Cannot Install ubuntu on Lenovo duet 5 chromebook (Model: 13QC76)

[hungshe]

Please paste the output of the following command here: sudo edit-chroot -all

Output:
chronos@localhost / $ sudo edit-chroot -all
sudo: edit-chroot: command not found

Please describe your issue:

Following "The easy way (Assume you want an Ubuntu LTS with xfcce)": https://github.com/dnschneid/crouton#the-easy-way-assuming-you-want-an-ubuntu-lts-with-xfce
My duet 5 is already in developer mode, removed os verification, remount rootfs partition with read/write permission and exec mode.
However, the installation failed at step 4:
4. Now that it's executable, run the installer itself: sudo crouton -t xfce
Output log:
chronos@localhost / $ sudo crouton -t xfce
Downloading latest crouton installer...
################################################################################################################################### 100.0%
WARNING: Your rootfs is writable. Signed boot verification cannot be enabled.
If this is a surprise to you, you should do a full system recovery via USB.
Installing xenial-arm64 chroot to /usr/local/chroots/xenial
Downloading bootstrap files...
/tmp/crouton-installer-cache/crouton: 95: /tmp/crouton-installer-cache/crouton.YJI/installer/ubuntu/bootstrap: /tmp/crouton.Jwe/debootstrap: Permission denied
debootstrap error log:
tail: cannot open '/tmp/crouton.Jwe/xenial-arm64/debootstrap/debootstrap.log' for reading: No such file or directory
Failed to run debootstrap.

System Info:

My duet 5 chromebook is Qualcomm Arm64 version

If known, describe the steps to reproduce the issue:

1. Enter developer mode
2. set rootfs os verification off, reboot
3. remout root partition with rw, exec configuration
4. sudo mount -o rw,remount,symfollow -o exec /tmp
5. follow the instruction:
   https://github.com/dnschneid/crouton#the-easy-way-assuming-you-want-an-ubuntu-lts-with-xfce

[TomTravis]

yes it is to bad the 7c Qualcom arm64 is not supported by debootstrap with crouton it seems
tail: cannot open '/tmp/crouton.Jwe/xenial-arm64/debootstrap/debootstrap.log' for reading: No such file or directory
Failed to run debootstrap.
you are not the only one,you can fork and play with debootstrap arm64 settings
or try to create a file in /tmp
and see if you get Permission denied
this may help you
https://www.lenovo.com/us/en/faqs/operating-systems/install-linux-chromebook/?orgRef=https%253A%252F%252Fwww.google.com%252F

[hungshe]

yes it is to bad the 7c Qualcom arm64 is not supported by debootstrap with crouton it seems tail: cannot open '/tmp/crouton.Jwe/xenial-arm64/debootstrap/debootstrap.log' for reading: No such file or directory Failed to run debootstrap. you are not the only one,you can fork and play with debootstrap arm64 settings or try to create a file in /tmp and see if you get Permission denied this may help you https://www.lenovo.com/us/en/faqs/operating-systems/install-linux-chromebook/?orgRef=https%253A%252F%252Fwww.google.com%252F

May I know the guide for "fork and play with debootstrap arm64 settings"?
Also, I tried create a file in /tmp with command echo "hello.txt" > hello.txt. I don't see any permission issue.

[TomTravis]

yes the fork is easy just google search Github fork
super easy , the issue maybe you need a development machine look for as low cost Chromebook maybe to choose from

once you have a fork you need to complie the code

if you wish you can join the chroot systemd team I will send you a invite you have a nice effort and the duet is a super chromebook
https://github.com/users/TomTravis/projects/3

Ok great news I don't see any permission issue. this is super good news , then the error is no file is created there is no log file

you have a invite

[supechicken]

試一試將sudo mount -o rw,remount,symfollow -o exec /tmp中的兩個-o結合？ 像這樣：

sudo mount -o rw,remount,symfollow,exec /tmp

(I guess you understand Chinese since that's your system language)

順帶一提最好不要聽上面那個怪人的話，那人不停的在這repo的issue裏留廢話

[TomTravis]

I tried create a file in /tmp with command echo "hello.txt" > hello.txt. I don't see any permission issue.

試一試將sudo mount -o rw,remount,symfollow -o exec /tmp中的兩個-o結合？ 像這樣：

sudo mount -o rw,remount,symfollow,exec /tmp

(I guess you understand Chinese since that's your system language)

順帶一提最好不要聽上面那個怪人的話，那人不停的在這repo的issue裏留廢話
Ho provato a creare un file in /tmp con il comando echo "hello.txt" > hello.txt. Non vedo alcun problema di autorizzazione.

Ho provato a creare un file nel registro degli errori /debootstrap:
tail: impossibile aprire '/tmp/crouton.Jwe/xenial-arm64/debootstrap/debootstrap.log' per leggere: nessun file o directory di questo tipo
Impossibile eseguire debootstrap.

tmp con il comando echo "hello.txt" > ciao.txt. Non vedo alcun problema di autorizzazione.

Messaggio di crostini
Download dei file bootstrap in corso...
/tmp/crouton-installer-cache/crouton: 95: /tmp/crouton-installer-cache/crouton.YJI/installer/ubuntu/bootstrap: /tmp/crouton.Jwe/debootstrap: Permesso negato
Wiadomość z grzankami
Pobieranie plików rozruchowych...
/tmp/crouton-installer-cache/crouton: 95: /tmp/crouton-installer-cache/crouton.YJI/installer/ubuntu/bootstrap: /tmp/crouton.Jwe/debootstrap: Odmowa uprawnień

[TomTravis]

順帶一提最好不要聽上面那個怪人的話，那人不停的在這repo的issue裏留廢話

By the way, it's best not to listen to the weird guy above, who keeps leaving nonsense in the issue of this repo

wow this was not planned is nonsense , there is something else stopping the process, what are you worried about something might take place? super chicken is nonsense
#4875
Try combining the two -o in sudo mount -o rw, remount, symfollow -o exec /tmp? like this:

it is not a permission issue
Also, I tried create a file in /tmp with command echo "hello.txt" > hello.txt. I don't see any permission issue.
另外，我嘗試使用命令 echo "hello.txt" > hello.txt 在 /tmp 中創建一個文件。我沒有看到任何權限問題。
Lìngwài, wǒ chángshì shǐyòng mìnglìng echo"hello.Txt" > hello.Txt zài/tmp zhōng chuàngjiàn yīgè wénjiàn. Wǒ méiyǒu kàn dào rènhé quánxiàn wèntí.

Downloading bootstrap files...
/tmp/crouton-installer-cache/crouton: 95: /tmp/crouton-installer-cache/crouton.YJI/installer/ubuntu/bootstrap: /tmp/crouton.Jwe/debootstrap: Permission denied
is not a debootstrap message it is nonsense

[TomTravis]

you also check to see if /bin/sh is present and not a sym link to dash
https://chromium.googlesource.com/chromiumos/docs/+/master/security/noexec_shell_scripts.md

you may also make the /mnt /var /bin / as exec as google now check for cmd exec where the cmd came from /bin/sh

[hungshe]

you also check to see if /bin/sh is present and not a sym link to dash https://chromium.googlesource.com/chromiumos/docs/+/master/security/noexec_shell_scripts.md

you may also make the /mnt /var /bin / as exec as google now check for cmd exec where the cmd came from /bin/sh

Do I need to delete crouton file before remount /mnt, /var, /bin, / as exec?
I can remount /var, /bin as exec. However, I saw error message while mounting /mnt and / with the following output:

chronos@localhost / $ sudo mount / -o remount,exec
Password:
mount: /: cannot remount /dev/mmcblk1p3 read-write, is write-protected. -> Should I disable write protection before running debootstrap? I don't see this requirement from any instruction or tutorial movies online before
chronos@localhost / $ sudo mount /mnt -o remount,exec
mount: /mnt: mount point not mounted or bad option.

Regarding checking shell is running bash or dash, it's bash:

chronos@localhost / $ echo $0
/bin/bash

@supechicken I tried combing both -o arguments together, it doesn't work.

[hungshe]

yes the fork is easy just google search Github fork super easy , the issue maybe you need a development machine look for as low cost Chromebook maybe to choose from

once you have a fork you need to complie the code

if you wish you can join the chroot systemd team I will send you a invite you have a nice effort and the duet is a super chromebook https://github.com/users/TomTravis/projects/3

Ok great news I don't see any permission issue. this is super good news , then the error is no file is created there is no log file

you have a invite

Do I need to use same model of duet 5 chromebook or can I use any debian based device?

[TomTravis]

based on what i read the 7c snap dragon is a SOC (system on a chip) config not the normal , very low power draw and good performance this is why your having install problems
the new duet use a different CPU and not SOC
so your duet is unique and create and image for this will be fun adventure

ARM64 chrome book should be fine you need to test with you device many low cost arm64 chromebook for sale not SOC

for the cmd
sudo mount -o rw,remount,symfollow -o exec /tmp

the target /FS mount has to be at the end of the cmd not in the middle
$ sudo mount /mnt -o remount,exec is may not matter it is easy to read /tmp /var /bin /run /

[hungshe]

based on what i read the 7c snap dragon is a SOC (system on a chip) config not the normal , very low power draw and good performance this is why your having install problems the new duet use a different CPU and not SOC so your duet is unique and create and image for this will be fun adventure

ARM64 chrome book should be fine you need to test with you device many low cost arm64 chromebook for sale not SOC

for the cmd sudo mount -o rw,remount,symfollow -o exec /tmp

the target /FS mount has to be at the end of the cmd not in the middle $ sudo mount /mnt -o remount,exec is may not matter it is easy to read /tmp /var /bin /run /

I think maybe this is an issue before move into fork debootstrap test:

I just did the following experiment:

localhost# mount /var -o remount,exec
localhost# /bin/hostname
localhost
localhost# cp /bin/hostname /var/
localhost# /var/hostname
localhost
localhost# mount /tmp -o remount,exec
localhost# cp /bin/hostname /tmp/
localhost# /tmp/hostname
bash: /tmp/hostname: /usr/bin/coreutils: bad interpreter: Permission denied
localhost# chmod 777 /tmp/
localhost# /tmp/hostname
bash: /tmp/hostname: /usr/bin/coreutils: bad interpreter: Permission denied

I think that's the reason for permission isssue. How do I successfully remount /tmp as exec section?

This experiment is done after powerwash my device.

[TomTravis]

I think maybe this is an issue before move into fork debootstrap test:

I just did the following experiment:

localhost# mount /var -o remount,exec localhost# /bin/hostname localhost localhost# cp /bin/hostname /var/ localhost# /var/hostname localhost localhost# mount /tmp -o remount,exec localhost# cp /bin/hostname /tmp/ localhost# /tmp/hostname bash: /tmp/hostname: /usr/bin/coreutils: bad interpreter: Permission denied localhost# chmod 777 /tmp/ localhost# /tmp/hostname bash: /tmp/hostname: /usr/bin/coreutils: bad interpreter: Permission denied

I think that's the reason for permission isssue. How do I successfully remount /tmp as exec section?

This experiment is done after powerwash my device.

localhost# /bin/hostname

yes you UID is root it appear #

Very Good my suggestion is read the google doc on noexec mount security has done this,, Goog write they now track cmds issued from where and use what via bash sh dash just be aware of this
chronos@localhost / $ lscpu
Architecture: aarch64
Byte Order: Little Endian
CPU(s): 4
On-line CPU(s) list: 0-3
Thread(s) per core: 1
Core(s) per socket: 2
Socket(s): 2
Vendor ID: ARM
Model: 2
Model name: Cortex-A53
Stepping: r0p2
CPU max MHz: 2106.0000
CPU min MHz: 507.0000
BogoMIPS: 26.00
Vulnerability Itlb multihit: Not affected
Vulnerability L1tf: Not affected
Vulnerability Mds: Not affected
Vulnerability Meltdown: Not affected
Vulnerability Mmio stale data: Not affected
Vulnerability Spec store bypass: Vulnerable
Vulnerability Spectre v1: Mitigation; __user pointer sanitization
Vulnerability Spectre v2: Mitigation; Branch predictor hardening, BHB
Vulnerability Srbds: Not affected
Vulnerability Tsx async abort: Not affected
Flags: fp asimd evtstrm aes pmull sha1 sha2 crc32 cpuid

My mnt.sh have no problems
chronos@localhost / $ cat /usr/local/bin/mnt.sh
sudo mount -o remount,symfollow -o exec /media/removable/sd200
sudo mount -o remount,symfollow -o exec /tmp

[TomTravis]

the systemd task is now a issue assign to the us
TomTravis#48 (comment)

[TomTravis]

i have looks and checked
this is not the issue
bash: /tmp/hostname: /usr/bin/coreutils: bad interpreter: Permission denied
coreutils is a lib of routes for task like chmod chown ...

the is a OS error bad interpreter: Permission denied from the shell
has nothing to do with filesystems and exec paths

[TomTravis]

#4884
chromeos/chromeos.dev#559

[TomTravis]

try this was change to run in /usr/local/bin
https://drive.google.com/uc?export=download&id=1HFjX1OejjHAYbaHVL3l9krmBUkA1caZR
test2 same a crouton -r -t
this may fix the permission issue
seem to work for me

[hungshe]

Sorry for no update recently, I'm looking for new cheap device now since I have returned my laptop. Is any snapdragon 7c device good for test or should I use duet 5 chromebook with snapdragon sc7180 processor on it?

[Penguinbot4]

you can use what you like
snapdragon 7c had a short run it seems, it is no longer being used to the best of my knowledge
try gentoo it quite a bit different
the core is now working

[DennisLfromGA]

#4901 should fix this. Please try again with the latest version of crouton.

[Penguinbot4]

the bandage tpfs format change still exec in /tmp
read this update
https://chromium.googlesource.com/chromiumos/docs/+/HEAD/security/noexec_shell_scripts.md
How to run code in dev or test images?

The answer is the same as dev mode -- use /usr/local for all arbitrary code.

Historically we would would remount /home and /tmp as executable in test images, but that must no longer be relied upon. It creates a test system that does not match the behavior of the code that we ship to all our users!
How to run crouton?

crouton is affected in the same way as any other script. The crouton README has been updated to detail the new recommended steps.

hack it will break soon

[jason-edward-young]

hungshe, kind of random, but how did you disable OS verification? I also have a chromebook duet 5, but I'm still having trouble with that setp. I've gotten it into developer mode, but I still can't boot from a non-Chrome external disk.