From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 337E9627AE for ; Fri, 11 Feb 2022 16:16:35 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id 20B122BCC6 for ; Fri, 11 Feb 2022 16:16:05 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id EEBD02BC7A for ; Fri, 11 Feb 2022 16:16:02 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id C447646DFD for ; Fri, 11 Feb 2022 16:16:02 +0100 (CET) From: Stoiko Ivanov To: pve-devel@lists.proxmox.com Date: Fri, 11 Feb 2022 16:15:40 +0100 Message-Id: <20220211151547.181259-1-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.30.2 MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.243 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2022 15:16:35 -0000 changes v2->v3: * incoroporated Fabian's and Thomas' feedback - huge thanks: ** changed `p-b-t kernel next-boot ` to `p-b-t kernel pin --next-boot` ** improved usage output ** style-fixes to proxmox-ve apt-hook ** 'untaint' the fd fetched from the environment in proxmox-ve apt-hook * fixed a glitch in the non p-b-t booted case (next-boot pin followed by a permanent pin cause the next-boot to be ignored) * output of `p-b-t kernel list` now only prints pinned versions if they are set original cover-letter for v2: changes v1->v2: * incorporated the feedback on the v1 (by Aaron and Fabian - huge thx!): ** a next-boot pin is now handled independently from a pin - i.e. if you both pin a kernel and set one for the next-boot - the system afterwards keeps the pinned version (instead of the latest) ** change from modifying /etc/default/grub to creating a snippet in /etc/default/grub.d/proxmox-boot-pin.cfg - I did not see a need for having two pinning files there (since they get written both at each relevant invocation anyways - thus also no need for prefixing with y_ and z_ ** the semantics of unpin changed (it now takes an optional argument to remove the next-boot-pin only (made the cleanup-service cleaner) ** added a check to the apthook in proxmox-ve as Fabian suggested * changed the semantics of get_first_line - to check for file existence itself, since it makes using it shorter at almost all call-sites * fixed two perlcritic warnings in the pve apthook (which is quite independent of the series) again tested on 3 VMs (ext4, zfs+uefi, zfs+legacy) - but would be grateful if you find some use-case apart from - pin permanent, pin next-boot, reboot, reboot. original cover letter of v1: The following series adds: * proxmox-boot-tool kernel pin (to permanently set the default entry of the respective bootloader) * proxmox-boot-tool kernel unpin (to undo a previous pin) * proxmox-boot-tool kernel next-boot (to do a pin+touch a file, which causes an unpin on next boot) This is the first functionality which is available for 'regular grub-setups' (i.e. systems setup with lvm-thin with our ISO or systems installed on top of plain debian) as well. The first two patches are cleanup+refactoring (and should not change any functionality) The choices (those I think might benefit from a bit of feedback) for this implementation were: * for grub - automaticially rewrite '/etc/default/grub' (as this is where I'd look to check whether some default is set) * for systemd - set the entry in the loader.conf and not in the efivars (`bootctl set-default/set-once`) - mostly from my bias towards config files instead of UEFI vars (depending on implementation quality of the UEFI) - another reason was to keep the implementation close for both boot-loaders * for p-b-t booted systems the need to run `p-b-t refresh` manually afterwards (following the behavior of `p-b-t kernel add/remove`) could be changed to invoking the refresh directly (as with non-p-b-t booted systems). Especially since it might make sense to 'add' multiple kernels and then do the mount+copy+configupdate only once, whereas you can only pin on version anyways Tested on three VMs installed from the 7.1 ISO (UEFI+ZFS, legacy+ZFS, UEFI+lvm-thin). pve-kernel-meta: Stoiko Ivanov (4): proxmox-boot: return empty if file does not exist in get_first_line proxmox-boot: fix #3671 add pin/unpin for kernel-version proxmox-boot: add --next-boot option kernel pin command proxmox-boot: add pin/unpin functionality for non-p-b-t systems bin/proxmox-boot-tool | 97 +++++++++++++++++++++++ debian/pve-kernel-helper.install | 1 + debian/rules | 3 + proxmox-boot/Makefile | 4 + proxmox-boot/functions | 45 +++++++++++ proxmox-boot/proxmox-boot-cleanup.service | 13 +++ proxmox-boot/zz-proxmox-boot | 8 ++ 7 files changed, 171 insertions(+) create mode 100644 proxmox-boot/proxmox-boot-cleanup.service proxmox-ve: Stoiko Ivanov (3): apt-hook: fix perlcritic warnings apt-hook: verify that fd is numeric apt-hook: add check preventing the removal of pinned kernels debian/apthook/pve-apt-hook | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) -- 2.30.2