Merge pull request #945 from HuijingHei/coreos-static-grub-migration

adopt: add tag to install the static GRUB config from tree

Author: HuijingHei

src/bios.rs

@@ -1,4 +1,6 @@
-use anyhow::{bail, Result};
+use anyhow::{bail, Context, Result};
+use camino::Utf8PathBuf;
+use openat_ext::OpenatDirExt;
 #[cfg(target_arch = "powerpc64")]
 use std::borrow::Cow;
 use std::io::prelude::*;
@@ -8,6 +10,7 @@ use std::process::Command;
 use crate::blockdev;
 use crate::bootupd::RootContext;
 use crate::component::*;
+use crate::grubconfigs;
 use crate::model::*;
 use crate::packagesystem;
 
@@ -142,10 +145,70 @@ impl Component for Bios {
         crate::component::query_adopt_state()
     }
 
+    // Backup the current grub.cfg and replace with new static config
+    // - Backup "/boot/loader/grub.cfg" to "/boot/grub2/grub.cfg.bak"
+    // - Remove symlink "/boot/grub2/grub.cfg"
+    // - Replace "/boot/grub2/grub.cfg" symlink with new static "grub.cfg"
+    fn migrate_static_grub_config(&self, sysroot_path: &str, destdir: &openat::Dir) -> Result<()> {
+        let grub = "boot/grub2";
+        // sysroot_path is /, destdir is Dir of /
+        let grub_config_path = Utf8PathBuf::from(sysroot_path).join(grub);
+        let grub_config_dir = destdir.sub_dir(grub).context("Opening boot/grub2")?;
+
+        let grub_config = grub_config_path.join(grubconfigs::GRUBCONFIG);
+
+        if !grub_config.exists() {
+            anyhow::bail!("Could not find '{}'", grub_config);
+        }
+
+        let mut current_config;
+        // If /boot/grub2/grub.cfg is not symlink, we need to keep going
+        if !grub_config.is_symlink() {
+            println!("'{}' is not a symlink", grub_config);
+            current_config = grub_config.clone();
+        } else {
+            // If /boot/grub2/grub.cfg is symlink to /boot/loader/grub.cfg,
+            // backup it to /boot/grub2/grub.cfg.bak
+            // Get real file for symlink /boot/grub2/grub.cfg
+            let real_config = grub_config_dir.read_link(grubconfigs::GRUBCONFIG)?;
+            let real_config =
+                Utf8PathBuf::from_path_buf(real_config).expect("Path should be valid UTF-8");
+            // Resolve symlink location
+            current_config = grub_config_path.clone();
+            current_config.push(real_config);
+        }
+
+        let backup_config = grub_config_path.join(grubconfigs::GRUBCONFIG_BACKUP);
+        if !backup_config.exists() {
+            // Backup the current GRUB config which is hopefully working right now
+            println!(
+                "Creating a backup of the current GRUB config '{}' in '{}'...",
+                current_config, backup_config
+            );
+            std::fs::copy(&current_config, &backup_config)
+                .context("Failed to backup GRUB config")?;
+        }
+
+        crate::grubconfigs::install(&destdir, None, true)?;
+
+        // Remove the real config if it is symlink and will not
+        // if /boot/grub2/grub.cfg is file
+        if current_config != grub_config {
+            println!("Removing {}", current_config);
+            grub_config_dir.remove_file_optional(current_config.as_std_path())?;
+        }
+
+        // Synchronize the filesystem containing /boot/grub2 to disk.
+        let _ = grub_config_dir.syncfs();
+
+        Ok(())
+    }
+
     fn adopt_update(
         &self,
         rootcxt: &RootContext,
         update: &ContentMetadata,
+        with_static_config: bool,
     ) -> Result<Option<InstalledContent>> {
         let bios_devices = blockdev::find_colocated_bios_boot(&rootcxt.devices)?;
         let Some(meta) = self.query_adopt(&bios_devices)? else {
@@ -157,6 +220,17 @@ impl Component for Bios {
             log::debug!("Installed grub modules on {parent}");
         }
 
+        if with_static_config {
+            // Install the static config if the OSTree bootloader is not set.
+            if let Some(bootloader) = crate::ostreeutil::get_ostree_bootloader()? {
+                println!(
+                    "ostree repo 'sysroot.bootloader' config option is currently set to: '{bootloader}'",
+                );
+            } else {
+                println!("ostree repo 'sysroot.bootloader' config option is not set yet");
+                self.migrate_static_grub_config(rootcxt.path.as_str(), &rootcxt.sysroot)?;
+            };
+        }
         Ok(Some(InstalledContent {
             meta: update.clone(),
             filetree: None,

src/bootupd.rs

@@ -108,13 +108,8 @@ pub(crate) fn install(
 
     match configs.enabled_with_uuid() {
         Some(uuid) => {
-            let self_bin_meta =
-                std::fs::metadata("/proc/self/exe").context("Querying self meta")?;
-            let self_meta = ContentMetadata {
-                timestamp: self_bin_meta.modified()?.into(),
-                version: crate_version!().into(),
-            };
-            state.static_configs = Some(self_meta);
+            let meta = get_static_config_meta()?;
+            state.static_configs = Some(meta);
             #[cfg(any(
                 target_arch = "x86_64",
                 target_arch = "aarch64",
@@ -139,6 +134,16 @@ pub(crate) fn install(
     Ok(())
 }
 
+#[context("Get static config metadata")]
+fn get_static_config_meta() -> Result<ContentMetadata> {
+    let self_bin_meta = std::fs::metadata("/proc/self/exe").context("Querying self meta")?;
+    let self_meta = ContentMetadata {
+        timestamp: self_bin_meta.modified()?.into(),
+        version: crate_version!().into(),
+    };
+    Ok(self_meta)
+}
+
 type Components = BTreeMap<&'static str, Box<dyn Component>>;
 
 #[allow(clippy::box_default)]
@@ -261,6 +266,7 @@ pub(crate) fn update(name: &str, rootcxt: &RootContext) -> Result<ComponentUpdat
 pub(crate) fn adopt_and_update(
     name: &str,
     rootcxt: &RootContext,
+    with_static_config: bool,
 ) -> Result<Option<ContentMetadata>> {
     let sysroot = &rootcxt.sysroot;
     let mut state = SavedState::load_from_disk("/")?.unwrap_or_default();
@@ -274,15 +280,25 @@ pub(crate) fn adopt_and_update(
     let Some(update) = component.query_update(sysroot)? else {
         anyhow::bail!("Component {} has no available update", name);
     };
+
     let sysroot = sysroot.try_clone()?;
     let mut state_guard =
         SavedState::acquire_write_lock(sysroot).context("Failed to acquire write lock")?;
 
     let inst = component
-        .adopt_update(&rootcxt, &update)
+        .adopt_update(&rootcxt, &update, with_static_config)
         .context("Failed adopt and update")?;
     if let Some(inst) = inst {
         state.installed.insert(component.name().into(), inst);
+        // Set static_configs metadata and save
+        if with_static_config && state.static_configs.is_none() {
+            let meta = get_static_config_meta()?;
+            state.static_configs = Some(meta);
+            // Set bootloader to none
+            ostreeutil::set_ostree_bootloader("none")?;
+
+            println!("Static GRUB configuration has been adopted successfully.");
+        }
         state_guard.update_state(&state)?;
         return Ok(Some(update));
     } else {
@@ -500,7 +516,7 @@ pub(crate) fn client_run_update() -> Result<()> {
     }
     for (name, adoptable) in status.adoptable.iter() {
         if adoptable.confident {
-            if let Some(r) = adopt_and_update(name, &rootcxt)? {
+            if let Some(r) = adopt_and_update(name, &rootcxt, false)? {
                 println!("Adopted and updated: {}: {}", name, r.version);
                 updated = true;
             }
@@ -514,14 +530,14 @@ pub(crate) fn client_run_update() -> Result<()> {
     Ok(())
 }
 
-pub(crate) fn client_run_adopt_and_update() -> Result<()> {
+pub(crate) fn client_run_adopt_and_update(with_static_config: bool) -> Result<()> {
     let rootcxt = prep_before_update()?;
     let status: Status = status()?;
     if status.adoptable.is_empty() {
         println!("No components are adoptable.");
     } else {
         for (name, _) in status.adoptable.iter() {
-            if let Some(r) = adopt_and_update(name, &rootcxt)? {
+            if let Some(r) = adopt_and_update(name, &rootcxt, with_static_config)? {
                 println!("Adopted and updated: {}: {}", name, r.version);
             }
         }

src/cli/bootupctl.rs

@@ -56,7 +56,7 @@ pub enum CtlVerb {
     #[clap(name = "update", about = "Update all components")]
     Update,
     #[clap(name = "adopt-and-update", about = "Update all adoptable components")]
-    AdoptAndUpdate,
+    AdoptAndUpdate(AdoptAndUpdateOpts),
     #[clap(name = "validate", about = "Validate system state")]
     Validate,
     #[clap(
@@ -88,13 +88,20 @@ pub struct StatusOpts {
     json: bool,
 }
 
+#[derive(Debug, Parser)]
+pub struct AdoptAndUpdateOpts {
+    /// Install the static GRUB config files
+    #[clap(long, action)]
+    with_static_config: bool,
+}
+
 impl CtlCommand {
     /// Run CLI application.
     pub fn run(self) -> Result<()> {
         match self.cmd {
             CtlVerb::Status(opts) => Self::run_status(opts),
             CtlVerb::Update => Self::run_update(),
-            CtlVerb::AdoptAndUpdate => Self::run_adopt_and_update(),
+            CtlVerb::AdoptAndUpdate(opts) => Self::run_adopt_and_update(opts),
             CtlVerb::Validate => Self::run_validate(),
             CtlVerb::Backend(CtlBackend::Generate(opts)) => {
                 super::bootupd::DCommand::run_generate_meta(opts)
@@ -133,9 +140,9 @@ impl CtlCommand {
     }
 
     /// Runner for `update` verb.
-    fn run_adopt_and_update() -> Result<()> {
+    fn run_adopt_and_update(opts: AdoptAndUpdateOpts) -> Result<()> {
         ensure_running_in_systemd()?;
-        bootupd::client_run_adopt_and_update()
+        bootupd::client_run_adopt_and_update(opts.with_static_config)
     }
 
     /// Runner for `validate` verb.

src/component.rs

@@ -31,11 +31,15 @@ pub(crate) trait Component {
     /// and "synthesize" content metadata from it.
     fn query_adopt(&self, devices: &Option<Vec<String>>) -> Result<Option<Adoptable>>;
 
+    // Backup the current grub config, and install static grub config from tree
+    fn migrate_static_grub_config(&self, sysroot_path: &str, destdir: &openat::Dir) -> Result<()>;
+
     /// Given an adoptable system and an update, perform the update.
     fn adopt_update(
         &self,
         rootcxt: &RootContext,
         update: &ContentMetadata,
+        with_static_config: bool,
     ) -> Result<Option<InstalledContent>>;
 
     /// Implementation of `bootupd install` for a given component.  This should

src/efi.rs

@@ -24,7 +24,7 @@ use crate::bootupd::RootContext;
 use crate::model::*;
 use crate::ostreeutil;
 use crate::util;
-use crate::{blockdev, filetree};
+use crate::{blockdev, filetree, grubconfigs};
 use crate::{component::*, packagesystem};
 
 /// Well-known paths to the ESP that may have been mounted external to us.
@@ -246,11 +246,41 @@ impl Component for Efi {
         crate::component::query_adopt_state()
     }
 
+    // Backup "/boot/efi/EFI/{vendor}/grub.cfg" to "/boot/efi/EFI/{vendor}/grub.cfg.bak"
+    // Replace "/boot/efi/EFI/{vendor}/grub.cfg" with new static "grub.cfg"
+    fn migrate_static_grub_config(&self, sysroot_path: &str, destdir: &openat::Dir) -> Result<()> {
+        let sysroot =
+            openat::Dir::open(sysroot_path).with_context(|| format!("Opening {sysroot_path}"))?;
+        let Some(vendor) = self.get_efi_vendor(&sysroot)? else {
+            anyhow::bail!("Failed to find efi vendor");
+        };
+
+        // destdir is /boot/efi/EFI
+        let efidir = destdir
+            .sub_dir(&vendor)
+            .with_context(|| format!("Opening EFI/{}", vendor))?;
+
+        if !efidir.exists(grubconfigs::GRUBCONFIG_BACKUP)? {
+            println!("Creating a backup of the current GRUB config on EFI");
+            efidir
+                .copy_file(grubconfigs::GRUBCONFIG, grubconfigs::GRUBCONFIG_BACKUP)
+                .context("Failed to backup GRUB config")?;
+        }
+
+        grubconfigs::install(&sysroot, Some(&vendor), true)?;
+        // Synchronize the filesystem containing /boot/efi/EFI/{vendor} to disk.
+        // (ignore failures)
+        let _ = efidir.syncfs();
+
+        Ok(())
+    }
+
     /// Given an adoptable system and an update, perform the update.
     fn adopt_update(
         &self,
         rootcxt: &RootContext,
         updatemeta: &ContentMetadata,
+        with_static_config: bool,
     ) -> Result<Option<InstalledContent>> {
         let esp_devices = blockdev::find_colocated_esps(&rootcxt.devices)?;
         let Some(meta) = self.query_adopt(&esp_devices)? else {
@@ -276,6 +306,19 @@ impl Component for Efi {
             filetree::apply_diff(&updated, &efidir, &diff, None)
                 .context("applying filesystem changes")?;
 
+            // Backup current config and install static config
+            if with_static_config {
+                // Install the static config if the OSTree bootloader is not set.
+                if let Some(bootloader) = crate::ostreeutil::get_ostree_bootloader()? {
+                    println!(
+                        "ostree repo 'sysroot.bootloader' config option is currently set to: '{bootloader}'",
+                    );
+                } else {
+                    println!("ostree repo 'sysroot.bootloader' config option is not set yet");
+                    self.migrate_static_grub_config(rootcxt.path.as_str(), &efidir)?;
+                };
+            }
+
             // Do the sync before unmount
             efidir.syncfs()?;
             drop(efidir);

src/filetree.rs

@@ -29,6 +29,11 @@ use openat_ext::OpenatDirExt;
     target_arch = "riscv64"
 ))]
 use openssl::hash::{Hasher, MessageDigest};
+#[cfg(any(
+    target_arch = "x86_64",
+    target_arch = "aarch64",
+    target_arch = "riscv64"
+))]
 use rustix::fd::BorrowedFd;
 use serde::{Deserialize, Serialize};
 #[allow(unused_imports)]
@@ -40,8 +45,6 @@ use std::fmt::Display;
     target_arch = "riscv64"
 ))]
 use std::os::unix::io::AsRawFd;
-use std::os::unix::process::CommandExt;
-use std::process::Command;
 
 /// The prefix we apply to our temporary files.
 #[cfg(any(
@@ -339,6 +342,8 @@ pub(crate) struct ApplyUpdateOptions {
 ))]
 fn copy_dir(root: &openat::Dir, src: &str, dst: &str) -> Result<()> {
     use bootc_utils::CommandRunExt;
+    use std::os::unix::process::CommandExt;
+    use std::process::Command;
 
     let rootfd = unsafe { BorrowedFd::borrow_raw(root.as_raw_fd()) };
     unsafe {

src/grubconfigs.rs

@@ -13,7 +13,10 @@ use crate::freezethaw::fsfreeze_thaw_cycle;
 const GRUB2DIR: &str = "grub2";
 const CONFIGDIR: &str = "/usr/lib/bootupd/grub2-static";
 const DROPINDIR: &str = "configs.d";
+// The related grub files
 const GRUBENV: &str = "grubenv";
+pub(crate) const GRUBCONFIG: &str = "grub.cfg";
+pub(crate) const GRUBCONFIG_BACKUP: &str = "grub.cfg.backup";
 
 /// Install the static GRUB config files.
 #[context("Installing static GRUB configs")]
@@ -109,6 +112,8 @@ pub(crate) fn install(
                 println!("Installed: {target:?}");
             }
             fsfreeze_thaw_cycle(efidir.open_file(".")?)?;
+        } else {
+            println!("Could not find /boot/efi/EFI when installing {target:?}");
         }
     }