TT#118659 Fixup for efivarfs handling with grml-debootstrap v0.98

This is a followup fixup for commit 535e6df / Change-Id: I5374322cb0a39cfed6563df6c4c30f1eafe560c1

We had to apply fixes due to efivars vs efivarfs in kernel versions
>=5.10, and addressed them in commit 535e6df.  Those changes were
incomplete though, as the fix included in grml-debootstrap v0.97 is
incomplete: while efibootmgr was properly invoked and working,
invocation of grub-install doesn't reliably work (as at that time
/sys/firmware/efi/efivars is no longer accessible). GRUB installation on
EFI systems without /sys/firmware/efi/efivars present warns with "EFI
variables are not supported on this system" (see
https://sources.debian.org/src/grub2/2.04-20/debian/patches/efi-variable-storage-minimise-writes.patch/?hl=650#L650),
though returns with exit code 0. This leaves us with an incomplete and
therefore not booting GRUB EFI environment.

This used to work with mr9.5.1 only, because there we install(ed)
systems using grml-debootstrap v0.96, which is *older* than the version
v0.97 (which included the EFI workaround) we check for in deployment.sh.
Since the grml-debootstrap version v0.96 isn't recent enough there, we
applied the fallback to our local scripts, which took care of proper
installation of GRUB in EFI environments.

On the other side, in recent trunk deployments we have grml-debootstrap
v0.98 available, which includes the EFI workaround - therefore our local
scripts aren't applied. The resulting installation is incomplete, and
recent trunk deployments fail to boot in EFI environments.

The according fix for grml-debootstrap has been made and is going to be
released in the next few days as v0.99. But to ensure that it's working
also with older grml-debootstrap versions (and we don't have to rebuild
our squashfs environments), the local scripts have been adjusted.
We don't even need any pre-script at all, instead we handle all of the
GRUB EFI installation through /etc/debootstrap/post-scripts/efivarfs.

FTR: this issue didn't show up on certain test systems of us, because
SW-RAID is used there. In deployment.sh we have special handling
of SW-RAID regarding efibootmgr and grub-install, see line 2330 ff.

Change-Id: Ifa90fbfab7d69bc331acfec15a6cc9318c84ee8f

templates/scripts/includes/deployment.sh

@@ -342,12 +342,12 @@ efi_support() {
 }
 
 # Debian kernels >=5.10 don't provide efivars support, ensure to either:
-# 1) have grml-debootstrap v0.97 or newer available (which provides according
+# 1) have grml-debootstrap v0.99 or newer available (which provides according
 # efivarfs workaround), or otherwise:
-# 2) apply local workaround using pre and post scripts within grml-debootstrap
+# 2) apply local workaround using post script within grml-debootstrap
 # (to avoid having to update the grml-debootstrap package, because that's not
 # available within environments relying on our approx Debian mirror, which
-# doesn't the Grml repository)
+# doesn't provide the Grml repository)
 efivars_workaround() {
   if lsmod | grep -q 'efivars' ; then
     echo "We do have efivars support, no need to apply workarounds"
@@ -355,21 +355,36 @@ efivars_workaround() {
   fi
 
   echo "Running with kernel without efivars support"
-  if check_package_version grml-debootstrap 0.97~ ; then
-    echo "grml-debootstrap >=0.97 available, no need to apply pre/post script workaround"
+  if check_package_version grml-debootstrap 0.99~ ; then
+    echo "grml-debootstrap >=0.99 available, no need to apply pre/post script workaround"
     return 0
   fi
 
-  echo "Present grml-debootstrap version is not recent enough, falling back to workarounds using local scripts"
+  echo "Present grml-debootstrap version is not recent enough, falling back to workarounds using local script"
 
-  # pre script
-  mkdir -p /etc/debootstrap/pre-scripts/
-  cat > /etc/debootstrap/pre-scripts/efivarfs << "EOL"
+  # post script
+  mkdir -p /etc/debootstrap/post-scripts/
+  cat > /etc/debootstrap/post-scripts/efivarfs << "EOL"
 #!/bin/bash
 set -eu -p pipefail
 
 echo "Executing $0"
 
+if ! [ -d "${MNTPOINT}"/boot/efi/EFI ] ; then
+  echo "Mounting /boot/efi"
+  chroot "${MNTPOINT}" mount /boot/efi
+fi
+
+if ! [ -e "${MNTPOINT}"/dev/mapper/ngcp-root ] ; then
+  echo "Mounting /dev (via bind mount)"
+  mount --bind /dev "${MNTPOINT}"/dev/
+fi
+
+if ! [ -e "${MNTPOINT}"/proc/cmdline ] ; then
+  echo "Mounting /proc"
+  chroot "${MNTPOINT}" mount -t proc none /proc
+fi
+
 if ! ls "${MNTPOINT}"/sys/firmware/efi/efivars/* &>/dev/null ; then
   # we need to have /sys available to be able to mount /sys/firmware/efi/efivars
   if ! chroot "${MNTPOINT}" test -d /sys/kernel ; then
@@ -380,27 +395,16 @@ if ! ls "${MNTPOINT}"/sys/firmware/efi/efivars/* &>/dev/null ; then
   echo "Mounting efivarfs on /sys/firmware/efi/efivars"
   chroot "${MNTPOINT}" mount -t efivarfs efivarfs /sys/firmware/efi/efivars
 fi
-echo "Finished execution of $0"
-EOL
 
-  chmod 775 /etc/debootstrap/pre-scripts/efivarfs
-  PRE_SCRIPTS_OPTION="--pre-scripts /etc/debootstrap/pre-scripts/"
+echo "Invoking grub-install with proper EFI environment"
+chroot "${MNTPOINT}" grub-install
 
-  # post script
-  mkdir -p /etc/debootstrap/post-scripts/
-  cat > /etc/debootstrap/post-scripts/efivarfs << "EOL"
-#!/bin/bash
-set -eu -p pipefail
-
-echo "Executing $0"
-
-if mountpoint "${MNTPOINT}"/sys/firmware/efi/efivars &>/dev/null ; then
-  umount "${MNTPOINT}"/sys/firmware/efi/efivars
-fi
-
-if mountpoint "${MNTPOINT}"/sys &>/dev/null ; then
-  umount "${MNTPOINT}"/sys
-fi
+for f in /sys/firmware/efi/efivars /sys /proc /dev /boot/efi ; do
+  if mountpoint "${MNTPOINT}/$f" &>/dev/null ; then
+    echo "Unmounting $f"
+    umount "${MNTPOINT}/$f"
+  fi
+done
 
 echo "Finished execution of $0"
 EOL
@@ -2024,7 +2028,6 @@ echo y | grml-debootstrap \
   -r "$DEBIAN_RELEASE" \
   -t "$ROOT_FS" \
   $EFI_OPTION \
-  $PRE_SCRIPTS_OPTION \
   $POST_SCRIPTS_OPTION \
   --password 'sipwise' 2>&1 | tee -a /tmp/grml-debootstrap.log