[pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761)

[Stoiko Ivanov <s.ivanov@proxmox.com>]

changes v2->v3:
* incoroporated Fabian's and Thomas' feedback - huge thanks:
** changed `p-b-t kernel next-boot <ver>` to `p-b-t kernel pin <ver> --next-boot`
** improved usage output
** style-fixes to proxmox-ve apt-hook
** 'untaint' the fd fetched from the environment in proxmox-ve apt-hook
* fixed a glitch in the non p-b-t booted case (next-boot pin followed by a
  permanent pin cause the next-boot to be ignored)
* output of `p-b-t kernel list` now only prints pinned versions if they are set

original cover-letter for v2:
changes v1->v2:
* incorporated the feedback on the v1 (by Aaron and Fabian - huge thx!):
** a next-boot pin is now handled independently from a pin - i.e. if you
   both pin a kernel and set one for the next-boot - the system afterwards
   keeps the pinned version (instead of the latest)
** change from modifying /etc/default/grub to creating a snippet in
   /etc/default/grub.d/proxmox-boot-pin.cfg - I did not see a need for having
   two pinning files there (since they get written both at each relevant
   invocation anyways - thus also no need for prefixing with y_ and z_
** the semantics of unpin changed (it now takes an optional argument to
   remove the next-boot-pin only (made the cleanup-service cleaner)
** added a check to the apthook in proxmox-ve as Fabian suggested
* changed the semantics of get_first_line - to check for file existence
  itself, since it makes using it shorter at almost all call-sites
* fixed two perlcritic warnings in the pve apthook (which is quite
  independent of the series)

again tested on 3 VMs (ext4, zfs+uefi, zfs+legacy) - but would be grateful
if you find some use-case apart from - pin permanent, pin next-boot, reboot,
reboot.


original cover letter of v1:
The following series adds:
* proxmox-boot-tool kernel pin <kabi-version> (to permanently set the
  default entry of the respective bootloader)
* proxmox-boot-tool kernel unpin (to undo a previous pin)
* proxmox-boot-tool kernel next-boot (to do a pin+touch a file, which causes
  an unpin on next boot)

This is the first functionality which is available for 'regular grub-setups'
(i.e. systems setup with lvm-thin with our ISO or systems installed on top
of plain debian) as well.

The first two patches are cleanup+refactoring (and should not change any
functionality)

The choices (those I think might benefit from a bit of feedback) for this
implementation were:
* for grub - automaticially rewrite '/etc/default/grub' (as this is where
  I'd look to check whether some default is set)
* for systemd - set the entry in the loader.conf and not in the efivars
  (`bootctl set-default/set-once`) - mostly from my bias towards config
  files instead of UEFI vars (depending on implementation quality of the
  UEFI) - another reason was to keep the implementation close for both
  boot-loaders
* for p-b-t booted systems the need to run `p-b-t refresh` manually
  afterwards (following the behavior of `p-b-t kernel add/remove`) could
  be changed to invoking the refresh directly (as with non-p-b-t booted
  systems). Especially since it might make sense to 'add' multiple kernels
  and then do the mount+copy+configupdate only once, whereas you can only
  pin on version anyways

Tested on three VMs installed from the 7.1 ISO (UEFI+ZFS, legacy+ZFS,
UEFI+lvm-thin).

pve-kernel-meta:
Stoiko Ivanov (4):
  proxmox-boot: return empty if file does not exist in get_first_line
  proxmox-boot: fix #3671 add pin/unpin for kernel-version
  proxmox-boot: add --next-boot option kernel pin command
  proxmox-boot: add pin/unpin functionality for non-p-b-t systems

 bin/proxmox-boot-tool                     | 97 +++++++++++++++++++++++
 debian/pve-kernel-helper.install          |  1 +
 debian/rules                              |  3 +
 proxmox-boot/Makefile                     |  4 +
 proxmox-boot/functions                    | 45 +++++++++++
 proxmox-boot/proxmox-boot-cleanup.service | 13 +++
 proxmox-boot/zz-proxmox-boot              |  8 ++
 7 files changed, 171 insertions(+)
 create mode 100644 proxmox-boot/proxmox-boot-cleanup.service

proxmox-ve:
Stoiko Ivanov (3):
  apt-hook: fix perlcritic warnings
  apt-hook: verify that fd is numeric
  apt-hook: add check preventing the removal of pinned kernels

 debian/apthook/pve-apt-hook | 36 +++++++++++++++++++++++++++++++++---
 1 file changed, 33 insertions(+), 3 deletions(-)

-- 
2.30.2