From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Cc: Thomas Lamprecht <t.lamprecht@proxmox.com>
Subject: [pve-devel] [PATCH pve-kernel-meta v2 7/8] proxmox-boot: add grub-install wrapper
Date: Fri, 23 Apr 2021 11:04:49 +0200 [thread overview]
Message-ID: <20210423090451.2279-8-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20210423090451.2279-1-s.ivanov@proxmox.com>
if a (legacy) system is booted with proxmox-boot-tool, running
`grub-install` without being aware of the fact can render the system
unbootable (e.g. when letting the early stage point to an incompatible
zpool instead of the ESP).
To prevent this we add a dpkg-diversion [0], which simply checks if
`proxmox-boot-tool status` indicates that proxmox-boot is used and
errors out in that case, and runs the actual grub-install else.
Co-authored-by: Thomas Lamprecht <t.lamprecht@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
v1->v2:
* use quiet flag for p-b-t status
* adapt maintainer-scripts (based on Thomas' feedback)
bin/Makefile | 1 +
bin/grub-install-wrapper | 12 ++++++++++++
bin/proxmox-boot-tool | 2 +-
debian/pve-kernel-helper.install | 1 +
debian/pve-kernel-helper.postrm | 22 ++++++++++++++++++++++
debian/pve-kernel-helper.preinst | 16 ++++++++++++++++
6 files changed, 53 insertions(+), 1 deletion(-)
create mode 100755 bin/grub-install-wrapper
create mode 100644 debian/pve-kernel-helper.postrm
create mode 100644 debian/pve-kernel-helper.preinst
diff --git a/bin/Makefile b/bin/Makefile
index b78fa42..2e18342 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -6,6 +6,7 @@ all:
install:
install -d ${SBINDIR}
install -m 0755 proxmox-boot-tool ${SBINDIR}/
+ install -m 0755 grub-install-wrapper ${SBINDIR}/grub-install
.PHONY: clean distclean
distclean:
diff --git a/bin/grub-install-wrapper b/bin/grub-install-wrapper
new file mode 100755
index 0000000..a61e984
--- /dev/null
+++ b/bin/grub-install-wrapper
@@ -0,0 +1,12 @@
+#! /bin/sh
+set -e
+
+. /usr/share/pve-kernel-helper/scripts/functions
+
+if proxmox-boot-tool status --quiet; then
+ warn "grub-install is disabled because this system is booted via proxmox-boot-tool, if you really need to run it, run /usr/sbin/grub-install.real"
+ exit 1
+else
+ grub-install.real "$@"
+fi
+
diff --git a/bin/proxmox-boot-tool b/bin/proxmox-boot-tool
index 219ea3b..079fa26 100755
--- a/bin/proxmox-boot-tool
+++ b/bin/proxmox-boot-tool
@@ -161,7 +161,7 @@ init() {
mv "$esp_mp/$PMX_LOADER_CONF.tmp" "$esp_mp/$PMX_LOADER_CONF"
else
echo "Installing grub i386-pc target.."
- grub-install \
+ grub-install.real \
--boot-directory $esp_mp \
--target i386-pc \
--no-floppy \
diff --git a/debian/pve-kernel-helper.install b/debian/pve-kernel-helper.install
index f03b05a..5f264aa 100644
--- a/debian/pve-kernel-helper.install
+++ b/debian/pve-kernel-helper.install
@@ -3,4 +3,5 @@ etc/kernel/postinst.d/*
etc/kernel/postrm.d/*
etc/initramfs/post-update.d/proxmox-boot-sync
usr/sbin/proxmox-boot-tool
+usr/sbin/grub-install
usr/share/pve-kernel-helper/scripts/functions
diff --git a/debian/pve-kernel-helper.postrm b/debian/pve-kernel-helper.postrm
new file mode 100644
index 0000000..080598b
--- /dev/null
+++ b/debian/pve-kernel-helper.postrm
@@ -0,0 +1,22 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+ remove|abort-install|disappear)
+ dpkg-divert --package pve-kernel-helper --remove --rename \
+ --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+ ;;
+ abort-upgrade)
+ if [ -n "$2" ]; then
+ if dpkg --compare-versions "$2" lt 6.3-9; then
+ dpkg-divert --package pve-kernel-helper --remove --rename \
+ --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+ fi
+ fi
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/pve-kernel-helper.preinst b/debian/pve-kernel-helper.preinst
new file mode 100644
index 0000000..6e21b51
--- /dev/null
+++ b/debian/pve-kernel-helper.preinst
@@ -0,0 +1,16 @@
+#! /bin/sh
+
+set -e
+
+case "$1" in
+ install)
+ if [ -z "$2" ]; then
+ dpkg-divert --package pve-kernel-helper --add --rename \
+ --divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+ fi
+ ;;
+esac
+
+#DEBHELPER#
+
+exit 0
--
2.20.1
next prev parent reply other threads:[~2021-04-23 9:05 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-04-23 9:04 [pve-devel] [PATCH pve-kernel-meta/pve-installer v2] boot ZFS on legacy BIOS systems from vfat Stoiko Ivanov
2021-04-23 9:04 ` [pve-devel] [PATCH pve-kernel-meta v2 1/8] proxmox-boot-tool: rename from pve-efiboot-tool Stoiko Ivanov
2021-04-23 9:04 ` [pve-devel] [PATCH pve-kernel-meta v2 2/8] proxmox-boot-tool: add status command Stoiko Ivanov
2021-04-23 9:04 ` [pve-devel] [PATCH pve-kernel-meta v2 3/8] proxmox-boot-tool: sort and remove duplicates on clean Stoiko Ivanov
2021-04-23 9:04 ` [pve-devel] [PATCH pve-kernel-meta v2 4/8] proxmox-boot: rename uuid list file Stoiko Ivanov
2021-04-23 9:04 ` [pve-devel] [PATCH pve-kernel-meta v2 5/8] proxmox-boot-tool: handle legacy boot zfs installs Stoiko Ivanov
2021-04-23 9:04 ` [pve-devel] [PATCH pve-kernel-meta v2 6/8] proxmox-boot: add grub.cfg header snippet Stoiko Ivanov
2021-04-23 9:04 ` Stoiko Ivanov [this message]
2021-04-23 9:04 ` [pve-devel] [PATCH pve-kernel-meta v2 8/8] proxmox-boot: run p-b-t refresh on update-grub Stoiko Ivanov
2021-04-23 9:04 ` [pve-devel] [PATCH installer v2 1/1] always boot zfs with proxmox-boot-tool Stoiko Ivanov
2021-04-23 11:30 ` [pve-devel] applied: [PATCH pve-kernel-meta/pve-installer v2] boot ZFS on legacy BIOS systems from vfat Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210423090451.2279-8-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
--cc=t.lamprecht@proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox