Re: [pve-devel] [PATCH manager] cli: pve8to9: rework boot-loader suggestions for trixie

["Fabian Grünbichler" <f.gruenbichler@proxmox.com>]

On August 1, 2025 2:38 pm, Stoiko Ivanov wrote:
> a few things changed in systemd-boot upstream packages we use as
> for proxmox-boot-tool systems:
> * systemd-boot was split up further into systemd-boot-tools (we need
>   `bootctl`) and `systemd-boot`(the meta-package which triggers
>   updates
> * the ESPs updates now also run upon updates of shim(-signed) and
>   probably other boot-related packages. These triggered updated breaks
>   apt for systems booted by proxmox-boot-tool (more generally for
>   systems which don't have the ESP mounted).
> 
> This patch reworks our logic for checking:
> * before upgrade the log message just reflects that we need
>   systemd-boot in bookworm
> * for legacy booted systems we suggest removing `systemd-boot` (so it
>   does not cause more issues in the future, and is definitely not
>   needed for booting there
> * for p-b-t we suggest to remove the meta-package
> * for non-p-b-t we suggest to remove it as well, unless the system was
>   manually setup to use systemd-boot.
> 
> see the changes for proxmox-kernel-helper for further background:
> https://lore.proxmox.com/all/20250731114455.995999-1-f.gruenbichler@proxmox.com/
> 
> minimally tested on a secure-boot enabled VM, and on one which uses
> p-b-t with systemd-boot.
> 
> Co-Authored-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

FWIW

Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>

one thing that is not checked here is the combination

p-b-t with systemd-boot used, but none of the systemd-boot-* packages
installed - but p-b-t will check and warn about that when attempting
reinit, which also happens as part of the 8to9 upgrade, so that is fine
I think..

> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
> Thanks to Fabian for discussing the decision tree for this off-list!
> 
>  PVE/CLI/pve8to9.pm | 40 ++++++++++++++++++++++++++++------------
>  1 file changed, 28 insertions(+), 12 deletions(-)
> 
> diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm
> index 4d61cd83..9f2a3234 100644
> --- a/PVE/CLI/pve8to9.pm
> +++ b/PVE/CLI/pve8to9.pm
> @@ -1601,30 +1601,46 @@ sub check_bootloader {
>      log_info("Checking bootloader configuration...");
>  
>      if (!-d '/sys/firmware/efi') {
> +        if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
> +            log_info("systemd-boot package installed on legacy-boot system is not necessary, consider remoing it");
> +            return;
> +        }
>          log_skip("System booted in legacy-mode - no need for additional packages");
>          return;
>      }
>  
>      if (-f "/etc/kernel/proxmox-boot-uuids") {
>          if (!$upgraded) {
> -            log_skip("not yet upgraded, no need to check the presence of systemd-boot");
> +            log_skip("not yet upgraded, systemd-boot still needed for bootctl");
>              return;
>          }
>          if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
> -            log_pass("bootloader packages installed correctly");
> +            log_warn("systemd-boot meta-package installed this will cause issues on upgrades of"
> +                ." boot-related packages. Install 'systemd-boot-efi' and 'systemd-boot-tools' explicitly"
> +                ." and remove 'systemd-boot'");
>              return;
>          }
> -        log_warn("proxmox-boot-tool is used for bootloader configuration in uefi mode"
> -            . " but the separate systemd-boot package is not installed,"
> -            . " initializing new ESPs will not work until the package is installed");
> -        return;
> -    } elsif (!-f "/usr/share/doc/grub-efi-amd64/changelog.Debian.gz") {
> -        log_warn("System booted in uefi mode but grub-efi-amd64 meta-package not installed,"
> -            . " new grub versions will not be installed to /boot/efi!"
> -            . " Install grub-efi-amd64.");
> -        return;
>      } else {
> -        log_pass("bootloader packages installed correctly");
> +        if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
> +            my $exit_code = eval {
> +                run_command(['bootctl', 'is-installed', '--quiet', '--graceful'], noerr => 1);
> +            };
> +            if ($exit_code != 0) {
> +                log_warn("systemd-boot meta-package installed but the system does not seem to use it"
> +                    ." for booting. This can cause problems on upgrades of other boot-related packages"
> +                    ." Consider removing 'systemd-boot'");
> +            } else {
> +                log_info("systemd-boot used as bootloader and fitting meta-package installed.");
> +                return;
> +            }
> +        }
> +        if (!-f "/usr/share/doc/grub-efi-amd64/changelog.Debian.gz") {
> +            log_warn("System booted in uefi mode but grub-efi-amd64 meta-package not installed,"
> +                . " new grub versions will not be installed to /boot/efi! Install grub-efi-amd64.");
> +            return;
> +        } else {
> +            log_pass("bootloader packages installed correctly");
> +        }
>      }
>  }
>  
> -- 
> 2.39.5
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel