From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <s.ivanov@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by lists.proxmox.com (Postfix) with ESMTPS id 7D53975A4C
for <pve-devel@lists.proxmox.com>; Thu, 22 Apr 2021 13:18:13 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
by firstgate.proxmox.com (Proxmox) with ESMTP id CB7B01AF26
for <pve-devel@lists.proxmox.com>; Thu, 22 Apr 2021 13:18:12 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
[94.136.29.106])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (2048 bits))
(No client certificate requested)
by firstgate.proxmox.com (Proxmox) with ESMTPS id 31E0F1AEB3
for <pve-devel@lists.proxmox.com>; Thu, 22 Apr 2021 13:18:09 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
by proxmox-new.maurer-it.com (Proxmox) with ESMTP id 0C5B641E06
for <pve-devel@lists.proxmox.com>; Thu, 22 Apr 2021 13:18:09 +0200 (CEST)
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 22 Apr 2021 13:18:00 +0200
Message-Id: <20210422111801.4193-8-s.ivanov@proxmox.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210422111801.4193-1-s.ivanov@proxmox.com>
References: <20210422111801.4193-1-s.ivanov@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results: 0
KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record
SPF_PASS -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH pve-kernel-meta 7/7] proxmox-boot: add
grub-install wrapper
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>,
<mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Thu, 22 Apr 2021 11:18:13 -0000
if a (legacy) system is booted with proxmox-boot-tool, running
`grub-install` without being aware of the fact can render the system
unbootable (e.g. when letting the early stage point to an incompatible
zpool instead of the ESP).
To prevent this we add a dpkg-diversion [0], which simply checks if
`proxmox-boot-tool status` indicates that proxmox-boot is used and
errors out in that case, and runs the actual grub-install else.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
bin/Makefile | 1 +
bin/grub-install-wrapper | 12 ++++++++++++
bin/proxmox-boot-tool | 2 +-
debian/pve-kernel-helper.install | 1 +
debian/pve-kernel-helper.postrm | 14 ++++++++++++++
debian/pve-kernel-helper.preinst | 9 +++++++++
6 files changed, 38 insertions(+), 1 deletion(-)
create mode 100755 bin/grub-install-wrapper
create mode 100644 debian/pve-kernel-helper.postrm
create mode 100644 debian/pve-kernel-helper.preinst
diff --git a/bin/Makefile b/bin/Makefile
index b78fa42..2e18342 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -6,6 +6,7 @@ all:
install:
install -d ${SBINDIR}
install -m 0755 proxmox-boot-tool ${SBINDIR}/
+ install -m 0755 grub-install-wrapper ${SBINDIR}/grub-install
.PHONY: clean distclean
distclean:
diff --git a/bin/grub-install-wrapper b/bin/grub-install-wrapper
new file mode 100755
index 0000000..d9ef9cc
--- /dev/null
+++ b/bin/grub-install-wrapper
@@ -0,0 +1,12 @@
+#! /bin/sh
+set -e
+
+. /usr/share/pve-kernel-helper/scripts/functions
+
+if proxmox-boot-tool status; then
+ warn "grub-install is disabled because this system is booted via proxmox-boot-tool, if you really need to run it, run /usr/sbin/grub-install.real"
+ exit 1
+else
+ grub-install.real "$@"
+fi
+
diff --git a/bin/proxmox-boot-tool b/bin/proxmox-boot-tool
index 8baa577..bf9af7c 100755
--- a/bin/proxmox-boot-tool
+++ b/bin/proxmox-boot-tool
@@ -161,7 +161,7 @@ init() {
mv "$esp_mp/$PMX_LOADER_CONF.tmp" "$esp_mp/$PMX_LOADER_CONF"
else
echo "Installing grub i386-pc target.."
- grub-install \
+ grub-install.real \
--boot-directory $esp_mp \
--target i386-pc \
--no-floppy \
diff --git a/debian/pve-kernel-helper.install b/debian/pve-kernel-helper.install
index aae9494..e410ce7 100644
--- a/debian/pve-kernel-helper.install
+++ b/debian/pve-kernel-helper.install
@@ -2,4 +2,5 @@ etc/kernel/postinst.d/*
etc/kernel/postrm.d/*
etc/initramfs/post-update.d/proxmox-boot-sync
usr/sbin/proxmox-boot-tool
+usr/sbin/grub-install
usr/share/pve-kernel-helper/scripts/functions
diff --git a/debian/pve-kernel-helper.postrm b/debian/pve-kernel-helper.postrm
new file mode 100644
index 0000000..98e5550
--- /dev/null
+++ b/debian/pve-kernel-helper.postrm
@@ -0,0 +1,14 @@
+#! /bin/sh
+
+set -e
+
+if [ remove = "$1" ] || [ abort-install = "$1" ] || [ disappear = "$1" ]; then
+ dpkg-divert --package pve-kernel-helper --remove --rename \
+ --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+fi
+
+if [ abort-upgrade = "$1" ] && dpkg --compare-versions "$2" lt 6.3-9; then
+ dpkg-divert --package pve-kernel-helper --remove --rename \
+ --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+fi
+
diff --git a/debian/pve-kernel-helper.preinst b/debian/pve-kernel-helper.preinst
new file mode 100644
index 0000000..d0a8f67
--- /dev/null
+++ b/debian/pve-kernel-helper.preinst
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+set -e
+
+if [ upgrade != "$1" ] || dpkg --compare-versions "$2" lt 6.3-9; then
+ dpkg-divert --package pve-kernel-helper --add --rename \
+ --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+fi
+
--
2.20.1