From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by lists.proxmox.com (Postfix) with ESMTPS id 2FA4C627CC for ; Fri, 11 Feb 2022 16:16:40 +0100 (CET) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id ECFE02BEC9 for ; Fri, 11 Feb 2022 16:16:09 +0100 (CET) Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com [94.136.29.106]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by firstgate.proxmox.com (Proxmox) with ESMTPS id C90DB2BC9A for ; Fri, 11 Feb 2022 16:16:03 +0100 (CET) Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1]) by proxmox-new.maurer-it.com (Proxmox) with ESMTP id A337F46DF1 for ; Fri, 11 Feb 2022 16:16:03 +0100 (CET) From: Stoiko Ivanov To: pve-devel@lists.proxmox.com Date: Fri, 11 Feb 2022 16:15:42 +0100 Message-Id: <20220211151547.181259-3-s.ivanov@proxmox.com> X-Mailer: git-send-email 2.30.2 In-Reply-To: <20220211151547.181259-1-s.ivanov@proxmox.com> References: <20220211151547.181259-1-s.ivanov@proxmox.com> MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-SPAM-LEVEL: Spam detection results: 0 AWL 0.239 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record T_SCC_BODY_TEXT_LINE -0.01 - Subject: [pve-devel] [PATCH pve-kernel-meta v3 2/4] proxmox-boot: fix #3671 add pin/unpin for kernel-version X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 11 Feb 2022 15:16:40 -0000 The 2 commands follow the mechanics of p-b-t kernel add/remove in writing the desired abi-version to a config-file in /etc/kernel and actually modifying the boot-loader configuration upon p-b-t refresh. A dedicated new file is used instead of writing the version (with some kind of annotation) to the manual kernel list to keep parsing the file simple (and hopefully also cause fewer problems with manually edited files) For systemd-boot we write the entry into the loader.conf on the ESP(s) instead of relying on the `bootctl set-default` mechanics (bootctl(1)) which write the entry in an EFI-var. This was preferred, because of a few reports of unwriteable EFI-vars on some systems (e.g. DELL servers have a setting preventing writing EFI-vars from the OS). The rationale in `Why not simply rely on the EFI boot menu logic?` from [0] also makes a few points in that direction. For grub the following choices were made: * write the pinned version (or actually the menu-path leading to it) to a snippet in /etc/default/grub.d instead of editing the grub.cfg files on the partition. Mostly to divert as little as possible from the grub-workflow I assume people are used to. * the 'root-device-id' part of the menu-entries is parsed from /boot/grub/grug.cfg since it was stable (the same on all ESPs and in /boot/grub), saves us from copying the part of "find device behind /, mangle it if zfs/btrfs, call grub_probe a few times" part of grub-mkconfig - and seems a bit more robust Tested with a BIOS and an UEFI VM with / on ZFS. [0] https://systemd.io/BOOT_LOADER_SPECIFICATION/ Signed-off-by: Stoiko Ivanov --- bin/proxmox-boot-tool | 48 ++++++++++++++++++++++++++++++++++++ proxmox-boot/functions | 37 +++++++++++++++++++++++++++ proxmox-boot/zz-proxmox-boot | 5 ++++ 3 files changed, 90 insertions(+) diff --git a/bin/proxmox-boot-tool b/bin/proxmox-boot-tool index 93760fb..329df42 100755 --- a/bin/proxmox-boot-tool +++ b/bin/proxmox-boot-tool @@ -286,6 +286,13 @@ list_kernels() { echo "" echo "Automatically selected kernels:" echo "$boot_kernels" + + pinned_kernel="$(get_first_line "$PINNED_KERNEL_CONF")" + if [ -n "$pinned_kernel" ]; then + echo "" + echo "Pinned kernel:" + echo "${pinned_kernel}" + fi } usage() { @@ -296,6 +303,8 @@ usage() { warn " $0 clean [--dry-run]" warn " $0 refresh [--hook ]" warn " $0 kernel " + warn " $0 kernel pin " + warn " $0 kernel unpin" warn " $0 kernel list" warn " $0 status [--quiet]" warn " $0 help" @@ -323,6 +332,15 @@ help() { echo " add/remove pve-kernel with ABI to list of synced kernels, in addition to automatically selected ones." echo " NOTE: you need to manually run 'refresh' once you're finished with adding/removing kernels from the list" echo "" + echo "USAGE: $0 kernel pin " + echo "" + echo " pin pve-kernel with ABI as the default entry to be booted." + echo " NOTE: you need to manually run 'refresh' once you're finished with pinning kernels" + echo "" + echo "USAGE: $0 kernel unpin" + echo "" + echo " unpin sets the latest kernel as the default entry (undoes a previous pin)" + echo "" echo "USAGE: $0 kernel list" echo "" echo " list kernel versions currently selected for inclusion on ESPs." @@ -392,6 +410,28 @@ status() { fi } +pin_kernel() { + ver="$1" + + if [ -z "$ver" ]; then + warn "E: is mandatory" + warn "" + exit 1 + fi + + if [ ! -e "/boot/vmlinuz-$ver" ]; then + warn "E: no kernel image found in /boot for '$ver', not setting default." + exit 1 + fi + echo "$ver" > "$PINNED_KERNEL_CONF" + echo "Set kernel '$ver' $PINNED_KERNEL_CONF. Use the 'refresh' command to update the ESPs." +} + +unpin_kernel() { + rm -f "$PINNED_KERNEL_CONF" + echo "Removed $PINNED_KERNEL_CONF. Use the 'refresh' command to update the ESPs." +} + if [ -z "$1" ]; then usage exit 0 @@ -460,6 +500,14 @@ case "$1" in list_kernels exit 0 ;; + 'pin') + pin_kernel "$2" + exit 0 + ;; + 'unpin') + unpin_kernel "$2" + exit 0 + ;; *) warn "E: invalid 'kernel' subcommand '$cmd'." warn "" diff --git a/proxmox-boot/functions b/proxmox-boot/functions index 27da363..5a56b74 100755 --- a/proxmox-boot/functions +++ b/proxmox-boot/functions @@ -5,11 +5,13 @@ ESP_LIST="/etc/kernel/proxmox-boot-uuids" ESPTYPE='c12a7328-f81f-11d2-ba4b-00a0c93ec93b' MANUAL_KERNEL_LIST="/etc/kernel/pve-efiboot-manual-kernels" +PINNED_KERNEL_CONF="/etc/kernel/proxmox-boot-pin" MOUNTROOT="${TMPDIR:-/var/tmp}/espmounts" # relative to the ESP mountpoint PMX_ESP_DIR="EFI/proxmox" PMX_LOADER_CONF="loader/loader.conf" +GRUB_PIN_SNIPPET="/etc/default/grub.d/proxmox-kernel-pin.cfg" # adapted from /etc/kernel/postinst.d/apt-auto-removal as present in # debian's apt package: @@ -21,6 +23,7 @@ PMX_LOADER_CONF="loader/loader.conf" # - the second-latest kernel version # - the latest kernel version of each series (e.g. 4.13, 4.15, 5.0) by # marking the meta-packages +# - the currently pinned kernel if any kernel_keep_versions() { eval "$(apt-config shell DPKG Dir::bin::dpkg/f)" @@ -56,6 +59,8 @@ kernel_keep_versions() { manual_kernels="$(cat "$MANUAL_KERNEL_LIST")" fi + pinned_kernel="$(get_first_line "$PINNED_KERNEL_CONF")" + kernels="$(cat <<-EOF $running_version $install_version @@ -63,6 +68,7 @@ kernel_keep_versions() { $latest_2_versions $series_metapackages $oldseries_latest_kernel + $pinned_kernel EOF )" @@ -114,3 +120,34 @@ get_first_line() { done < "${file}" echo "$line" } + +set_grub_default() { + kver="$1" + + if [ -z "${kver}" ]; then + rm -f "${GRUB_PIN_SNIPPET}" + else + # grub menu entry ids contain the internal root-device id (e.g. for zfs the GUID of + # the pool printed in hex) as this is independent of the ESP (or grub location) + # take it from /boot/grub/grub.cfg + root_devid=$(sed -rn "s/.*gnulinux-advanced-(.+)['] \{$/\1/p" \ + /boot/grub/grub.cfg) + entry="gnulinux-advanced-${root_devid}>gnulinux-${kver}-advanced-${root_devid}" + echo "GRUB_DEFAULT=\"${entry}\"" > "${GRUB_PIN_SNIPPET}" + fi +} + +set_systemd_boot_default() { + mountpoint="$1" + kver="$2" + if [ -z "${kver}" ]; then + entry="proxmox-*" + else + entry="proxmox-${kver}.conf" + fi + + # replaces the current default entry, if one exists else append it at the end of the file + sed -ri "/^default /{h;s/ .*\$/ ${entry}/};\${x;/^$/{s//default ${entry}/;H};x}" \ + "${mountpoint}/$PMX_LOADER_CONF" + +} diff --git a/proxmox-boot/zz-proxmox-boot b/proxmox-boot/zz-proxmox-boot index db73166..7958a5d 100755 --- a/proxmox-boot/zz-proxmox-boot +++ b/proxmox-boot/zz-proxmox-boot @@ -90,9 +90,14 @@ update_esp_func() { fi warn "Copying and configuring kernels on ${path}" copy_and_config_kernels "${mountpoint}" + + pinned_kernel=$(get_first_line "${PINNED_KERNEL_CONF}") + if [ -d /sys/firmware/efi ]; then + set_systemd_boot_default "${mountpoint}" "${pinned_kernel}" remove_old_kernels_efi "${mountpoint}" else + set_grub_default "${pinned_kernel}" remove_old_kernels_legacy "${mountpoint}" mount --bind "${mountpoint}" "/boot" update-grub -- 2.30.2