From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <s.ivanov@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 82D2576608
 for <pve-devel@lists.proxmox.com>; Fri, 23 Apr 2021 11:05:09 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id E59D7259F5
 for <pve-devel@lists.proxmox.com>; Fri, 23 Apr 2021 11:05:08 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 096D525941
 for <pve-devel@lists.proxmox.com>; Fri, 23 Apr 2021 11:05:05 +0200 (CEST)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id D711A44F81
 for <pve-devel@lists.proxmox.com>; Fri, 23 Apr 2021 11:05:04 +0200 (CEST)
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Cc: Thomas Lamprecht <t.lamprecht@proxmox.com>
Date: Fri, 23 Apr 2021 11:04:49 +0200
Message-Id: <20210423090451.2279-8-s.ivanov@proxmox.com>
X-Mailer: git-send-email 2.20.1
In-Reply-To: <20210423090451.2279-1-s.ivanov@proxmox.com>
References: <20210423090451.2279-1-s.ivanov@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-SPAM-LEVEL: Spam detection results:  0
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH pve-kernel-meta v2 7/8] proxmox-boot: add
 grub-install wrapper
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Fri, 23 Apr 2021 09:05:09 -0000

if a (legacy) system is booted with proxmox-boot-tool, running
`grub-install` without being aware of the fact can render the system
unbootable (e.g. when letting the early stage point to an incompatible
zpool instead of the ESP).

To prevent this we add a dpkg-diversion [0], which simply checks if
`proxmox-boot-tool status` indicates that proxmox-boot is used and
errors out in that case, and runs the actual grub-install else.

Co-authored-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
v1->v2:
* use quiet flag for p-b-t status
* adapt maintainer-scripts (based on Thomas' feedback)
 bin/Makefile                     |  1 +
 bin/grub-install-wrapper         | 12 ++++++++++++
 bin/proxmox-boot-tool            |  2 +-
 debian/pve-kernel-helper.install |  1 +
 debian/pve-kernel-helper.postrm  | 22 ++++++++++++++++++++++
 debian/pve-kernel-helper.preinst | 16 ++++++++++++++++
 6 files changed, 53 insertions(+), 1 deletion(-)
 create mode 100755 bin/grub-install-wrapper
 create mode 100644 debian/pve-kernel-helper.postrm
 create mode 100644 debian/pve-kernel-helper.preinst

diff --git a/bin/Makefile b/bin/Makefile
index b78fa42..2e18342 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -6,6 +6,7 @@ all:
 install:
 	install -d ${SBINDIR}
 	install -m 0755 proxmox-boot-tool ${SBINDIR}/
+	install -m 0755 grub-install-wrapper ${SBINDIR}/grub-install
 
 .PHONY: clean distclean
 distclean:
diff --git a/bin/grub-install-wrapper b/bin/grub-install-wrapper
new file mode 100755
index 0000000..a61e984
--- /dev/null
+++ b/bin/grub-install-wrapper
@@ -0,0 +1,12 @@
+#! /bin/sh
+set -e
+
+. /usr/share/pve-kernel-helper/scripts/functions
+
+if proxmox-boot-tool status --quiet; then
+	warn "grub-install is disabled because this system is booted via proxmox-boot-tool, if you really need to run it, run /usr/sbin/grub-install.real"
+	exit 1
+else
+	grub-install.real "$@"
+fi
+
diff --git a/bin/proxmox-boot-tool b/bin/proxmox-boot-tool
index 219ea3b..079fa26 100755
--- a/bin/proxmox-boot-tool
+++ b/bin/proxmox-boot-tool
@@ -161,7 +161,7 @@ init() {
 		mv "$esp_mp/$PMX_LOADER_CONF.tmp" "$esp_mp/$PMX_LOADER_CONF"
 	else
 		echo "Installing grub i386-pc target.."
-		grub-install \
+		grub-install.real \
 			--boot-directory $esp_mp \
 			--target i386-pc \
 			--no-floppy \
diff --git a/debian/pve-kernel-helper.install b/debian/pve-kernel-helper.install
index f03b05a..5f264aa 100644
--- a/debian/pve-kernel-helper.install
+++ b/debian/pve-kernel-helper.install
@@ -3,4 +3,5 @@ etc/kernel/postinst.d/*
 etc/kernel/postrm.d/*
 etc/initramfs/post-update.d/proxmox-boot-sync
 usr/sbin/proxmox-boot-tool
+usr/sbin/grub-install
 usr/share/pve-kernel-helper/scripts/functions
diff --git a/debian/pve-kernel-helper.postrm b/debian/pve-kernel-helper.postrm
new file mode 100644
index 0000000..080598b
--- /dev/null
+++ b/debian/pve-kernel-helper.postrm
@@ -0,0 +1,22 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+  remove|abort-install|disappear)
+	dpkg-divert --package pve-kernel-helper --remove --rename \
+           --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+    ;;
+  abort-upgrade)
+       if [ -n "$2" ]; then
+           if dpkg --compare-versions "$2" lt 6.3-9; then
+               dpkg-divert --package pve-kernel-helper --remove --rename \
+                   --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+           fi
+       fi
+  ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/pve-kernel-helper.preinst b/debian/pve-kernel-helper.preinst
new file mode 100644
index 0000000..6e21b51
--- /dev/null
+++ b/debian/pve-kernel-helper.preinst
@@ -0,0 +1,16 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+    install)
+        if [ -z "$2" ]; then
+            dpkg-divert --package pve-kernel-helper --add --rename \
+                --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+        fi
+    ;;
+esac
+
+#DEBHELPER#
+
+exit 0
-- 
2.20.1