VisionFive 2 Debian Image Released

Hello @tommythorn,

for the u-boot and opensbi update the following guide:

for the kernel upgrade:
I use a separate debian maschine to CROSS build the custom linux-*.deb packages.
You can use the prepare steps from this guide and for the build is the following command:

make ARCH=riscv CROSS_COMPILE=riscv64-linux- -j4 bindeb-pkg

My output for the kernel is:

Best regards
Damian

1 Like

I just got my board and decided to create a build environment in docker to build for this. The main advantage is the possibility to select base os for the cross compiler without dedicating a computer or vm for it.
Here’s the repo: GitHub - kng/visionfive2-docker: Docker build environment for VisionFive 2 SBC

5 Likes

Knegge is a rockstar!!!

Using his docker shell and build scripts:

In less than 10 minutes, you’ll have built everything you need:
building u-boot: 1min
building opensbi: 10s
building spl: 1s
kernel: 7.5 minutes !!! I’m not used to short kernel builds so this was a pleasant surprise.

Enormous time savings if you use this.

3 Likes

I’ts pretty straight forward, clone the repo, build the image, run the scripts one by one. I’ve updated the readme to include the clone/build.
Have a look inside the script to see what they’re doing, basically slightly modified commands from the technical reference manual.
The order is the same as in the readme, and the manual.

Regarding docker installation I’m afraid I have to point you to your distro’s instructions or official install guide. I have a short description in another project but ymmv.

The actual image that the dockerfile pulls in is ubuntu:bionic, the same as in the manual. This is completely separate from the host OS. It should also allow for other arches as well, not only x86.

If you just run the shell you can play around in the container:

$ ./shell.sh
root@0e896ca78870:/mnt# cat /etc/os-release
NAME="Ubuntu"
VERSION="18.04.6 LTS (Bionic Beaver)"
ID=ubuntu
ID_LIKE=debian
PRETTY_NAME="Ubuntu 18.04.6 LTS"
VERSION_ID="18.04"
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
VERSION_CODENAME=bionic
UBUNTU_CODENAME=bionic
2 Likes

Hello,

I have updated de firmware and the 69-image boots fine.

When I run update && upgrade I get an error:

ubuntu@rvsvrwsv02:~$ sudo apt update
Hit:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
Err:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
Reading package lists… Done
Building dependency tree… Done
Reading state information… Done
All packages are up to date.
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease: The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Failed to fetch https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/dists/unstable/InRelease The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
ubuntu@rvsvrwsv02:~$

is there a possibility to fix this?

Help appreciated!

You can solve this once and for all. Import the missing(invalid) public key into your public key ring, then update/upgrade again.

sudo apt-key adv --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
###or gpg --keyserver keyring.debian.org --recv-key E852514F5DF312F6
sudo apt-get update
sudo apt-get upgrade

Or you can temporarily circumvent all package gpg checking while doing the update/upgrade

sudo apt-get --allow-unauthenticated update
sudo apt-get --allow-unauthenticated upgrade

I prefer the first approach, but sometimes if you feel overwhelmed with all these missing keys, the second approach is definitely more convenient at the risk of introducing malware, but if your repo is simply debian I would place a high-level of confidence there is no malware. The other convenience is that iirc there would be an updated developer keys package that updates the public keyring with the newer developer public keys on your behalf. Similar stuff like this occurs on Fedora as well.

1 Like

Thanks but curiously it doesn’t work for me:

$ sudo apt-key adv --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
Executing: /tmp/apt-key-gpghome.g6Ywj5Fxke/gpg.1.sh --keyserver keyring.debian.org --recv-keys E852514F5DF312F6
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

hm, for me neither. GPG says:

gpg --keyserver keyring.debian.org --recv-key E852514F5DF312F6
gpg: keybox '/home/user/.gnupg/pubring.kbx' created
gpg: no valid OpenPGP data found.
gpg: Total number processed: 0

Or install the package debian-ports-archive-keyring

Nice, that --allow-unauthenticated is a good way to temporary allow this if your system (or container) doesn’t have a recent package list.

Unfortunately, this does not work for me.

user@vfive2-8:~$ sudo apt-key list | grep -A 1 expired
[sudo] password for user: 
Warning: apt-key is deprecated. Manage keyring files in trusted.gpg.d instead (see apt-key(8)).
pub   rsa4096 2021-01-10 [SC] [expired: 2023-01-31]
      CBC7 0A60 B9ED 6F23 7A5F  5B0B E852 514F 5DF3 12F6
uid           [ expired] Debian Ports Archive Automatic Signing Key (2022) <ftpmaster@ports-master.debian.org>

--
pub   rsa4096 2021-12-30 [SC] [expired: 2023-01-31]
      D0C9 87D7 BEC3 EDDF 8948  6CC2 B523 E5F3 FC4E 5F2C
uid           [ expired] Debian Ports Archive Automatic Signing Key (2023) <ftpmaster@ports-master.debian.org>

user@vfive2-8:~$ sudo apt install debian-ports-archive-keyring
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
debian-ports-archive-keyring is already the newest version (2022.02.15).
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.

The exact same behavior here.

also:
sudo apt-get --allow-unauthenticated update
ends in :>

Hit:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
Err:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
Reading package lists… Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease: The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Failed to fetch https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/dists/unstable/InRelease The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.

In your /etc/apt/sources.list try temporarily adding [allow-insecure=yes]

deb [allow-insecure=yes] http...

or [trusted=yes]

deb [trusted=yes] http...
sudo apt-get --allow-unauthenticated update
sudo apt-get --allow-unauthenticated upgrade

Please remember to take that stuff out once it’s all settled. BIG SECURITY HOLE.
The package signature expired end of January. If you contact the package maintainer ftpmaster@ports-master.debian.org for the entire snapshot repo in question perhaps they could renew their key and re-submit the packages with the newer key and provide you with that new key to import.

1 Like

Thank you for isolating the issue. It is definitely the entire snapshot repo with all its packages that need to have their keys renewed since they all [expired: 2023-01-31]. At least we now know who to report the issue to.

We need to email

ftpmaster@ports-master.debian.org

and request them to renew their key since it expired 2 days ago and re-package all the packages with the new key.

1 Like

Thanks, neither worked for me though.

sudo apt-get --allow-unauthenticated update
sudo: unable to resolve host starfive: Name or service not known
Hit:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
Err:1 debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease
The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
Reading package lists… Done
W: An error occurred during the signature verification. The repository is not updated and the previous index files will be used. GPG error: debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable InRelease: The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Failed to fetch https://snapshot.debian.org/archive/debian-ports/20220616T194833Z/dists/unstable/InRelease The following signatures were invalid: EXPKEYSIG E852514F5DF312F6 Debian Ports Archive Automatic Signing Key (2022) ftpmaster@ports-master.debian.org
W: Some index files failed to download. They have been ignored, or old ones used instead.
user@starfive:~/ChrysaLisp$ cat /etc/apt/sources.list
deb [trusted=yes] debian-ports:/ 2022-06-16 19:48:33 - snapshot.debian.org unstable main

The 2023 package is in the updated package list. If not able to update with the mentioned args, try wget/curl the package directly and install with dpkg -i debian-ports-archive-keyring_2023.02.01_all.deb

1 Like

Where’s the best place to submit issues for this Debian Image 69?

Issue

sudo apt-get install aptitude
sudo: unable to resolve host starfiveYOW: Name or service not known

Issue

the gui desktop closes suddenly and after a long while the login prompt is displayed again.

Issue

Rust “ring” crate on the vf2 and other riscv boards doesn’t build. Build for riscv64gc-unknown-linux-gnu failed. · Issue #1419 · briansmith/ring · GitHub

Good news: aptitude and emacs-nox work. The full unstable repo snapshot is available to install which is impressive. Java was already installed. I installed Rust nightly with no issues via the standard https://rustup.rs way. Rust likes to have a cc around so I installed build-essential,clang-15-tools, lld-15, llvm 15 as well with no issues.

1 Like

Hello together,

does anyone has send an e-mail to ftpmaster@ports-master.debian.org to resolve the issue with the signature ?

Best regards
Damian

PS: I have now sent a mail

2 Likes

There is a much simpler solution:
1- download the debian-ports-archive-keyring_2023.02.01_all.deb package from https://deb.debian.org/debian-ports/pool/main/d/debian-ports-archive-keyring/debian-ports-archive-keyring_2023.02.01_all.deb with wget or curl,
install with dpkg -i debian-ports-archive-keyring_2023.02.01_all.deb
2-Use the regular unstable ports directory in /etc/apt/sources.list:
deb http://ftp.ports.debian.org/debian-ports/ unstable main
instead of (or comment out)
#deb https://snapshot.debian.org/archive/debian-ports/20220616T194833Z unstable main

9 Likes

Thanks @johanhenselmans; 1. by itself didn’t fix anything for me (maybe it wasn’t supposed to), but 1. and 2. seems to work (and boy, it’s working itself through 895 updates now).

1 Like

I also like a CLI only image version. Many I suspect use as 24/7/365. Therefore only need a CLI version that ssh to when need access.

A method to easily enable SSH from base image would be most helpful so do not need to connect HDMI and keyboard to download/enable SSH. For example with RaspberryOS all one needs to do to enable ssh on image is to touch /boot/ssh. When RaspberyPiOS boots it enables ssh and deletes the /boot/ssh file.