Your message dated Mon, 19 Feb 2024 12:34:37 +0000
with message-id <[email protected]>
and subject line Bug#1052299: fixed in gnome-boxes 45.0-3
has caused the Debian Bug report #1052299,
regarding gnome-boxes: Cannot install "GNOME OS Nightly" - secure-boot set by
ovmf while gnome os efi seems not signed
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1052299: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1052299
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: gnome-boxes
Version: 45.0-1
Severity: normal
Dear Maintainer,
If I attempt to create a GNOME OS guest I end up on the edkII console.
If inhte console I try to boot the EFI (in FS0: be it bootx64.efi in
\EFI\BOOT or systemd-bootx64.efi in EFI\systemd) I get a "Command Error
Status: Access Denied" error.
I got he clue it might be secure boot related by
https://forum.proxmox.com/threads/vm-always-going-into-uefi-interactive-shell.119215/
I also learned that the install was fine with the flatpak, so I compared
the VM configurations for GNOME OS:
Debian gome-boxes 45:
<os firmware="efi">
<type arch="x86_64" machine="pc-q35-8.0">hvm</type>
<firmware>
<feature enabled="yes" name="enrolled-keys"/>
<feature enabled="yes" name="secure-boot"/>
</firmware>
<loader readonly="yes" secure="yes"
type="pflash">/usr/share/OVMF/OVMF_CODE_4M.ms.fd</loader>
<nvram
template="/usr/share/OVMF/OVMF_VARS_4M.ms.fd">/home/prahal/.config/libvirt/qemu/nvram/gnomenightly_VARS.fd</nvram>
<boot dev="cdrom"/>
<boot dev="hd"/>
<bootmenu enable="yes"/>
</os>
<features>
<acpi/>
<apic/>
<smm state="on"/>
</features> >
Flatpak gnome-boxes 44:
<os firmware="efi">
<type arch="x86_64" machine="pc-q35-7.2">hvm</type>
<boot dev="cdrom"/>
<boot dev="hd"/>
<bootmenu enable="yes"/>
</os>
<features>
<acpi/>
<apic/>
</features>
Grepping where this secure-boot feature comes from, I ended up on:
/usr/share/qemu/firmware/40-edk2-x86_64-secure-enrolled.json
Scrambling the target (for example, replacing in "machines", "pc-q35-*"
by "pc-q35xxx-*") in this file to avoid its settings being added to
(all?) the guest VM I now can install "GNOME OS Nightly x86_64" (ie
edk2 boots into the installer and the installer proceeds).
This might well be an ovmf bug.
Still, as I don' know if gnome-boxes or qemu have flags to avoid ovmf
bringing in this secure-boot for all guest setups, I start up the stack.
Cheers,
Alban
-- System Information:
Debian Release: trixie/sid
APT prefers testing-debug
APT policy: (500, 'testing-debug'), (500, 'stable-updates'), (500,
'stable-security'), (500, 'stable-debug'), (500, 'oldstable-debug'), (500,
'testing'), (500, 'stable'), (90, 'unstable-debug'), (90, 'unstable'), (1,
'experimental-debug'), (1, 'experimental')
Architecture: amd64 (x86_64)
Foreign Architectures: i386
Kernel: Linux 6.5.0+ (SMP w/4 CPU threads; PREEMPT)
Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE
Locale: LANG=fr_FR.UTF-8, LC_CTYPE=fr_FR.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages gnome-boxes depends on:
ii dconf-gsettings-backend [gsettings-backend] 0.40.0-4
ii genisoimage 9:1.1.11-3.4
ii libarchive13 3.6.2-1
ii libc6 2.37-8
ii libcairo2 1.17.8-3
ii libgdk-pixbuf-2.0-0 2.42.10+dfsg-1+b1
ii libglib2.0-0 2.78.0-1
ii libgtk-3-0 3.24.38-5
ii libgudev-1.0-0 238-2
ii libhandy-1-0 1.8.2-2
ii libosinfo-1.0-0 1.10.0-2
ii libosinfo-bin 1.10.0-2
ii libsoup-3.0-0 3.4.3-1
ii libspice-client-glib-2.0-8 0.42-2
ii libspice-client-gtk-3.0-5 0.42-2
ii libusb-1.0-0 2:1.0.26-1
ii libvirt-clients 9.7.0-1
ii libvirt-daemon 9.7.0-1
ii libvirt-glib-1.0-0 4.0.0-3
ii libwebkit2gtk-4.1-0 2.40.5-1
ii libxml2 2.9.14+dfsg-1.3
ii tracker 3.6.0-1
ii user-session-migration 0.4.1
Versions of packages gnome-boxes recommends:
ii qemu-system-x86 1:8.0.4+dfsg-3+b1
Versions of packages gnome-boxes suggests:
ii gnome-connections 45~rc-1
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: gnome-boxes
Source-Version: 45.0-3
Done: Jeremy Bícha <[email protected]>
We believe that the bug you reported is fixed in the latest version of
gnome-boxes, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Jeremy Bícha <[email protected]> (supplier of updated gnome-boxes package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Format: 1.8
Date: Mon, 19 Feb 2024 07:19:21 -0500
Source: gnome-boxes
Built-For-Profiles: noudeb
Architecture: source
Version: 45.0-3
Distribution: unstable
Urgency: medium
Maintainer: Debian GNOME Maintainers
<[email protected]>
Changed-By: Jeremy Bícha <[email protected]>
Closes: 1052299
Changes:
gnome-boxes (45.0-3) unstable; urgency=medium
.
* Cherry-pick patch to enable GNOME OS by disabling Secure Boot
inside GNOME Boxes (Closes: #1052299)
* Bump minimum libvirt-glib to 5.0.0
Checksums-Sha1:
4899d586049b7735fe138a1a7db01da9bd2f02ea 2719 gnome-boxes_45.0-3.dsc
cb49fe4eca0ff8160ae23ba3227bd927604b5ef5 21052 gnome-boxes_45.0-3.debian.tar.xz
2a01afbc87341867b8ef91ebbf6169aa847e0d49 18536
gnome-boxes_45.0-3_source.buildinfo
Checksums-Sha256:
a74d98b54729109d62cb9291a2623efb58e7095cf5ab91d5fc2bacfa16af65ad 2719
gnome-boxes_45.0-3.dsc
17706ee28281962b4b4d74d06bd14bed6bc217a6adf297496bc4a63180a926ad 21052
gnome-boxes_45.0-3.debian.tar.xz
780ea155003e3baa4242af4153e0dd6bcb7876d406dec09ec7f9e453e8444932 18536
gnome-boxes_45.0-3_source.buildinfo
Files:
c98c830ddfa57bbfe6f0fa36948c1120 2719 gnome optional gnome-boxes_45.0-3.dsc
0c25ba1d8c3a9930e9d1cf617dcb53b8 21052 gnome optional
gnome-boxes_45.0-3.debian.tar.xz
fcded99f554c12639b456914e8efa980 18536 gnome optional
gnome-boxes_45.0-3_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCgAdFiEETQvhLw5HdtiqzpaW5mx3Wuv+bH0FAmXTR7AACgkQ5mx3Wuv+
bH2ceQ/8DW2U6fAlygYnqaOS47qbD6WG6XoQlHqlI2yd0UC6ONzFfXTK32Cf80B3
cVn/mTmMnUeE9WzYip5CWNN/eGlQ+LkpQ6itF6MNjWBunopAYLaHmGfp+Nlp/nd8
+8wjXfwEwuFlKHyyQIQPiLRFY/Qt50j1Omw13W4yxdSonf3WCbeuzG0ZeJBEH7JF
m0Wsh7D6FzoroCGabV9nfrkpvDRxLrNw0NjuiHHSzrKOa5nQUm3BHgsheCA26CXy
jrA07lLbtIVg7jDGWW2bLh1c1kOVzY+VYldVRMG9t2nRFHttZbcG4Z70JKG4eTJy
7N2jieVNNUM/tHW06Iru8qS4li7dhOwFsfyVLIGgvc5tx1shfLKNmDYVaXztLNDj
enwzuHsDgyZfvSDijJPfgMGrm5+cQY096BIxoQeh/jvMbG5HiviFE70IguSIyKCu
BS31gQbZG+w+UEJn1qsZXJR2U6NoZeyPRIu/B9ceuSEwIvUNUNwhPqoaqGXgEQfw
lf5dQxYJSWF6itkaIDExxdkqLaG9HeTFyTnV1ZrE39X7Yp3+p9KwL3ryPoTiDDSZ
0n3IWrvECldHlkl0gPOejrAczBV36vVjHEGxibhx8aMQeq5RTJ7sR332Jty+ryHR
GPR/dzcINoaFN1tqiKJJgIgklYrlAqLXJdCzKNkCDurCqPu7QEU=
=xsHk
-----END PGP SIGNATURE-----
pgp0t5qKJ39kZ.pgp
Description: PGP signature
--- End Message ---
