flags=SS_DISABLE, ss_size=0}) = 0 sigaltstack({ss_sp=0xc000008000, ss_flags=0, ss_size=32768}, NULL) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 gettid() = 18115 rt_sigaction(SIGHUP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGHUP, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGINT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGINT, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGQUIT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGQUIT, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGILL, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGILL, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGTRAP, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTRAP, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGABRT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGABRT, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGBUS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGBUS, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGFPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGFPE, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGUSR1, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGUSR1, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGSEGV, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGSEGV, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGUSR2, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGUSR2, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGPIPE, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGPIPE, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGALRM, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGALRM, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGTERM, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGTERM, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGSTKFLT, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGSTKFLT, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGCHLD, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGCHLD, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGURG, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGURG, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGXCPU, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGXCPU, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGXFSZ, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGXFSZ, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGVTALRM, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGVTALRM, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGPROF, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGPROF, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGWINCH, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGWINCH, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGIO, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGIO, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGPWR, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGPWR, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGSYS, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGSYS, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRTMIN, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_1, NULL, {sa_handler=SIG_IGN, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_2, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_3, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_3, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_4, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_4, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_5, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_5, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_6, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_6, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_7, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_7, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_8, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_8, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_9, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_9, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_10, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_10, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_11, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_11, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_12, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_12, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_13, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_13, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_14, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_14, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_15, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_15, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_16, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_16, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_17, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_17, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_18, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_18, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_19, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_19, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_20, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_20, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_21, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_21, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_22, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_22, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_23, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_23, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_24, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_24, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_25, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_25, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_26, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_26, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_27, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_27, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_28, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_28, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_29, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_29, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_30, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_30, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_31, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_31, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigaction(SIGRT_32, NULL, {sa_handler=SIG_DFL, sa_mask=[], sa_flags=0}, 8) = 0 rt_sigaction(SIGRT_32, {sa_handler=0x468080, sa_mask=~[RTMIN RT_1], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 rt_sigaction(SIGRT_1, {sa_handler=0x7f2039baa5b0, sa_mask=[], sa_flags=SA_RESTORER|SA_ONSTACK|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f2039b5ffd0}, NULL, 8) = 0 rt_sigprocmask(SIG_UNBLOCK, [RTMIN RT_1], NULL, 8) = 0 mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2011e8f000 mprotect(0x7f2011e90000, 8388608, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201268f990, parent_tid=0x7f201268f990, exit_signal=0, stack=0x7f2011e8f000, stack_size=0x7fff80, tls=0x7f201268f6c0} => {parent_tid=[18117]}, 88) = 18117 rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1], NULL, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 --- SIGURG {si_signo=SIGURG, si_code=SI_TKILL, si_pid=18115, si_uid=0} --- rt_sigreturn({mask=[]}) = 824633976832 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201168e000 mprotect(0x7f201168f000, 8388608, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2011e8e990, parent_tid=0x7f2011e8e990, exit_signal=0, stack=0x7f201168e000, stack_size=0x7fff80, tls=0x7f2011e8e6c0} => {parent_tid=[18118]}, 88) = 18118 rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1], NULL, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 futex(0xc00003e948, FUTEX_WAKE_PRIVATE, 1) = 1 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f2010e8d000 mprotect(0x7f2010e8e000, 8388608, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f201168d990, parent_tid=0x7f201168d990, exit_signal=0, stack=0x7f2010e8d000, stack_size=0x7fff80, tls=0x7f201168d6c0} => {parent_tid=[18119]}, 88) = 18119 rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1], NULL, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 mmap(NULL, 262144, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANONYMOUS, -1, 0) = 0x7f2010e4d000 rt_sigprocmask(SIG_SETMASK, ~[RTMIN RT_1], [], 8) = 0 mmap(NULL, 8392704, PROT_NONE, MAP_PRIVATE|MAP_ANONYMOUS|MAP_STACK, -1, 0) = 0x7f201064c000 mprotect(0x7f201064d000, 8388608, PROT_READ|PROT_WRITE) = 0 rt_sigprocmask(SIG_BLOCK, ~[], ~[KILL STOP RTMIN RT_1], 8) = 0 clone3({flags=CLONE_VM|CLONE_FS|CLONE_FILES|CLONE_SIGHAND|CLONE_THREAD|CLONE_SYSVSEM|CLONE_SETTLS|CLONE_PARENT_SETTID|CLONE_CHILD_CLEARTID, child_tid=0x7f2010e4c990, parent_tid=0x7f2010e4c990, exit_signal=0, stack=0x7f201064c000, stack_size=0x7fff80, tls=0x7f2010e4c6c0} => {parent_tid=[18120]}, 88) = 18120 rt_sigprocmask(SIG_SETMASK, ~[KILL STOP RTMIN RT_1], NULL, 8) = 0 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 fcntl(0, F_GETFL) = 0x2 (flags O_RDWR) futex(0xc00003ed48, FUTEX_WAKE_PRIVATE, 1) = 1 fcntl(1, F_GETFL) = 0x2 (flags O_RDWR) fcntl(2, F_GETFL) = 0x2 (flags O_RDWR) getrlimit(RLIMIT_NOFILE, {rlim_cur=1024, rlim_max=1024*1024}) = 0 setrlimit(RLIMIT_NOFILE, {rlim_cur=1024*1024, rlim_max=1024*1024}) = 0 ioctl(1, TCGETS, {c_iflag=ICRNL|IXON|IUTF8, c_oflag=NL0|CR0|TAB0|BS0|VT0|FF0|OPOST|ONLCR, c_cflag=B38400|CS8|CREAD, c_lflag=ISIG|ICANON|ECHO|ECHOE|ECHOK|IEXTEN|ECHOCTL|ECHOKE, ...}) = 0 newfstatat(AT_FDCWD, "/boot/does-not-exist", 0xc000096e08, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/boot/efi/does-not-exist", 0xc000096ed8, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/efi/does-not-exist", 0xc000096fa8, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/root/bin/lsblk", 0xc000097078, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/usr/local/sbin/lsblk", 0xc000097148, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/usr/local/bin/lsblk", 0xc000097218, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/sbin/lsblk", 0xc0000972e8, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "/bin/lsblk", {st_mode=S_IFREG|0755, st_size=207168, ...}, 0) = 0 openat(AT_FDCWD, "/dev/null", O_RDONLY|O_CLOEXEC) = 3 epoll_create1(EPOLL_CLOEXEC) = 4 pipe2([5, 6], O_NONBLOCK|O_CLOEXEC) = 0 epoll_ctl(4, EPOLL_CTL_ADD, 5, {events=EPOLLIN, data={u32=10278040, u64=10278040}}) = 0 epoll_ctl(4, EPOLL_CTL_ADD, 3, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=283467512, u64=139775699148536}}) = -1 EPERM (Operation not permitted) pipe2([7, 8], O_CLOEXEC) = 0 epoll_ctl(4, EPOLL_CTL_ADD, 7, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=283467512, u64=139775699148536}}) = 0 fcntl(7, F_GETFL) = 0 (flags O_RDONLY) fcntl(7, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 epoll_ctl(4, EPOLL_CTL_ADD, 8, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=283467272, u64=139775699148296}}) = 0 fcntl(8, F_GETFL) = 0x1 (flags O_WRONLY) fcntl(8, F_SETFL, O_WRONLY|O_NONBLOCK) = 0 pipe2([9, 10], O_CLOEXEC) = 0 epoll_ctl(4, EPOLL_CTL_ADD, 9, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=283467032, u64=139775699148056}}) = 0 fcntl(9, F_GETFL) = 0 (flags O_RDONLY) fcntl(9, F_SETFL, O_RDONLY|O_NONBLOCK) = 0 epoll_ctl(4, EPOLL_CTL_ADD, 10, {events=EPOLLIN|EPOLLOUT|EPOLLRDHUP|EPOLLET, data={u32=283466792, u64=139775699147816}}) = 0 fcntl(10, F_GETFL) = 0x1 (flags O_WRONLY) fcntl(10, F_SETFL, O_WRONLY|O_NONBLOCK) = 0 fcntl(8, F_GETFL) = 0x801 (flags O_WRONLY|O_NONBLOCK) fcntl(8, F_SETFL, O_WRONLY) = 0 fcntl(10, F_GETFL) = 0x801 (flags O_WRONLY|O_NONBLOCK) fcntl(10, F_SETFL, O_WRONLY) = 0 pipe2([11, 12], O_CLOEXEC) = 0 getpid() = 18115 rt_sigprocmask(SIG_SETMASK, NULL, [], 8) = 0 rt_sigprocmask(SIG_SETMASK, ~[], NULL, 8) = 0 clone(child_stack=NULL, flags=CLONE_VM|CLONE_VFORK|SIGCHLD) = 18121 rt_sigprocmask(SIG_SETMASK, [], NULL, 8) = 0 close(12) = 0 read(11, "", 8) = 0 close(11) = 0 close(3) = 0 epoll_ctl(4, EPOLL_CTL_DEL, 8, 0xc0000dd8dc) = 0 close(8) = 0 epoll_ctl(4, EPOLL_CTL_DEL, 10, 0xc0000dd8dc) = 0 close(10) = 0 futex(0xc00003ed48, FUTEX_WAKE_PRIVATE, 1) = 1 waitid(P_PID, 18121, {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18121, si_uid=0, si_status=0, si_utime=0, si_stime=0}, WEXITED|WNOWAIT, NULL) = 0 --- SIGCHLD {si_signo=SIGCHLD, si_code=CLD_EXITED, si_pid=18121, si_uid=0, si_status=0, si_utime=0, si_stime=0} --- rt_sigreturn({mask=[]}) = 0 wait4(18121, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, {ru_utime={tv_sec=0, tv_usec=6002}, ru_stime={tv_sec=0, tv_usec=0}, ...}) = 18121 newfstatat(AT_FDCWD, "", 0xc000126378, 0) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "", 0xc000126448, 0) = -1 ENOENT (No such file or directory) mkdirat(AT_FDCWD, "", 0777) = -1 ENOENT (No such file or directory) newfstatat(AT_FDCWD, "", 0xc000126518, AT_SYMLINK_NOFOLLOW) = -1 ENOENT (No such file or directory) write(2, "\33[31;1mmkdir : no such file or d"..., 45mkdir : no such file or directory ) = 45 exit_group(1) = ? +++ exited with 1 +++ ```

[Foxboron]

Ugh, it's probably caused by this issue: https://github.com/Foxboron/sbctl/pull/267

I'll merge it and do a new release today.

[FL140]

I ran into the same issue when checking out master two days ago. Switching to tag 0.12 solved the issue. After investigating the code a bit it looks like the problem has been introduced by one of the commits implementing a custom database path.

Two additional issues came to surface looking into this.

1. It looks like the custom path is only implemented for create-keys but not for other commands also using the database. (see: https://github.com/search?q=repo%3AFoxboron%2Fsbctl%20sbctl.KeysPath&type=code)

2. When the database directory exists without the database itself (e.g. because it was created manually prior reverting to 0.12) I got the message that the keys already exist, which they didn't. So the check for existing keys really need to verify that the keys exist and not any directory. This could be resolved by removing /usr/share/secureboot and run create-keys again.

[Foxboron]

It looks like the custom path is only implemented for create-keys but not for other commands also using the database.

Somewhat intended. I need to do the plumbing work in the backend so everything is easier testable for me.

When the database directory exists without the database itself (e.g. because it was created manually prior reverting to 0.12) I got the message that the keys already exist, which they didn't. So the check for existing keys really need to verify that the keys exist and not any directory. This could be resolved by removing /usr/share/secureboot and run create-keys again.

I'm not super happy with the handling here so I'll probably revisit this at some point.

[Foxboron]

@su-ex I've merged the patch. Please verify if it works for you :)

[su-ex]

Yes, great, it's working now, thanks! 👍🎉🚀

[FL140]

It looks like the custom path is only implemented for create-keys but not for other commands also using the database.

Somewhat intended. I need to do the plumbing work in the backend so everything is easier testable for me.

When the database directory exists without the database itself (e.g. because it was created manually prior reverting to 0.12) I got the message that the keys already exist, which they didn't. So the check for existing keys really need to verify that the keys exist and not any directory. This could be resolved by removing /usr/share/secureboot and run create-keys again.

I'm not super happy with the handling here so I'll probably revisit this at some point.

IIRC I read somewhere here that a config file placed in /etc is planned. I think the best solution would be to keep those paths there. The entries could e.g. be generated during create-keys or if they already exist in the config file, be taken from there. This would be a clean solution and no need to add custom path flags to other commands.

This would also solve the issue that the database is currently in a directory below /usr which is not a good place IMHO for that kind of data (but this also has already been discussed here IIRC).

[Foxboron]

IIRC I read somewhere here that a config file placed in /etc is planned. I think the best solution would be to keep those paths there. The entries could e.g. be generated during create-keys or if they already exist in the config file, be taken from there. This would be a clean solution and no need to add custom path flags to other commands.

My plan is to make sbctl create-keys and sbctl enroll-keys into plumbing commands and introduce a sbctl setup command that would either take a config file or instruct users on how to set everything up.

It could also infer the current boot structure from the Bootloader Specification and make the entire experience a bit more pleasant.