Handle ostree's non-writable /etc/kernel

Signed-off-by: Robbie Harwood <rharwood@redhat.com>
2022-08-17 16:09:22 +00:00 · 2022-08-17 16:09:22 +00:00 · 714559fb3d
commit 714559fb3d
parent bb8ac90efb
3 changed files with 62 additions and 1 deletions
--- a/0280-squish-BLS-only-write-etc-kernel-cmdline-if-writable.patch
+++ b/0280-squish-BLS-only-write-etc-kernel-cmdline-if-writable.patch
@ -0,0 +1,57 @@
 From 0000000000000000000000000000000000000000 Mon Sep 17 00:00:00 2001
 From: Jonathan Lebon <jonathan@jlebon.com>
 Date: Wed, 17 Aug 2022 10:26:03 -0400
 Subject: [PATCH] squish: BLS: only write /etc/kernel/cmdline if writable
 On OSTree systems, `grub2-mkconfig` is run with `/etc` mounted read-only
 because as part of the promise of transactional updates, we want to make
 sure that we're not modifying the current deployment's state (`/etc` or
 `/var`).
 This conflicts with 0837dcdf1 ("BLS: create /etc/kernel/cmdline during
 mkconfig") which wants to write to `/etc/kernel/cmdline`. I'm not
 exactly sure on the background there, but based on the comment I think
 the intent is to fulfill grubby's expectation that the file exists.
 However, in systems like Silverblue, kernel arguments are managed by the
 rpm-ostree stack and grubby is not shipped at all.
 Adjust the script slightly so that we only write `/etc/kernel/cmdline`
 if the parent directory is writable.
 In the future, we're hoping to simplify things further on rpm-ostree
 systems by not running `grub2-mkconfig` at all since libostree already
 directly writes BLS entries. Doing that would also have avoided this,
 but ratcheting it into existing systems needs more careful thought.
 Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>
 Fixes: https://github.com/fedora-silverblue/issue-tracker/issues/322
 ---
 util/grub.d/10_linux.in | 13 +++++++------
 1 file changed, 7 insertions(+), 6 deletions(-)
 diff --git a/util/grub.d/10_linux.in b/util/grub.d/10_linux.in
 index 5ad624bfec..e5e87a6d80 100644
 --- a/util/grub.d/10_linux.in
 +++ b/util/grub.d/10_linux.in
@@ -161,12 +161,13 @@ update_bls_cmdline()
     local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
     local -a files=($(get_sorted_bls))
 -    if [[ ! -f /etc/kernel/cmdline ]] ||
 -	   [[ /etc/kernel/cmdline -ot /etc/default/grub ]]; then
 -	# anaconda has the correct information to create this during install;
 -	# afterward, grubby will take care of syncing on updates.  If the user
 -	# has modified /etc/default/grub, try to cope.
 -	echo "$cmdline" > /etc/kernel/cmdline
 +    if [ -w /etc/kernel ] &&
 +           [[ ! -f /etc/kernel/cmdline ||
 +                  /etc/kernel/cmdline -ot /etc/default/grub ]]; then
 +        # anaconda has the correct information to create this during install;
 +        # afterward, grubby will take care of syncing on updates.  If the user
 +        # has modified /etc/default/grub, try to cope.
 +        echo "$cmdline" > /etc/kernel/cmdline
     fi
     for bls in "${files[@]}"; do
--- a/grub.patches
+++ b/grub.patches
@ -277,3 +277,4 @@ Patch0276: 0276-BLS-create-etc-kernel-cmdline-during-mkconfig.patch
 Patch0277: 0277-Try-reserving-less-ram.patch
 Patch0278: 0278-squish-don-t-dup-rhgb-quiet-check-mtimes.patch
 Patch0279: 0279-squish-give-up-on-rhgb-quiet.patch
 Patch0280: 0280-squish-BLS-only-write-etc-kernel-cmdline-if-writable.patch
--- a/grub2.spec
+++ b/grub2.spec
@ -17,7 +17,7 @@
 Name:		grub2
 Epoch:		1
 Version:	2.06
-Release:	51%{?dist}
+Release:	52%{?dist}
 Summary:	Bootloader with support for Linux, Multiboot and more
 License:	GPLv3+
 URL:		http://www.gnu.org/software/grub/
@ -530,6 +530,9 @@ mv ${EFI_HOME}/grub.cfg.stb ${EFI_HOME}/grub.cfg
 %endif
 %changelog
 * Wed Aug 17 2022 Robbie Harwood <rharwood@redhat.com> - 2.06-52
 - Handle ostree's non-writable /etc/kernel
 * Wed Aug 17 2022 Robbie Harwood <rharwood@redhat.com> - 2.06-51
 - Give up on rhgb quiet