* [pve-devel] [PATCH pve-kernel-meta v3 1/4] proxmox-boot: return empty if file does not exist in get_first_line
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
@ 2022-02-11 15:15 ` Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 2/4] proxmox-boot: fix #3671 add pin/unpin for kernel-version Stoiko Ivanov
` (7 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Stoiko Ivanov @ 2022-02-11 15:15 UTC (permalink / raw)
To: pve-devel
makes using this helper shorter in most cases
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
proxmox-boot/functions | 5 +++++
1 file changed, 5 insertions(+)
diff --git a/proxmox-boot/functions b/proxmox-boot/functions
index 4515a2d..27da363 100755
--- a/proxmox-boot/functions
+++ b/proxmox-boot/functions
@@ -104,6 +104,11 @@ loop_esp_list() {
get_first_line() {
file="$1"
+ if [ ! -e "$file" ]; then
+ echo ""
+ return
+ fi
+
while IFS= read -r line || [ -n "$line" ]; do
break
done < "${file}"
--
2.30.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [pve-devel] [PATCH pve-kernel-meta v3 2/4] proxmox-boot: fix #3671 add pin/unpin for kernel-version
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 1/4] proxmox-boot: return empty if file does not exist in get_first_line Stoiko Ivanov
@ 2022-02-11 15:15 ` Stoiko Ivanov
2022-02-16 12:14 ` Oguz Bektas
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 3/4] proxmox-boot: add --next-boot option kernel pin command Stoiko Ivanov
` (6 subsequent siblings)
8 siblings, 1 reply; 11+ messages in thread
From: Stoiko Ivanov @ 2022-02-11 15:15 UTC (permalink / raw)
To: pve-devel
The 2 commands follow the mechanics of p-b-t kernel add/remove in
writing the desired abi-version to a config-file in /etc/kernel and
actually modifying the boot-loader configuration upon p-b-t refresh.
A dedicated new file is used instead of writing the version (with some
kind of annotation) to the manual kernel list to keep parsing the file
simple (and hopefully also cause fewer problems with manually edited
files)
For systemd-boot we write the entry into the loader.conf on the ESP(s)
instead of relying on the `bootctl set-default` mechanics (bootctl(1))
which write the entry in an EFI-var. This was preferred, because of a
few reports of unwriteable EFI-vars on some systems (e.g. DELL servers
have a setting preventing writing EFI-vars from the OS). The rationale
in `Why not simply rely on the EFI boot menu logic?` from [0] also
makes a few points in that direction.
For grub the following choices were made:
* write the pinned version (or actually the menu-path leading to it)
to a snippet in /etc/default/grub.d instead of editing the grub.cfg
files on the partition. Mostly to divert as little as possible from
the grub-workflow I assume people are used to.
* the 'root-device-id' part of the menu-entries is parsed from
/boot/grub/grug.cfg since it was stable (the same on all ESPs and in
/boot/grub), saves us from copying the part of "find device behind
/, mangle it if zfs/btrfs, call grub_probe a few times" part of
grub-mkconfig - and seems a bit more robust
Tested with a BIOS and an UEFI VM with / on ZFS.
[0] https://systemd.io/BOOT_LOADER_SPECIFICATION/
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
bin/proxmox-boot-tool | 48 ++++++++++++++++++++++++++++++++++++
proxmox-boot/functions | 37 +++++++++++++++++++++++++++
proxmox-boot/zz-proxmox-boot | 5 ++++
3 files changed, 90 insertions(+)
diff --git a/bin/proxmox-boot-tool b/bin/proxmox-boot-tool
index 93760fb..329df42 100755
--- a/bin/proxmox-boot-tool
+++ b/bin/proxmox-boot-tool
@@ -286,6 +286,13 @@ list_kernels() {
echo ""
echo "Automatically selected kernels:"
echo "$boot_kernels"
+
+ pinned_kernel="$(get_first_line "$PINNED_KERNEL_CONF")"
+ if [ -n "$pinned_kernel" ]; then
+ echo ""
+ echo "Pinned kernel:"
+ echo "${pinned_kernel}"
+ fi
}
usage() {
@@ -296,6 +303,8 @@ usage() {
warn " $0 clean [--dry-run]"
warn " $0 refresh [--hook <name>]"
warn " $0 kernel <add|remove> <kernel-version>"
+ warn " $0 kernel pin <kernel-version>"
+ warn " $0 kernel unpin"
warn " $0 kernel list"
warn " $0 status [--quiet]"
warn " $0 help"
@@ -323,6 +332,15 @@ help() {
echo " add/remove pve-kernel with ABI <kernel-version> to list of synced kernels, in addition to automatically selected ones."
echo " NOTE: you need to manually run 'refresh' once you're finished with adding/removing kernels from the list"
echo ""
+ echo "USAGE: $0 kernel pin <kernel-version>"
+ echo ""
+ echo " pin pve-kernel with ABI <kernel-version> as the default entry to be booted."
+ echo " NOTE: you need to manually run 'refresh' once you're finished with pinning kernels"
+ echo ""
+ echo "USAGE: $0 kernel unpin"
+ echo ""
+ echo " unpin sets the latest kernel as the default entry (undoes a previous pin)"
+ echo ""
echo "USAGE: $0 kernel list"
echo ""
echo " list kernel versions currently selected for inclusion on ESPs."
@@ -392,6 +410,28 @@ status() {
fi
}
+pin_kernel() {
+ ver="$1"
+
+ if [ -z "$ver" ]; then
+ warn "E: <kernel-version> is mandatory"
+ warn ""
+ exit 1
+ fi
+
+ if [ ! -e "/boot/vmlinuz-$ver" ]; then
+ warn "E: no kernel image found in /boot for '$ver', not setting default."
+ exit 1
+ fi
+ echo "$ver" > "$PINNED_KERNEL_CONF"
+ echo "Set kernel '$ver' $PINNED_KERNEL_CONF. Use the 'refresh' command to update the ESPs."
+}
+
+unpin_kernel() {
+ rm -f "$PINNED_KERNEL_CONF"
+ echo "Removed $PINNED_KERNEL_CONF. Use the 'refresh' command to update the ESPs."
+}
+
if [ -z "$1" ]; then
usage
exit 0
@@ -460,6 +500,14 @@ case "$1" in
list_kernels
exit 0
;;
+ 'pin')
+ pin_kernel "$2"
+ exit 0
+ ;;
+ 'unpin')
+ unpin_kernel "$2"
+ exit 0
+ ;;
*)
warn "E: invalid 'kernel' subcommand '$cmd'."
warn ""
diff --git a/proxmox-boot/functions b/proxmox-boot/functions
index 27da363..5a56b74 100755
--- a/proxmox-boot/functions
+++ b/proxmox-boot/functions
@@ -5,11 +5,13 @@ ESP_LIST="/etc/kernel/proxmox-boot-uuids"
ESPTYPE='c12a7328-f81f-11d2-ba4b-00a0c93ec93b'
MANUAL_KERNEL_LIST="/etc/kernel/pve-efiboot-manual-kernels"
+PINNED_KERNEL_CONF="/etc/kernel/proxmox-boot-pin"
MOUNTROOT="${TMPDIR:-/var/tmp}/espmounts"
# relative to the ESP mountpoint
PMX_ESP_DIR="EFI/proxmox"
PMX_LOADER_CONF="loader/loader.conf"
+GRUB_PIN_SNIPPET="/etc/default/grub.d/proxmox-kernel-pin.cfg"
# adapted from /etc/kernel/postinst.d/apt-auto-removal as present in
# debian's apt package:
@@ -21,6 +23,7 @@ PMX_LOADER_CONF="loader/loader.conf"
# - the second-latest kernel version
# - the latest kernel version of each series (e.g. 4.13, 4.15, 5.0) by
# marking the meta-packages
+# - the currently pinned kernel if any
kernel_keep_versions() {
eval "$(apt-config shell DPKG Dir::bin::dpkg/f)"
@@ -56,6 +59,8 @@ kernel_keep_versions() {
manual_kernels="$(cat "$MANUAL_KERNEL_LIST")"
fi
+ pinned_kernel="$(get_first_line "$PINNED_KERNEL_CONF")"
+
kernels="$(cat <<-EOF
$running_version
$install_version
@@ -63,6 +68,7 @@ kernel_keep_versions() {
$latest_2_versions
$series_metapackages
$oldseries_latest_kernel
+ $pinned_kernel
EOF
)"
@@ -114,3 +120,34 @@ get_first_line() {
done < "${file}"
echo "$line"
}
+
+set_grub_default() {
+ kver="$1"
+
+ if [ -z "${kver}" ]; then
+ rm -f "${GRUB_PIN_SNIPPET}"
+ else
+ # grub menu entry ids contain the internal root-device id (e.g. for zfs the GUID of
+ # the pool printed in hex) as this is independent of the ESP (or grub location)
+ # take it from /boot/grub/grub.cfg
+ root_devid=$(sed -rn "s/.*gnulinux-advanced-(.+)['] \{$/\1/p" \
+ /boot/grub/grub.cfg)
+ entry="gnulinux-advanced-${root_devid}>gnulinux-${kver}-advanced-${root_devid}"
+ echo "GRUB_DEFAULT=\"${entry}\"" > "${GRUB_PIN_SNIPPET}"
+ fi
+}
+
+set_systemd_boot_default() {
+ mountpoint="$1"
+ kver="$2"
+ if [ -z "${kver}" ]; then
+ entry="proxmox-*"
+ else
+ entry="proxmox-${kver}.conf"
+ fi
+
+ # replaces the current default entry, if one exists else append it at the end of the file
+ sed -ri "/^default /{h;s/ .*\$/ ${entry}/};\${x;/^$/{s//default ${entry}/;H};x}" \
+ "${mountpoint}/$PMX_LOADER_CONF"
+
+}
diff --git a/proxmox-boot/zz-proxmox-boot b/proxmox-boot/zz-proxmox-boot
index db73166..7958a5d 100755
--- a/proxmox-boot/zz-proxmox-boot
+++ b/proxmox-boot/zz-proxmox-boot
@@ -90,9 +90,14 @@ update_esp_func() {
fi
warn "Copying and configuring kernels on ${path}"
copy_and_config_kernels "${mountpoint}"
+
+ pinned_kernel=$(get_first_line "${PINNED_KERNEL_CONF}")
+
if [ -d /sys/firmware/efi ]; then
+ set_systemd_boot_default "${mountpoint}" "${pinned_kernel}"
remove_old_kernels_efi "${mountpoint}"
else
+ set_grub_default "${pinned_kernel}"
remove_old_kernels_legacy "${mountpoint}"
mount --bind "${mountpoint}" "/boot"
update-grub
--
2.30.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [pve-devel] [PATCH pve-kernel-meta v3 3/4] proxmox-boot: add --next-boot option kernel pin command
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 1/4] proxmox-boot: return empty if file does not exist in get_first_line Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 2/4] proxmox-boot: fix #3671 add pin/unpin for kernel-version Stoiko Ivanov
@ 2022-02-11 15:15 ` Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 4/4] proxmox-boot: add pin/unpin functionality for non-p-b-t systems Stoiko Ivanov
` (5 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Stoiko Ivanov @ 2022-02-11 15:15 UTC (permalink / raw)
To: pve-devel
by setting the desired version in a dedicated file, which is used
by the systemd service as condition for removing it and refreshing
upon reboot.
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
bin/proxmox-boot-tool | 53 ++++++++++++++++++-----
debian/pve-kernel-helper.install | 1 +
debian/rules | 3 ++
proxmox-boot/Makefile | 4 ++
proxmox-boot/functions | 3 ++
proxmox-boot/proxmox-boot-cleanup.service | 13 ++++++
proxmox-boot/zz-proxmox-boot | 3 ++
7 files changed, 69 insertions(+), 11 deletions(-)
create mode 100644 proxmox-boot/proxmox-boot-cleanup.service
diff --git a/bin/proxmox-boot-tool b/bin/proxmox-boot-tool
index 329df42..90c4f5d 100755
--- a/bin/proxmox-boot-tool
+++ b/bin/proxmox-boot-tool
@@ -288,11 +288,17 @@ list_kernels() {
echo "$boot_kernels"
pinned_kernel="$(get_first_line "$PINNED_KERNEL_CONF")"
+ nextboot_kernel="$(get_first_line "$NEXT_BOOT_PIN")"
if [ -n "$pinned_kernel" ]; then
echo ""
echo "Pinned kernel:"
echo "${pinned_kernel}"
fi
+ if [ -n "$nextboot_kernel" ]; then
+ echo ""
+ echo "Kernel pinned on next-boot:"
+ echo "${nextboot_kernel}"
+ fi
}
usage() {
@@ -303,8 +309,8 @@ usage() {
warn " $0 clean [--dry-run]"
warn " $0 refresh [--hook <name>]"
warn " $0 kernel <add|remove> <kernel-version>"
- warn " $0 kernel pin <kernel-version>"
- warn " $0 kernel unpin"
+ warn " $0 kernel pin <kernel-version> [--next-boot]"
+ warn " $0 kernel unpin [--next-boot]"
warn " $0 kernel list"
warn " $0 status [--quiet]"
warn " $0 help"
@@ -332,14 +338,16 @@ help() {
echo " add/remove pve-kernel with ABI <kernel-version> to list of synced kernels, in addition to automatically selected ones."
echo " NOTE: you need to manually run 'refresh' once you're finished with adding/removing kernels from the list"
echo ""
- echo "USAGE: $0 kernel pin <kernel-version>"
+ echo "USAGE: $0 kernel pin <kernel-version> [--next-boot]"
echo ""
echo " pin pve-kernel with ABI <kernel-version> as the default entry to be booted."
+ echo " with --next-boot sets <kernel-version> only for the next boot."
echo " NOTE: you need to manually run 'refresh' once you're finished with pinning kernels"
echo ""
- echo "USAGE: $0 kernel unpin"
+ echo "USAGE: $0 kernel unpin [--next-boot]"
echo ""
- echo " unpin sets the latest kernel as the default entry (undoes a previous pin)"
+ echo " unpin removes pinned and next-boot kernel settings."
+ echo " with --next-boot only removes the pin for the next boot."
echo ""
echo "USAGE: $0 kernel list"
echo ""
@@ -412,6 +420,7 @@ status() {
pin_kernel() {
ver="$1"
+ pin_file="$2"
if [ -z "$ver" ]; then
warn "E: <kernel-version> is mandatory"
@@ -419,17 +428,25 @@ pin_kernel() {
exit 1
fi
+ if [ -z "$pin_file" ]; then
+ pin_file="$PINNED_KERNEL_CONF"
+ fi
+
if [ ! -e "/boot/vmlinuz-$ver" ]; then
warn "E: no kernel image found in /boot for '$ver', not setting default."
exit 1
fi
- echo "$ver" > "$PINNED_KERNEL_CONF"
- echo "Set kernel '$ver' $PINNED_KERNEL_CONF. Use the 'refresh' command to update the ESPs."
+ echo "$ver" > "$pin_file"
+ echo "Set kernel '$ver' in $pin_file. Use the 'refresh' command to update the ESPs."
}
unpin_kernel() {
- rm -f "$PINNED_KERNEL_CONF"
- echo "Removed $PINNED_KERNEL_CONF. Use the 'refresh' command to update the ESPs."
+ rm -f "$NEXT_BOOT_PIN"
+ echo "Removed $NEXT_BOOT_PIN. Use the 'refresh' command to update the ESPs."
+ if [ -z "$1" ]; then
+ rm -f "$PINNED_KERNEL_CONF"
+ echo "Removed $PINNED_KERNEL_CONF. Use the 'refresh' command to update the ESPs."
+ fi
}
if [ -z "$1" ]; then
@@ -501,11 +518,25 @@ case "$1" in
exit 0
;;
'pin')
- pin_kernel "$2"
+ if [ "$#" -eq 3 ] && [ "$3" = '--next-boot' ]; then
+ pin_kernel "$2" "${NEXT_BOOT_PIN}"
+ elif [ "$#" -eq 2 ]; then
+ pin_kernel "$2"
+ else
+ usage
+ exit 1
+ fi
exit 0
;;
'unpin')
- unpin_kernel "$2"
+ if [ "$#" -eq 2 ] && [ "$2" = '--next-boot' ]; then
+ unpin_kernel "$2"
+ elif [ "$#" -eq 1 ]; then
+ unpin_kernel
+ else
+ usage
+ exit 1
+ fi
exit 0
;;
*)
diff --git a/debian/pve-kernel-helper.install b/debian/pve-kernel-helper.install
index 5f264aa..33170fb 100644
--- a/debian/pve-kernel-helper.install
+++ b/debian/pve-kernel-helper.install
@@ -2,6 +2,7 @@ etc/grub.d/000_proxmox_boot_header
etc/kernel/postinst.d/*
etc/kernel/postrm.d/*
etc/initramfs/post-update.d/proxmox-boot-sync
+lib/systemd/system/proxmox-boot-cleanup.service
usr/sbin/proxmox-boot-tool
usr/sbin/grub-install
usr/share/pve-kernel-helper/scripts/functions
diff --git a/debian/rules b/debian/rules
index 58f7f7d..3dd1bc8 100755
--- a/debian/rules
+++ b/debian/rules
@@ -12,5 +12,8 @@ debian/control: $(wildcard debian/*.in)
%:
dh $@
+override_dh_installsystemd:
+ dh_installsystemd --no-start
+
.PHONY: build clean
build clean:
diff --git a/proxmox-boot/Makefile b/proxmox-boot/Makefile
index effd726..2b0685d 100644
--- a/proxmox-boot/Makefile
+++ b/proxmox-boot/Makefile
@@ -2,12 +2,14 @@ KERNEL_HOOKSCRIPTS = proxmox-auto-removal zz-proxmox-boot
INITRAMFS_HOOKSCRIPTS = proxmox-boot-sync
SHARE_FILES = functions
GRUB_CFG_SNIPPET = 000_proxmox_boot_header
+SYSTEMD_SERVICES = proxmox-boot-cleanup.service
POSTINSTHOOKDIR = ${DESTDIR}/etc/kernel/postinst.d
POSTRMHOOKDIR = ${DESTDIR}/etc/kernel/postrm.d
POSTINITRAMFSHOOKDIR = ${DESTDIR}/etc/initramfs/post-update.d
SHARE_SCRIPTDIR = ${DESTDIR}/usr/share/pve-kernel-helper/scripts
GRUB_CFG_DIR = ${DESTDIR}/etc/grub.d
+SERVICE_DIR = ${DESTDIR}/lib/systemd/system
.PHONY: all
all:
@@ -23,6 +25,8 @@ install:
install -m 0755 ${SHARE_FILES} ${SHARE_SCRIPTDIR}
install -d ${GRUB_CFG_DIR}
install -m 0755 ${GRUB_CFG_SNIPPET} ${GRUB_CFG_DIR}
+ install -d ${SERVICE_DIR}
+ install -m 0644 ${SYSTEMD_SERVICES} ${SERVICE_DIR}
.PHONY: clean distclean
distclean:
diff --git a/proxmox-boot/functions b/proxmox-boot/functions
index 5a56b74..b46d198 100755
--- a/proxmox-boot/functions
+++ b/proxmox-boot/functions
@@ -6,6 +6,7 @@ ESPTYPE='c12a7328-f81f-11d2-ba4b-00a0c93ec93b'
MANUAL_KERNEL_LIST="/etc/kernel/pve-efiboot-manual-kernels"
PINNED_KERNEL_CONF="/etc/kernel/proxmox-boot-pin"
+NEXT_BOOT_PIN="/etc/kernel/next-boot-pin"
MOUNTROOT="${TMPDIR:-/var/tmp}/espmounts"
# relative to the ESP mountpoint
@@ -60,6 +61,7 @@ kernel_keep_versions() {
fi
pinned_kernel="$(get_first_line "$PINNED_KERNEL_CONF")"
+ nextboot_kernel="$(get_first_line "$NEXT_BOOT_PIN")"
kernels="$(cat <<-EOF
$running_version
@@ -69,6 +71,7 @@ kernel_keep_versions() {
$series_metapackages
$oldseries_latest_kernel
$pinned_kernel
+ $nextboot_kernel
EOF
)"
diff --git a/proxmox-boot/proxmox-boot-cleanup.service b/proxmox-boot/proxmox-boot-cleanup.service
new file mode 100644
index 0000000..4f9da94
--- /dev/null
+++ b/proxmox-boot/proxmox-boot-cleanup.service
@@ -0,0 +1,13 @@
+[Unit]
+Description=Clean up bootloader next-boot setting
+After=systemd-remount-fs.service
+ConditionPathExists=/etc/kernel/next-boot-pin
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=/usr/sbin/proxmox-boot-tool kernel unpin --next-boot
+ExecStart=/usr/sbin/proxmox-boot-tool refresh
+
+[Install]
+WantedBy=multi-user.target
diff --git a/proxmox-boot/zz-proxmox-boot b/proxmox-boot/zz-proxmox-boot
index 7958a5d..5fe16a6 100755
--- a/proxmox-boot/zz-proxmox-boot
+++ b/proxmox-boot/zz-proxmox-boot
@@ -93,6 +93,9 @@ update_esp_func() {
pinned_kernel=$(get_first_line "${PINNED_KERNEL_CONF}")
+ if [ -e "${NEXT_BOOT_PIN}" ]; then
+ pinned_kernel=$(get_first_line "${NEXT_BOOT_PIN}")
+ fi
if [ -d /sys/firmware/efi ]; then
set_systemd_boot_default "${mountpoint}" "${pinned_kernel}"
remove_old_kernels_efi "${mountpoint}"
--
2.30.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [pve-devel] [PATCH pve-kernel-meta v3 4/4] proxmox-boot: add pin/unpin functionality for non-p-b-t systems
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
` (2 preceding siblings ...)
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 3/4] proxmox-boot: add --next-boot option kernel pin command Stoiko Ivanov
@ 2022-02-11 15:15 ` Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH proxmox-ve v3 1/3] apt-hook: fix perlcritic warnings Stoiko Ivanov
` (4 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Stoiko Ivanov @ 2022-02-11 15:15 UTC (permalink / raw)
To: pve-devel
While running `update-grub` directly in this case is a divergence from
the semantics of the command when p-b-t handles booting it makes the
cleanup in the `next-boot` case a bit tidier.
fetching the next-boot version explicitly again before setting the
provided version is to cover the sequence:
p-b-t kernel pin <ver1> --next-boot ; p-b-t kernel pin <ver2>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
bin/proxmox-boot-tool | 24 +++++++++++++++++++++---
1 file changed, 21 insertions(+), 3 deletions(-)
diff --git a/bin/proxmox-boot-tool b/bin/proxmox-boot-tool
index 90c4f5d..178b6fb 100755
--- a/bin/proxmox-boot-tool
+++ b/bin/proxmox-boot-tool
@@ -437,15 +437,33 @@ pin_kernel() {
exit 1
fi
echo "$ver" > "$pin_file"
- echo "Set kernel '$ver' in $pin_file. Use the 'refresh' command to update the ESPs."
+
+ if [ -f "${ESP_LIST}" ]; then
+ echo "Set kernel '$ver' in $pin_file. Use the 'refresh' command to update the ESPs."
+ else
+ next_boot_ver=$(get_first_line "${NEXT_BOOT_PIN}")
+ pin_ver="${next_boot_ver:-$ver}"
+ echo "Setting '$pin_ver' as grub default entry and running update-grub."
+ set_grub_default "$pin_ver"
+ update-grub
+ fi
}
unpin_kernel() {
rm -f "$NEXT_BOOT_PIN"
- echo "Removed $NEXT_BOOT_PIN. Use the 'refresh' command to update the ESPs."
+ echo "Removed $NEXT_BOOT_PIN."
if [ -z "$1" ]; then
rm -f "$PINNED_KERNEL_CONF"
- echo "Removed $PINNED_KERNEL_CONF. Use the 'refresh' command to update the ESPs."
+ echo "Removed $PINNED_KERNEL_CONF."
+ fi
+
+ if [ -f "${ESP_LIST}" ]; then
+ echo "Use the 'refresh' command to update the ESPs."
+ else
+ echo "Reset default grub entry and running update-grub."
+ pinned_kernel=$(get_first_line "${PINNED_KERNEL_CONF}")
+ set_grub_default "$pinned_kernel"
+ update-grub
fi
}
--
2.30.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [pve-devel] [PATCH proxmox-ve v3 1/3] apt-hook: fix perlcritic warnings
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
` (3 preceding siblings ...)
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 4/4] proxmox-boot: add pin/unpin functionality for non-p-b-t systems Stoiko Ivanov
@ 2022-02-11 15:15 ` Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH proxmox-ve v3 2/3] apt-hook: verify that fd is numeric Stoiko Ivanov
` (3 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Stoiko Ivanov @ 2022-02-11 15:15 UTC (permalink / raw)
To: pve-devel
Co-authored-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
debian/apthook/pve-apt-hook | 6 ++++--
1 file changed, 4 insertions(+), 2 deletions(-)
diff --git a/debian/apthook/pve-apt-hook b/debian/apthook/pve-apt-hook
index 1f77a1a..2053fef 100755
--- a/debian/apthook/pve-apt-hook
+++ b/debian/apthook/pve-apt-hook
@@ -20,14 +20,16 @@ if (!defined $fd || $fd == 0) {
exit 0;
}
-open(my $fh, "<&=${fd}") or die "E: could not open APT_HOOK_INFO_FD (${fd}) - $!\n";
+open(my $fh, "<&=", $fd) or die "E: could not open APT_HOOK_INFO_FD (${fd}) - $!\n";
my $cleanup = sub {
my ($rc, $confirm) = @_;
close($fh);
- my $line = <STDIN> if $confirm;
+ if ($confirm) {
+ my $line = <STDIN>;
+ }
exit $rc;
};
--
2.30.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [pve-devel] [PATCH proxmox-ve v3 2/3] apt-hook: verify that fd is numeric
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
` (4 preceding siblings ...)
2022-02-11 15:15 ` [pve-devel] [PATCH proxmox-ve v3 1/3] apt-hook: fix perlcritic warnings Stoiko Ivanov
@ 2022-02-11 15:15 ` Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH proxmox-ve v3 3/3] apt-hook: add check preventing the removal of pinned kernels Stoiko Ivanov
` (2 subsequent siblings)
8 siblings, 0 replies; 11+ messages in thread
From: Stoiko Ivanov @ 2022-02-11 15:15 UTC (permalink / raw)
To: pve-devel
since we read it from the environment
Co-authored-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
debian/apthook/pve-apt-hook | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/debian/apthook/pve-apt-hook b/debian/apthook/pve-apt-hook
index 2053fef..8fa58c5 100755
--- a/debian/apthook/pve-apt-hook
+++ b/debian/apthook/pve-apt-hook
@@ -15,7 +15,7 @@ my $log = sub {
print "W: ($hook_name) $line";
};
-if (!defined $fd || $fd == 0) {
+if (!defined $fd || $fd == 0 || $fd !~ /^\d+$/) {
$log->("APT_HOOK_INFO_FD not correctly defined, skipping apt-pve-hook checks\n");
exit 0;
}
--
2.30.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* [pve-devel] [PATCH proxmox-ve v3 3/3] apt-hook: add check preventing the removal of pinned kernels
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
` (5 preceding siblings ...)
2022-02-11 15:15 ` [pve-devel] [PATCH proxmox-ve v3 2/3] apt-hook: verify that fd is numeric Stoiko Ivanov
@ 2022-02-11 15:15 ` Stoiko Ivanov
2022-02-16 11:29 ` [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Fabian Grünbichler
2022-03-04 10:18 ` [pve-devel] applied-series: " Thomas Lamprecht
8 siblings, 0 replies; 11+ messages in thread
From: Stoiko Ivanov @ 2022-02-11 15:15 UTC (permalink / raw)
To: pve-devel
the $file_read_firstline helper code is copied from PVE::Tools, since
we do not want to depend on pve-common being in good shape when the
apt hook is executed
Co-authored-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
debian/apthook/pve-apt-hook | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/debian/apthook/pve-apt-hook b/debian/apthook/pve-apt-hook
index 8fa58c5..47629bc 100755
--- a/debian/apthook/pve-apt-hook
+++ b/debian/apthook/pve-apt-hook
@@ -34,6 +34,17 @@ my $cleanup = sub {
exit $rc;
};
+my $file_read_firstline = sub {
+ my ($filename) = @_;
+
+ my $fh = IO::File->new($filename, "r");
+ return undef if !$fh;
+ my $res = <$fh>;
+ chomp $res if $res;
+ $fh->close;
+ return $res;
+};
+
chomp (my $ver = <$fh>);
if ($ver ne "VERSION 2") {
$log->("apt-pve-hook misconfigured, expecting hook protocol version 2\n");
@@ -84,6 +95,23 @@ while (my $line = <$fh>) {
$cleanup->(0, 1);
}
}
+ if ($pkg =~ /^pve-kernel-/) {
+ if ($action eq '**REMOVE**') {
+ my $next_boot_ver = $file_read_firstline->("/etc/kernel/next-boot-pin");
+ my $pinned_ver = $file_read_firstline->("/etc/kernel/proxmox-boot-pin");
+ my $remove_pinned_ver = ($next_boot_ver && $pkg =~ /$next_boot_ver$/);
+ $remove_pinned_ver ||= ($pinned_ver && $pkg =~ /$pinned_ver$/);
+ if ($remove_pinned_ver) {
+ $log->("!! WARNING !!\n");
+ $log->("You are attempting to remove the currently pinned kernel '${pkg}'!\n");
+ $log->("\n");
+ $log->("If you really do not need the version anymore unpin it by running\n");
+ $log->("\tproxmox-boot-tool kernel unpin'\n");
+ $log->("and repeat your apt invocation.\n");
+ $cleanup->(1);
+ }
+ }
+ }
}
$cleanup->(0);
--
2.30.2
^ permalink raw reply [flat|nested] 11+ messages in thread
* Re: [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761)
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
` (6 preceding siblings ...)
2022-02-11 15:15 ` [pve-devel] [PATCH proxmox-ve v3 3/3] apt-hook: add check preventing the removal of pinned kernels Stoiko Ivanov
@ 2022-02-16 11:29 ` Fabian Grünbichler
2022-03-04 10:18 ` [pve-devel] applied-series: " Thomas Lamprecht
8 siblings, 0 replies; 11+ messages in thread
From: Fabian Grünbichler @ 2022-02-16 11:29 UTC (permalink / raw)
To: Proxmox VE development discussion
On February 11, 2022 4:15 pm, Stoiko Ivanov wrote:
> changes v2->v3:
> * incoroporated Fabian's and Thomas' feedback - huge thanks:
> ** changed `p-b-t kernel next-boot <ver>` to `p-b-t kernel pin <ver> --next-boot`
> ** improved usage output
> ** style-fixes to proxmox-ve apt-hook
> ** 'untaint' the fd fetched from the environment in proxmox-ve apt-hook
> * fixed a glitch in the non p-b-t booted case (next-boot pin followed by a
> permanent pin cause the next-boot to be ignored)
> * output of `p-b-t kernel list` now only prints pinned versions if they are set
>
> original cover-letter for v2:
> changes v1->v2:
> * incorporated the feedback on the v1 (by Aaron and Fabian - huge thx!):
> ** a next-boot pin is now handled independently from a pin - i.e. if you
> both pin a kernel and set one for the next-boot - the system afterwards
> keeps the pinned version (instead of the latest)
> ** change from modifying /etc/default/grub to creating a snippet in
> /etc/default/grub.d/proxmox-boot-pin.cfg - I did not see a need for having
> two pinning files there (since they get written both at each relevant
> invocation anyways - thus also no need for prefixing with y_ and z_
> ** the semantics of unpin changed (it now takes an optional argument to
> remove the next-boot-pin only (made the cleanup-service cleaner)
> ** added a check to the apthook in proxmox-ve as Fabian suggested
> * changed the semantics of get_first_line - to check for file existence
> itself, since it makes using it shorter at almost all call-sites
> * fixed two perlcritic warnings in the pve apthook (which is quite
> independent of the series)
>
> again tested on 3 VMs (ext4, zfs+uefi, zfs+legacy) - but would be grateful
> if you find some use-case apart from - pin permanent, pin next-boot, reboot,
> reboot.
for the whole series:
Reviewed-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Tested-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
not applying for now in case we want to roll this out together with the
final version of the other series.
>
>
> original cover letter of v1:
> The following series adds:
> * proxmox-boot-tool kernel pin <kabi-version> (to permanently set the
> default entry of the respective bootloader)
> * proxmox-boot-tool kernel unpin (to undo a previous pin)
> * proxmox-boot-tool kernel next-boot (to do a pin+touch a file, which causes
> an unpin on next boot)
>
> This is the first functionality which is available for 'regular grub-setups'
> (i.e. systems setup with lvm-thin with our ISO or systems installed on top
> of plain debian) as well.
>
> The first two patches are cleanup+refactoring (and should not change any
> functionality)
>
> The choices (those I think might benefit from a bit of feedback) for this
> implementation were:
> * for grub - automaticially rewrite '/etc/default/grub' (as this is where
> I'd look to check whether some default is set)
> * for systemd - set the entry in the loader.conf and not in the efivars
> (`bootctl set-default/set-once`) - mostly from my bias towards config
> files instead of UEFI vars (depending on implementation quality of the
> UEFI) - another reason was to keep the implementation close for both
> boot-loaders
> * for p-b-t booted systems the need to run `p-b-t refresh` manually
> afterwards (following the behavior of `p-b-t kernel add/remove`) could
> be changed to invoking the refresh directly (as with non-p-b-t booted
> systems). Especially since it might make sense to 'add' multiple kernels
> and then do the mount+copy+configupdate only once, whereas you can only
> pin on version anyways
>
> Tested on three VMs installed from the 7.1 ISO (UEFI+ZFS, legacy+ZFS,
> UEFI+lvm-thin).
>
> pve-kernel-meta:
> Stoiko Ivanov (4):
> proxmox-boot: return empty if file does not exist in get_first_line
> proxmox-boot: fix #3671 add pin/unpin for kernel-version
> proxmox-boot: add --next-boot option kernel pin command
> proxmox-boot: add pin/unpin functionality for non-p-b-t systems
>
> bin/proxmox-boot-tool | 97 +++++++++++++++++++++++
> debian/pve-kernel-helper.install | 1 +
> debian/rules | 3 +
> proxmox-boot/Makefile | 4 +
> proxmox-boot/functions | 45 +++++++++++
> proxmox-boot/proxmox-boot-cleanup.service | 13 +++
> proxmox-boot/zz-proxmox-boot | 8 ++
> 7 files changed, 171 insertions(+)
> create mode 100644 proxmox-boot/proxmox-boot-cleanup.service
>
> proxmox-ve:
> Stoiko Ivanov (3):
> apt-hook: fix perlcritic warnings
> apt-hook: verify that fd is numeric
> apt-hook: add check preventing the removal of pinned kernels
>
> debian/apthook/pve-apt-hook | 36 +++++++++++++++++++++++++++++++++---
> 1 file changed, 33 insertions(+), 3 deletions(-)
>
> --
> 2.30.2
>
>
>
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
>
>
>
^ permalink raw reply [flat|nested] 11+ messages in thread
* [pve-devel] applied-series: Re: [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761)
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
` (7 preceding siblings ...)
2022-02-16 11:29 ` [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Fabian Grünbichler
@ 2022-03-04 10:18 ` Thomas Lamprecht
8 siblings, 0 replies; 11+ messages in thread
From: Thomas Lamprecht @ 2022-03-04 10:18 UTC (permalink / raw)
To: Proxmox VE development discussion, Stoiko Ivanov
On 11/02/2022 16:15, Stoiko Ivanov wrote:
> pve-kernel-meta:
> Stoiko Ivanov (4):
> proxmox-boot: return empty if file does not exist in get_first_line
> proxmox-boot: fix #3671 add pin/unpin for kernel-version
> proxmox-boot: add --next-boot option kernel pin command
> proxmox-boot: add pin/unpin functionality for non-p-b-t systems
>
> bin/proxmox-boot-tool | 97 +++++++++++++++++++++++
> debian/pve-kernel-helper.install | 1 +
> debian/rules | 3 +
> proxmox-boot/Makefile | 4 +
> proxmox-boot/functions | 45 +++++++++++
> proxmox-boot/proxmox-boot-cleanup.service | 13 +++
> proxmox-boot/zz-proxmox-boot | 8 ++
> 7 files changed, 171 insertions(+)
> create mode 100644 proxmox-boot/proxmox-boot-cleanup.service
>
> proxmox-ve:
> Stoiko Ivanov (3):
> apt-hook: fix perlcritic warnings
> apt-hook: verify that fd is numeric
> apt-hook: add check preventing the removal of pinned kernels
>
> debian/apthook/pve-apt-hook | 36 +++++++++++++++++++++++++++++++++---
> 1 file changed, 33 insertions(+), 3 deletions(-)
>
applied, thanks!
amended the bug number in patch 2/4 (thx Oguz) and made some small followups
(i had those lying around since a while and only committed now, I think
I had some other small things in mind when revieiwing this originally, but
nothing critical at all), mostly outputting possible pve kversions options
to choose from in some error cases and outputting when a previous pin gets
overridden with new one.
We could add a proxmox-ve
Breaks: pve-kernel-helper (<< 7.1-13)
to ensure this always works cleanly (not that a pinnend kernel gets removed)
but the case when this can happen is very odd and people should really not
hold back upgrading proxmox-ve, makes not much sense to do.
^ permalink raw reply [flat|nested] 11+ messages in thread