starred/netboot.xyz
1
0
Fork 0
mirror of https://github.com/netbootxyz/netboot.xyz.git synced 2026-04-25 23:25:54 +03:00
Code Issues 272 Projects Releases 10 Packages Wiki Activity

[GH-ISSUE #785] Unable to load Custom Menus from GitHub #1755

New issue
Closed
opened 2026-03-01 18:36:05 +03:00 by kerem · 15 comments
kerem commented 2026-03-01 18:36:05 +03:00
Owner
Copy link

Originally created by @BasicWombat on GitHub (Dec 3, 2020).
Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/785

Describe the bug
When loading custom menu from GitHub, I get the error "Operation not permitted (http://ipxe.org/410de185f)"

Additional context
It appears to be an issue with TLS and accessing the HTTPS of GitHub.
Tested on different computers and same result.

Originally created by @BasicWombat on GitHub (Dec 3, 2020). Original GitHub issue: https://github.com/netbootxyz/netboot.xyz/issues/785 **Describe the bug** When loading custom menu from GitHub, I get the error "Operation not permitted (http://ipxe.org/410de185f)" **Additional context** It appears to be an issue with TLS and accessing the HTTPS of GitHub. Tested on different computers and same result.
kerem closed this issue 2026-03-01 18:36:05 +03:00
kerem commented 2026-03-01 18:36:06 +03:00
Author
Owner
Copy link

@BasicWombat commented on GitHub (Dec 3, 2020):

Could be related to the same issue:
#782 https://github.com/netbootxyz/netboot.xyz/issues/782

<!-- gh-comment-id:738455429 --> @BasicWombat commented on GitHub (Dec 3, 2020): Could be related to the same issue: #782 https://github.com/netbootxyz/netboot.xyz/issues/782
kerem commented 2026-03-01 18:36:06 +03:00
Author
Owner
Copy link

@BasicWombat commented on GitHub (Dec 3, 2020):

@antonym has been helping on this issue via the Discord chat

<!-- gh-comment-id:738455560 --> @BasicWombat commented on GitHub (Dec 3, 2020): @antonym has been helping on this issue via the Discord chat
kerem commented 2026-03-01 18:36:06 +03:00
Author
Owner
Copy link

@LordChunk commented on GitHub (Dec 24, 2020):

@BasicWombat did you find a fix/workaround?

<!-- gh-comment-id:750911578 --> @LordChunk commented on GitHub (Dec 24, 2020): @BasicWombat did you find a fix/workaround?
kerem commented 2026-03-01 18:36:06 +03:00
Author
Owner
Copy link

@BasicWombat commented on GitHub (Dec 29, 2020):

@BasicWombat did you find a fix/workaround?

Unfortunately no. While I did work on it further that day, I wasn't able to find anything.
I also haven't had a opportunity since.

For reference, this a link to the discord conversation with @antonym.
https://discord.com/channels/425186187368595466/425186187368595468/784165591236739082

<!-- gh-comment-id:751991055 --> @BasicWombat commented on GitHub (Dec 29, 2020): > @BasicWombat did you find a fix/workaround? Unfortunately no. While I did work on it further that day, I wasn't able to find anything. I also haven't had a opportunity since. For reference, this a link to the discord conversation with @antonym. https://discord.com/channels/425186187368595466/425186187368595468/784165591236739082
kerem commented 2026-03-01 18:36:06 +03:00
Author
Owner
Copy link

@Firminator commented on GitHub (Dec 30, 2020):

I can't load my custom menu either anymore. Though the error code is 410de13c (aka 410de1 @ https://ipxe.org/err/410de1 )

<!-- gh-comment-id:752331085 --> @Firminator commented on GitHub (Dec 30, 2020): I can't load my custom menu either anymore. Though the error code is 410de13c (aka 410de1 @ https://ipxe.org/err/410de1 )
kerem commented 2026-03-01 18:36:06 +03:00
Author
Owner
Copy link

@Firminator commented on GitHub (Dec 30, 2020):

Wild speculation here.
boot.netboot.xyz uses an Amazon cert.
raw.githubusercontent uses DigiCert[1].
Could it be that the DigiCert RootCA is not added to the netboot image hence TLS requests to raw.githubusercontent/username/netboot.xyz-custom/master/custom.ipxe will fail?
Anthony suggested to generate certificates and manually them add before building custom netboot images @ https://github.com/netbootxyz/netboot.xyz/issues/237 although we are not building custom images here. We are just using our own repo on Github/raw.githubusercontent.com instead of boot.netboot.xyz

[1] https://www.ssllabs.com/ssltest/analyze.html?d=raw.githubusercontent.com

<!-- gh-comment-id:752341626 --> @Firminator commented on GitHub (Dec 30, 2020): Wild speculation here. boot.netboot.xyz uses an Amazon cert. raw.githubusercontent uses DigiCert[1]. Could it be that the DigiCert RootCA is not added to the netboot image hence TLS requests to raw.githubusercontent/username/netboot.xyz-custom/master/custom.ipxe will fail? Anthony suggested to generate certificates and manually them add before building custom netboot images @ https://github.com/netbootxyz/netboot.xyz/issues/237 although we are not building custom images here. We are just using our own repo on Github/raw.githubusercontent.com instead of boot.netboot.xyz [1] https://www.ssllabs.com/ssltest/analyze.html?d=raw.githubusercontent.com
kerem commented 2026-03-01 18:36:06 +03:00
Author
Owner
Copy link

@antonym commented on GitHub (Dec 30, 2020):

I did some debug the other day and was getting back the 02 28 error that it mentions on iPXE:

If server replies with “02 28”, then TLS was unable to negotiate compatible
cipher suites between iPXE and your server.  Enable something on the server
side to show what is supported by iPXE.

It was working up until a few weeks ago, so I suspect Github changed something service side on raw.githubusercontent.com that isn't jiving with what iPXE is compatible with. I haven't had much time to dig into this, but we do leverage the ipxe ca with a netboot.xyz code signing cert for signature checking.

I have thought about adding an additional option for loading up menu configs from a URL so that portion of it isn't so dependent on GitHub usernames or their endpoint. Then you can just load the custom menu from anywhere and have more control over compatibility.

<!-- gh-comment-id:752682962 --> @antonym commented on GitHub (Dec 30, 2020): I did some debug the other day and was getting back the 02 28 error that it mentions on iPXE: ``` If server replies with “02 28”, then TLS was unable to negotiate compatible cipher suites between iPXE and your server. Enable something on the server side to show what is supported by iPXE. ``` It was working up until a few weeks ago, so I suspect Github changed something service side on raw.githubusercontent.com that isn't jiving with what iPXE is compatible with. I haven't had much time to dig into this, but we do leverage the ipxe ca with a netboot.xyz code signing cert for signature checking. I have thought about adding an additional option for loading up menu configs from a URL so that portion of it isn't so dependent on GitHub usernames or their endpoint. Then you can just load the custom menu from anywhere and have more control over compatibility.
kerem commented 2026-03-01 18:36:07 +03:00
Author
Owner
Copy link

@barnabyc commented on GitHub (Dec 31, 2020):

I just moments ago was trying to set github_user via local-vars.ipxe for the first time and thought I had broken something when getting "Operation not permitted", glad it wasn't just me!

A way to override the custom menu base url via local-vars.ipxe could be really useful. In fact, using local-vars.ipxe to override any particular url would be awesome (eg. in the case of locally-hosted Debian mirrors, etc)

<!-- gh-comment-id:752807580 --> @barnabyc commented on GitHub (Dec 31, 2020): I just moments ago was trying to set github_user via local-vars.ipxe for the first time and thought I had broken something when getting "Operation not permitted", glad it wasn't just me! A way to override the custom menu base url via local-vars.ipxe could be really useful. In fact, using local-vars.ipxe to override any particular url would be awesome (eg. in the case of locally-hosted Debian mirrors, etc)
kerem commented 2026-03-01 18:36:07 +03:00
Author
Owner
Copy link

@LordChunk commented on GitHub (Jan 1, 2021):

Disabling IPv6 on my network seems to resolve the issue.

<!-- gh-comment-id:753313239 --> @LordChunk commented on GitHub (Jan 1, 2021): Disabling IPv6 on my network seems to resolve the issue.
kerem commented 2026-03-01 18:36:07 +03:00
Author
Owner
Copy link

@hipposen commented on GitHub (Jan 2, 2021):

a bit off-topic but without ipv6 the image download from github is successful

<!-- gh-comment-id:753534600 --> @hipposen commented on GitHub (Jan 2, 2021): a bit off-topic but without ipv6 the image download from github is successful
kerem commented 2026-03-01 18:36:07 +03:00
Author
Owner
Copy link

@Firminator commented on GitHub (Jan 14, 2021):

Disabling IPv6 on my network seems to resolve the issue.

Disable IPv6 where? Switch, Firewall, DHCP-server?

a bit off-topic but without ipv6 the image download from github is successful

Which image?

<!-- gh-comment-id:759895969 --> @Firminator commented on GitHub (Jan 14, 2021): > Disabling IPv6 on my network seems to resolve the issue. Disable IPv6 where? Switch, Firewall, DHCP-server? > a bit off-topic but without ipv6 the image download from github is successful Which image?
kerem commented 2026-03-01 18:36:07 +03:00
Author
Owner
Copy link

@bjo81 commented on GitHub (Jan 14, 2021):

I didn't try it without IPv6 yet, but I'm wondering why IPv6 is an issue as it worked already on an IPv6-enabled network. And raw.githubusercontent.com does not have IPv6.


raw.githubusercontent.com is an alias for github.map.fastly.net.
github.map.fastly.net has address 151.101.112.133
<!-- gh-comment-id:760010918 --> @bjo81 commented on GitHub (Jan 14, 2021): I didn't try it without IPv6 yet, but I'm wondering why IPv6 is an issue as it worked already on an IPv6-enabled network. And `raw.githubusercontent.com` does not have IPv6. ``` raw.githubusercontent.com is an alias for github.map.fastly.net. github.map.fastly.net has address 151.101.112.133 ```
kerem commented 2026-03-01 18:36:07 +03:00
Author
Owner
Copy link

@barnabyc commented on GitHub (Jan 14, 2021):

This seems to be working once again. Was testing a few hours ago. I had not changed any IPv6 settings. Maybe GitHub adjusted their access rules?

<!-- gh-comment-id:760465980 --> @barnabyc commented on GitHub (Jan 14, 2021): This seems to be working once again. Was testing a few hours ago. I had not changed any IPv6 settings. Maybe GitHub adjusted their access rules?
kerem commented 2026-03-01 18:36:07 +03:00
Author
Owner
Copy link

@antonym commented on GitHub (Jan 14, 2021):

Yeah, it's working for me now again too.

<!-- gh-comment-id:760488286 --> @antonym commented on GitHub (Jan 14, 2021): Yeah, it's working for me now again too.
kerem commented 2026-03-01 18:36:07 +03:00
Author
Owner
Copy link

@antonym commented on GitHub (Jan 22, 2021):

This appears to still be working so closing this out. I've also added the ability to set a custom url in case functionality with github breaks again.

<!-- gh-comment-id:765499903 --> @antonym commented on GitHub (Jan 22, 2021): This appears to still be working so closing this out. I've also added the ability to set a custom url in case functionality with github breaks again.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
development
copilot/add-doc-for-issue-1780
add-ubuntu-26.04
renovate/ansible-13.x
master
RC
changelog/3.0.1
feat/enable-rolling-builds
feat/secureboot-shim-devuan-kali
feature/secureboot-release-artifacts
copilot/sub-pr-1738
claude/issue-1703-20251117-0231
claude/issue-1703-20251117-0226
claude/issue-1703-20251117-0220
copilot/add-regex-manager-for-workflow-files
copilot/update-install-dependencies-step
copilot/fix-6503c0f7-4459-4828-8fe9-0b7f297ed932
claude/issue-1672-20250912-0331
testing
kairos_support
test
antonym/add-mac-pass
3.0.1
3.0.1-RC
3.0.0
3.0.0-RC
2.0.89
2.0.89-RC
2.0.88-RC
2.0.88
2.0.87-RC
2.0.87
2.0.86
2.0.86-RC
2.0.85
2.0.85-RC
2.0.84
2.0.84-RC
2.0.83
2.0.83-RC
2.0.82-RC
2.0.82
2.0.81-RC
2.0.81
2.0.80
2.0.80-RC
2.0.79
2.0.79-RC
2.0.78
2.0.78-RC
2.0.77-RC
2.0.77
2.0.76
2.0.76-RC
2.0.75
2.0.75-RC
2.0.74
2.0.74-RC
2.0.73
2.0.73-RC
2.0.72
2.0.72-RC
2.0.71
2.0.71-RC
2.0.70
2.0.70-RC
2.0.69
2.0.69-RC
2.0.68
2.0.68-RC
2.0.67
2.0.67-RC
2.0.66
2.0.66-RC
2.0.65
2.0.65-RC
2.0.64
2.0.64-RC
2.0.63
2.0.63-RC
2.0.62
2.0.62-RC
2.0.61
2.0.61-RC
2.0.60
2.0.60-RC
2.0.59
2.0.59-RC
2.0.58
2.0.58-RC
2.0.57
2.0.57-RC
2.0.56
2.0.56-RC
2.0.55
2.0.55-RC
2.0.54
2.0.54-RC
2.0.53
2.0.53-RC
2.0.52
2.0.52-RC
2.0.51
2.0.51-RC
2.0.50
2.0.50-RC
2.0.49
2.0.49-RC
2.0.48
2.0.48-RC
2.0.47
2.0.47-RC
2.0.46
2.0.46-RC
2.0.45
2.0.45-RC
2.0.44
2.0.44-RC
2.0.43
2.0.43-RC
2.0.42
2.0.42-RC
2.0.41
2.0.41-RC
2.0.40
2.0.40-RC
2.0.39
2.0.39-RC
2.0.38
2.0.38-RC
2.0.37
2.0.37-RC
2.0.36
2.0.36-RC
2.0.35
2.0.35-RC
2.0.34
2.0.34-RC
2.0.33
2.0.33-RC
2.0.32
2.0.32-RC
2.0.31
2.0.31-RC
2.0.30
2.0.30-RC
2.0.29
2.0.29-RC
2.0.28
2.0.28-RC
2.0.27
2.0.27-RC
2.0.26
2.0.26-RC
2.0.25
2.0.25-RC5LI
2.0.25-RC
2.0.24
2.0.24-RC
2.0.23
2.0.23-RC
2.0.22
2.0.22-RC
2.0.21
2.0.21-RC
2.0.20
2.0.20-RC
2.0.19
2.0.19-RC
2.0.18
2.0.18-RC
2.0.17
2.0.17-RC
2.0.16
2.0.16-RC
2.0.15
2.0.15-RC
2.0.14
2.0.14-RCZQD
2.0.14-RC
2.0.13
2.0.13-RC17N
2.0.13-RC
2.0.12
2.0.12-RC
2.0.11
2.0.10
2.0.10-RC
2.0.9
2.0.9-RC2N0
2.0.9-RC
2.0.8
2.0.8-RC
2.0.7
2.0.7-RC
2.0.6
2.0.6-R1-RC
2.0.6-RC
2.0.5
2.0.5-RC
2.0.4
2.0.4-RC
2.0.3
2.0.3-RC
2.0.2
2.0.2-RC
2.0.1
2.0.1-RC
2.0.0
2.0.0-RC
1.9.91-RC
1.9.9
1.9.9-RC
1.9.8-RC
1.0.0
1.9.7-RC
Labels
Clear labels   
Hacktoberfest

   
Hacktoberfest

   
bootloader

   
bsd

   
bug

   
confirmed

   
documentation

   
duplicate

   
enhancement

   
enhancement

   
enhancement

   
eol

   
experimental-merged

   
freebsd

   
help wanted

   
invalid

   
investigate

   
ipxe

   
linux

   
live-os

   
memdisk

   
menu

   
no-issue-activity

   
no-issue-activity

   
pull-request

Mirrored from GitHub Pull Request

  
released

   
todo

   
upstream

   
windows

   
windows

   
work-in-progress
No labels
Hacktoberfest
Hacktoberfest
bootloader
bsd
bug
confirmed
documentation
duplicate
enhancement
enhancement
enhancement
eol
experimental-merged
freebsd
help wanted
invalid
investigate
ipxe
linux
live-os
memdisk
menu
no-issue-activity
no-issue-activity
pull-request
released
todo
upstream
windows
windows
work-in-progress
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/netboot.xyz#1755
No description provided.