cryptreboot icon indicating copy to clipboard operation
cryptreboot copied to clipboard
verified publisher icon phantom-node

Fedora RPM package

Open boredsquirrel opened this issue 1 year ago • 6 comments

Hi, I am a user of Fedora Atomic Desktops and am really convinced by the model.

The big disadvantage is that everything you install needs to be in an .rpm file.

Possibly systemd sysextensions too, but I had no luck with those, yet.

I use distrobox with a Fedora container to build things, in there I came so far:

$ git clone https://github.com/phantom-node/cryptreboot
$ cd cryptreboot

I added this tool that should automate the building process

$ sudo dnf install -y rubygem-gem2rpm

$ gem build crypt_reboot.gemspec 
WARNING:  See https://guides.rubygems.org/specification-reference/ for help
ERROR:  While executing gem ... (Gem::InvalidSpecificationException)
    ["lib/basic_loader.rb"] are not files
        /usr/share/rubygems/rubygems/specification_policy.rb:550:in `error'
        /usr/share/rubygems/rubygems/specification_policy.rb:326:in `validate_non_files'
        /usr/share/rubygems/rubygems/specification_policy.rb:77:in `validate_required!'
        /usr/share/rubygems/rubygems/specification_policy.rb:47:in `validate'
        /usr/share/rubygems/rubygems/specification.rb:2577:in `validate'
        /usr/share/rubygems/rubygems/package.rb:297:in `build'
        /usr/share/rubygems/rubygems/package.rb:136:in `build'
        /usr/share/rubygems/rubygems/commands/build_command.rb:94:in `build_package'
        /usr/share/rubygems/rubygems/commands/build_command.rb:84:in `build_gem'
        /usr/share/rubygems/rubygems/commands/build_command.rb:75:in `execute'
        /usr/share/rubygems/rubygems/command.rb:326:in `invoke_with_build_args'
        /usr/share/rubygems/rubygems/command_manager.rb:255:in `invoke_command'
        /usr/share/rubygems/rubygems/command_manager.rb:194:in `process_args'
        /usr/share/rubygems/rubygems/command_manager.rb:152:in `run'
        /usr/share/rubygems/rubygems/gem_runner.rb:56:in `run'
        /usr/bin/gem:12:in `<main>'

same when running with sudo

Any idea why building doesnt work? I dont want to install, as I want a .gem file that I can then bundle into an rpm file.

Installing gave me that the Fedora rubygems version is outdated

$ sudo gem install crypt_reboot
Fetching crypt_reboot-0.3.1.gem
Fetching tty-option-0.3.0.gem
Fetching tty-color-0.6.0.gem
Fetching pastel-0.8.0.gem
Fetching tty-command-0.10.1.gem
Fetching memory_locker-1.0.3.gem
Successfully installed tty-option-0.3.0
Successfully installed tty-color-0.6.0
Successfully installed pastel-0.8.0
Successfully installed tty-command-0.10.1
Successfully installed memory_locker-1.0.3
Successfully installed crypt_reboot-0.3.1
6 gems installed

A new release of RubyGems is available: 3.5.16 → 3.5.21!
Run `gem update --system 3.5.21` to update your installation.

I was able to update it, again requiring sudo and installation to the system.

Trying to build again:

$ gem build crypt_reboot.gemspec 

same as above

I am hanging at this step. Once packaged, at least building locally should be no problem, on COPR too I suppose.

boredsquirrel avatar Oct 07 '24 15:10 boredsquirrel

The officially supported way to build the gem is to run:

rake build

This will produce a .gem file inside pkg/ directory. If you insist on using gem build, then generate lib/basic_loader.rb file by executing:

bin/update_loader

This should allow you to build the gem.

Just to let you know, cryptreboot was not tested on Fedora, especially on Atomic Desktops. I doubt it will work. But please let me know about your results.

pepawel avatar Oct 10 '24 14:10 pepawel

By the way, hi @boredsquirrel :) Thank you for your interest in cryptreboot. I will install Fedora Silverblue 40 in Virtualbox to see how it works.

pepawel avatar Oct 10 '24 14:10 pepawel

Depends on #5

pepawel avatar Oct 12 '24 17:10 pepawel

@boredsquirrel after some research I found it should be possible to make cryptreboot work on Fedora Workstation. The feasibility of Fedora Atomic Desktop support is unknown at the moment. I created 2 new issues:

  • resolving #5 should make it possible to creat a working Fedora package
  • resolving #6 should allow you to use this package on your machine

pepawel avatar Oct 12 '24 17:10 pepawel

thanks for your tests!

I use Coreboot so I am not concerned about this for my workstation, but for servers, it would be really relevant. There are Fedora IoT, CoreOS, and various other images built off the Fedora Atomic OCI base.

uBlue uCore, secureblue uCore.

There is also Almalinux bootc, which uses a different tool but the same OCI containers.

I would love to use those only, but having cryptreboot is a must for a remote server which I cannot reboot manually every day.

I will try to build the package again and make an RPM.

boredsquirrel avatar Oct 15 '24 19:10 boredsquirrel

Oh, I see. Currently, I don't have enough time to test those distributions. However, I would expect them to use a similar initramfs mechanism as used in Fedora Silverblue, because they are all part of the same family if I understand things correctly. I will update the description of #6 to also cover other Atomic Desktop distributions.

Btw, please let me know if you succeed with RPM package.

pepawel avatar Oct 26 '24 11:10 pepawel