/boot fails to mount after migrate

[physkets]

After performing an sbctl setup --migrate, I can no longer boot and the kernel messages say that /boot failed to mount.

When I try to do so from the recovery shell, it says: unknown filesystem type 'vfat'.

I tried reinstalling the Linux package, but without a mounted boot, it doesn't actually put the files where it needs to go.

Why did this happen, and what do I do?

[physkets]

I managed to boot through another boot-entry I had and re-installed the linux package. I then see this message at the end:

(4/4) Signing EFI binaries...
Generating EFI bundles....
failed creating bundle /boot/EFI/Linux/linux-vnl.efi: open /var/tmp/initramfs-395858430: permission denied

[physkets]

This is my current config, in case that is relevant:

$ run0 sbctl setup --print-config 
landlock: true
keydir: /var/lib/sbctl/keys
guid: /var/lib/sbctl/GUID
files_db: /var/lib/sbctl/files.json
bundles_db: /var/lib/sbctl/bundles.json
files:
- path: /boot/vmlinuz-linux-lts
  output: /boot/vmlinuz-linux-lts
- path: /usr/lib/fwupd/efi/fwupdx64.efi
  output: /usr/lib/fwupd/efi/fwupdx64.efi.signed
- path: /boot/EFI/BOOT/BOOTX64.EFI
  output: /boot/EFI/BOOT/BOOTX64.EFI
- path: /boot/EFI/Linux/linux-lts.efi
  output: /boot/EFI/Linux/linux-lts.efi
- path: /boot/EFI/Linux/linux-vnl.efi
  output: /boot/EFI/Linux/linux-vnl.efi
- path: /boot/EFI/systemd/systemd-bootx64.efi
  output: /boot/EFI/systemd/systemd-bootx64.efi
- path: /boot/vmlinuz-linux
  output: /boot/vmlinuz-linux
keys:
  pk:
    privkey: /var/lib/sbctl/keys/PK/PK.key
    pubkey: /var/lib/sbctl/keys/PK/PK.pem
    type: file
  kek:
    privkey: /var/lib/sbctl/keys/KEK/KEK.key
    pubkey: /var/lib/sbctl/keys/KEK/KEK.pem
    type: file
  db:
    privkey: /var/lib/sbctl/keys/db/db.key
    pubkey: /var/lib/sbctl/keys/db/db.pem
    type: file

[physkets]

When I disable landlock, then there is no issue:

$ run0 sbctl sign-all -g --disable-landlock 
Generating EFI bundles....
Wrote EFI bundle /boot/EFI/Linux/linux-lts.efi
✓ Signed /boot/EFI/Linux/linux-lts.efi
Wrote EFI bundle /boot/EFI/Linux/linux-vnl.efi
✓ Signed /boot/EFI/Linux/linux-vnl.efi
File has already been signed /boot/EFI/Linux/linux-vnl.efi
File has already been signed /boot/EFI/systemd/systemd-bootx64.efi
File has already been signed /boot/vmlinuz-linux
File has already been signed /boot/vmlinuz-linux-lts
File has already been signed /usr/lib/fwupd/efi/fwupdx64.efi.signed
File has already been signed /boot/EFI/BOOT/BOOTX64.EFI
File has already been signed /boot/EFI/Linux/linux-lts.efi

[Foxboron]

#344 should fix your issue

[pschichtel]

this doesn't seem to happen for me on fully updated machines, it only happened on systems still running a slightly older kernel.

[Foxboron]

This is an issue with how you update your machine. Where the booted kernel and the kernel modules does not match. It is not a problem with sbctl strictly speaking.

What is probably happening is that the sbctl issue prevents you from installing a new kernel into the ESP. But that is again solved by the linked PR.

[pschichtel]

Yep you are right, I realized it right after posting the comment. I tested your PR and it looks like it solves it.

[Foxboron]

Cool, thanks for testing :) I'll do a new release later today!

[pschichtel]

What was kinda surprising to me here: Why did the pacman hook not fail here?

[Foxboron]

sbctl isn't bubling up errors. It continues and returns 0 as exit. That should probably be fixed.

EDIT: Fixed with ff13e7c

[Foxboron]

Fixed with https://github.com/Foxboron/sbctl/releases/tag/0.15.4