[Bug 1320223] Re: ldlinux.sys is inconsistently installed

Dimitri John Ledkov launchpad at surgut.co.uk
Fri May 23 20:09:46 UTC 2014 

host system installs bios bootloader onto the usb-stick, and it's not taken from the iso as it's not present on the iso.
it's hard to fix retroactively, but you can e.g. work with ubuntu-cdimage code to start adding necessary files on the iso.
Note that UEFI (grub2) bootloader is copied from the ISO and thus is reproducible.
Adding an option to disable installing bios bootloader would be nice improvement to generate reproducible usb-sticks from a given iso.

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to usb-creator in Ubuntu.
https://bugs.launchpad.net/bugs/1320223

Title:
  ldlinux.sys is inconsistently installed

Status in “usb-creator” package in Ubuntu:
  Invalid

Bug description:
  Summary:

  There should be a way to verify that a given boot image derived from
  an Ubuntu ISO is actually valid (and md5sum.txt is not helpful here).
  In particular, it appears that ldlinux.sys is being inherited from the
  machine on which Startup Disk Creator is being run. (I can't 100%
  confirm this, but it's the only way that I can explain the same ISO
  giving rise to different instances of this file in the resulting
  image.)

  It appears that this is being done because these ISO images don't
  actually contain their own version of ldlinux.sys. For the sake of
  consistency, and thus verifiable security, that's a problem if it's
  true.

  For the record, this behavior technically isn't a bug, but it's so
  potentially dangerous because authentication is effectively impossible
  (think: a large network of infected machines, all producing consistent
  but wrong versions of ldlinux.sys). The quick and easy way to (mostly)
  fix this without any code changes is just to publish SHA256s of
  acceptable ldlinux.sys files on the usual release notes page with the
  ISO hashes.

  Boot sector authentication is another serious concern, but I don't
  want to create another bug report about that at the moment.

  Details:

  http://askubuntu.com/questions/466619/how-to-authenticate-a-startup-
  disk-image

  ProblemType: Bug
  DistroRelease: Ubuntu 14.04
  Package: usb-creator-gtk 0.2.56
  ProcVersionSignature: Ubuntu 3.13.0-24.47-generic 3.13.9
  Uname: Linux 3.13.0-24-generic x86_64
  ApportVersion: 2.14.1-0ubuntu3.1
  Architecture: amd64
  CurrentDesktop: Unity
  Date: Fri May 16 08:39:27 2014
  EcryptfsInUse: Yes
  ExecutablePath: /usr/bin/usb-creator-gtk
  InstallationDate: Installed on 2014-05-14 (2 days ago)
  InstallationMedia: Ubuntu 14.04 LTS "Trusty Tahr" - Release amd64 (20140417)
  InterpreterPath: /usr/bin/python3.4
  ProcEnviron:
   LANGUAGE=en_US
   PATH=(custom, no user)
   XDG_RUNTIME_DIR=<set>
   LANG=en_US.UTF-8
   SHELL=/bin/bash
  SourcePackage: usb-creator
  UDisksDump: Error: [Errno 2] No such file or directory: 'udisks'
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/usb-creator/+bug/1320223/+subscriptions

More information about the foundations-bugs mailing list