Install from USB: bad partition table

[gsanchietti]

Description

The partition table generated from a USB pen written by Windows is incorrect. This issue arises specifically when creating the USB pen for NethSecurity 8. Upon inspection, it was found that when the USB pen is created on Windows, three partitions with IDs 128/1/2 are reported, whereas on Linux with dd, this process occurs correctly. However, on Windows, whether using tools like Balena, Win32, or Rufus, the partitions are initially written correctly, but upon completion of the writing process, when Windows mounts the pen, it performs a check and changes the ID 128 to 3 because it doesn't like the sequence. Consequently, when performing an ns-install, the firewall is created with IDs 3-1-2. This causes issues when enabling logging, as the ID 3 is already occupied, disrupting the functionality.

Steps to reproduce

1. Create a USB pen for NethSecurity 8 on Windows using tools like Balena, Win32, or Rufus.
2. Observe the partition table generated on the USB pen.

Expected behavior

The partition table should be correctly generated without any alterations to the partition IDs.

Actual behavior

After creating the USB pen on Windows, the partition table displays IDs 128/1/2, but upon mounting on Windows, the ID 128 is changed to 3, causing issues during the installation process.

If ns-install is used on a legacy-BIOS machine, the only effect of the bug is a wrong partition numbering that leads to a bug on the extra storage management: the free disk partition cannot be used for extra storage due to the incorrect partition table.

If ns-install is used on UEFI machine, the installation fails with the error:

/usr/sbin/ns-install: line 36: -1: substring expression < 0

This is because the /boot partition is not mounted.

Additional Information

Bad partition table:

Number  Start   End     Size    File system  Name  Flags
        17.4kB  262kB   245kB   Free Space
 1      262kB   17.0MB  16.8MB  fat16              legacy_boot
 2      17.0MB  332MB   315MB
        332MB   64.0GB  63.7GB  Free Space

Components

NethSecurity version: 8-23.05.3-ns.0.0.3-rc1-80-g615c01e

---

Thanks to lucad and @NethNick for reporting.

[github-actions[bot]]

Testing image version: 8-23.05.3-ns.0.0.5-rc2-34-g6f7e5e9

[filippocarletti]

I'd prefer to use non-EFI images, the partition table has only two partitions and the filesystems are unreadable by Windows.

[gsanchietti]

Changing the name of the image may have a big impact on the following:

• build system
• CI: publication to the repository of created images
• doc: automatic generation of download links
• NS7 migration: https://github.com/NethServer/nethserver-firewall-migration/blob/45953c96ef3fc9f6513ae664bcfc80ce73ac7bd0/root/usr/sbin/firewall-migrate#L54
• Upgrade: https://github.com/NethServer/nethsecurity/blob/main/files/usr/bin/ns-download#L62
• Storage: https://github.com/NethServer/nethsecurity/blob/main/packages/ns-storage/files/ns-storage-has-free-space#L18

Let's discuss it further before taking a decision.

[gsanchietti]

After some more tests we found that:

• Win32 Disk imager does a good job and do not rewrite the partition table
• BalenaEtcher and Raw Write32 change the partition table just after the USB device has been written
• DD for windows is very hard to use

My proposal is:

• add a check to ns-install to avoid the installation of a corrupted image (just merge only first commit of PR #519)
• change the documentation and leave only Win32 Disk imager as tool for writing the USB stick
• add a note to the documentation to pay attention when writing the image from Windows by mentioning Etcher as a bad tool for this job

Eventually, we can force the restore a good partition table (see description of PR #519) but I would like to avoid it because this solution can hide some drawbacks.

[gsanchietti]

After more tests, it seems that all Windows software is going to change the partition table after writing the image.

So this is a another proposal:

• change the documentation and remove the dd tool
• add a note to the documentation to pay attention when writing the image from Windows by mentioning that the partition layout can be changed
• improve ns-install by changing the written partition order using gsdisk (see #519)
• fix ns-install to correctly write image when booting on EFI machines

[gsanchietti]

See also https://github.com/NethServer/nethsecurity/issues/529

[gsanchietti]

Proposed patch fixes the reported issue but an EFI image written from Windows does not boot on a logacy-BIOS machine.

Final proposal:

• merge PR #519 with fixes
• document to not use Windows for writing the image or publish also the non-EFI image but keep the EFI image as default (this would still have a big impact on the CI and also on the documentation)

[github-actions[bot]]

Testing image version: 8-23.05.3-ns.0.0.5-rc2-72-gfeab71a

[cotosso]

It works as expected: USB key written with a linux system holds the right partition table also after having been connected to a Windows system. USB key must not be written with a Windows system to avoid problems with partitions. Thanks to lucad