[pve-devel] [PATCH manager v3 0/2] 8 to 9 checks: improve boot-loader warnings

[pve-devel] [PATCH manager v3 0/2] 8 to 9 checks: improve boot-loader warnings

[Stoiko Ivanov]

changes v2->v3:
* increase loglevel from warn to fail, where the issue is likely to result
  in a unbootable system
* add link to the upgrade-guide where we provide more detailed information
* add another check for removable grub, as we had reports about this
  causing unbootable systems

series v2:
https://lore.proxmox.com/pve-devel/86af5762-5b31-4000-8180-5ea64103b442@proxmox.com/T/#t

Stoiko Ivanov (2):
  8 to 9 checks: do not ask bootctl if systemd-boot is used.
  8 to 9 checks: check for removable grub-install

 PVE/CLI/pve8to9.pm | 32 +++++++++++++++++---------------
 1 file changed, 17 insertions(+), 15 deletions(-)

-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH manager v3 1/2] 8 to 9 checks: do not ask bootctl if systemd-boot is used.

[Stoiko Ivanov]

The current logic of deciding if systemd-boot was manually setup by
the user (without proxmox-boot-tool), by checking
`bootctl is-installed` yields a false-positive after upgrading:
* systems which have the package installed (e.g. from our isos after
  8.0), but do not use proxmox-boot-tool (LVM installs) will get
  systemd-boot installed to /boot/efi upon upgrade
* after upgrading the check says that it's been explicitly setup.

Rather warn if the package is installed (unless proxmox-boot-tool is
used and the upgrade is still not done) in any case - as the number
of systems which have it setup manually are probably far lower than
those that upgrade without explicitly checking pve8to9.

Additionally increase the log from a warn to a fail, as issues with
boot-loaders yield unbootable systems, and move the (probably rare)
case of manual systemd-boot setups to the upgrade-guide
in our wiki, which is also linked in the output.

Finally fix a typo (s/remoing/removing/).

Reported-by: Daniel Herzig <d.herzig@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 PVE/CLI/pve8to9.pm | 21 +++++++--------------
 1 file changed, 7 insertions(+), 14 deletions(-)

diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm
index d2a7346c..6381e62f 100644
--- a/PVE/CLI/pve8to9.pm
+++ b/PVE/CLI/pve8to9.pm
@@ -1561,7 +1561,7 @@ sub check_bootloader {
     if (!-d '/sys/firmware/efi') {
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
             log_info(
-                "systemd-boot package installed on legacy-boot system is not necessary, consider remoing it"
+                "systemd-boot package installed on legacy-boot system is not necessary, consider removing it"
             );
             return;
         }
@@ -1575,25 +1575,18 @@ sub check_bootloader {
             return;
         }
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
-            log_warn("systemd-boot meta-package installed this will cause issues on upgrades of"
+            log_fail("systemd-boot meta-package installed this will cause issues on upgrades of"
                 . " boot-related packages. Install 'systemd-boot-efi' and 'systemd-boot-tools' explicitly"
                 . " and remove 'systemd-boot'");
             return;
         }
     } else {
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
-            my $exit_code = eval {
-                run_command(['bootctl', 'is-installed', '--quiet', '--graceful'], noerr => 1);
-            };
-            if ($exit_code != 0) {
-                log_warn(
-                    "systemd-boot meta-package installed but the system does not seem to use it"
-                        . " for booting. This can cause problems on upgrades of other boot-related packages."
-                        . " Consider removing 'systemd-boot'");
-            } else {
-                log_info("systemd-boot used as bootloader and fitting meta-package installed.");
-                return;
-            }
+            log_fail(
+                "systemd-boot meta-package installed. This will cause problems on upgrades of other"
+                    . " boot-related packages. Remove 'systemd-boot' See"
+                    . " https://pve.proxmox.com/wiki/Upgrade_from_8_to_9#sd-boot-warning for more information."
+            );
         }
         if (!-f "/usr/share/doc/grub-efi-amd64/changelog.Debian.gz") {
             log_warn("System booted in uefi mode but grub-efi-amd64 meta-package not installed,"
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

[pve-devel] [PATCH manager v3 2/2] 8 to 9 checks: check for removable grub-install

[Stoiko Ivanov]

some upgrades result in unbootable systems, which can be traced back
to grub being installed in BOOTX64.efi, but not being upgraded by
grub-install. Refer the cases to the output of
`proxmox-boot-tool refresh` as it has a sensible check logic for those
cases. Some affected systems printed the warning of proxmox-boot-tool,
but it was lost in the large output of the dist-upgrade.

Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
 PVE/CLI/pve8to9.pm | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm
index 6381e62f..c2e830a9 100644
--- a/PVE/CLI/pve8to9.pm
+++ b/PVE/CLI/pve8to9.pm
@@ -1569,6 +1569,7 @@ sub check_bootloader {
         return;
     }
 
+    my $boot_ok = 1;
     if (-f "/etc/kernel/proxmox-boot-uuids") {
         if (!$upgraded) {
             log_skip("not yet upgraded, systemd-boot still needed for bootctl");
@@ -1587,13 +1588,21 @@ sub check_bootloader {
                     . " boot-related packages. Remove 'systemd-boot' See"
                     . " https://pve.proxmox.com/wiki/Upgrade_from_8_to_9#sd-boot-warning for more information."
             );
+            $boot_ok = 0;
         }
         if (!-f "/usr/share/doc/grub-efi-amd64/changelog.Debian.gz") {
             log_warn("System booted in uefi mode but grub-efi-amd64 meta-package not installed,"
                 . " new grub versions will not be installed to /boot/efi! Install grub-efi-amd64."
             );
+            $boot_ok = 0;
+        }
+        if (-f "/boot/efi/EFI/BOOT/BOOTX64.efi") {
+            log_warn("Removable bootloader found at '/boot/efi/EFI/BOOT/BOOTX64.efi' Check the"
+                . " output of `proxmox-boot-tool refresh` if further action is needed.");
+            $boot_ok = 0;
             return;
-        } else {
+        }
+        if ($boot_ok) {
             log_pass("bootloader packages installed correctly");
         }
     }
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel

Re: [pve-devel] [PATCH manager v3 2/2] 8 to 9 checks: check for removable grub-install

[Fabian Grünbichler]

On August 7, 2025 10:30 pm, Stoiko Ivanov wrote:
> some upgrades result in unbootable systems, which can be traced back
> to grub being installed in BOOTX64.efi, but not being upgraded by
> grub-install. Refer the cases to the output of
> `proxmox-boot-tool refresh` as it has a sensible check logic for those
> cases. Some affected systems printed the warning of proxmox-boot-tool,
> but it was lost in the large output of the dist-upgrade.
> 
> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
>  PVE/CLI/pve8to9.pm | 11 ++++++++++-
>  1 file changed, 10 insertions(+), 1 deletion(-)
> 
> diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm
> index 6381e62f..c2e830a9 100644
> --- a/PVE/CLI/pve8to9.pm
> +++ b/PVE/CLI/pve8to9.pm
> @@ -1569,6 +1569,7 @@ sub check_bootloader {
>          return;
>      }
>  
> +    my $boot_ok = 1;
>      if (-f "/etc/kernel/proxmox-boot-uuids") {
>          if (!$upgraded) {
>              log_skip("not yet upgraded, systemd-boot still needed for bootctl");
> @@ -1587,13 +1588,21 @@ sub check_bootloader {
>                      . " boot-related packages. Remove 'systemd-boot' See"
>                      . " https://pve.proxmox.com/wiki/Upgrade_from_8_to_9#sd-boot-warning for more information."
>              );
> +            $boot_ok = 0;
>          }
>          if (!-f "/usr/share/doc/grub-efi-amd64/changelog.Debian.gz") {
>              log_warn("System booted in uefi mode but grub-efi-amd64 meta-package not installed,"
>                  . " new grub versions will not be installed to /boot/efi! Install grub-efi-amd64."
>              );
> +            $boot_ok = 0;
> +        }
> +        if (-f "/boot/efi/EFI/BOOT/BOOTX64.efi") {
> +            log_warn("Removable bootloader found at '/boot/efi/EFI/BOOT/BOOTX64.efi' Check the"
> +                . " output of `proxmox-boot-tool refresh` if further action is needed.");

why not run the debconf command here? we already did 90% of the required
checks if we end up here:

1. system is EFI booted
2. removable entry on ESP exists
3: MISSING: `debconf show --db configdb grub-efi-amd64 grub-pc | grep 'force_efi_extra_removable'`

we just need to query debconf to see if action actually needs to be taken.

without that last step, this will now warn *for all LVM systems*, even
those that are properly set up..

if we want to go the extra mile, we could also check that the binaries
actually match what is currently installed package-wise, but that might
get complicated in the face of shim..

> +            $boot_ok = 0;

this is dead code

>              return;

or this is, please only do either ;)

> -        } else {
> +        }
> +        if ($boot_ok) {
>              log_pass("bootloader packages installed correctly");
>          }
>      }
> -- 
> 2.39.5
> 
> 
> 
> _______________________________________________
> pve-devel mailing list
> pve-devel@lists.proxmox.com
> https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
> 
> 
> 


_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel