Updating Kicksecure to 17.1.1.5 breaks grub-live

Hi. After updating Kicksecure to 17.1.1.5 live mode menu has disappeared from the boot menu. The issue is confirmed to exist both on Kicksecure and Whonix. Here’s a log I got by trying to reinstall grub-live:

user@localhost:~$ sudo apt install --reinstall grub-live
[sudo] password for user:                 
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 0 not upgraded.
Need to get 0 B/22.7 kB of archives.
After this operation, 0 B of additional disk space will be used.
(Reading database ... 123198 files and directories currently installed.)
Preparing to unpack .../grub-live_3%3a4.9-1_all.deb ...
Unpacking grub-live (3:4.9-1) over (3:4.9-1) ...
Setting up grub-live (3:4.9-1) ...
Generating grub configuration file ...
Found linux image: /boot/vmlinuz-6.1.0-17-amd64
Found initrd image: /boot/initrd.img-6.1.0-17-amd64
Found linux image: /boot/vmlinuz-5.10.0-23-amd64
Found initrd image: /boot/initrd.img-5.10.0-23-amd64
grub-live /etc/grub.d/11_linux_live: ERROR: It has been detected that this syste
m is using dracut but but file /usr/lib/dracut/modules.d/90overlay-root/overlay-
mount.sh is not executable. This means that no live mode boot menu entry will be
 added.

done
user@localhost:~$ 

This is real Kicksecure, not grub-live on Ubuntu, Debian trixie or something?

Please check you have dracut installed:

dpkg -l | grep dracut

Please check the file is executable:

ls -la /usr/lib/dracut/modules.d/90overlay-root/overlay-mount.sh

Yes, it is grub-live on Kicksecure. Please note the issue is reproduced on Whonix as well.

Interestingly, it was not found to have been installed. Installing it manually fixed the issue.

On the previous versions I have never manually deinstalled it, so I am not sure how it went wrong.

As an experience I tried to install dracut manually on another Kicksecure VM which is yet to be updated, and got the output below:

user@localhost ~ [SIGINT]> sudo apt install dracut
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
  busybox-static initramfs-tools-core klibc-utils libklibc rsync
Use 'sudo apt autoremove' to remove them.
The following additional packages will be installed:
  bsd-mailx dmraid dracut-core exim4-base exim4-config exim4-daemon-light
  grub-live-dracut kpartx libdmraid1.0.0.rc16 libgnutls-dane0 liblockfile-bin
  liblockfile1 libpkgconf3 libunbound8 mdadm pigz pkg-config pkgconf
  pkgconf-bin
Suggested packages:
  dracut-network exim4-doc-html | exim4-doc-info eximon4 spf-tools-perl swaks
The following packages will be REMOVED:
  grub-live grub-live-initramfs-tools initramfs-tools live-boot
  live-boot-initramfs-tools live-tools
The following NEW packages will be installed:
  bsd-mailx dmraid dracut dracut-core exim4-base exim4-config
  exim4-daemon-light grub-live-dracut kpartx libdmraid1.0.0.rc16
  libgnutls-dane0 liblockfile-bin liblockfile1 libpkgconf3 libunbound8 mdadm
  pigz pkg-config pkgconf pkgconf-bin
0 upgraded, 20 newly installed, 6 to remove and 0 not upgraded.
Need to get 4190 kB of archives.
After this operation, 9427 kB of additional disk space will be used.
Do you want to continue? [Y/n] 

Since it says it is going to remove grub-live package to install grub-live-dracut, I suspect the updating process did not configure dracut properly somehow.

If installing, use:

sudo apt install --no-install-recommends dracut

This is to avoid installation of a lot superfluous packages. (exim, …)

Note that dracut installation is a bit risky. There are cases where boot can break.
(Generic initrd does not work with encrypted root FS without further configuration · Issue #2437 · dracutdevs/dracut · GitHub)
But this is not likely an issue in a Kicksecure or Whonix VM. Should be fine but better to have a backup beforehand.

This issue is happening because you upgraded an older build version (which is supposed to be fine, not user error) still based on initramfs-tools, not dracut. Migration to dracut is not “mandatory” at this point.

So this is a bug which I’ll fix in near future.


Developer information:

It’s using a code path which should not be used.
I added the wrong test:

if dpkg-query --show dracut 1>/dev/null 2>/dev/null ; then

This is “true” even if dracut isn’t installed. Needs to be replaced with a test which checks actual package installation status.

related source code:
grub-live/etc/grub.d/11_linux_live at master · Kicksecure/grub-live · GitHub

Indeed, manually installing dracut on a morphed from Debian version did break the boot, which was restored by recovering the snapshot which I took beforehand.

I hope the report should help you to fix the issue :slight_smile:

This is now in the testers repository.

I ran into this problem as well. I installed grub-live-dracut, and it installed dracut as a dependency. This added the ‘LIVE’ option back to the grub menu, and both the live mode and normal mode work. However, I notice when I shut down that I get a message:

dracut Warning: Killing all remaining processes
dracut Warning: Unmounted /oldroot
dracut Warning: Unmounted /oldroot

I don’t know where I can find this in the logs to post the messages verbatim.

I just want to confirm that these warnings upon reboot are not problematic and whether or not I should hold off on updating my Whonix images, as I run them in live mode on Kicksecure in live mode.

Thanks

There’s a ton of warnings caused by ton of upstream projects so Support Request Policy was written which basically says “if there’s no actual issue, don’t create a support request”.

I’m upgrading Whonix from 16 to 17 and I just ran into this problem. Will the fix in the testers repository fix it for Whonix as well?

I’m thinking of reverting the upgrade and waiting for the fix instead of installing dracut.

Whonix has Kicksecure repository enabled by default.

You shouldn’t use the testers repository unless you want to be a tester.