Closed ros-mac closed 1 month ago
I am not really well-versed in Qubes or Umbrel's update mechanism... Do you have a separate partition for /data?
Yes data is in a separate partition. I've got around the Qubes issues, I just cannot get around the lack of the mender update mechanism that isn't being installed by the script currently. Also, the script breaks for the newer Umbrel1.2.1 if you change the version number before running it.
Can you give me the log of the script running with the changed version? I looked through Umbrel's update diff, they haven't changed the install process on desktop.
I'll have to run a whole install in 1-2 hours as I have to run here now unfortunately. What's the best way to output the log? It died straight away on Step 6 --> packages/ui
Regarding 1.1.2: If you install the current script do you see that the GUI 1.2.1 Update looks for mender locally and fails?
I cannot test the script myself right now. I'll do it in about 12 hours. Right now I will try to find what can be causing the issue for the information you've given.
What's the best way to output the log?
It just prints it to the terminal
Log attached. The old script version installs fine, but as I said mender and related updating files are missing.
install.sh had one space too many in "/data" folder check and fails the check.
STEP 6/8: Installing umbreld /tmp/umbrel/packages/umbreld ~ error: patch failed: packages/umbreld/source/modules/provision/provision.ts:77 error: packages/umbreld/source/modules/provision/provision.ts: patch does not apply
I got it. The different commit hash tripped git apply
. I updated the script to use patch
instead. Try it now
Great, thank you, did you happen to see anything referring to installing the 'mender' client and associated configuration? -------- Original Message --------On 19/07/2024 21:18, highghlow wrote: I got it. The different commit hash tripped git apply. I updated the script to use patch instead. Try it now
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.> [ { @.": "http://schema.org", @.": "EmailMessage", "potentialAction": { @.": "ViewAction", "target": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2240049468", "url": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2240049468", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { @.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]
I honestly don't know what the problem is. The official installer just copies a tarball onto the disk, which is made by archiving a docker container's filesystem. I thought I perfectly recreated the Dockerfile in the script, but apparently not.
Much appreciated, took me a while to get around the issues of installing on Qubes again. I wonder if the Umbrel developers would give you the heads-up on how the mender install works. Without that one has to reinstall and import every release unfortunately.
Without that one has to reinstall and import every release unfortunately.
I think that since /data is separate, you would only have to run the script again
It fails without a fresh OS (or qube in my case) because it detects that docker/containers already exist etc. -------- Original Message --------On 21/07/2024 07:05, highghlow wrote:
Without that one has to reinstall and import every release unfortunately.
I think that since /data is separate, you would only have to run the script again
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.> [ { @.": "http://schema.org", @.": "EmailMessage", "potentialAction": { @.": "ViewAction", "target": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2241490064", "url": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2241490064", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { @.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]
mender.cfg in the GitHub files mentions that it is broken on bookworm and therefore it should/must be installed via apt later in the setup. The configuration I've yet to figure. -------- Original Message --------On 21/07/2024 09:33, Ros MacDaibhis wrote: It fails without a fresh OS (or qube in my case) because it detects that docker/containers already exist etc. -------- Original Message --------On 21/07/2024 07:05, highghlow wrote:
Without that one has to reinstall and import every release unfortunately.
I think that since /data is separate, you would only have to run the script again
—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.> [ { @.": "http://schema.org", @.": "EmailMessage", "potentialAction": { @.": "ViewAction", "target": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2241490064", "url": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2241490064", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { @.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]
After searching/following all the Umbrel Github files for mender I installed mender via apt and made a device_type file in /var/lib/mender, but it fails on config file. At this point it dawned on me that it will never work with my setup because it is trying to install a root image to a root partition.
$ sudo mender install https://download.umbrel.com/release/1.2.2-beta.1/umbrelos-amd64.update
INFO[0000] 'UpdateControlMapExpirationTimeSeconds' is not set in the Mender configuration file. Falling back to the default of 2*UpdatePollIntervalSeconds
INFO[0000] 'UpdateControlMapBootExpirationTimeSeconds' is not set in the Mender configuration file. Falling back to the default of 600 seconds
INFO[0000] No configuration files present. Using defaults
WARN[0000] No server URL(s) specified in mender configuration.
WARN[0000] Server entry 1 has no associated server URL.
INFO[0000] No dual rootfs configuration present
INFO[0000] Performing remote update from: [https://download.umbrel.com/release/1.2.2-beta.1/umbrelos-amd64.update].
Installing Artifact of size 1385518592...
INFO[0002] No public key was provided for authenticating the artifact
ERRO[0002] Reading headers failed: installer: failed to read Artifact: readHeaderV3: handleHeaderReads: Artifact Payload type 'rootfs-image' is not supported by this Mender Client. Ensure that the Mender Client is fully integrated and that the RootfsPartA/B configuration variables are set correctly in 'mender.conf'
ERRO[0002] installer: failed to read Artifact: readHeaderV3: handleHeaderReads: Artifact Payload type 'rootfs-image' is not supported by this Mender Client. Ensure that the Mender Client is fully integrated and that the RootfsPartA/B configuration variables are set correctly in 'mender.conf'
In the Orginal UmbrelOS.....There is Mender GRUB setup in /ESP/EFI/BOOT/
There is also 2 folders with settings for mender /ESP/grub-mender-grubenv/
with lock files and lock.sha256sum
It is updated directly through the boot.
# Start of ---------- 00_mender_grubenv_defines_grub.cfg ----------
mender_rootfsa_part=2
mender_rootfsb_part=3
mender_grub_storage_device=hd0
kernel_imagetype=kernel
initrd_imagetype=initrd
mender_rootfsa_uuid=2fe5a278-9b55-4266-8220-6665aa96940b
mender_rootfsb_uuid=f5e6d27c-4a25-447b-8e08-a9d2e738345a
# End of ---------- 00_mender_grubenv_defines_grub.cfg ----------
# Start of ---------- 01_mender_console_bootargs_grub.cfg ----------
set console_bootargs="console=tty0,115200n8 console=ttyS0,115200n8 console=ttyO0,115200n8 console=ttyAMA0,115200n8"
# End of ---------- 01_mender_console_bootargs_grub.cfg ----------
# Start of ---------- 02_mender_root_bootargs_grub.cfg ----------
set rootargs="rootwait"
# End of ---------- 02_mender_root_bootargs_grub.cfg ----------
# Start of ---------- 04_mender_setup_env_functions_grub.cfg ----------
# See the grub-mender-grubenv-print script for how this works.
# In this file we are skipping signature checking in most places. This is
# because Mender's environment is by nature dynamic, and cannot have a static
# signature. Instead, we make sure the content is valid.
# Free form variables can not be supported when signatures are
# enforced. "mender_systemd_machine_id" is such a variable, so it is not
# supported when signatures are on.
# Note that Secure Boot and GRUB signatures are two different things, and here
# we are talking about the latter.
function mender_setup_env_location {
MENDER_ENV1=(${root})/grub-mender-grubenv/mender_grubenv1/env
MENDER_LOCK1=(${root})/grub-mender-grubenv/mender_grubenv1/lock
MENDER_ENV2=(${root})/grub-mender-grubenv/mender_grubenv2/env
MENDER_LOCK2=(${root})/grub-mender-grubenv/mender_grubenv2/lock
if [ ! -f ${MENDER_ENV1} -o ! -f ${MENDER_LOCK1} -o ! -f ${MENDER_ENV2} -o ! -f ${MENDER_LOCK2} ]; then
if [ "${check_signatures}" = "enforce" ]; then
echo "Signatures are enabled and the environment could not be found. Rebooting in 10 seconds..."
sleep 10
reboot
else
echo "The environment was not found. Tried to access ${MENDER_ENV1}. Continuing in 10 seconds..."
sleep 10
# Fallthrough and continue. Will most likely hit the "Environment is
# corrupt" section below.
fi
fi
}
function mender_check_and_restore_env {
mender_setup_env_location
editing=invalid
load_env --skip-sig --file ${MENDER_LOCK2} editing
if [ "${editing}" != 0 ]; then
# See comment about "free form" variables near the top.
if [ "$check_signatures" = "enforce" ]; then
load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
else
load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
fi
editing=0
save_env --file ${MENDER_LOCK2} editing
else
editing=invalid
load_env --skip-sig --file ${MENDER_LOCK1} editing
if [ "${editing}" != 0 ]; then
# See comment about "free form" variables near the top.
if [ "$check_signatures" = "enforce" ]; then
load_env --skip-sig --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
else
load_env --skip-sig --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
fi
editing=0
save_env --file ${MENDER_LOCK1} editing
fi
fi
}
function mender_save_env {
# Save redundant environment.
mender_setup_env_location
editing=1
save_env --file ${MENDER_LOCK2} editing
# See comment about "free form" variables near the top.
if [ "$check_signatures" = "enforce" ]; then
save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
else
save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
fi
editing=0
save_env --file ${MENDER_LOCK2} editing
editing=1
save_env --file ${MENDER_LOCK1} editing
# See comment about "free form" variables near the top.
if [ "$check_signatures" = "enforce" ]; then
save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
else
save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
fi
editing=0
save_env --file ${MENDER_LOCK1} editing
}
function mender_check_grubenv_valid {
if [ "${mender_boot_part}" != "${mender_rootfsa_part}" -a "${mender_boot_part}" != "${mender_rootfsb_part}" ]; then
return 1
fi
if [ "${bootcount}" != "0" -a "${bootcount}" != "1" ]; then
return 1
fi
if [ "${upgrade_available}" != "0" -a "${upgrade_available}" != "1" ]; then
return 1
fi
return 0
}
function mender_load_env {
mender_setup_env_location
# See comment about "free form" variables near the top.
if [ "$check_signatures" = "enforce" ]; then
load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
else
load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
export mender_systemd_machine_id
fi
export bootcount
export mender_boot_part
export upgrade_available
if ! mender_check_grubenv_valid; then
if [ "${check_signatures}" = "enforce" ]; then
echo "Signatures are enabled and the environment is unverified. Rebooting in 10 seconds..."
sleep 10
reboot
else
if [ "${mender_boot_part}" != "${mender_rootfsb_part}" ]; then
mender_boot_part="${mender_rootfsa_part}"
fi
echo "The environment is corrupt. Trying to boot from ${mender_kernel_root_base}${mender_boot_part} in 10 seconds, but this is not guaranteed to be a valid partition..."
sleep 10
# Fallthrough and continue.
fi
fi
}
function mender_load_env_with_rollback {
mender_load_env
if [ "${upgrade_available}" = "1" ]; then
if [ "${bootcount}" != "0" ]; then
echo "Rolling back..."
if [ "${mender_boot_part}" = "${mender_rootfsa_part}" ]; then
mender_boot_part="${mender_rootfsb_part}"
else
mender_boot_part="${mender_rootfsa_part}"
fi
upgrade_available=0
bootcount=0
else
echo "Booting new update..."
bootcount=1
fi
mender_save_env
fi
}
# End of ---------- 04_mender_setup_env_functions_grub.cfg ----------
# Start of ---------- 05_mender_setup_env_grub.cfg ----------
mender_check_and_restore_env
mender_load_env_with_rollback
regexp (.*),(.*) $root -s mender_grub_storage_device
# End of ---------- 05_mender_setup_env_grub.cfg ----------
# Start of ---------- 05_mender_setup_grub.cfg ----------
function maybe_pause {
# By default we do nothing. debug-pause PACKAGECONFIG replaces this so we
# can pause at strategic places.
echo
}
drop_to_grub_prompt="no"
function maybe_drop_to_grub_prompt {
# By default we do nothing. force-grub-prompt PACKAGECONFIG replaces this so we
# can bypass boot and stop at the grub prompt.
echo
}
# End of ---------- 05_mender_setup_grub.cfg ----------
# Start of ---------- 06_mender_systemd_machine_id_grub.cfg ----------
if test -n "${mender_systemd_machine_id}"; then
systemd_bootargs="systemd.machine_id=${mender_systemd_machine_id}"
fi
# End of ---------- 06_mender_systemd_machine_id_grub.cfg ----------
# Start of ---------- 10_mender_bootargs_grub.cfg ----------
set bootargs="${bootargs} ${console_bootargs} ${rootargs} ${systemd_bootargs}"
# End of ---------- 10_mender_bootargs_grub.cfg ----------
# Start of ---------- 11_bootargs_grub.cfg ----------
set bootargs="loglevel=3 mitigations=off rootfstype=ext4"
# End of ---------- 11_bootargs_grub.cfg ----------
# Start of ---------- 80_mender_choose_partitions_grub.cfg ----------
# Historical note: The "mender_boot_part" variable means "partition to use as
# root filesystem while booting", not "the boot partition". So it would be
# better if it was named "mender_rootfs_part", but we can't rename it for
# compatibility reasons. The rest of the variable names follow the latter
# logic.
if [ "${mender_boot_part}" = "${mender_rootfsa_part}" -a test -n "${mender_kernela_part}" ]; then
mender_ptable_part=${mender_kernela_part}
mender_kernel_path=""
elif [ "${mender_boot_part}" = "${mender_rootfsb_part}" -a test -n "${mender_kernelb_part}" ]; then
mender_ptable_part=${mender_kernelb_part}
mender_kernel_path=""
else
mender_ptable_part=${mender_boot_part}
mender_kernel_path="/boot"
fi
if test -e (${mender_grub_storage_device},gpt${mender_ptable_part})/; then
root="${mender_grub_storage_device},gpt${mender_ptable_part}"
else
root="${mender_grub_storage_device},msdos${mender_ptable_part}"
fi
if test -n "${mender_rootfsa_uuid}" -a test -n "${mender_rootfsb_uuid}"; then
if [ "${mender_boot_part}" = "${mender_rootfsa_part}" ]; then
mender_kernel_root="PARTUUID=${mender_rootfsa_uuid}"
elif [ "${mender_boot_part}" = "${mender_rootfsb_part}" ]; then
mender_kernel_root="PARTUUID=${mender_rootfsb_uuid}"
fi
else
mender_kernel_root="${mender_kernel_root_base}${mender_boot_part}"
fi
# End of ---------- 80_mender_choose_partitions_grub.cfg ----------
# Start of ---------- 90_mender_boot_grub.cfg ----------
maybe_drop_to_grub_prompt
if [ "${drop_to_grub_prompt}" = "no" ]; then
if linux "${mender_kernel_path}/${kernel_imagetype}" root="${mender_kernel_root}" ${bootargs}; then
if test -n "${initrd_imagetype}" -a test -e "${mender_kernel_path}/${initrd_imagetype}"; then
initrd "${mender_kernel_path}/${initrd_imagetype}"
fi
maybe_pause "Pausing before booting."
boot
fi
maybe_pause "Pausing after failed boot."
fi
# End of ---------- 90_mender_boot_grub.cfg ----------
# Start of ---------- 95_mender_try_to_recover_grub.cfg ----------
if [ "${drop_to_grub_prompt}" != "yes" ]; then
if [ "${upgrade_available}" = "1" ]; then
reboot
fi
fi
# End of ---------- 95_mender_try_to_recover_grub.cfg ----------
# Start of ---------- 99_mender_end_of_grub.cfg ----------
if [ "${drop_to_grub_prompt}" = "yes" ]; then
echo "Dropping to grub prompt intentionally."
sleep --interruptible 10 --verbose
else
echo "Dropping to grub prompt for unknown reason. Should never get here."
sleep --interruptible 10 --verbose
fi
menuentry 'Dummy Entry for Debug.' 'Wait' {
echo Menu Entry for debug/command prompt access
}
# End of ---------- 99_mender_end_of_grub.cfg ----------
You can migrate the Mender configuration to a standard GRUB setup, but it requires manual adjustments to integrate Mender-specific logic into the standard GRUB configuration files. And it's a pain in the ass.
In the Orginal UmbrelOS.....There is Mender GRUB setup in /ESP/EFI/BOOT/
Oooh, so that's why... Well, no updates here I guess
I successfully installed Umbrel 1.1.2 on a Qubes install in a Standalone AppVM.
Unfortunately, the Umbrel update mechanism using mender is not installed or working properly.
I tried to modify your script to install 1.2.1 to no avail. There is no other way to install in a regular Qubes AppVM.
Any chance you could adjust the script to include a working update mechanism on 1.1.2 if not to install 1.2.1!?