to iterate over all configured ESPs and refresh the boot-loader
installations.
the init function was changed to not run refresh directly - to prevent
refresh from running once for each ESP
currently reinit does not imply refresh
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
was forgotten during the general renaming of pve-efiboot ->
proxmox-boot.
follows commit 8c0a22adfe
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
The version of systemd boot in bullseye, tries writing an efivar which
is not writeable on certain (broken) UEFIs (HP thin clients).
The issue was not present in the version in buster (the variable
simply did not get written) and can be worked around by adding
--graceful to the `bootctl install` command.
see also:
https://github.com/systemd/systemd/issues/13603
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
While running `update-grub` directly in this case is a divergence from
the semantics of the command when p-b-t handles booting it makes the
cleanup in the `next-boot` case a bit tidier.
fetching the next-boot version explicitly again before setting the
provided version is to cover the sequence:
p-b-t kernel pin <ver1> --next-boot ; p-b-t kernel pin <ver2>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
by setting the desired version in a dedicated file, which is used
by the systemd service as condition for removing it and refreshing
upon reboot.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
The 2 commands follow the mechanics of p-b-t kernel add/remove in
writing the desired abi-version to a config-file in /etc/kernel and
actually modifying the boot-loader configuration upon p-b-t refresh.
A dedicated new file is used instead of writing the version (with some
kind of annotation) to the manual kernel list to keep parsing the file
simple (and hopefully also cause fewer problems with manually edited
files)
For systemd-boot we write the entry into the loader.conf on the ESP(s)
instead of relying on the `bootctl set-default` mechanics (bootctl(1))
which write the entry in an EFI-var. This was preferred, because of a
few reports of unwriteable EFI-vars on some systems (e.g. DELL servers
have a setting preventing writing EFI-vars from the OS). The rationale
in `Why not simply rely on the EFI boot menu logic?` from [0] also
makes a few points in that direction.
For grub the following choices were made:
* write the pinned version (or actually the menu-path leading to it)
to a snippet in /etc/default/grub.d instead of editing the grub.cfg
files on the partition. Mostly to divert as little as possible from
the grub-workflow I assume people are used to.
* the 'root-device-id' part of the menu-entries is parsed from
/boot/grub/grug.cfg since it was stable (the same on all ESPs and in
/boot/grub), saves us from copying the part of "find device behind
/, mangle it if zfs/btrfs, call grub_probe a few times" part of
grub-mkconfig - and seems a bit more robust
Tested with a BIOS and an UEFI VM with / on ZFS.
[0] https://systemd.io/BOOT_LOADER_SPECIFICATION/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
makes using this helper shorter in most cases
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
while it's the legacy variant it actually works over simpledrm with
amdgpu (glitches) and nvidia (complete breakage)
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
to ensure the newly switched on SYS_FB kconfig doesn't breaks the
using the fb for the kernel, e.g., via fbcon
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
without this line `apt install wireguard` pulls in Debian's kernel +
firmware which confilcts with pve-firmware - forcing users to install
via `apt install --no-install-recommends wireguard-tools` in order to
get the userspace utils.
Plain debian has the 'Provides' in the meta-package[0]
(linux-image-amd64), so following this add it to pve-kernel-$MAJ.$MIN
versioned dependency added since wireguard has a versioned dependency
on wireguard-modules.
[0] https://salsa.debian.org/kernel-team/linux/-/blob/master/debian/templates/control.image.meta.in
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
pve-kernel-$MAJ.$MIN (e.g. pve-kernel-5.15) is the equivalent
to linux-image-amd64 for plain debian systems (similarly
pve-headers-$MAJ.$MIN).
Providing the plain debian meta-packages should improve the user
experience, for example when users install DKMS packages, which have a
dependency on linux-headers-amd64.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
following the commit of removing the wrong indentation of the linux
and initrd lines - this commit strips empty lines (and leading
trailing whitespace) in /etc/kernel/cmdline.
I managed to reproduce the issue reported in the forum [0] by adding
empty lines to /etc/kernel/cmdline) - without this - systemd-boot
booted quite happily even with the indentation.
considered using perl -pe with multiline matching but thanks to
Thomas' suggestion went with the shell-builtin read.
the check for existance of 'root=' in the resulting CMDLINE was added,
since my test-system had an empty line in the beginning, which again
rendered it unbootable.
quickly tested on a VM.
[0]: https://forum.proxmox.com/threads/problem-with-proxmox-boot-tool.99043/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
Not an actual issue, the systemd parser just skips those
whitespaces[0], but it may confuse people and lead to false-positive
conclusions about a culprit for loader issues, so fix that up.
[0]: https://github.com/systemd/systemd/blob/main/src/boot/efi/boot.c#L1064
diff before -> after:
version 5.11.22-7-pve
options root=ZFS=rpool/ROOT/pve-1 boot=zfs iommu=pt
- linux /EFI/proxmox/5.11.22-7-pve/vmlinuz-5.11.22-7-pve
- initrd /EFI/proxmox/5.11.22-7-pve/initrd.img-5.11.22-7-pve
+linux /EFI/proxmox/5.11.22-7-pve/vmlinuz-5.11.22-7-pve
+initrd /EFI/proxmox/5.11.22-7-pve/initrd.img-5.11.22-7-pve
Fixes: 2a8a4b5 ("proxmox-boot: fix#3632 copy kernel+initrd unconditionally")
Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
[ Thomas: Clarify that the commit does not fix anything but is still
good to have ]
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
do not use the -u (update) flag when copying kernel images and inird
from /boot to the ESPs:
* the ESPs are formatted with vfat, which has a 2 second precision for
mtime (`linux/fs/fat/misc.c` - `fat_truncate_time`)
* cp -u compares the mtimes of source (kernel image in /boot not on
vfat) and destination - leading to the copy always being carried
out, if the source files remain the same (and do not happen to have
a mtime exactly happening on a even second)
as laid out in the bug-report - the case where this leads to an
unbootable system is when a kernel-version is shipped twice (built
with different tool-chains) - e.g. currently the 5.11 kernels in PVE 6
and PVE 7.
tested the behavior of `cp -u` by running opensnopp-bpfcc and copying
a file twice onto ext4 (opened only once) and on vfat (opened twice).
additionally reproduced the issue (by dist-upgrading a PVE 6 VM to 7
with the pve-no-subscription repo) and verified this patch fixes it.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
like for Grub where this is handled via snippets with PVE > PMG > PBS.
Reported-by: Oguz Bektas <o.bektas@proxmox.com>
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
