[Bug 1208197] New: sbsign does not handle disk space issues
https://bugzilla.suse.com/show_bug.cgi?id=1208197 Bug ID: 1208197 Summary: sbsign does not handle disk space issues Classification: openSUSE Product: openSUSE Tumbleweed Version: Current Hardware: Other OS: Other Status: NEW Severity: Normal Priority: P5 - None Component: Other Assignee: screening-team-bugs@suse.de Reporter: antonio.feijoo@suse.com QA Contact: qa-bugs@suse.de Found By: --- Blocker: --- `sbsign` does not issue any error if there is not enough disk space to create the signed file using its `--output` option. Example with enough disk space: # ls -l /var/tmp/dracut.hDT7WY/uefi/linux.efi -rwx------ 1 root root 88712928 Feb 13 12:01 /var/tmp/dracut.hDT7WY/uefi/linux.efi # mktemp -d /tmp/tmp.YC4iYlF8UF # mount -t tmpfs -o defaults,size=100M tmpfs /tmp/tmp.YC4iYlF8UF # sbsign --key /home/dev/sbsign/uefi-private.key --cert /home/dev/sbsign/uefi-public.pem --output /tmp/tmp.YC4iYlF8UF/test.img /var/tmp/dracut.hDT7WY/uefi/linux.efi warning: data remaining[88700416 vs 88712928]: gaps between PE/COFF sections? Signing Unsigned original image # sbverify --cert /home/dev/sbsign/uefi-public.pem /tmp/tmp.YC4iYlF8UF/test.img warning: data remaining[88702192 vs 88714704]: gaps between PE/COFF sections? Signature verification OK Example without enough disk space: # ls -l /var/tmp/dracut.9SDv5P/uefi/linux.efi -rwx------ 1 root root 88715488 Feb 13 10:23 /var/tmp/dracut.9SDv5P/uefi/linux.efi # umount /tmp/tmp.YC4iYlF8UF # mount -t tmpfs -o defaults,size=1M tmpfs /tmp/tmp.YC4iYlF8UF # sbsign --key /home/dev/sbsign/uefi-private.key --cert /home/dev/sbsign/uefi-public.pem --output /tmp/tmp.YC4iYlF8UF/test.img /var/tmp/dracut.9SDv5P/uefi/linux.efi warning: data remaining[88702464 vs 88714976]: gaps between PE/COFF sections? Signing Unsigned original image # echo $? 0 # sbverify --cert /home/dev/sbsign/uefi-public.pem /tmp/tmp.YC4iYlF8UF/test.img Segmentation fault (core dumped) -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208197 Marcus Meissner <meissner@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208197 https://bugzilla.suse.com/show_bug.cgi?id=1208197#c1 --- Comment #1 from Marcus Meissner <meissner@suse.com> --- we usually use pesign fwiw. -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208197 https://bugzilla.suse.com/show_bug.cgi?id=1208197#c2 --- Comment #2 from Antonio Feijoo <antonio.feijoo@suse.com> --- (In reply to Marcus Meissner from comment #1)
we usually use pesign fwiw.
Thanks for your feedback Marcus. This issue was spotted by dracut upstream (https://github.com/dracutdevs/dracut/issues/2197), as it uses sbsign to sign UEFI images. Do you suggest to use pesign instead? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208197 https://bugzilla.suse.com/show_bug.cgi?id=1208197#c3 --- Comment #3 from Marcus Meissner <meissner@suse.com> --- if its externally mandated, it should probably stay as is. is there a report in upstream sbsigntools tracker? -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208197 https://bugzilla.suse.com/show_bug.cgi?id=1208197#c4 --- Comment #4 from Antonio Feijoo <antonio.feijoo@suse.com> --- (In reply to Marcus Meissner from comment #3)
is there a report in upstream sbsigntools tracker?
Yes, there is and old one: https://groups.io/g/sbsigntools/message/58?p=%2C%2C%2C20%2C0%2C0%2C0%3A%3Are... -- You are receiving this mail because: You are on the CC list for the bug.
https://bugzilla.suse.com/show_bug.cgi?id=1208197 Chenzi Cao <chcao@suse.com> changed: What |Removed |Added ---------------------------------------------------------------------------- Assignee|screening-team-bugs@suse.de |meissner@suse.com -- You are receiving this mail because: You are on the CC list for the bug.
participants (1)
-
bugzilla_noreply@suse.com