Looking for testing and feedback for new reform-check utility

Hi, I wrote a now tool I’m calling reform-check which is intended to solve the following two problems:

  1. somebody has a problem with their reform and to debug the problem it would be useful to know how their system differs from the default
  2. somebody installed their system several months ago and now wants to find out which things have since been added or changed in the defaults that they might want to apply to their running setup as well

The new reform-check utility solves both things by running a number of checks and informing the user of any discrepancies it finds:

Before I ask @mntmn to add this script to the reform-tools package, I’d like to get some feedback on it, specifically:

  1. do you see any other thing that this script should check?
  2. do you see any false-positive warnings or error messages produced by the script?
  3. did the output of the script help you with solving any problems you were having?

For example, the section of the script that lists packages that you do not have installed might reveal some packages that fix issues you might be having with Qt applications (install qtwayland5) or rendering problems with libreoffice (install libreoffice-gtk3). The part of the script that checks the contents of your /boot might show you initramfs or kernel images that are no longer in use. The section comparing /etc/skel with your home directory might reveal tweaks that you might want to apply. Maybe the script finds out that the root user is still able to log in without a password?

Please give the script a spin (it requires sudo because it needs to be able to read certain things that only root can read like /etc/shadow) and share any feedback you have.

Thanks!

cheers, josch

8 Likes

Hi josch,

I tried the script and here are some things I’d like to note:

  • the check for /etc/skel/.profile failed for me, because I had if [ "$(whoami)" ] instead of if [ $(whoami) ] in that file.
  • the u-boot check did tell my that my u-boot is not up to date. In this case, a pointer how to update might be helpful, since it’s not something you would do very often and it’s a little bit more delicate than other issues
  • the check for local modifications should maybe be hidden behind a flag since its output can be quite verbose (At least in my case, I’d expect a majority of people making modifications to their shell, waybar or sway config). Other than that, the output gives a good overview of the changes and modifications on the system.
  • I got prompted that swayidle and swaylock were not installed, which i did promptly :slight_smile:

In general, I believe this is a good tool for debugging and learning as well!

I don’t understand what you mean. Can you be a bit more verbose about what went wrong?

done

That’s a good point. I changed it such that if you run the script as non-root under sudo, then it will diff the config of your current user instead of trying to determine the current user via the $SUDO_USER environment variable. If you run the script as root, it will do all the other things but do nothing in regard to your user-specific configuration. I think this makes sense. Running the tool as root does all the system-wide stuff and running it as non-root does the user-specific stuff only.

Thanks!

1 Like

I also gave the script a try. Here are the results:

keydelk@reform:~$ sudo ./reform-check.sh
I: /etc/motd does not point to motd-rescue
E: unexpected last line in /etc/skel/.profile, should be:
if [ "$(whoami)" = "root" ]; then cat /etc/reform-root-help; elif [ -z "$WAYLAND_DISPLAY" ]; then cat /etc/reform-help; fi
I: the following files differ from how they are shipped by reform-tools:
??5??????   /usr/sbin/reform-boot-config
??5??????   /var/lib/alsa/asound.state

It may be worth noting that on my system the last line of /etc/skel/.profile is just missing the quotation marks around $(whoami)

if [ $(whoami) == "root" ]; then cat /etc/reform-root-help; elif [ -z $WAYLAND_DISPLAY ]; then cat /etc/reform-help; fi

Keith explained it perfectly:

That’s a very elegant solution, haven’t thought about that :slight_smile:

I think this separation adresses the two points you mention in your first post.

If someone just wants to catch up on recent config changes, they run the script as their user, and if someone has a problem it is (probably) related to system stuff and they run the script as root/with sudo.

Thank you! What does your own /etc/motd point to then?

Yes. That’s a bug and that’s why you get this message.

EDIT: Oh and another bug besides the quoting is in that line. The “==” for string comparison is a bashism. So this will fail with shells that do not support “==” for string comparison. The fixed version uses the “=” comparison which should work in all POSIX shells.

I still don’t understand where the confusion comes from. Missing quotes in shell are a problem. The script tells you about the problem. How could reform-check be improved to not be confusing about this?

It points to /etc/motd-full:

keydelk@reform:~$ ls -lah /etc/motd
lrwxrwxrwx 1 root root 9 Oct 28 09:55 /etc/motd -> motd-full
keydelk@reform:~$ whereis motd-full
motd-full: /etc/motd-full

Thank you! You found a bug in reform-check. Fixed!

I should have been more verbose explaining. What I meant was that /etc/skel/.profile file also had the last line without quotes.

if [ $(whoami) == "root" ]; then cat /etc/reform-root-help; elif [ -z $WAYLAND_DISPLAY ]; then cat /etc/reform-help; fi 

I was (falsely) assuming:

  • that this is not really a significant difference and
  • that the script somehow treats these lines as equal

So you’re right, the script did not fail for me, it just told me that the lines were different.

Sorry for the confusion.

Thank you guys, for trusting me enough to run a random script from the internet on your boxes as root! :heart:

1 Like

Many thanks for this script, it made various suggestion which I implemented, e.g swaylock was missing, and the bashism in /etc/skel/.profile.
I’m currently stuck with u-boot being out of date, despite performing the steps it suggests and power cycling the system, it still states that u-boot is out of date. I dd’d the image to mmcblk0boot0 and mmcblk1 just in case, but still.

Thank you! You may have discovered a bug in the script.

mmcblk1 is your sd-card, so that will not fix the message you got. The test that fails is this one:

sudo cmp --quiet --bytes="$(stat --format=%s /boot/flash.bin)" --ignore-initial=0:33792 "/boot/flash.bin" /dev/mmcblk0

Can you confirm that above command returns a non-zero exit status on your system? What happens if in that command you replace /dev/mmcblk0 with /dev/mmcblk0boot0?

The instructions for flashing uboot come from an old IRC post by @mntmn. As far as I can see, the reform-handbook doesn’t document how to properly flash uboot to eMMC. Consequently, this is also how I set up flashing u-boot in the reform-flash-rescue utility: sbin/reform-flash-rescue · main · Reform / MNT Reform Tools · GitLab Maybe either the instructions of how to flash u-boot or my attempt to figure out whether the correct bytes are on eMMC are faulty? Does anybody know more?

I also notice in your lsblk output, that you only have a single partition on eMMC. It also seems that you have your system on the SD-Card and you are booting from that? Are you on sysimage-v3? If you want to move to NVMe with /boot on eMMC in the future, it would make sense to have the latest sysimage-v3 on your eMMC as well. You can use the reform-flash-rescue script to rewrite your eMMC with the latest sysimage-v3. Of course only do that if you do not have anything of value on your eMMC right now.

I didn’t know about the eMMC until I started exploring after running your script. It’s how it came, never touched it before.

Correct

Yes, when I login, the banner states System Image v3: 2022-05-20

I’ve not touched anything on the eMMC before.

Apologies, I didn’t run the cmp command first, as you requested, but I pointed dd to /dev/mmcblk0 and now the script is happy and no longer reports u-boot is out of date.
Now, the cmp command you asked, returns 0 whether I point it to mmcblk0 or mmcblk0boot0 device nodes.

It still sounds like you found a bug somewhere. So @mntmn said on IRC to flash to /dev/mmcblk0boot0. This didn’t work for you but flashing to /dev/mmcblk0 did. Either the instructions are wrong (@mntmn can you confirm?) or the way we check for the presence of uboot with cmp is wrong.

It looks like we’re checking /dev/mmcblk0 in the cmp statement and instructing the user to point to mmcblk0boot0. Is mmcblk0boot0 just a label that’s meant to refer to /dev/mmcblk0 or an offset on it?

Thank you for helping me find that bug! No, mmcblk0boot0 is not pointing anywhere into mmcblk0. It’s its own separate area on eMMC. If it were just somewhere inside mmcblk0 it would not make sense to have to write to /sys/class/block/mmcblk0boot0/force_ro before one can write to it. :slight_smile: The latest version of the reform-check utility is now part of this merge request:

If anybody finds more bugs, please keep them coming!

2 Likes

Thanks Josch! As mentioned on IRC here are the results I got when I ran it on my system.

E: your currently loaded dtb is not the one referenced by flash-kernel
I: not installed: apt-config-icons-large cage cryptsetup-initramfs emacs firefox-esr flash-kernel fonts-inter freecad kde-plasma-desktop linux-image-arm64 minetest plasma-discover plasma-nm plasma-workspace-wayland powerdevil systemsettings telnet u-boot-tools wayvnc
W: /boot/flash.bin is not the latest uboot
W: You can update it to the latest version by running as root:
/usr/lib/apt/apt-helper download-file “https://source.mnt.re/reform/reform-boundary-uboot/-/jobs/artifacts/v3/raw/flash.bin?job=build” /boot/flash.bin SHA1:b2c58c8052b0fb4dde000332baa2d703b033f0a9
W: eMMC does not contain latest uboot
W: You can update it to the latest version by running as root:
echo 0 > /sys/class/block/mmcblk0boot0/force_ro
dd if=/boot/flash.bin of=/dev/mmcblk0boot0 bs=1024 seek=33
echo 1 > /sys/class/block/mmcblk0boot0/force_ro
W: SD-Card does not contain latest uboot
W: You can update it to the latest version by running as root:
dd if=/boot/flash.bin of=/dev/mmcblk1 bs=1024 seek=33
W: Doing so will write 1079844 bytes to the beginning of your sd-card.
W: Make sure your partitions only start after 1113636 bytes.
E: /etc/apt/preferences.d/reform.pref doesn’t exist
E: /etc/default/flash-kernel doesn’t exist
E: /etc/initramfs-tools/modules doesn’t exist
I: /etc/motd does not exist
E: root account has no password (maybe run passwd -l root)
E: unexpected last line in /etc/skel/.profile, should be:
if [ “$(whoami)” = “root” ]; then cat /etc/reform-root-help; elif [ -z “$WAYLAND_DISPLAY” ]; then cat /etc/reform-help; fi
I: the following files differ from how they are shipped by reform-tools:
??5??? c /etc/skel/.config/sway/config
??5??? c /etc/skel/.config/waybar/config
??5??? c /etc/skel/.local/bin/gnome
??5??? c /etc/skel/.local/bin/reform-windowmaker
??5??? c /etc/skel/.local/share/rofi/themes/mnt-reform.rasi
??5??? /var/lib/alsa/asound.state
I: /boot/initrd.img--reform2-arm64 does not belong to any installed kernel package
I: /boot/vmlinuz-
-reform2-arm64 does not belong to any installed kernel package
E: the currently running kernel is not installed as a package
E: /boot/boot.scr doesn’t exist
E: no vmlinuz in /boot for the currently running kernel
E: no initrd.img in /boot for the currently running kernel

My system would appear to have A LOT of issues.