Rework grub setup #246
Rework grub setup #246
Conversation
Codecov ReportAttention: Patch coverage is
Additional details and impacted files@@ Coverage Diff @@
## main #246 +/- ##
==========================================
- Coverage 93.99% 93.99% -0.01%
==========================================
Files 18 19 +1
Lines 3412 3511 +99
==========================================
+ Hits 3207 3300 +93
- Misses 132 137 +5
- Partials 73 74 +1
Flags with carried forward coverage won't be shown. Click here to find out more. ☔ View full report in Codecov by Sentry. |
|
This was a massively annoying debugging session, but turns out the reason is that having |
…umber Signed-off-by: Paul Mars <[email protected]>
…evel This is needed in late stages when setting up the bootloader. Signed-off-by: Paul Mars <[email protected]>
Signed-off-by: Paul Mars <[email protected]>
Properly install grub and packages according to the image architecture. Signed-off-by: Paul Mars <[email protected]>
Signed-off-by: Paul Mars <[email protected]>
…tion number in setupGrub Signed-off-by: Paul Mars <[email protected]>
internal/statemachine/helper.go
Outdated
| teardownCmds = append([]*exec.Cmd{ | ||
| execCommand("udevadm", "settle"), | ||
| }, teardownCmds...) | ||
|
|
||
| // udev needed to have grub-install properly work |
There was a problem hiding this comment.
This is only in jammy and older, I think
There was a problem hiding this comment.
Without it it failed to run in a minbase chroot. See the TestPackStateMachine_SuccessfulRun test and previous comment by @kukrimate who found the fix.
But if you know how we could avoid installing it I am interested :).
There was a problem hiding this comment.
That test debootstraps jammy so that tracks. Given that I would expect the majority of ubuntu-image's usage to be for releases newer than jammy (to put it mildly) I would prefer not to have this cruft here...
There was a problem hiding this comment.
AFAIK some of our users in other teams still build jammy-based images. I would like to discuss our policy regarding support of building old images.
There was a problem hiding this comment.
Well OK can we say "if release <= jammy" somewhere?
I got distracted halfway through responding to your comments, sorry about that. But I guess we're talking about all this stuff in a few hours anyway.
There was a problem hiding this comment.
So far I have been doing everything I could to avoid hardcoding series-specific stuff in the tool. I would rather understand the root cause and find an heuristic to determine if installing udev is needed or not. Do you know why it was needed for jammy and older (and why it is not anymore?).
internal/statemachine/helper.go
Outdated
| } | ||
| prepareCmds = append(prepareCmds, | ||
| // Try to make sure udev is not racing with losetup and briefly | ||
| // vanishing device files. See LP: #2045586 |
There was a problem hiding this comment.
The upshot of that bug is that udevadm settle is not the solution though. The fix is to run "flock {loopUsed} mount {loopUsed}p{rootfsPartNum} {mountDir}"
There was a problem hiding this comment.
I followed the fix and discussions about that when it was fixed in livecd-rootfs. I would like to fix it properly everywhere (this is not the only place we are calling udevadm) but this PR was not the place to do it, especially because in need to experiment with flock and check if this is available on older series. See FR-6372
There was a problem hiding this comment.
flock has been part of util-linux (which is Essential) for about a million years (I think it might have been new in 5.04?) but ok
internal/statemachine/helper.go
Outdated
| func (stateMachine *StateMachine) confFromArch(architecture string) (string, []string) { | ||
| switch architecture { | ||
| case arch.AMD64: | ||
| return "x86_64-efi", []string{"grub-pc", "shim-signed"} |
There was a problem hiding this comment.
This seems slightly incoherent, and in a way that might possibly even be interesting. grub-pc is only about BIOS boot. If you build an amd64 image and your gadget says the bootloader is grub, do we build an image that can only boot EFI or one that can boot grub as well? Ubuntu Core doesn't have this issue because it doesn't boot BIOS ever but for classic I don't suppose we can get away with that.
Sadly, we probably want to do both BIOS+UEFI and UEFI-only images (he says, desperately hoping there is not a use case for BIOS-only images out there).
For UEFI+BIOS images we'll need to call grub-install twice.
For now, it probably makes sense to build UEFI-only images. In which case you can remove grub-pc here.
There was a problem hiding this comment.
I think we need to support the UEFI+BIOS hybrid images from the start, sadly. IIRC the default pc classic gadget we always provided as a reference basically was a hybrid one. So not caring from the start I think would regress the behavior of the tool.
For BIOS-only images I had a chat with Paul earlier and we said we won't explicitly support just yet, but wait if someone asks for them. Since in theory the gadget.yaml allows that.
I'm thinking about what you said about calling grub-install twice, and I think I need to process that for a bit.
There was a problem hiding this comment.
I understand adding grub-pc and shim-signed will lead to a UEFI+BIOS image, right?
I am thinking we could also decide the "kind" of bootloader conf we build based on the EFI partition number found:
- If this is
0(no EFI partition found) then we can/should build a BIOS-only image. In this case we only installgrub-pcand we call grub-install without the efi-specifc args (like in a hook of livecd-rootfs) - If this is not
0(a EFI partition was found) then we build a UEFI+BIOS image. In this case we installgrub-pcandshim-signed.
It remains the UEFI-only case for which I have no solution at the moment. Maybe something in the gadget.yaml could let users express that.
There was a problem hiding this comment.
UEFI+BIOS from the start > ok. maybe we support only that then?
I understand adding grub-pc and shim-signed will lead to a UEFI+BIOS image, right?
Well to be pedantic, I'm not sure that having both of those packages installed means that the image will be bootable via both UEFI and BIOS without further steps, the bootloader assets also need to be installed into the ESP / boot sector of the drive, and relatedly-but-not-the same I don't know that having these packages installed means that those packages being upgraded means that the boot assets get updated in the ESP / boot sector -- which rather gets to the heart of the PR. Maybe we can confer with @kukrimate to ensure we have a solid understanding of what is going on -- I certainly find grub's postinst pretty confusing.
There was a problem hiding this comment.
And yes, I guess the UEFI vs BIOS vs UEFI+BIOS should be communicated via the gadget somehow. But also maybe we only support UEFI+BIOS for now.
internal/statemachine/helper.go
Outdated
| case arch.AMD64: | ||
| return "x86_64-efi", []string{"grub-pc", "shim-signed"} | ||
| case arch.ARM64: | ||
| return "arm64-efi", []string{"grub-efi-arm64", "grub-efi-arm64-bin"} |
There was a problem hiding this comment.
We probably just want shim-signed on arm64 too?
There was a problem hiding this comment.
Do you mean instead of grub-efi-arm64 and grub-efi-arm64-bin? I used the list I found in livecd-rootfs but that is a good occasion to clean things so if shim-signed is enough I will be happy to fix.
There was a problem hiding this comment.
I like the general gist of it, and I think most of the code is correct. There's one inline question about no-boot-partition cases handling that I highlighted, open for discussion.
I'm also interested in some of the comments that Michael did. I still need to investigate the 'grub-install twice' suggestion for BIOS+UEFI, since I don't remember what we were doing in, say, livecd-rootfs. Certainly needs investigation.
internal/statemachine/helper.go
Outdated
| func (stateMachine *StateMachine) confFromArch(architecture string) (string, []string) { | ||
| switch architecture { | ||
| case arch.AMD64: | ||
| return "x86_64-efi", []string{"grub-pc", "shim-signed"} |
There was a problem hiding this comment.
I think we need to support the UEFI+BIOS hybrid images from the start, sadly. IIRC the default pc classic gadget we always provided as a reference basically was a hybrid one. So not caring from the start I think would regress the behavior of the tool.
For BIOS-only images I had a chat with Paul earlier and we said we won't explicitly support just yet, but wait if someone asks for them. Since in theory the gadget.yaml allows that.
I'm thinking about what you said about calling grub-install twice, and I think I need to process that for a bit.
|
Also, Michael's comment about gadget and boot assets is interesting. Certainly something we need to discuss more when we chat about gadgets next week. |
Initially the rework was prompted by a bug some users are facing when trying to update their boot assets. It appears dumping the boot assets at the right place is not enough. Do note though that here we are only dealing with grub. Other bootloaders are handled differently. In the end I think this rework is indeed a first step toward getting rid of boot assets provided by the gadget in the classic use case. As mentioned by Lukasz this is something we should discuss next week. |
Signed-off-by: Paul Mars <[email protected]>
Signed-off-by: Paul Mars <[email protected]>
This is a first step to create a dedicated package when we want to support more bootloaders and more cases (BIOS-only, UEFI-only) Signed-off-by: Paul Mars <[email protected]>
…rerequisities For now we only need the rootfs/bootfs partitions numbers to setup grub. Only check these when setting up grub and let other bootloaders run fine. Signed-off-by: Paul Mars <[email protected]>
|
OK sorry for the radio silence on this. I think I have two conceptual concerns (haven't reviewed the code again yet):
|
Properly install grub and update /boot/efi.
Fixes: FR-8890