sbctl ALPM hook is run 3 times instead of 1 due to run_post_hooks()
Description:
In my setup, when upgrading the system the 90-mkinitcpio-install.hook
ALPM hook generates "initramfs-linux.img" and "initramfs-linux-fallback.img".
After ALL-1 other hooks have run, the standard zz-sbctl.hook
hook generates the unified kernel image "arch.efi" and "arch-fallback.efi".
After ALL other hooks have run, a custom zzz-sbctl-verify.hook
hook verifies that the EFI binaries are correctly signed and thus the next (secure) boot will be succesful.
However, /usr/bin/mkinitcpio
tries to anticipate this chain and runs the zz-sbtcl.hook
by itself after the generation of each image
This results in zz-sbctl.hook
being run 3 times:
- by
90-mkinitcpio-install.hook
after "initramfs-linux.img" has been generated.zz-sbctl.hook
fails because "initramfs-linux-fallback.img" is missing - by
90-mkinitcpio-install.hook
after "initramfs-linux-fallback.img" has been generated. This run is useless - by
pacman
, after90-mkinitcpio-install.hook
and other hooks have run. This is expected and should be the only run of the hook
Additional info:
Package version(s): mkinitcpio 37.3-1
Relevant /var/log/pacman.log
, notice the following:
- "failed creating bundle /efi/arch-fallback.efi: /boot/initramfs-linux-fallback.img: no such file or directory" when
90-mkinitcpio-install.hook
runszz-sbctl.hook
by itself after it generates 1 image out of 2 - The second "[ALPM-SCRIPTLET] -> Running post hook: [sbctl]" completes, but it's useless as it's also run later by
pacman
: "[ALPM] running 'zz-sbctl.hook'..." - how
zz-sbctl.hook
is run bypacman
anyway after90-mkinitcpio-install.hook
and other hooks finish
[2024-03-01T10:54:38+0100] [ALPM] upgraded vulkan-intel (1:24.0.1-1 -> 1:24.0.2-1)
[2024-03-01T10:54:38+0100] [ALPM] transaction completed
[2024-03-01T10:54:39+0100] [ALPM] running '20-systemd-sysusers.hook'...
[2024-03-01T10:54:40+0100] [ALPM] running '30-systemd-daemon-reload-system.hook'...
[2024-03-01T10:54:40+0100] [ALPM] running '30-systemd-daemon-reload-user.hook'...
[2024-03-01T10:54:41+0100] [ALPM] running '30-systemd-tmpfiles.hook'...
[2024-03-01T10:54:41+0100] [ALPM] running '30-systemd-udev-reload.hook'...
[2024-03-01T10:54:44+0100] [ALPM] running '30-systemd-update.hook'...
[2024-03-01T10:54:44+0100] [ALPM] running '60-depmod.hook'...
[2024-03-01T10:54:52+0100] [ALPM] running '90-mkinitcpio-install.hook'...
[2024-03-01T10:54:52+0100] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'default'
[2024-03-01T10:54:52+0100] [ALPM-SCRIPTLET] ==> Using default configuration file: '/etc/mkinitcpio.conf'
[2024-03-01T10:54:52+0100] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -g /boot/initramfs-linux.img --microcode /boot/intel-ucode.img
[2024-03-01T10:54:52+0100] [ALPM-SCRIPTLET] ==> Starting build: '6.7.6-arch1-2'
[2024-03-01T10:54:52+0100] [ALPM-SCRIPTLET] -> Running build hook: [base]
[2024-03-01T10:54:53+0100] [ALPM-SCRIPTLET] -> Running build hook: [systemd]
[2024-03-01T10:54:57+0100] [ALPM-SCRIPTLET] -> Running build hook: [plymouth]
[2024-03-01T10:55:01+0100] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
[2024-03-01T10:55:04+0100] [ALPM-SCRIPTLET] -> Running build hook: [autodetect]
[2024-03-01T10:55:04+0100] [ALPM-SCRIPTLET] -> Running build hook: [sd-vconsole]
[2024-03-01T10:55:04+0100] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
[2024-03-01T10:55:05+0100] [ALPM-SCRIPTLET] -> Running build hook: [block]
[2024-03-01T10:55:06+0100] [ALPM-SCRIPTLET] -> Running build hook: [sd-encrypt]
[2024-03-01T10:55:10+0100] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
[2024-03-01T10:55:10+0100] [ALPM-SCRIPTLET] -> Running build hook: [fsck]
[2024-03-01T10:55:13+0100] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2024-03-01T10:55:13+0100] [ALPM-SCRIPTLET] ==> Creating uncompressed initcpio image: '/boot/initramfs-linux.img'
[2024-03-01T10:55:15+0100] [ALPM-SCRIPTLET] ==> Image generation successful
⚠️
[2024-03-01T10:55:15+0100] [ALPM-SCRIPTLET] ==> Running post hooks
[2024-03-01T10:55:15+0100] [ALPM-SCRIPTLET] -> Running post hook: [sbctl]
[2024-03-01T10:55:15+0100] [ALPM-SCRIPTLET] Signing EFI binaries...
[2024-03-01T10:55:15+0100] [ALPM-SCRIPTLET] Generating EFI bundles....
[2024-03-01T10:55:16+0100] [ALPM-SCRIPTLET] Wrote EFI bundle /efi/arch.efi
[2024-03-01T10:55:20+0100] [ALPM-SCRIPTLET] ✓ Signed /efi/arch.efi
[2024-03-01T10:55:20+0100] [ALPM-SCRIPTLET] failed creating bundle /efi/arch-fallback.efi: /boot/initramfs-linux-fallback.img: no such file or directory
[2024-03-01T10:55:20+0100] [ALPM-SCRIPTLET] ==> Post processing done
[2024-03-01T10:55:20+0100] [ALPM-SCRIPTLET] ==> Building image from preset: /etc/mkinitcpio.d/linux.preset: 'fallback'
[2024-03-01T10:55:20+0100] [ALPM-SCRIPTLET] ==> Using default configuration file: '/etc/mkinitcpio.conf'
[2024-03-01T10:55:20+0100] [ALPM-SCRIPTLET] -> -k /boot/vmlinuz-linux -g /boot/initramfs-linux-fallback.img -S autodetect --microcode /boot/intel-ucode.img
[2024-03-01T10:55:20+0100] [ALPM-SCRIPTLET] ==> Starting build: '6.7.6-arch1-2'
[2024-03-01T10:55:20+0100] [ALPM-SCRIPTLET] -> Running build hook: [base]
[2024-03-01T10:55:21+0100] [ALPM-SCRIPTLET] -> Running build hook: [systemd]
[2024-03-01T10:55:25+0100] [ALPM-SCRIPTLET] -> Running build hook: [plymouth]
[2024-03-01T10:55:29+0100] [ALPM-SCRIPTLET] -> Running build hook: [keyboard]
[2024-03-01T10:55:32+0100] [ALPM-SCRIPTLET] -> Running build hook: [sd-vconsole]
[2024-03-01T10:55:32+0100] [ALPM-SCRIPTLET] -> Running build hook: [modconf]
[2024-03-01T10:55:32+0100] [ALPM-SCRIPTLET] -> Running build hook: [block]
[2024-03-01T10:55:41+0100] [ALPM-SCRIPTLET] -> Running build hook: [sd-encrypt]
[2024-03-01T10:55:44+0100] [ALPM-SCRIPTLET] -> Running build hook: [filesystems]
[2024-03-01T10:55:47+0100] [ALPM-SCRIPTLET] -> Running build hook: [fsck]
[2024-03-01T10:55:54+0100] [ALPM-SCRIPTLET] ==> Generating module dependencies
[2024-03-01T10:55:54+0100] [ALPM-SCRIPTLET] ==> Creating uncompressed initcpio image: '/boot/initramfs-linux-fallback.img'
[2024-03-01T10:55:57+0100] [ALPM-SCRIPTLET] ==> Image generation successful
⚠️
[2024-03-01T10:55:57+0100] [ALPM-SCRIPTLET] ==> Running post hooks
[2024-03-01T10:55:57+0100] [ALPM-SCRIPTLET] -> Running post hook: [sbctl]
[2024-03-01T10:55:57+0100] [ALPM-SCRIPTLET] Signing EFI binaries...
[2024-03-01T10:55:57+0100] [ALPM-SCRIPTLET] Generating EFI bundles....
[2024-03-01T10:56:03+0100] [ALPM-SCRIPTLET] Wrote EFI bundle /efi/arch-fallback.efi
[2024-03-01T10:56:14+0100] [ALPM-SCRIPTLET] ✓ Signed /efi/arch-fallback.efi
[2024-03-01T10:56:16+0100] [ALPM-SCRIPTLET] Wrote EFI bundle /efi/arch.efi
[2024-03-01T10:56:19+0100] [ALPM-SCRIPTLET] ✓ Signed /efi/arch.efi
[2024-03-01T10:56:19+0100] [ALPM-SCRIPTLET] ==> Post processing done
[2024-03-01T10:56:19+0100] [ALPM] running '90-packagekit-refresh.hook'...
[2024-03-01T10:56:21+0100] [ALPM] running 'fontconfig.hook'...
[2024-03-01T10:56:23+0100] [ALPM] running 'gio-querymodules.hook'...
⚠️
[2024-03-01T10:56:24+0100] [ALPM] running 'zz-sbctl.hook'...
[2024-03-01T10:56:24+0100] [ALPM-SCRIPTLET] Generating EFI bundles....
[2024-03-01T10:56:31+0100] [ALPM-SCRIPTLET] Wrote EFI bundle /efi/arch-fallback.efi
[2024-03-01T10:56:43+0100] [ALPM-SCRIPTLET] ✓ Signed /efi/arch-fallback.efi
[2024-03-01T10:56:44+0100] [ALPM-SCRIPTLET] Wrote EFI bundle /efi/arch.efi
[2024-03-01T10:56:48+0100] [ALPM-SCRIPTLET] ✓ Signed /efi/arch.efi
[2024-03-01T10:56:48+0100] [ALPM] running 'zzz-sbctl-verify.hook'...
[2024-03-01T10:56:49+0100] [ALPM-SCRIPTLET] ✓ All EFI bundles are properly signed
Possible solutions
Keep the feature, add user-defined options:
- don't assume post hooks at runtime, but read them from a user-defined list in "/etc/mkinitcpio.d/"*.preset
- add an option to run these hooks after all images have been generate (sbctl fails if the second image has not been created yet)
Remove the feature:
- remove
run_post_hooks()
entirely - running
mkinitcpio -P
is not enough to regenerate and sign unified kernel images, users may needpacman -S mkinitcpio
to trigger all hooks involved