search

highghlow / umbrel-install-script

10 stars 0 forks source link

update fails - mender #4

Closed ros-mac closed 1 month ago

ros-mac commented 1 month ago

I successfully installed Umbrel 1.1.2 on a Qubes install in a Standalone AppVM.

Unfortunately, the Umbrel update mechanism using mender is not installed or working properly.

I tried to modify your script to install 1.2.1 to no avail. There is no other way to install in a regular Qubes AppVM.

Any chance you could adjust the script to include a working update mechanism on 1.1.2 if not to install 1.2.1!?

highghlow commented 1 month ago

I am not really well-versed in Qubes or Umbrel's update mechanism... Do you have a separate partition for /data?

ros-mac commented 1 month ago

Yes data is in a separate partition. I've got around the Qubes issues, I just cannot get around the lack of the mender update mechanism that isn't being installed by the script currently. Also, the script breaks for the newer Umbrel1.2.1 if you change the version number before running it.

highghlow commented 1 month ago

Can you give me the log of the script running with the changed version? I looked through Umbrel's update diff, they haven't changed the install process on desktop.

ros-mac commented 1 month ago

I'll have to run a whole install in 1-2 hours as I have to run here now unfortunately. What's the best way to output the log? It died straight away on Step 6 --> packages/ui

Regarding 1.1.2: If you install the current script do you see that the GUI 1.2.1 Update looks for mender locally and fails?

highghlow commented 1 month ago

I cannot test the script myself right now. I'll do it in about 12 hours. Right now I will try to find what can be causing the issue for the information you've given.

What's the best way to output the log?

It just prints it to the terminal

ros-mac commented 1 month ago

Log attached. The old script version installs fine, but as I said mender and related updating files are missing.

install.sh had one space too many in "/data" folder check and fails the check.

log.log

STEP 6/8: Installing umbreld /tmp/umbrel/packages/umbreld ~ error: patch failed: packages/umbreld/source/modules/provision/provision.ts:77 error: packages/umbreld/source/modules/provision/provision.ts: patch does not apply

highghlow commented 1 month ago

I got it. The different commit hash tripped git apply. I updated the script to use patch instead. Try it now

ros-mac commented 1 month ago

Great, thank you, did you happen to see anything referring to installing the 'mender' client and associated configuration? -------- Original Message --------On 19/07/2024 21:18, highghlow wrote: I got it. The different commit hash tripped git apply. I updated the script to use patch instead. Try it now

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.> [ { @.": "http://schema.org", @.": "EmailMessage", "potentialAction": { @.": "ViewAction", "target": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2240049468", "url": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2240049468", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { @.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

highghlow commented 1 month ago

I honestly don't know what the problem is. The official installer just copies a tarball onto the disk, which is made by archiving a docker container's filesystem. I thought I perfectly recreated the Dockerfile in the script, but apparently not.

ros-mac commented 1 month ago

Much appreciated, took me a while to get around the issues of installing on Qubes again. I wonder if the Umbrel developers would give you the heads-up on how the mender install works. Without that one has to reinstall and import every release unfortunately.

highghlow commented 1 month ago

Without that one has to reinstall and import every release unfortunately.

I think that since /data is separate, you would only have to run the script again

ros-mac commented 1 month ago

It fails without a fresh OS (or qube in my case) because it detects that docker/containers already exist etc. -------- Original Message --------On 21/07/2024 07:05, highghlow wrote:

Without that one has to reinstall and import every release unfortunately.

I think that since /data is separate, you would only have to run the script again

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.> [ { @.": "http://schema.org", @.": "EmailMessage", "potentialAction": { @.": "ViewAction", "target": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2241490064", "url": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2241490064", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { @.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

ros-mac commented 1 month ago

mender.cfg in the GitHub files mentions that it is broken on bookworm and therefore it should/must be installed via apt later in the setup. The configuration I've yet to figure. -------- Original Message --------On 21/07/2024 09:33, Ros MacDaibhis wrote: It fails without a fresh OS (or qube in my case) because it detects that docker/containers already exist etc. -------- Original Message --------On 21/07/2024 07:05, highghlow wrote:

Without that one has to reinstall and import every release unfortunately.

I think that since /data is separate, you would only have to run the script again

—Reply to this email directly, view it on GitHub, or unsubscribe.You are receiving this because you authored the thread.Message ID: @.> [ { @.": "http://schema.org", @.": "EmailMessage", "potentialAction": { @.": "ViewAction", "target": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2241490064", "url": "https://github.com/highghlow/umbrel-install-script/issues/4#issuecomment-2241490064", "name": "View Issue" }, "description": "View this Issue on GitHub", "publisher": { @.***": "Organization", "name": "GitHub", "url": "https://github.com" } } ]

ros-mac commented 1 month ago

After searching/following all the Umbrel Github files for mender I installed mender via apt and made a device_type file in /var/lib/mender, but it fails on config file. At this point it dawned on me that it will never work with my setup because it is trying to install a root image to a root partition.

$ sudo mender install https://download.umbrel.com/release/1.2.2-beta.1/umbrelos-amd64.update INFO[0000] 'UpdateControlMapExpirationTimeSeconds' is not set in the Mender configuration file. Falling back to the default of 2*UpdatePollIntervalSeconds INFO[0000] 'UpdateControlMapBootExpirationTimeSeconds' is not set in the Mender configuration file. Falling back to the default of 600 seconds INFO[0000] No configuration files present. Using defaults WARN[0000] No server URL(s) specified in mender configuration. WARN[0000] Server entry 1 has no associated server URL. INFO[0000] No dual rootfs configuration present
INFO[0000] Performing remote update from: [https://download.umbrel.com/release/1.2.2-beta.1/umbrelos-amd64.update]. Installing Artifact of size 1385518592... INFO[0002] No public key was provided for authenticating the artifact ERRO[0002] Reading headers failed: installer: failed to read Artifact: readHeaderV3: handleHeaderReads: Artifact Payload type 'rootfs-image' is not supported by this Mender Client. Ensure that the Mender Client is fully integrated and that the RootfsPartA/B configuration variables are set correctly in 'mender.conf' ERRO[0002] installer: failed to read Artifact: readHeaderV3: handleHeaderReads: Artifact Payload type 'rootfs-image' is not supported by this Mender Client. Ensure that the Mender Client is fully integrated and that the RootfsPartA/B configuration variables are set correctly in 'mender.conf'

mikorist commented 1 month ago

In the Orginal UmbrelOS.....There is Mender GRUB setup in /ESP/EFI/BOOT/

There is also 2 folders with settings for mender /ESP/grub-mender-grubenv/

with lock files and lock.sha256sum

It is updated directly through the boot.

# Start of ---------- 00_mender_grubenv_defines_grub.cfg ----------
mender_rootfsa_part=2
mender_rootfsb_part=3
mender_grub_storage_device=hd0
kernel_imagetype=kernel
initrd_imagetype=initrd
mender_rootfsa_uuid=2fe5a278-9b55-4266-8220-6665aa96940b
mender_rootfsb_uuid=f5e6d27c-4a25-447b-8e08-a9d2e738345a
# End of ---------- 00_mender_grubenv_defines_grub.cfg ----------
# Start of ---------- 01_mender_console_bootargs_grub.cfg ----------
set console_bootargs="console=tty0,115200n8 console=ttyS0,115200n8 console=ttyO0,115200n8 console=ttyAMA0,115200n8"
# End of ---------- 01_mender_console_bootargs_grub.cfg ----------
# Start of ---------- 02_mender_root_bootargs_grub.cfg ----------
set rootargs="rootwait"
# End of ---------- 02_mender_root_bootargs_grub.cfg ----------
# Start of ---------- 04_mender_setup_env_functions_grub.cfg ----------
# See the grub-mender-grubenv-print script for how this works.

# In this file we are skipping signature checking in most places. This is
# because Mender's environment is by nature dynamic, and cannot have a static
# signature. Instead, we make sure the content is valid.

# Free form variables can not be supported when signatures are
# enforced. "mender_systemd_machine_id" is such a variable, so it is not
# supported when signatures are on.

# Note that Secure Boot and GRUB signatures are two different things, and here
# we are talking about the latter.

function mender_setup_env_location {
    MENDER_ENV1=(${root})/grub-mender-grubenv/mender_grubenv1/env
    MENDER_LOCK1=(${root})/grub-mender-grubenv/mender_grubenv1/lock
    MENDER_ENV2=(${root})/grub-mender-grubenv/mender_grubenv2/env
    MENDER_LOCK2=(${root})/grub-mender-grubenv/mender_grubenv2/lock

    if [ ! -f ${MENDER_ENV1} -o ! -f ${MENDER_LOCK1} -o ! -f ${MENDER_ENV2} -o ! -f ${MENDER_LOCK2} ]; then
        if [ "${check_signatures}" = "enforce" ]; then
            echo "Signatures are enabled and the environment could not be found. Rebooting in 10 seconds..."
            sleep 10
            reboot
        else
            echo "The environment was not found. Tried to access ${MENDER_ENV1}. Continuing in 10 seconds..."
            sleep 10
            # Fallthrough and continue. Will most likely hit the "Environment is
            # corrupt" section below.
        fi
    fi
}

function mender_check_and_restore_env {
    mender_setup_env_location
    editing=invalid
    load_env --skip-sig --file ${MENDER_LOCK2} editing
    if [ "${editing}" != 0 ]; then
        # See comment about "free form" variables near the top.
        if [ "$check_signatures" = "enforce" ]; then
            load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
            save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
        else
            load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
            save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
        fi
        editing=0
        save_env --file ${MENDER_LOCK2} editing
    else
        editing=invalid
        load_env --skip-sig --file ${MENDER_LOCK1} editing
        if [ "${editing}" != 0 ]; then
            # See comment about "free form" variables near the top.
            if [ "$check_signatures" = "enforce" ]; then
                load_env --skip-sig --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
                save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
            else
                load_env --skip-sig --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
                save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
            fi
            editing=0
            save_env --file ${MENDER_LOCK1} editing
        fi
    fi
}

function mender_save_env {
    # Save redundant environment.
    mender_setup_env_location
    editing=1
    save_env --file ${MENDER_LOCK2} editing
    # See comment about "free form" variables near the top.
    if [ "$check_signatures" = "enforce" ]; then
        save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available
    else
        save_env --file ${MENDER_ENV2} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
    fi
    editing=0
    save_env --file ${MENDER_LOCK2} editing

    editing=1
    save_env --file ${MENDER_LOCK1} editing
    # See comment about "free form" variables near the top.
    if [ "$check_signatures" = "enforce" ]; then
        save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
    else
        save_env --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
    fi
    editing=0
    save_env --file ${MENDER_LOCK1} editing
}

function mender_check_grubenv_valid {
    if [ "${mender_boot_part}" != "${mender_rootfsa_part}" -a "${mender_boot_part}" != "${mender_rootfsb_part}" ]; then
        return 1
    fi

    if [ "${bootcount}" != "0" -a "${bootcount}" != "1" ]; then
        return 1
    fi

    if [ "${upgrade_available}" != "0" -a "${upgrade_available}" != "1" ]; then
        return 1
    fi

    return 0
}

function mender_load_env {
    mender_setup_env_location

    # See comment about "free form" variables near the top.
    if [ "$check_signatures" = "enforce" ]; then
        load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available
    else
        load_env --skip-sig --file ${MENDER_ENV1} bootcount mender_boot_part upgrade_available mender_systemd_machine_id
        export mender_systemd_machine_id
    fi
    export bootcount
    export mender_boot_part
    export upgrade_available

    if ! mender_check_grubenv_valid; then
        if [ "${check_signatures}" = "enforce" ]; then
            echo "Signatures are enabled and the environment is unverified. Rebooting in 10 seconds..."
            sleep 10
            reboot
        else
            if [ "${mender_boot_part}" != "${mender_rootfsb_part}" ]; then
                mender_boot_part="${mender_rootfsa_part}"
            fi
            echo "The environment is corrupt. Trying to boot from ${mender_kernel_root_base}${mender_boot_part} in 10 seconds, but this is not guaranteed to be a valid partition..."
            sleep 10
            # Fallthrough and continue.
        fi
    fi
}

function mender_load_env_with_rollback {
    mender_load_env

    if [ "${upgrade_available}" = "1" ]; then
        if [ "${bootcount}" != "0" ]; then
            echo "Rolling back..."
            if [ "${mender_boot_part}" = "${mender_rootfsa_part}" ]; then
                mender_boot_part="${mender_rootfsb_part}"
            else
                mender_boot_part="${mender_rootfsa_part}"
            fi
            upgrade_available=0
            bootcount=0
        else
            echo "Booting new update..."
            bootcount=1
        fi

        mender_save_env
    fi
}
# End of ---------- 04_mender_setup_env_functions_grub.cfg ----------
# Start of ---------- 05_mender_setup_env_grub.cfg ----------
mender_check_and_restore_env
mender_load_env_with_rollback
regexp (.*),(.*) $root -s mender_grub_storage_device
# End of ---------- 05_mender_setup_env_grub.cfg ----------
# Start of ---------- 05_mender_setup_grub.cfg ----------
function maybe_pause {
    # By default we do nothing. debug-pause PACKAGECONFIG replaces this so we
    # can pause at strategic places.
    echo
}

drop_to_grub_prompt="no"
function maybe_drop_to_grub_prompt {
    # By default we do nothing. force-grub-prompt PACKAGECONFIG replaces this so we
    # can bypass boot and stop at the grub prompt.
    echo
}
# End of ---------- 05_mender_setup_grub.cfg ----------
# Start of ---------- 06_mender_systemd_machine_id_grub.cfg ----------
if test -n "${mender_systemd_machine_id}"; then
   systemd_bootargs="systemd.machine_id=${mender_systemd_machine_id}"
fi
# End of ---------- 06_mender_systemd_machine_id_grub.cfg ----------
# Start of ---------- 10_mender_bootargs_grub.cfg ----------
set bootargs="${bootargs} ${console_bootargs} ${rootargs} ${systemd_bootargs}"
# End of ---------- 10_mender_bootargs_grub.cfg ----------
# Start of ---------- 11_bootargs_grub.cfg ----------
set bootargs="loglevel=3 mitigations=off rootfstype=ext4"
# End of ---------- 11_bootargs_grub.cfg ----------
# Start of ---------- 80_mender_choose_partitions_grub.cfg ----------
# Historical note: The "mender_boot_part" variable means "partition to use as
# root filesystem while booting", not "the boot partition". So it would be
# better if it was named "mender_rootfs_part", but we can't rename it for
# compatibility reasons. The rest of the variable names follow the latter
# logic.

if [ "${mender_boot_part}" = "${mender_rootfsa_part}" -a test -n "${mender_kernela_part}" ]; then
    mender_ptable_part=${mender_kernela_part}
    mender_kernel_path=""
elif [ "${mender_boot_part}" = "${mender_rootfsb_part}" -a test -n "${mender_kernelb_part}" ]; then
    mender_ptable_part=${mender_kernelb_part}
    mender_kernel_path=""
else
    mender_ptable_part=${mender_boot_part}
    mender_kernel_path="/boot"
fi

if test -e (${mender_grub_storage_device},gpt${mender_ptable_part})/; then
    root="${mender_grub_storage_device},gpt${mender_ptable_part}"
else
    root="${mender_grub_storage_device},msdos${mender_ptable_part}"
fi

if test -n "${mender_rootfsa_uuid}" -a test -n  "${mender_rootfsb_uuid}"; then
    if [ "${mender_boot_part}" = "${mender_rootfsa_part}" ]; then
        mender_kernel_root="PARTUUID=${mender_rootfsa_uuid}"
    elif [ "${mender_boot_part}" = "${mender_rootfsb_part}" ]; then
        mender_kernel_root="PARTUUID=${mender_rootfsb_uuid}"
    fi
else
    mender_kernel_root="${mender_kernel_root_base}${mender_boot_part}"
fi
# End of ---------- 80_mender_choose_partitions_grub.cfg ----------
# Start of ---------- 90_mender_boot_grub.cfg ----------
maybe_drop_to_grub_prompt

if [ "${drop_to_grub_prompt}" = "no" ]; then
    if linux "${mender_kernel_path}/${kernel_imagetype}" root="${mender_kernel_root}" ${bootargs}; then
        if test -n "${initrd_imagetype}" -a test -e "${mender_kernel_path}/${initrd_imagetype}"; then
            initrd "${mender_kernel_path}/${initrd_imagetype}"
        fi
        maybe_pause "Pausing before booting."
        boot
    fi
    maybe_pause "Pausing after failed boot."
fi
# End of ---------- 90_mender_boot_grub.cfg ----------
# Start of ---------- 95_mender_try_to_recover_grub.cfg ----------
if [ "${drop_to_grub_prompt}" != "yes" ]; then
    if [ "${upgrade_available}" = "1" ]; then
        reboot
    fi
fi
# End of ---------- 95_mender_try_to_recover_grub.cfg ----------
# Start of ---------- 99_mender_end_of_grub.cfg ----------
if [ "${drop_to_grub_prompt}" = "yes" ]; then
    echo "Dropping to grub prompt intentionally."
    sleep --interruptible 10 --verbose
else
    echo "Dropping to grub prompt for unknown reason. Should never get here."
    sleep --interruptible 10 --verbose
fi
menuentry 'Dummy Entry for Debug.' 'Wait' {
   echo Menu Entry for debug/command prompt access
}
# End of ---------- 99_mender_end_of_grub.cfg ----------

You can migrate the Mender configuration to a standard GRUB setup, but it requires manual adjustments to integrate Mender-specific logic into the standard GRUB configuration files. And it's a pain in the ass.

highghlow commented 1 month ago

In the Orginal UmbrelOS.....There is Mender GRUB setup in /ESP/EFI/BOOT/

Oooh, so that's why... Well, no updates here I guess