Thomas Lamprecht [Sat, 20 May 2023 20:02:02 +0000 (22:02 +0200)]
buildsys: add sbuild convenience target
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
(cherry picked from commit 1e38d293496a354dfa2c4ac493ad7fae15f9a0f0) Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
in the patch I accidentally removed the include of the helper
functions - the code uses `warn` from there
reported in our enterprise support portal and in our community-forum:
https://forum.proxmox.com/threads/.114998
reproduced with a VM:
* legacy bios
* installed PVE 6.3 (so that p-b-t was not used for legacy systems)
* then upgraded to a bullseye snapshot of 01.09.2022
* then upgraded to the last bullseye point-release
- this patch fixes the issue there.
The issue should not occur on systems using p-b-t or not using zfs
for /.
proxmox-boot: fix #3729 add --graceful to bootctl invocation
The version of systemd boot in bullseye, tries writing an efivar which
is not writeable on certain (broken) UEFIs (HP thin clients).
The issue was not present in the version in buster (the variable
simply did not get written) and can be worked around by adding
--graceful to the `bootctl install` command.
see also:
https://github.com/systemd/systemd/issues/13603
Stoiko Ivanov [Fri, 11 Feb 2022 15:15:44 +0000 (16:15 +0100)]
proxmox-boot: add pin/unpin functionality for non-p-b-t systems
While running `update-grub` directly in this case is a divergence from
the semantics of the command when p-b-t handles booting it makes the
cleanup in the `next-boot` case a bit tidier.
fetching the next-boot version explicitly again before setting the
provided version is to cover the sequence:
p-b-t kernel pin <ver1> --next-boot ; p-b-t kernel pin <ver2>
Stoiko Ivanov [Fri, 11 Feb 2022 15:15:42 +0000 (16:15 +0100)]
fix #3761: proxmox-boot: add pin/unpin for kernel-version
The 2 commands follow the mechanics of p-b-t kernel add/remove in
writing the desired abi-version to a config-file in /etc/kernel and
actually modifying the boot-loader configuration upon p-b-t refresh.
A dedicated new file is used instead of writing the version (with some
kind of annotation) to the manual kernel list to keep parsing the file
simple (and hopefully also cause fewer problems with manually edited
files)
For systemd-boot we write the entry into the loader.conf on the ESP(s)
instead of relying on the `bootctl set-default` mechanics (bootctl(1))
which write the entry in an EFI-var. This was preferred, because of a
few reports of unwriteable EFI-vars on some systems (e.g. DELL servers
have a setting preventing writing EFI-vars from the OS). The rationale
in `Why not simply rely on the EFI boot menu logic?` from [0] also
makes a few points in that direction.
For grub the following choices were made:
* write the pinned version (or actually the menu-path leading to it)
to a snippet in /etc/default/grub.d instead of editing the grub.cfg
files on the partition. Mostly to divert as little as possible from
the grub-workflow I assume people are used to.
* the 'root-device-id' part of the menu-entries is parsed from
/boot/grub/grug.cfg since it was stable (the same on all ESPs and in
/boot/grub), saves us from copying the part of "find device behind
/, mangle it if zfs/btrfs, call grub_probe a few times" part of
grub-mkconfig - and seems a bit more robust
Stoiko Ivanov [Mon, 13 Dec 2021 14:52:15 +0000 (15:52 +0100)]
fix #3781: add Provides: wireguard-modules to control.in
without this line `apt install wireguard` pulls in Debian's kernel +
firmware which confilcts with pve-firmware - forcing users to install
via `apt install --no-install-recommends wireguard-tools` in order to
get the userspace utils.
Plain debian has the 'Provides' in the meta-package[0]
(linux-image-amd64), so following this add it to pve-kernel-$MAJ.$MIN
versioned dependency added since wireguard has a versioned dependency
on wireguard-modules.
Stoiko Ivanov [Mon, 13 Dec 2021 14:52:14 +0000 (15:52 +0100)]
d/control.in: Provide linux-image/linux-headers
pve-kernel-$MAJ.$MIN (e.g. pve-kernel-5.15) is the equivalent
to linux-image-amd64 for plain debian systems (similarly
pve-headers-$MAJ.$MIN).
Providing the plain debian meta-packages should improve the user
experience, for example when users install DKMS packages, which have a
dependency on linux-headers-amd64.
Stoiko Ivanov [Wed, 10 Nov 2021 15:25:10 +0000 (16:25 +0100)]
proxmox-boot: read only first line of /etc/kernel/cmdline
following the commit of removing the wrong indentation of the linux
and initrd lines - this commit strips empty lines (and leading
trailing whitespace) in /etc/kernel/cmdline.
I managed to reproduce the issue reported in the forum [0] by adding
empty lines to /etc/kernel/cmdline) - without this - systemd-boot
booted quite happily even with the indentation.
considered using perl -pe with multiline matching but thanks to
Thomas' suggestion went with the shell-builtin read.
the check for existance of 'root=' in the resulting CMDLINE was added,
since my test-system had an empty line in the beginning, which again
rendered it unbootable.
Oguz Bektas [Wed, 10 Nov 2021 13:07:46 +0000 (14:07 +0100)]
proxmox-boot: esp config: avoid leading whitespace in initrd/linux options
Not an actual issue, the systemd parser just skips those
whitespaces[0], but it may confuse people and lead to false-positive
conclusions about a culprit for loader issues, so fix that up.
diff before -> after:
version 5.11.22-7-pve
options root=ZFS=rpool/ROOT/pve-1 boot=zfs iommu=pt
- linux /EFI/proxmox/5.11.22-7-pve/vmlinuz-5.11.22-7-pve
- initrd /EFI/proxmox/5.11.22-7-pve/initrd.img-5.11.22-7-pve
+linux /EFI/proxmox/5.11.22-7-pve/vmlinuz-5.11.22-7-pve
+initrd /EFI/proxmox/5.11.22-7-pve/initrd.img-5.11.22-7-pve
Fixes: 2a8a4b5 ("proxmox-boot: fix #3632 copy kernel+initrd unconditionally") Signed-off-by: Oguz Bektas <o.bektas@proxmox.com>
[ Thomas: Clarify that the commit does not fix anything but is still
good to have ] Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
do not use the -u (update) flag when copying kernel images and inird
from /boot to the ESPs:
* the ESPs are formatted with vfat, which has a 2 second precision for
mtime (`linux/fs/fat/misc.c` - `fat_truncate_time`)
* cp -u compares the mtimes of source (kernel image in /boot not on
vfat) and destination - leading to the copy always being carried
out, if the source files remain the same (and do not happen to have
a mtime exactly happening on a even second)
as laid out in the bug-report - the case where this leads to an
unbootable system is when a kernel-version is shipped twice (built
with different tool-chains) - e.g. currently the 5.11 kernels in PVE 6
and PVE 7.
tested the behavior of `cp -u` by running opensnopp-bpfcc and copying
a file twice onto ext4 (opened only once) and on vfat (opened twice).
additionally reproduced the issue (by dist-upgrading a PVE 6 VM to 7
with the pve-no-subscription repo) and verified this patch fixes it.
grub wrapper: skip if using boot-tool but also booted via EFI
From Fabians feedback:
> this could have another guard for whether the system is even booted
> with grub as if the system was booted using EFI, re-initing all
> ESPs is just busy-work
So skip if proxmox-boot-tool and booted with EFI, as then GRUB is out
of the picture anyway.
Signed-off-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
proxmox-boot: maintscript: change logic whether to add diversion
Deciding whether or not to add the diversion based on the version
alone fails quite hard in case pve-kernel-helper is in dpkg-state 'rc'
(removed not purged) as reported in our community forum[0]:
* removing pve-kernel-helper removes the diversion of grub-install
* if config-files are still present the preinst script gets called
with the version of the config-files (the version that got removed)
* if the version was newer than 6.4-1~ then no diversion is added
* unpacking fails, because grub-install would be overwritten leaving
pve-kernel-helper in state 'ic'
Explicitly checking whether the diversion is in place sounds like a
robust approach here.
downside: documentation on dpkg-divert in maintainer scripts [1] uses
the version approach.
proxmox-boot: divert call to grub-install to p-b-t init
This way all ESPs (in case of a legacy booted system) get an
updated grub installation.
running only once between reboots (the markerfile is in /tmp) should
be enough. Sadly the environment does not provide a hint which version
grub is installed to.
proxmox-boot: ignore call to grub-install from grub maintscripts
in certain cases the postinst script of grub-pc runs grub-install on
the disks it gets from debconf. Simply warn and exit with 0 if
grub-install is called by dpkg and from a grub related package
Stoiko Ivanov [Thu, 24 Jun 2021 11:20:25 +0000 (13:20 +0200)]
proxmox-boot: redirect stdout in update-grub snippet
update-grub (via grub-mkconfig) generates the grub configuration by
concatenating the output of each snippet (from /etc/grub.d).
We need to redirect the output of `proxmox-boot-tool refresh`
to not end up with a syntactically wrong config in /boot/grub/grub.cfg
(which is not used in any case)