modloop verification fails with apline usb drive when local disk partition has a alpine installation
Version: edge
- Generate Alpine USB drive with a
aports/scripts/mkimg.*
script (my test includes one custom apkovl) - Boot from the USB Stick
On a clean HDD: Everything works as expected
On a HDD with some local alpine installation (installed via setup-bootable
):
Verification of modloop fails and the system boots into a broken state
It seems the modloop script at boot just scans the harddisks/mounts (probably before the usb stick itself) and thus chooses the wrong modloop file or at least it fails verification because some files from the local alpine install are used instead of those on the USB stick.
The error message at boot is "Failed to verify signature of !"
, which indicates $img
in openrc/modloop.initd
is empty at the time when it is failing. Right before the error it explcitly showing that it is using the modloop file on /media/sda1/boot/modloop-lts which obviously is not existent. The USB Stick is sdb.
There is no way to restrict the USB alpine to not scan the local HDD. Initially I thought I could achieve this by setting the boot params to something like alpine_dev=UUID=XXX-USBSTICK:vfat
but nothing works and openrc/modloop.initd
also does not care about this parameter. Also wrongly I thought the problem was that only the wrong apkovl (local one) is used and because of that I played around with loads of boot parameters like alpine_dev
, ovl_dev
, apkovl
and also combinations of those but nothing helped.
More details:
USB Stick created with:
profile_blah() {
profile_standard
profile_abbrev="blah"
title="blah"
desc="blah"
hostname="blah"
arch="x86_64"
kernel_addons=""
kernel_cmdline=""
local _k _a
for _k in $kernel_flavors; do
apks="$apks linux-$_k"
done
apks="$apks linux-firmware"
apks="$apks bash cfdisk dialog dosfstools e2fsprogs findutils kbd-bkeymaps openssh-keygen parted syslinux tar vim"
apkovl="genapkovl-blah.sh"
}
syslinux part:
MENU LABEL blah
KERNEL /boot/vmlinuz-lts
APPEND initrd=/boot/initramfs-lts modloop=/boot/modloop-lts modules=loop,squashfs,sd-mod,usb-storage waitusb=3 quiet
The alpine 3.1 with linux3.x.x-grsec locally is installed on /dev/sda1, vfat. USB stick is also vfat.
The (painful) workaround for me is to just delete the local partition table. But I would have to do that with another medium for obvious reasons.