[HOME] [DOWNLOAD] [DOCS] [NEWS] [SUPPORT] [TIPS] [ISSUES] [DONATE]

firefox-esr weird instalation logs

Hello everyone ,

i installed firefox-esr via apt on latest version of whonix and just noticed weird installation logs … is it safe ?

Setting up libjsoncpp1:amd64 (1.7.4-3) …
Setting up firefox-esr (68.7.0esr-1~deb10u1) …
Processing triggers for mime-support (3.62) …
Processing triggers for hicolor-icon-theme (0.17-2) …
Processing triggers for libc-bin (2.28-10) …
Processing triggers for man-db (2.8.5-2) …
Processing triggers for desktop-file-utils (0.23-4) …

  • shopt -s nullglob
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub
  • source /etc/default/grub
    ++ GRUB_DEFAULT=0
    ++ GRUB_TIMEOUT=5
    +++ lsb_release -i -s
    ++ GRUB_DISTRIBUTOR=Debian
    ++ GRUB_CMDLINE_LINUX_DEFAULT=quiet
    ++ GRUB_CMDLINE_LINUX=
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub.d/30_screen_resolution.cfg
  • source /etc/default/grub.d/30_screen_resolution.cfg
    ++ GRUB_GFXPAYLOAD_LINUX=1024x768
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub.d/30_whonix.cfg
  • source /etc/default/grub.d/30_whonix.cfg
    ++ GRUB_DISTRIBUTOR=Whonix
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub.d/30_whonix-workstation.cfg
  • source /etc/default/grub.d/30_whonix-workstation.cfg
    ++ GRUB_DISTRIBUTOR=‘Whonix-Workstation ™’
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub.d/40_cpu_mitigations.cfg
  • source /etc/default/grub.d/40_cpu_mitigations.cfg
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force’
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub.d/40_distrust_cpu.cfg
  • source /etc/default/grub.d/40_distrust_cpu.cfg
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off’
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub.d/40_enable_iommu.cfg
  • source /etc/default/grub.d/40_enable_iommu.cfg
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma’
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub.d/40_kernel_hardening.cfg
  • source /etc/default/grub.d/40_kernel_hardening.cfg
    +++ dpkg --print-architecture
    ++ kpkg=linux-image-amd64
    +++ dpkg-query --show ‘–showformat=${Version}’ linux-image-amd64
    ++ kver=4.19+105+deb10u3
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma slab_nomerge’
    ++ dpkg --compare-versions 4.19+105+deb10u3 ge 5.3
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP’
    ++ command -v qubesdb-read
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on’
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none’
    ++ dpkg --compare-versions 4.19+105+deb10u3 ge 5.2
    ++ GRUB_CMDLINE_LINUX=’ spectre_v2=on spec_store_bypass_disable=on tsx=off tsx_async_abort=full,nosmt mds=full,nosmt l1tf=full,force nosmt=force kvm.nx_huge_pages=force random.trust_cpu=off intel_iommu=on amd_iommu=on efi=disable_early_pci_dma slab_nomerge slub_debug=FZP page_poison=1 mce=0 pti=on vsyscall=none extra_latent_entropy’
  • for config_file in /etc/default/grub /etc/default/grub.d/*.cfg
  • test -f /etc/default/grub.d/init-select.cfg
  • source /etc/default/grub.d/init-select.cfg
  • for file_name in /boot/vmlinuz-*
  • base_name=vmlinuz-4.19.0-8-amd64
  • search=vmlinuz-
  • replace=
    ++ echo vmlinuz-4.19.0-8-amd64
    ++ str_replace vmlinuz- ‘’
  • version=4.19.0-8-amd64
  • unset search
  • unset replace
  • break
  • ‘[’ 4.19.0-8-amd64 = ‘’ ‘]’
  • real_grub_cfg=/boot/grub/grub.cfg
  • file_replace=/boot/grub/grub.cfg.temp
  • test -w /boot/grub/grub.cfg
  • cp /boot/grub/grub.cfg /boot/grub/grub.cfg.temp
  • test -w /boot/grub/grub.cfg.temp
  • search=’ GNU/Linux’
  • replace=
  • str_replace ’ GNU/Linux’ ‘’ /boot/grub/grub.cfg.temp
  • search=’, with Linux 4.19.0-8-amd64’
  • replace=
  • str_replace ‘, with Linux 4.19.0-8-amd64’ ‘’ /boot/grub/grub.cfg.temp
  • search=‘menuentry ‘’‘Whonix-Workstation ™’’’’
  • replace=‘menuentry ‘’‘PERSISTENT mode USER (For daily activities.)’’’’
  • str_replace ‘menuentry ‘’‘Whonix-Workstation ™’’’’ ‘menuentry ‘’‘PERSISTENT mode USER (For daily activities.)’’’’ /boot/grub/grub.cfg.temp
  • search=‘menuentry ‘’‘Whonix-Workstation ™ (recovery mode)’’’’
  • replace=‘menuentry ‘’‘Recovery PERSISTENT mode SUPERADMIN (Be very cautious!)’’’’
  • str_replace ‘menuentry ‘’‘Whonix-Workstation ™ (recovery mode)’’’’ ‘menuentry ‘’‘Recovery PERSISTENT mode SUPERADMIN (Be very cautious!)’’’’ /boot/grub/grub.cfg.temp
  • test -x /usr/bin/grub-script-check
  • /usr/bin/grub-script-check /boot/grub/grub.cfg.temp
  • cp /boot/grub/grub.cfg.temp /boot/grub/grub.cfg
  • exit 0

Log seems truncated.

Something enables sh xtrace (set -x) during update-grub. That’s certainly too verbose log output. Usability issue, yes as proven by this forum thread. But security issue, no.

set -x might for example be set here:

  • /etc/default/grub file
  • /etc/default/grub.d folder
  • /etc/grub.d folder
  • /usr/sbin/grub-mkconfig script
  • /usr/sbin/update-grub

To debug:

sudo sh -x /usr/sbin/grub-mkconfig

and post output here.

Using apparmor-profile-everything? That has a set -x.

Also https://www.whonix.org/wiki/Reporting_Bugs#Support_Request_Policy applies.

Script https://github.com/Whonix/apparmor-profile-everything/blob/master/usr/lib/apparmor-profile-everything/grub-cfg#L3 is still in debugging mode.

[Imprint] [Privacy Policy] [Cookie Policy] [Terms of Use] [E-Sign Consent] [DMCA] [Investors] [Priority Support] [Professional Support]