Skip to content

oasis rofl build: failed to read dm-verity root hash using podman #642

New issue
New issue
Closed
Bug
#660
Closed
oasis rofl build: failed to read dm-verity root hash using podman#642
Bug
#660
Assignees
ptrus
Labels
roflROFL related CLI issues
@matevz

Description

@matevz
matevz
opened on Nov 7, 2025

Using 085bb7b and podman on Ubuntu 24.04, I get the following error when invoking oasis rofl build on https://github.com/oasisprotocol/oasis-sdk/tree/main/rofl-scheduler:

oa@matevz-oa:~/oasis-sdk/rofl-scheduler$ oasis rofl build --deployment testnet
Building a ROFL application...
Deployment: testnet
Network:    testnet
ParaTime:   sapphire
Debug:      false
App ID:     rofl1qrqw99h0f7az3hwt2cl7yeew3wtz0fxunu7luyfg
Name:       rofl-scheduler
Version:    0.6.3
TEE:        tdx
Kind:       raw

Initializing build environment...
Downloading firmware artifact...
  URI: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.6.2/ovmf.tdx.fd#db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f
  Hash: db47100a7d6a0c1f6983be224137c3f8d7cb09b63bb1c7a5ee7829d8e994a42f
  (using cached artifact)
Downloading kernel artifact...
  URI: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.6.2/stage1.bin#e5d4d654ca1fa2c388bf64b23fc6e67815893fc7cb8b7cfee253d87963f54973
  Hash: e5d4d654ca1fa2c388bf64b23fc6e67815893fc7cb8b7cfee253d87963f54973
  (using cached artifact)
Downloading stage 2 template artifact...
  URI: https://github.com/oasisprotocol/oasis-boot/releases/download/v0.6.2/stage2-basic.tar.bz2#9a2b4d71e9779801bde73c16b3be789bc50672019a87e8c90fe3c94e034907c1
  Hash: 9a2b4d71e9779801bde73c16b3be789bc50672019a87e8c90fe3c94e034907c1
  (using cached artifact)
Building a TDX-based Rust ROFL application...
Building in production mode.
Building runtime binary...
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
...
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
[built] registry+https://github.com/rust-lang/crates.io-index#[email protected]
[built] path+file:///src/rofl-scheduler#0.0.0
Preparing stage 2 root filesystem...
Unpacking template...
Adding runtime as init...
Runtime hash: 06eb3e667da6c3dea84ca9c8ba50bd0ede75bd051b3e2c286b29a3735bcb78be
Adding extra files...
Creating squashfs filesystem...
Creating dm-verity hash tree...
Error: failed to create verity hash tree: failed to read dm-verity root hash: open /tmp/oasis-build2089115616/rootfs.hash.roothash: permission denied

The tmp dir looks like:

oa@matevz-oa:/tmp/oasis-build2089115616$ ls -l
total 18496
drwxr-xr-x 14 oa     oa          320 nov  7 21:04 rootfs
-rw-------  1 oa     oa       155648 nov  7 21:04 rootfs.hash
-rw-------  1 oa     oa           64 nov  7 21:04 rootfs.hash.roothash
-rw-r--r--  1 100999 100999 18780160 nov  7 21:04 rootfs.squashfs

Seems like podman is running the command as 100999? I didn't try docker, but I'm pretty sure it's podman specific.

Metadata

Metadata

Assignees

Labels

roflROFL related CLI issues

Type

Bug

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions