Kicksecure cloning error

Hello. I have set up my Kicksecure and decided to make a clone. I have tried different methods but when I install the clone I get an error. How can I avoid this error when installing system? Help please

debconf: (Can't locate Debconf/FrontEnd/Nointeractive.pm in @INC (you may need to install the Debconf::FrontEnd::Nointeractive module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.36.0 /usr/local/share/perl/5.36.0 /usr/lib/x86_64-linux-gnu/perl5/5.36 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.36 /usr/share/perl/5.36 /usr/local/lib/site_perl) at (eval 15) line 2.)

debconf: falling back to frontend: Noninteractive

mktemp: failed to create file via template '/tmp/user/0/calamares-root-sia5hs5b/tmp/grub.XXXXXXXXXX': No such file or directory

dpkg: error processing package grub-pc (--configure):

installed grub-pc package post-installation script subprocess returned error exit status 1

Processing triggers for man-db (2.11.2-2) ...

Processing triggers for security-misc (3:41.1-1) ...

mktemp: failed to create file via template '/tmp/user/0/calamares-root-sia5hs5b/tmp/tmp.XXXXXXXXXX': No such file or directory

INFO: triggered security-misc: 'security-misc' security-misc DPKG_MAINTSCRIPT_NAME: 'postinst' $\@: 'triggered /usr' 2: '/usr'

/usr/libexec/security-misc/mmap-rnd-bits: INFO: Successfully written ASLR map config file:

/etc/sysctl.d/30_security-misc_aslr-mmap.conf

Running SUID Disabler and Permission Hardener... See also:

https://www.kicksecure.com/wiki/SUID_Disabler_and_Permission_Hardener

/var/lib/dpkg/info/security-misc.postinst: INFO: running: permission-hardener enable

permission-hardener: [e[1me[32mNOTICEe[0m]: To compare the current and previous permission modes, install 'meld' (or preferred diff tool) for comparison of file mode changes:

sudo apt install --no-install-recommends meld

meld /var/lib/permission-hardener/existing_mode/statoverride /var/lib/permission-hardener/new_mode/statoverride

/var/lib/dpkg/info/security-misc.postinst: INFO: Permission hardening success.

Errors were encountered while processing:

grub-pc

E: Sub-process /usr/bin/dpkg returned an error code (1)

chcon: failed to get security context ‘/’: No data available
chcon: failed to get security context ‘/dev’: No data available
chcon: failed to get security context ‘/proc’: Unsupported operation
chcon: failed to get security context ‘/run’: No data available
chcon: failed to get security context ‘/run/udev’: No data available
chcon: failed to get security context ‘/sys’: No data available
08:04:57 [1]: void Calamares::ViewManager::onInstallationFailed(const QString&, const QString&)

A clone?

Did you boot a Kicksecure ISO and attempted to install?

Did you run calamares from the command line by chance?

mktemp: failed to create file via template ‘/tmp/user/0/calamares-root-sia5hs5b/tmp/grub.XXXXXXXXXX’: No such file or directory

This should not be happening.

If you use the provided desktop shortcut, it would start

install-host

which does not have this issue.


Developer information:

install-host unsets TMPDIR etc. and then works around upstream bug calamares breaks when using libpam-tmpdir · Issue #2269 · calamares/calamares · GitHub from happening. (Which will be resolved anyhow, as soon as a newer calamares version 3.3.12 gets available from Debian backports.)

No, I’ve been using Kicksecure for a long time. I decided to make a backup of system - clone system to iso. There are different tools, but I have an error with grub-pc. Clone successfully run from RAM, but cannot install

How?

By ‘clone system to iso’, do you mean ‘persistence mode’ ?

‘Persistence Mode’ saves any files / folder made available in ‘live mode’.

I try several tools. I installed kicksecure on mx linux and made a iso-snapshot of system - it worked. but mx linux uses sysvinit and I don’t like it. now I try penguins eggs and linux live kit.
penguin eggs create a yolk repository:

import yaml from 'js-yaml'
import fs from 'node:fs'
import shx from 'shelljs'

import { exec } from '../lib/utils.js'
import Bleach from './bleach.js'
import Pacman from './pacman.js'
import Utils from './utils.js'

/**
 *
 */
export default class Yolk {
  echo = {}

  verbose = false

  yolkDir = '/var/local/yolk'

  /**
   *
   */
  async create(verbose = false) {
    this.verbose = verbose
    this.echo = Utils.setEcho(verbose)

    if (Utils.uefiArch() !== 'amd64') {
      Utils.warning(`yolk is not used on ${Utils.uefiArch()} architecture`)
      return
    }

    Utils.warning(`Creating yolk on ${this.yolkDir}`)

    Utils.warning('Updating system')
    if (!Pacman.commandIsInstalled('dpkg-scanpackages')) {
      Utils.warning(`I cannot find the command dpkg-scanpackages`)
      process.exit(0)
    }

    let cmd = ''
    try {
      cmd = 'apt-get update --yes'
      await exec(cmd, this.echo)
    } catch (error) {
      console.log(error)
      await Utils.pressKeyToExit(cmd)
      process.exit(0)
    }

    if (this.exists()) {
      await this.erase()
    } else {
      await exec(`mkdir ${this.yolkDir} -p`, this.echo)
      await exec(`chown _apt:root ${this.yolkDir} -R`, this.echo)
    }

    // packages we need
    // const pkgs = ['cryptsetup', 'grub-efi-amd64', 'grub-pc', 'keyutils', 'shim-signed']
    interface IYolk {
      packages: string[]
    }
    const yolk_yaml = '/etc/penguins-eggs.d/yolk.yaml'
    const yolk = yaml.load(fs.readFileSync(yolk_yaml, 'utf8')) as IYolk

    process.chdir(this.yolkDir)
    Utils.warning(`Downloading packages and its dependencies`)

    for (const pkg of yolk.packages) {
      Utils.warning(`- ${pkg}`)
      cmd = `apt-cache depends --recurse --no-recommends --no-suggests --no-conflicts --no-breaks --no-replaces --no-enhances ${pkg} | grep "^\\w" | sort -u`
      let depends = pkg + '\n'
      depends += (await exec(cmd, { capture: true, echo: false })).data
      await this.installDeps(depends.split('\n'))
    }

    // create Package.gz
    cmd = 'dpkg-scanpackages -h  md5,sha1,sha256 . | gzip -c > Packages.gz'
    Utils.warning(cmd)
    await exec(cmd, { capture: true, echo: false })

    // Create Release date: Sat, 14 Aug 2021 07:42:00 UTC
    const now = shx.exec('date -R -u').stdout.trim()
    const content = `Archive: stable\nComponent: yolk\nOrigin: penguins-eggs\nArchitecture: ${Utils.uefiArch()} \nDate: ${now}\n`
    Utils.warning('Writing Release')
    fs.writeFileSync('Release', content)

    // Cleaning
    Utils.warning('Cleaning apt cache')
    const bleach = new Bleach()
    await bleach.clean(verbose)
  }

  /**
   * Svuota la repo yolk
   */
  async erase() {
    await exec(`rm ${this.yolkDir}/*`, this.echo)
  }

  /**
   * Check if yoil exists and it's a repo
   */
  exists(): boolean {
    const check = `${this.yolkDir}/Packages.gz`
    return fs.existsSync(check)
  }

  /**
   * if depends are not Installed
   * download depends
   * @param depends
   */
  async installDeps(depends: string[]) {
    // select for downloads only packages NOT already installed
    const toDownloads: string[] = []
    for (const depend of depends) {
      // if (depend !== '' && !Pacman.packageIsInstalled(depend)) {
      toDownloads.push(depend)
      // }
    }

    // now we go to downloads them
    for (const toDownload of toDownloads) {
      process.chdir(this.yolkDir)
      const cmd = `apt-get download ${toDownload}`
      // Utils.warning(`- ${cmd}`)
      await exec(cmd, this.echo)
    }
  }
}

this runs kicksecure on a flash drive in live mode. but during installation in calamares an error with grub-pc

what are differences in installing kicksecure and debian? this program perfectly creates backup iso of classic debian, but has a grub-pc error with kicksecure. are there any features that I should know so that kicksecure clones successfully?

I did a test: installed debian xfce and kde plasma + security-misc, tirdad, sdwdate, grub-live, then installed my work programs and customized desktops. and system was successfully cloned into iso and installed on computer! then a question to devs - what packages work with grub-pc and distinguish debian from kicksecure? if make a full debian morph and remove package for grub-pc, it should work fine

The answer was already given.

Right. Package libpam-tmpdir is triggering a bug in calamares.

That is outside of support for Kicksecure support. Way too complicated to explain. You’d need to look at the source code. Developers only.