When I create a custom ISO with 'mkksiso', part of the 'lorax' package, and then implant an MD5 on the ISO with the v1.2.4 version of implantisomd5, I get a failed verification during boot. This didn't happen with the implantisomd5 in Fedora 39 (v1.2.3) Reproducible: Always Steps to Reproduce: 1. Download the latest fedora netinst ISO 2. Use mkksiso to modify the ISO somehow. 3. Run implantisomd5 on the new ISO 4. Try to boot the ISO Actual Results: $ sudo mkksiso -c nomodeset Fedora-Everything-netinst-x86_64-40-1.14.iso testing.iso xorriso 1.5.6 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Loading ISO image tree from LBA 0 xorriso : UPDATE : 328 nodes read in 1 seconds libisofs: NOTE : Found hidden El-Torito image for EFI. libisofs: NOTE : EFI image start and size: 390055 * 2048 , 25552 * 512 xorriso : NOTE : Detected El-Torito boot information which currently is set to be discarded Drive current: -indev '/home/jbilling/VirtualMachines/Fedora-Everything-netinst-x86_64-40-1.14.iso' Drive access : shared:readonly Media current: stdio file, overwriteable Media status : is written , is appendable Boot record : El Torito , MBR protective-msdos-label grub2-mbr cyl-align-off GPT Media summary: 1 session, 396609 data blocks, 775m data, 303g free Volume id : 'Fedora-E-dvd-x86_64-40' xorriso : UPDATE : 1 files restored ( 1326b) in 1 seconds = 0.0xD Extracted from ISO image: file '/EFI/BOOT/BOOT.conf'='/tmp/mkksiso-v44ojr26/EFI/BOOT/BOOT.conf' xorriso : UPDATE : 1 files restored ( 1326b) in 1 seconds = 0.0xD Extracted from ISO image: file '/EFI/BOOT/grub.cfg'='/tmp/mkksiso-v44ojr26/EFI/BOOT/grub.cfg' xorriso : UPDATE : 1 files restored ( 1465b) in 1 seconds = 0.0xD Extracted from ISO image: file '/boot/grub2/grub.cfg'='/tmp/mkksiso-v44ojr26/boot/grub2/grub.cfg' xorriso : UPDATE : 1 files restored ( 28b) in 1 seconds = 0.0xD Extracted from ISO image: file '/.discinfo'='/tmp/mkksiso-v44ojr26/.discinfo' INFO:iso arch = x86_64 INFO:Volume Id = Fedora-E-dvd-x86_64-40 WARNING:No isolinux/isolinux.cfg file found WARNING:No s390 config files found xorriso 1.5.6 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Loading ISO image tree from LBA 0 xorriso : UPDATE : 328 nodes read in 1 seconds libisofs: NOTE : Found hidden El-Torito image for EFI. libisofs: NOTE : EFI image start and size: 390055 * 2048 , 25552 * 512 xorriso : NOTE : Detected El-Torito boot information which currently is set to be discarded Drive current: -indev '/home/jbilling/VirtualMachines/Fedora-Everything-netinst-x86_64-40-1.14.iso' Drive access : shared:readonly Media current: stdio file, overwriteable Media status : is written , is appendable Boot record : El Torito , MBR protective-msdos-label grub2-mbr cyl-align-off GPT Media summary: 1 session, 396609 data blocks, 775m data, 303g free Volume id : 'Fedora-E-dvd-x86_64-40' xorriso : UPDATE : 11 files restored ( 12251k) in 1 seconds = 9.1xD Extracted from ISO image: file '/EFI'='/tmp/mkksiso-_5vih6ul/EFI' xorriso 1.5.6 : RockRidge filesystem manipulator, libburnia project. xorriso : NOTE : Loading ISO image tree from LBA 0 xorriso : UPDATE : 328 nodes read in 1 seconds libisofs: NOTE : Found hidden El-Torito image for EFI. libisofs: NOTE : EFI image start and size: 390055 * 2048 , 25552 * 512 xorriso : NOTE : Detected El-Torito boot information which currently is set to be discarded Drive current: -indev '/home/jbilling/VirtualMachines/Fedora-Everything-netinst-x86_64-40-1.14.iso' Media current: stdio file, overwriteable Media status : is written , is appendable Boot record : El Torito , MBR protective-msdos-label grub2-mbr cyl-align-off GPT Media summary: 1 session, 396609 data blocks, 775m data, 303g free Volume id : 'Fedora-E-dvd-x86_64-40' Drive current: -outdev '/home/jbilling/VirtualMachines/testing.iso' Media current: stdio file, overwriteable Media status : is blank Media summary: 0 sessions, 0 data blocks, 0 data, 303g free xorriso : WARNING : -volid text does not comply to ISO 9660 / ECMA 119 rules xorriso : NOTE : Replayed 23 boot related commands Updating '/tmp/mkksiso-v44ojr26/EFI/BOOT/grub.cfg' to '/EFI/BOOT/grub.cfg' xorriso : UPDATE : Added/overwrote '/EFI/BOOT/grub.cfg' (1366) Differences detected and updated. (runtime 0.0 s) Updating '/tmp/mkksiso-v44ojr26/EFI/BOOT/BOOT.conf' to '/EFI/BOOT/BOOT.conf' xorriso : UPDATE : Added/overwrote '/EFI/BOOT/BOOT.conf' (1366) Differences detected and updated. (runtime 0.0 s) Updating '/tmp/mkksiso-v44ojr26/boot/grub2/grub.cfg' to '/boot/grub2/grub.cfg' xorriso : UPDATE : Added/overwrote '/boot/grub2/grub.cfg' (1505) Differences detected and updated. (runtime 0.0 s) Updating '/tmp/mkksiso-v44ojr26/.discinfo' to '/.discinfo' xorriso : UPDATE : Adjusted attributes of '/.discinfo' Differences detected and updated. (runtime 0.0 s) xorriso : NOTE : Copying to System Area: 32768 bytes from file '--interval:imported_iso:0s-15s:zero_mbrpt,zero_gpt:/home/jbilling/VirtualMachines/Fedora-Everything-netinst-x86_64-40-1.14.iso' xorriso : UPDATE : Writing: 40960s 10.3% fifo 100% buf 50% xorriso : UPDATE : Writing: 368544s 92.9% fifo 99% buf 50% 537.7xD ISO image produced: 396419 sectors Written to medium : 396592 sectors at LBA 48 Writing to '/home/jbilling/VirtualMachines/testing.iso' completed successfully. $ sudo implantisomd5 --force testing.iso Inserting md5sum into iso image... md5 = dcfb96039ea69c60dfb06404f917c844 Inserting fragment md5sums into iso image... fragmd5 = 3626853c994f39efaed2522444183e86c4312cbe818ca9554bbbb9dd2 frags = 20 Setting supported flag to 0 $ checkisomd5 testing.iso Press [Esc] to abort check. The media check is complete, the result is: PASS. It is OK to use this media. When I boot the ISO, during boot it says: /dev/sr0: dcfb96039ea69c60dfb06404f917c844 Fragment sums: 3626853c994f39efaed2522444183e86c4312cbe818ca9554bbbb9dd2;FR Fragment count: 20 Supported ISO: no Press [Esc] to abort check. Checking: 095.2% The media check is complete, the result is: FAIL It is not recommended to use this media. [FAILED] Failed to start checkisomd5 - Media check on /dev/sr0 (I'll attach a screenshot) Expected Results: I would expect the boot to succeed and pass verification. I can run a Fedora 39 toolbox on my Fedora 40 system and run the same 'implantisomd5' command and the system boots fine with the ISO.
Created attachment 2029460 [details] Screenshot of checkisomd5 error on Fedora boot
I had tested this on a VM (libvird/kvm on Fedora 40), and to be absolutely sure, I dd'd the ISO to a USB stick and booted it on a spare laptop, same failure. I also tested checkisomd5 from Fedora 39 on an ISO that was created and passed a check with the package in Fedora 40: [jbilling@thinkpad VirtualMachines]$ cat /etc/fedora-release Fedora release 40 (Forty) [jbilling@thinkpad VirtualMachines]$ rpm -q isomd5sum isomd5sum-1.2.4-1.fc40.x86_64 [jbilling@thinkpad VirtualMachines]$ checkisomd5 --verbose testing.iso testing.iso: dcfb96039ea69c60dfb06404f917c844 Fragment sums: 3626853c994f39efaed2522444183e86c4312cbe818ca9554bbbb9dd2;FR Fragment count: 20 Supported ISO: no Press [Esc] to abort check. Checking: 100.0% The media check is complete, the result is: PASS. It is OK to use this media. [jbilling@thinkpad VirtualMachines]$ toolbox enter fedora-toolbox-39 [jbilling@toolbox VirtualMachines]$ cat /etc/fedora-release Fedora release 39 (Thirty Nine) [jbilling@toolbox VirtualMachines]$ rpm -q isomd5sum isomd5sum-1.2.3-21.fc39.x86_64 [jbilling@toolbox VirtualMachines]$ checkisomd5 --verbose testing.iso testing.iso: dcfb96039ea69c60dfb06404f917c844 Fragment sums: 3626853c994f39efaed2522444183e86c4312cbe818ca9554bbbb9dd2;FR Fragment count: 20 Supported ISO: no Press [Esc] to abort check. Checking: 095.2% The media check is complete, the result is: FAIL. It is not recommended to use this media.
checked the version of 'checkisomd5' in the initrd on the install media, and I see it is v1.2.3-23.fc40, which explains the above behavior. (boot into the media with rd.break, and run 'grep -a version /usr/bin/checkisomd5', which prints out a lot of garbage text along with: {"type":"rpm","name":"isomd5sum","version":"1.2.3-23.fc40","architecture":"x86_64","osCpe":"cpe:/o:fedoraproject:fedora:39"}
Thanks for the report. FWIW you shouldn't need to run implantisomd5 yourself, mkksiso does this unless you pass it '--no-md5sum' But running it manually should result in the same checksums being written, so I'm curious to see what happens if you run checkisomd5sum after running mkksiso (and maybe I should add that as a sanity check). The first problem though is that implantmd5sum is implanting an incorrect checksum, it's too short. It should be 60 characters, but is only 57, resulting in the trailing ';FR' that is shown when you try to boot it. So I'll fire up an f40 vm today and see if I can reproduce this.
Sorry about this. It was caused by my attempt to fix problems writing checksums to small isos. I've reverted that patch for now and a new release (1.2.4-2) is being built. https://koji.fedoraproject.org/koji/taskinfo?taskID=117043901
FEDORA-2024-985bf09847 (isomd5sum-1.2.4-2.fc41) has been submitted as an update to Fedora 41. https://bodhi.fedoraproject.org/updates/FEDORA-2024-985bf09847
FEDORA-2024-985bf09847 (isomd5sum-1.2.4-2.fc41) has been pushed to the Fedora 41 stable repository. If problem still persists, please make note of it in this bug report.
FEDORA-2024-4eb5f90606 (isomd5sum-1.2.4-2.fc40) has been submitted as an update to Fedora 40. https://bodhi.fedoraproject.org/updates/FEDORA-2024-4eb5f90606
FEDORA-2024-4eb5f90606 has been pushed to the Fedora 40 testing repository. Soon you'll be able to install the update with the following command: `sudo dnf upgrade --enablerepo=updates-testing --refresh --advisory=FEDORA-2024-4eb5f90606` You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2024-4eb5f90606 See also https://fedoraproject.org/wiki/QA:Updates_Testing for more information on how to test updates.
FEDORA-2024-4eb5f90606 (isomd5sum-1.2.4-2.fc40) has been pushed to the Fedora 40 stable repository. If problem still persists, please make note of it in this bug report.