From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <a.lauterer@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id A7E4F651C1
 for <pve-devel@lists.proxmox.com>; Tue,  1 Feb 2022 10:58:59 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id A5C772CC91
 for <pve-devel@lists.proxmox.com>; Tue,  1 Feb 2022 10:58:59 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 1975E2CC86
 for <pve-devel@lists.proxmox.com>; Tue,  1 Feb 2022 10:58:59 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E5EA4446C1
 for <pve-devel@lists.proxmox.com>; Tue,  1 Feb 2022 10:58:58 +0100 (CET)
Message-ID: <2ed841ff-3b30-30d2-da72-061686deb9d5@proxmox.com>
Date: Tue, 1 Feb 2022 10:58:58 +0100
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101
 Thunderbird/91.5.1
Content-Language: en-US
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
 Stoiko Ivanov <s.ivanov@proxmox.com>
References: <20220131175918.2099575-1-s.ivanov@proxmox.com>
From: Aaron Lauterer <a.lauterer@proxmox.com>
In-Reply-To: <20220131175918.2099575-1-s.ivanov@proxmox.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.005 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 NICE_REPLY_A           -0.001 Looks like a legit reply (A)
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: Re: [pve-devel] [PATCH pve-kernel-meta 0/5] proxmox-boot: add
 kernel pinning functionality (#3761)
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Tue, 01 Feb 2022 09:58:59 -0000

Tested systemd-boot (uefi) on physical hardware with PVE and grub in a PMG VM.

(un)Pinning and setting next-boot worked fine.

Tested-By: Aaron Lauterer <a.lauterer@proxmox.com>

On 1/31/22 18:59, Stoiko Ivanov wrote:
> The following series adds:
> * proxmox-boot-tool kernel pin <kabi-version> (to permanently set the
>    default entry of the respective bootloader)
> * proxmox-boot-tool kernel unpin (to undo a previous pin)
> * proxmox-boot-tool kernel next-boot (to do a pin+touch a file, which causes
>    an unpin on next boot)
> 
> This is the first functionality which is available for 'regular grub-setups'
> (i.e. systems setup with lvm-thin with our ISO or systems installed on top
> of plain debian) as well.
> 
> The first two patches are cleanup+refactoring (and should not change any
> functionality)
> 
> The choices (those I think might benefit from a bit of feedback) for this
> implementation were:
> * for grub - automaticially rewrite '/etc/default/grub' (as this is where
>    I'd look to check whether some default is set)
> * for systemd - set the entry in the loader.conf and not in the efivars
>    (`bootctl set-default/set-once`) - mostly from my bias towards config
>    files instead of UEFI vars (depending on implementation quality of the
>    UEFI) - another reason was to keep the implementation close for both
>    boot-loaders
> * for p-b-t booted systems the need to run `p-b-t refresh` manually
>    afterwards (following the behavior of `p-b-t kernel add/remove`) could
>    be changed to invoking the refresh directly (as with non-p-b-t booted
>    systems). Especially since it might make sense to 'add' multiple kernels
>    and then do the mount+copy+configupdate only once, whereas you can only
>    pin on version anyways
> 
> Tested on three VMs installed from the 7.1 ISO (UEFI+ZFS, legacy+ZFS,
> UEFI+lvm-thin).
> 
> Stoiko Ivanov (5):
>    proxmox-boot: drop unused potential_esps function
>    proxmox-boot: add get_first_line_from_file helper and use it
>    proxmox-boot: fix #3671 add pin/unpin for kernel-version
>    proxmox-boot: add kernel next-boot command
>    proxmox-boot: add pin/unpin functionality for non-p-b-t systems
> 
>   bin/proxmox-boot-tool                     | 65 +++++++++++++++++++++--
>   debian/pve-kernel-helper.install          |  1 +
>   debian/rules                              |  3 ++
>   proxmox-boot/Makefile                     |  4 ++
>   proxmox-boot/functions                    | 46 ++++++++++++++++
>   proxmox-boot/proxmox-boot-cleanup.service | 15 ++++++
>   proxmox-boot/zz-proxmox-boot              | 15 +++---
>   7 files changed, 137 insertions(+), 12 deletions(-)
>   create mode 100644 proxmox-boot/proxmox-boot-cleanup.service
>