From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id 5D7EC1FF165
	for <inbox@lore.proxmox.com>; Thu, 14 Aug 2025 14:07:10 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 7946E1137F;
	Thu, 14 Aug 2025 14:08:48 +0200 (CEST)
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Thu, 14 Aug 2025 14:08:07 +0200
Message-Id: <20250814120807.2653672-1-s.ivanov@proxmox.com>
X-Mailer: git-send-email 2.39.5
MIME-Version: 1.0
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1755173260530
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.065 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
Subject: [pve-devel] [PATCH manager] pve8to9: only allow systemd-boot when
 it is actually used before upgrade
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

On some (non-standard) setups having systemd-boot installed, causes
issues, even if the system is using proxmox-boot-tool (p-b-t) for booting.
The currently observed edge-case is:
before the upgrade:
* system is booted with grub (w/o secure boot), using p-b-t, results
  in the ESP not being mounted on /boot/efi

after the upgrade:
* systemd-gpt-auto-generator(8) is active, and mounts the (single) ESP
  on /efi (because grub w/o secure-boot sets the needed efivar+it is
  not mounted)
* the next upgrade of systemd-boot causes systemd-boot to be
  installed on the ESP, but it will not get any kernels configured,
  since we disabled the /etc/kernel/postinst.d/zz-systemd-boot in
  PVE8.

so this patch further restricts the case were having systemd-boot
installed to the cases where p-b-t says it's used for booting.

Additionally raise the level from info to warn in the legacy-boot
case. and add a log_pass message that was added to the equivalent
check in pbs3to4[0]

[0] https://lore.proxmox.com/pbs-devel/20250811091135.127299-1-s.ivanov@proxmox.com/

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
tested minimally on a system with btrfs raid1 and combinations of
`p-b-t init /dev/sdX2 grub`, and `p-b-t init /dev/sdX2`
 PVE/CLI/pve8to9.pm | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm
index b639e212..a321f550 100644
--- a/PVE/CLI/pve8to9.pm
+++ b/PVE/CLI/pve8to9.pm
@@ -1560,7 +1560,7 @@ sub check_bootloader {
 
     if (!-d '/sys/firmware/efi') {
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
-            log_info(
+            log_warn(
                 "systemd-boot package installed on legacy-boot system is not necessary, consider removing it"
             );
             return;
@@ -1572,8 +1572,25 @@ sub check_bootloader {
     my $boot_ok = 1;
     if (-f "/etc/kernel/proxmox-boot-uuids") {
         if (!$upgraded) {
-            log_skip("not yet upgraded, systemd-boot still needed for bootctl");
-            return;
+            my $sd_boot_used = 0;
+            eval {
+                run_command(
+                    ['proxmox-boot-tool', 'status'],
+                    outfunc => sub {
+                        my ($line) = @_;
+                        if ($line =~ m#configured with:.* (uefi|systemd-boot) \(versions:#) {
+                             $sd_boot_used = 1;
+                        }
+                    },
+                    errfunc => sub { },
+                    noerr => 1,
+                );
+            };
+
+            if ($sd_boot_used) {
+                log_skip("not yet upgraded, systemd-boot still needed for bootctl");
+                return;
+            }
         }
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
             log_fail("systemd-boot meta-package installed this will cause issues on upgrades of"
@@ -1581,6 +1598,7 @@ sub check_bootloader {
                 . " and remove 'systemd-boot'");
             return;
         }
+        log_pass("bootloader packages installed correctly");
     } else {
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
             log_fail(
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel