Stoiko Ivanov [Wed, 10 Nov 2021 15:25:10 +0000 (16:25 +0100)]
proxmox-boot: read only first line of /etc/kernel/cmdline
following the commit of removing the wrong indentation of the linux
and initrd lines - this commit strips empty lines (and leading
trailing whitespace) in /etc/kernel/cmdline.
I managed to reproduce the issue reported in the forum [0] by adding
empty lines to /etc/kernel/cmdline) - without this - systemd-boot
booted quite happily even with the indentation.
considered using perl -pe with multiline matching but thanks to
Thomas' suggestion went with the shell-builtin read.
the check for existance of 'root=' in the resulting CMDLINE was added,
since my test-system had an empty line in the beginning, which again
rendered it unbootable.
Oguz Bektas [Wed, 10 Nov 2021 13:07:46 +0000 (14:07 +0100)]
proxmox-boot: esp config: avoid leading whitespace in initrd/linux options
Not an actual issue, the systemd parser just skips those
whitespaces[0], but it may confuse people and lead to false-positive
conclusions about a culprit for loader issues, so fix that up.
diff before -> after:
version 5.11.22-7-pve
options root=ZFS=rpool/ROOT/pve-1 boot=zfs iommu=pt
- linux /EFI/proxmox/5.11.22-7-pve/vmlinuz-5.11.22-7-pve
- initrd /EFI/proxmox/5.11.22-7-pve/initrd.img-5.11.22-7-pve
+linux /EFI/proxmox/5.11.22-7-pve/vmlinuz-5.11.22-7-pve
+initrd /EFI/proxmox/5.11.22-7-pve/initrd.img-5.11.22-7-pve
Fixes: 2a8a4b5 ("proxmox-boot: fix #3632 copy kernel+initrd unconditionally") Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
[ Thomas: Clarify that the commit does not fix anything but is still
good to have ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
do not use the -u (update) flag when copying kernel images and inird
from /boot to the ESPs:
* the ESPs are formatted with vfat, which has a 2 second precision for
mtime (`linux/fs/fat/misc.c` - `fat_truncate_time`)
* cp -u compares the mtimes of source (kernel image in /boot not on
vfat) and destination - leading to the copy always being carried
out, if the source files remain the same (and do not happen to have
a mtime exactly happening on a even second)
as laid out in the bug-report - the case where this leads to an
unbootable system is when a kernel-version is shipped twice (built
with different tool-chains) - e.g. currently the 5.11 kernels in PVE 6
and PVE 7.
tested the behavior of `cp -u` by running opensnopp-bpfcc and copying
a file twice onto ext4 (opened only once) and on vfat (opened twice).
additionally reproduced the issue (by dist-upgrading a PVE 6 VM to 7
with the pve-no-subscription repo) and verified this patch fixes it.
grub wrapper: skip if using boot-tool but also booted via EFI
From Fabians feedback:
> this could have another guard for whether the system is even booted
> with grub as if the system was booted using EFI, re-initing all
> ESPs is just busy-work
So skip if proxmox-boot-tool and booted with EFI, as then GRUB is out
of the picture anyway.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
proxmox-boot: maintscript: change logic whether to add diversion
Deciding whether or not to add the diversion based on the version
alone fails quite hard in case pve-kernel-helper is in dpkg-state 'rc'
(removed not purged) as reported in our community forum[0]:
* removing pve-kernel-helper removes the diversion of grub-install
* if config-files are still present the preinst script gets called
with the version of the config-files (the version that got removed)
* if the version was newer than 6.4-1~ then no diversion is added
* unpacking fails, because grub-install would be overwritten leaving
pve-kernel-helper in state 'ic'
Explicitly checking whether the diversion is in place sounds like a
robust approach here.
downside: documentation on dpkg-divert in maintainer scripts [1] uses
the version approach.
proxmox-boot: divert call to grub-install to p-b-t init
This way all ESPs (in case of a legacy booted system) get an
updated grub installation.
running only once between reboots (the markerfile is in /tmp) should
be enough. Sadly the environment does not provide a hint which version
grub is installed to.
proxmox-boot: ignore call to grub-install from grub maintscripts
in certain cases the postinst script of grub-pc runs grub-install on
the disks it gets from debconf. Simply warn and exit with 0 if
grub-install is called by dpkg and from a grub related package
Stoiko Ivanov [Thu, 24 Jun 2021 11:20:25 +0000 (13:20 +0200)]
proxmox-boot: redirect stdout in update-grub snippet
update-grub (via grub-mkconfig) generates the grub configuration by
concatenating the output of each snippet (from /etc/grub.d).
We need to redirect the output of `proxmox-boot-tool refresh`
to not end up with a syntactically wrong config in /boot/grub/grub.cfg
(which is not used in any case)
If the system seems to be using proxmox-boot, simply run it, in
addition to warning the user about the situation.
Since the warning is only printed when update-grub is not called
by dpkg or proxmoxmox-boot-tool, this should be safe, and potentially
help keeping systems bootable.
Suggested-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
if a (legacy) system is booted with proxmox-boot-tool, running
`grub-install` without being aware of the fact can render the system
unbootable (e.g. when letting the early stage point to an incompatible
zpool instead of the ESP).
To prevent this we add a dpkg-diversion [0], which simply checks if
`proxmox-boot-tool status` indicates that proxmox-boot is used and
errors out in that case, and runs the actual grub-install else.
Co-authored-by: Thomas Lamprecht <t.lamprecht@proxmox.com> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
If the system seems to be booted using proxmox-boot, write a header at
the beginning of the grub.cfg generated when running `update-grub`
Additionally print a warning in case the script is run interactively.
This is determined by checking for DPKG_VERSION, which is set when
running as post-inst task (after a kernel install/removal)
and for PVE_EFIBOOT_UNSHARED, which is set by proxmox-boot-tool when
running `proxmox-boot-tool refresh.`
This patch adds support for booting non-uefi/legacy/bios-boot ZFS
installs, by using proxmox-boot-tool to copy the kernels to the ESP
and then generate a fitting grub config for booting from the vfat ESP:
* grub is installed onto the ESP and the MBR points to the ESP
* after copying/deleting the kernels proxmox-boot-tool bindmounts the
ESP on /boot (inside the new mount namespace)
* grub-update then manages to generate a fitting config.
Some paths/sanity-checks needed adaptation (to differentiate between
EFI boot and not (based on the existence of /sys/firmware/efi)
The arguments for grub-install are taken from the pve-installer.
The approach is inspired by @avw in our community-forum [0].
proxmox-boot-tool: sort and remove duplicates on clean
This is mostly in preparation for renaming pve-efiboot-uuids into
proxmox-boot-uuids, but can help in general (since each duplicate uuid
causes excessive disk i/o upon kernel upgrades).
Aaron Lauterer [Tue, 19 May 2020 07:59:44 +0000 (09:59 +0200)]
pve-efiboot-tool: format: show real path in warning if needed
Show the real path of the partition in case when the basename couldn't
be determined and the partition given is a symlinked one like
/dev/disk/by-id/<part>/
Aaron Lauterer [Tue, 19 May 2020 07:59:43 +0000 (09:59 +0200)]
pve-efiboot-tool: format: fix handling of disk/by-id
The format command will fail when using other paths like
/dev/disk/by-id/<part> instead of /dev/sdXY directly. It cannot find
the path /sys/block/<disk>/<part>/partition path.
The part name in /dev/disk/by-id is a symlink to /dev/sdXY. At that
point we already have the symlink resolved to the real path. It is
stored in `bdev`.
Thomas Lamprecht [Sat, 15 Feb 2020 16:17:26 +0000 (17:17 +0100)]
fix #2595: less false positives when filtering out meta packages
This fixes selecting kernels for manual inclusion in the ESP which do
not come with a "-pve" in name.
It fixes listing, by just printing out the whole list as is. refresh
complains already if there's a kernel selected but no respective
vmlinuz got found. Additionally, we already plainly add the "manual
kernel list" in kernel_keep_versions, but filter then out any kernel
not containing a "-pve" in boot_kernel_list.
But boot_kernel_list should actually only filter out the kernel meta
packages.
So, use a inverse match and check for a /\d+\.\d+/ pattern, this
seems to work well enough.
Note that kernel_keep_versions doesn't picks up non-pve kernels
anyway, so this only really alters manual selection.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Oguz Bektas [Fri, 8 Nov 2019 12:47:22 +0000 (13:47 +0100)]
use perl instead of (g)awk to clean /proc/cmdline
this awk line only works with gawk because of implementation differences
between awk alternatives.
debian has mawk installed by default, and mawk does not implement word
boundary regex. to avoid having to depend on gawk, we can just use perl
instead.
efiboot/autorm functions: ignore running kernel if it was removed
In the case were someone removes the current kernel we do not can
"keep" it anymore. While this was obviously no issue for the
autoremoval logic, it is an issue for the pve-efiboot-tool refresh
command, which reuses this helper to see which kernels it needs to
keep on the ESP.
Without this a running kernel was never removed from the EFI System
Partitions if de-installed from a host, so if it sorted as newest one
it was then booted again, which naturally confuses users (it was just
removed!!). So to ensure that we cannot get such zombie kernels
ensure that only installed kernels are included in the list.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Thu, 17 Oct 2019 05:44:50 +0000 (07:44 +0200)]
followup: code cleanup
* add some spaces for separation, increasing readability
* do not use the non-existent variable x as replacement, but an actual
empty string ""
* don't use the "truth-y action" at end to make awk print the line ($0)
but explicitly print $0 after the gsub, makes it easier to get for
people with not much awk background
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Thomas Lamprecht [Mon, 30 Sep 2019 07:45:40 +0000 (09:45 +0200)]
d/control: adapt to lintian change regarding empty-binary-package
Previously, mentioning "virtual package" in the package long
description was enough to supress the "empty-binary-package" linitian
tag[0]. That changed, so let's use "metapackage", which is suggested
as one of the replacement options.
Stefan Reiter [Thu, 1 Aug 2019 11:01:03 +0000 (13:01 +0200)]
Add efiboot refresh hook to update-initramfs
As explained in [0], we can add a hook script that will be called after
update-initramfs did its job (and thus, a new initrd has been created).
We can use this to automatically sync the ESPs using 'pve-efiboot-tool
refresh', if update-initramfs was called manually (on kernel upgrade we
already have a hook that does this).
Thomas Lamprecht [Mon, 15 Jul 2019 12:35:41 +0000 (14:35 +0200)]
zz-pve-efiboot: make loader title product dependent
default to "Proxmox Virtual Environment", and if the
proxmox-mailgateway package is installed (we simply check the docs
path) use "Proxmox Mailgateway" instead
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
with 'kernels <add|remove>' command in pve-efiboot-tool to add/remove
kernels to/from manual kernel list, and honor it when generating lists
of kernels to not autoremove/sync to ESPs