From f9aea18c19b4d744cf0d727588ee3b0f76edfef5 Mon Sep 17 00:00:00 2001 From: Michael Prokop Date: Mon, 16 Aug 2021 21:30:37 +0200 Subject: [PATCH] TT#118659 Fixup for efivarfs handling with grml-debootstrap v0.98 This is a followup fixup for commit 535e6df / Change-Id: I5374322cb0a39cfed6563df6c4c30f1eafe560c1 We had to apply fixes due to efivars vs efivarfs in kernel versions >=5.10, and addressed them in commit 535e6df. Those changes were incomplete though, as the fix included in grml-debootstrap v0.97 is incomplete: while efibootmgr was properly invoked and working, invocation of grub-install doesn't reliably work (as at that time /sys/firmware/efi/efivars is no longer accessible). GRUB installation on EFI systems without /sys/firmware/efi/efivars present warns with "EFI variables are not supported on this system" (see https://sources.debian.org/src/grub2/2.04-20/debian/patches/efi-variable-storage-minimise-writes.patch/?hl=650#L650), though returns with exit code 0. This leaves us with an incomplete and therefore not booting GRUB EFI environment. This used to work with mr9.5.1 only, because there we install(ed) systems using grml-debootstrap v0.96, which is *older* than the version v0.97 (which included the EFI workaround) we check for in deployment.sh. Since the grml-debootstrap version v0.96 isn't recent enough there, we applied the fallback to our local scripts, which took care of proper installation of GRUB in EFI environments. On the other side, in recent trunk deployments we have grml-debootstrap v0.98 available, which includes the EFI workaround - therefore our local scripts aren't applied. The resulting installation is incomplete, and recent trunk deployments fail to boot in EFI environments. The according fix for grml-debootstrap has been made and is going to be released in the next few days as v0.99. But to ensure that it's working also with older grml-debootstrap versions (and we don't have to rebuild our squashfs environments), the local scripts have been adjusted. We don't even need any pre-script at all, instead we handle all of the GRUB EFI installation through /etc/debootstrap/post-scripts/efivarfs. FTR: this issue didn't show up on certain test systems of us, because SW-RAID is used there. In deployment.sh we have special handling of SW-RAID regarding efibootmgr and grub-install, see line 2330 ff. Change-Id: Ifa90fbfab7d69bc331acfec15a6cc9318c84ee8f --- templates/scripts/includes/deployment.sh | 61 +++++++++++++----------- 1 file changed, 32 insertions(+), 29 deletions(-) diff --git a/templates/scripts/includes/deployment.sh b/templates/scripts/includes/deployment.sh index c45a923..4238548 100755 --- a/templates/scripts/includes/deployment.sh +++ b/templates/scripts/includes/deployment.sh @@ -342,12 +342,12 @@ efi_support() { } # Debian kernels >=5.10 don't provide efivars support, ensure to either: -# 1) have grml-debootstrap v0.97 or newer available (which provides according +# 1) have grml-debootstrap v0.99 or newer available (which provides according # efivarfs workaround), or otherwise: -# 2) apply local workaround using pre and post scripts within grml-debootstrap +# 2) apply local workaround using post script within grml-debootstrap # (to avoid having to update the grml-debootstrap package, because that's not # available within environments relying on our approx Debian mirror, which -# doesn't the Grml repository) +# doesn't provide the Grml repository) efivars_workaround() { if lsmod | grep -q 'efivars' ; then echo "We do have efivars support, no need to apply workarounds" @@ -355,21 +355,36 @@ efivars_workaround() { fi echo "Running with kernel without efivars support" - if check_package_version grml-debootstrap 0.97~ ; then - echo "grml-debootstrap >=0.97 available, no need to apply pre/post script workaround" + if check_package_version grml-debootstrap 0.99~ ; then + echo "grml-debootstrap >=0.99 available, no need to apply pre/post script workaround" return 0 fi - echo "Present grml-debootstrap version is not recent enough, falling back to workarounds using local scripts" + echo "Present grml-debootstrap version is not recent enough, falling back to workarounds using local script" - # pre script - mkdir -p /etc/debootstrap/pre-scripts/ - cat > /etc/debootstrap/pre-scripts/efivarfs << "EOL" + # post script + mkdir -p /etc/debootstrap/post-scripts/ + cat > /etc/debootstrap/post-scripts/efivarfs << "EOL" #!/bin/bash set -eu -p pipefail echo "Executing $0" +if ! [ -d "${MNTPOINT}"/boot/efi/EFI ] ; then + echo "Mounting /boot/efi" + chroot "${MNTPOINT}" mount /boot/efi +fi + +if ! [ -e "${MNTPOINT}"/dev/mapper/ngcp-root ] ; then + echo "Mounting /dev (via bind mount)" + mount --bind /dev "${MNTPOINT}"/dev/ +fi + +if ! [ -e "${MNTPOINT}"/proc/cmdline ] ; then + echo "Mounting /proc" + chroot "${MNTPOINT}" mount -t proc none /proc +fi + if ! ls "${MNTPOINT}"/sys/firmware/efi/efivars/* &>/dev/null ; then # we need to have /sys available to be able to mount /sys/firmware/efi/efivars if ! chroot "${MNTPOINT}" test -d /sys/kernel ; then @@ -380,27 +395,16 @@ if ! ls "${MNTPOINT}"/sys/firmware/efi/efivars/* &>/dev/null ; then echo "Mounting efivarfs on /sys/firmware/efi/efivars" chroot "${MNTPOINT}" mount -t efivarfs efivarfs /sys/firmware/efi/efivars fi -echo "Finished execution of $0" -EOL - chmod 775 /etc/debootstrap/pre-scripts/efivarfs - PRE_SCRIPTS_OPTION="--pre-scripts /etc/debootstrap/pre-scripts/" +echo "Invoking grub-install with proper EFI environment" +chroot "${MNTPOINT}" grub-install - # post script - mkdir -p /etc/debootstrap/post-scripts/ - cat > /etc/debootstrap/post-scripts/efivarfs << "EOL" -#!/bin/bash -set -eu -p pipefail - -echo "Executing $0" - -if mountpoint "${MNTPOINT}"/sys/firmware/efi/efivars &>/dev/null ; then - umount "${MNTPOINT}"/sys/firmware/efi/efivars -fi - -if mountpoint "${MNTPOINT}"/sys &>/dev/null ; then - umount "${MNTPOINT}"/sys -fi +for f in /sys/firmware/efi/efivars /sys /proc /dev /boot/efi ; do + if mountpoint "${MNTPOINT}/$f" &>/dev/null ; then + echo "Unmounting $f" + umount "${MNTPOINT}/$f" + fi +done echo "Finished execution of $0" EOL @@ -2024,7 +2028,6 @@ echo y | grml-debootstrap \ -r "$DEBIAN_RELEASE" \ -t "$ROOT_FS" \ $EFI_OPTION \ - $PRE_SCRIPTS_OPTION \ $POST_SCRIPTS_OPTION \ --password 'sipwise' 2>&1 | tee -a /tmp/grml-debootstrap.log