Bug#1104488: live-boot: Segmentation fault when trying to mount filesystem.squashfs with filesystem.squashfs.verity and filesystem.squashfs.roothash

Richard Ulrich Thu, 01 May 2025 01:03:42 -0700

Package: live-boot
Version: 1:20250225
Severity: normal
X-Debbugs-Cc: [email protected]


Dear Maintainer,

We have a live DVD based on Debian that we build inside a docker container
using mmdebstrap. The whole DVD builds reproducibly. Now we want to add 
secureboot
and dm-verity. Secureboot looks good, but we are strugling with dm-verity.

"veritysetup format" and "veritysetup verify" seem to work fine. But when
the system boots, I always get "segmentation faults" (for trixie) or "operation
not supported" (for bookworm) when it tries to mount the verity squashfs.

The full source can be found at https://github.com/AminaBank/livedeb/
To reproduce the error, just run:
git checkout feature/verity && make iso && make run

The error happens at:
https://salsa.debian.org/live-team/live-boot/-/blob/master/components/9990-overlay.sh?ref_type=heads#L179

I found the following in boot.log

Begin: Mounting "/run/live/medium/live/filesystem.squashfs" on 
"/run/live/rootfs/filesystem.squashfs" via "/dev/loop0" ... + return 0
+ mount -t squashfs -o ro,noatime -o 'verity.hashdevice=/dev/loop1' -o 
'verity.roothashfile=/run/live/medium/live/filesystem.squashfs.roothash' -o 
'verity.oncorruption=panic' /dev/loop0 /run/live/rootfs/filesystem.squashfs
Segmentation fault
+ panic 'Can not mount /dev/loop0 (/run/live/medium/live/filesystem.squashfs) 
on /run/live/rootfs/filesystem.squashfs'


-- Package-specific info:

-- System Information:
Debian Release: trixie/sid
  APT prefers testing
  APT policy: (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 6.12.22-amd64 (SMP w/16 CPU threads; PREEMPT)
Locale: LANG=de_CH.UTF-8, LC_CTYPE=de_CH.UTF-8 (charmap=UTF-8), 
LANGUAGE=de_CH:de
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled

Versions of packages live-boot depends on:
ii  live-boot-initramfs-tools [live-boot-backend]  1:20250225

Versions of packages live-boot recommends:
ii  live-boot-doc  1:20250225
ii  live-tools     1:20240525
ii  rsync          3.4.1+ds1-3
ii  uuid-runtime   2.41-4

Versions of packages live-boot suggests:
ii  cryptsetup  2:2.7.5-1
pn  curlftpfs   <none>
pn  httpfs2     <none>
ii  wget        1.25.0-2

-- no debconf information

Bug#1104488: live-boot: Segmentation fault when trying to mount filesystem.squashfs with filesystem.squashfs.verity and filesystem.squashfs.roothash

Reply via email to