sig_cloud/diskimage-builder
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
3294aecca2
diskimage-builder/diskimage_builder/elements/bootloader/finalise.d/50-bootloader
Clark Boylan 3294aecca2 Properly set grub2 root device when using efi 
We've noticed that centos8 arm64 images have a root devices of
/dev/mapper/loop7p3 which make sense within a dib image build context
but not at boot time. Dib intends to use labels to set the root device
but when efi is used we end up running grub2-mkconfig against the efi
grub config path before we configure grub to use labels.

Fix this by running grub2-mkconfig after its configuration is set.
This should avoid confusion and complicated paths through the scripts
that configure this for us. We then copy the resulting config to the efi
specific grub.cfg location for platforms that have it.

There is also a small refactoring that is done to try and make the ~3
boot variants more clear:

 1) Booting with legacy bios
 2) Booting with uefi without a signed shim that directly calls grub
 3) Booting with uefi and a signed shim that calls grub

Options 1 and 2 share the /boot/grub*/grub.cfg file. Option 3 needs its
grub.cfg to live alongside distro specific efi target.

Change-Id: Ie9790da9d1bbea58197b37b15a48e77f8a93c1ac
2021-04-07 15:46:10 -07:00

279 lines
11 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
# Configure grub. Note that the various conditionals here are to handle
# different distributions gracefully.
if [ ${DIB_DEBUG_TRACE:-1} -gt 0 ]; then
set -x
fi
set -eu
set -o pipefail
BOOT_DEV=$IMAGE_BLOCK_DEVICE
# All available devices, handy for some bootloaders...
declare -A DEVICES
eval DEVICES=( $IMAGE_BLOCK_DEVICES )
function install_extlinux {
install-packages -m bootloader extlinux
echo "Installing Extlinux..."
# Find and install mbr.bin
for MBR in /usr/share/syslinux/mbr.bin /usr/lib/syslinux/mbr.bin \
/usr/lib/extlinux/mbr.bin /usr/lib/EXTLINUX/mbr.bin ; do
if [ -f $MBR ]; then
break
fi
done
if [ ! -f $MBR ]; then
echo "mbr.bin (from EXT/SYSLINUX) not found."
exit 1
fi
dd if=$MBR of=$BOOT_DEV
# Find any pre-created extlinux install directory
for EXTDIR in /boot/extlinux /boot/syslinux ; do
if [ -d $EXTDIR ] ; then
break
fi
done
if [ ! -d $EXTDIR ] ; then
# No install directory found so default to /boot/syslinux
EXTDIR=/boot/syslinux
mkdir -p $EXTDIR
fi
# Finally install extlinux
extlinux --install $EXTDIR
}
function install_grub2 {
# Check for offline installation of grub
if [ -f "/tmp/grub/install" ] ; then
source /tmp/grub/install
# Right now we can't use pkg-map to branch by arch, so tag an
# architecture specific virtual package so we can install the
# rigth thing based on distribution.
elif [[ "$ARCH" =~ "ppc" ]]; then
install-packages -m bootloader grub-ppc64
elif [[ "${DIB_BLOCK_DEVICE}" == "mbr" ||
"${DIB_BLOCK_DEVICE}" == "gpt" ]]; then
install-packages -m bootloader grub-pc
elif [[ "${DIB_BLOCK_DEVICE}" == "efi" ]]; then
install-packages -m bootloader grub-efi-$ARCH
else
echo "Failure: I'm not sure what bootloader to install"
echo "Ensure you have included a block-device-* element"
exit 1
fi
# XXX: grub-probe on the nbd0/loop0 device returns nothing - workaround, manually
# specify modules. https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1073731
GRUBNAME=$(type -p grub-install) || echo "trying grub2-install"
if [ -z "$GRUBNAME" ]; then
GRUBNAME=$(type -p grub2-install)
fi
if type grub2-mkconfig >/dev/null; then
GRUB_MKCONFIG="grub2-mkconfig"
else
GRUB_MKCONFIG="grub-mkconfig"
fi
# If no GRUB2 is found, fallback to extlinux
if [ -z "$GRUBNAME" ] || [ $($GRUBNAME --version | grep "0.97" | wc -l) -ne 0 ]; then
echo "No GRUB2 found. Fallback to Extlinux..."
install_extlinux
exit 0
fi
echo "Installing GRUB2..."
# When using EFI image-based builds, particularly rhel element
# based on RHEL>=8.2 .qcow2, we might have /boot/grub2/grubenv
# as a dangling symlink to /boot/efi because we have extracted
# it from the root fs, but we didn't populate the separate EFI
# boot partition from the image. grub2-install calls rename()
# on this file, so if it's a dangling symlink it errors. Just
# remove it if it exists.
if [[ -L /boot/grub2/grubenv ]]; then
rm -f /boot/grub2/grubenv
fi
# We need --force so grub does not fail due to being installed on the
# root partition of a block device.
GRUB_OPTS=${GRUB_OPTS:-"--force"}
# XXX: This is buggy:
# - --target=i386-pc is invalid for non-i386/amd64 architectures
# - and for UEFI too.
# GRUB_OPTS="$GRUB_OPTS --target=i386-pc"
if [[ ! $GRUB_OPTS == *--target* ]] && [[ $($GRUBNAME --version) =~ ' 2.' ]]; then
# /sys/ comes from the host machine. If the host machine is using EFI
# but the image being built doesn't have EFI boot-images installed we
# should set the --target to use a BIOS-based boot-image.
#
# * --target tells grub what's the target platform
# * the boot images are placed in /usr/lib/grub/<cpu>-<platform>
# * i386-pc is used for BIOS-based machines
# http://www.gnu.org/software/grub/manual/grub.html#Installation
#
if [ -d /sys/firmware/efi ]; then
if [ ! -d /usr/lib/grub/*-efi ]; then
case $ARCH in
"x86_64"|"amd64")
GRUB_OPTS="$GRUB_OPTS --target=i386-pc"
;;
"i386")
target=i386-pc
if [ -e /proc/device-tree ]; then
for x in /proc/device-tree/*; do
if [ -e "$x" ]; then
target="i386-ieee1275"
fi
done
fi
GRUB_OPTS="$GRUB_OPTS --target=$target"
;;
esac
fi
fi
fi
if [[ "$ARCH" =~ "ppc" ]] ; then
# For PPC (64-Bit regardless of Endian-ness), we use the "boot"
# partition as the one to point grub-install to, not the loopback
# device. ppc has a dedicated PReP boot partition.
# For grub2 < 2.02~beta3 this needs to be a /dev/mapper/... node after
# that a dev/loopXpN node will work fine.
$GRUBNAME --modules="part_msdos" $GRUB_OPTS ${DEVICES[boot]} --no-nvram
else
# This set of modules is sufficient for all installs (mbr/gpt/efi)
modules="part_msdos part_gpt lvm"
if [[ ${DIB_BLOCK_DEVICE} == "mbr" || ${DIB_BLOCK_DEVICE} == "gpt" ]]; then
$GRUBNAME --modules="$modules biosdisk" $GRUB_OPTS $BOOT_DEV
elif [[ ${DIB_BLOCK_DEVICE} == "efi" ]]; then
# We need to manually set the target if it's different to
# the host. Setup for EFI
case $ARCH in
"x86_64"|"amd64")
# This call installs grub for BIOS compatability
# which makes portable EFI/BIOS images.
$GRUBNAME --modules="$modules" --target=i386-pc $BOOT_DEV
# Set the x86_64 specific efi target for the generic
# installation below.
GRUB_OPTS="--target=x86_64-efi"
;;
# At this point, we don't need to override the target
# for any other architectures.
esac
# If we don't have a distro specific dir with presigned efi targets
# we install a generic one.
if [ ! -d /boot/efi/$EFI_BOOT_DIR ]; then
echo "WARNING: /boot/efi/$EFI_BOOT_DIR does not exist, UEFI secure boot not supported"
# This tells the EFI install to put the EFI binaries into
# the generic /BOOT directory and avoids trying to update
# nvram settings.
extra_options="--removable"
$GRUBNAME --modules="$modules" $extra_options $GRUB_OPTS $BOOT_DEV
fi
fi
fi
# This might be better factored out into a per-distro 'install-bootblock'
# helper.
if [ -d /boot/grub2 ]; then
GRUB_CFG=/boot/grub2/grub.cfg
elif [ -d /boot/grub ]; then
GRUB_CFG=/boot/grub/grub.cfg
fi
# Override the root device to the default label, and disable uuid
# lookup.
echo "GRUB_DEVICE=LABEL=${DIB_ROOT_LABEL}" >> /etc/default/grub
echo 'GRUB_DISABLE_LINUX_UUID=true' >> /etc/default/grub
echo "GRUB_TIMEOUT=${DIB_GRUB_TIMEOUT:-5}" >>/etc/default/grub
echo 'GRUB_TERMINAL="serial console"' >>/etc/default/grub
echo 'GRUB_GFXPAYLOAD_LINUX=auto' >>/etc/default/grub
if [[ -n "${DIB_BOOTLOADER_SERIAL_CONSOLE}" ]]; then
SERIAL_CONSOLE="${DIB_BOOTLOADER_SERIAL_CONSOLE}"
elif [[ "powerpc ppc64 ppc64le" =~ "$ARCH" ]]; then
# Serial console on Power is hvc0
SERIAL_CONSOLE="hvc0"
elif [[ "arm64" =~ "$ARCH" ]]; then
SERIAL_CONSOLE="ttyAMA0,115200"
else
SERIAL_CONSOLE="ttyS0,115200"
fi
GRUB_CMDLINE_LINUX_DEFAULT="console=tty0 console=${SERIAL_CONSOLE} no_timer_check"
echo "GRUB_CMDLINE_LINUX_DEFAULT=\"${GRUB_CMDLINE_LINUX_DEFAULT} ${DIB_BOOTLOADER_DEFAULT_CMDLINE}\"" >>/etc/default/grub
echo 'GRUB_SERIAL_COMMAND="serial --speed=115200 --unit=0 --word=8 --parity=no --stop=1"' >>/etc/default/grub
# os-prober leaks /dev/sda into config file in dual-boot host
# Disable grub-os-prober to avoid the issue while running
# grub-mkconfig
# Setting a flag to track whether the entry is already there in grub config
PROBER_DISABLED=
if ! grep -qe "^\s*GRUB_DISABLE_OS_PROBER=true" /etc/default/grub; then
PROBER_DISABLED=true
echo 'GRUB_DISABLE_OS_PROBER=true' >> /etc/default/grub
fi
# GRUB_MKCONFIG call needs to happen after we configure
# /etc/default/grub above. Without this we can set inappropriate
# root device labels and then images don't boot.
#
# This produces a legacy config which both bios and uefi can boot
# Later we copy the final config to an efi specific location to
# support uefi specific functionality like secure boot.
$GRUB_MKCONFIG -o $GRUB_CFG
# Remove the fix to disable os_prober
if [ -n "$PROBER_DISABLED" ]; then
sed -i '$d' /etc/default/grub
fi
# grub-mkconfig generates a config with the device in it,
# This shouldn't be needed, but old code has bugs
DIB_RELEASE=${DIB_RELEASE:-}
if [ "$DIB_RELEASE" = 'wheezy' ]; then
sed -i "s%search --no.*%%" $GRUB_CFG
sed -i "s%set root=.*%set root=(hd0,1)%" $GRUB_CFG
fi
# Fix efi specific instructions in grub config file
if [ -d /sys/firmware/efi ]; then
sed -i 's%\(initrd\|linux\)efi /boot%\1 /boot%g' $GRUB_CFG
fi
# when using efi, and having linux16/initrd16, it needs to be replaced
# by linuxefi/initrdefi. When building images on a non-efi system,
# the 16 suffix is added to linux/initrd entries, but we need it to be
# linuxefi/initrdefi for the image to boot under efi
if [[ ${DIB_BLOCK_DEVICE} == "efi" ]]; then
sed -i 's%\(linux\|initrd\)16 /boot%\1efi /boot%g' $GRUB_CFG
# Finally copy the grub.cfg to the EFI specific dir to support
# functionality like secure boot. We make a copy because
# /boot and /boot/efi may be different partitions and uefi looks
# for a specific partition UUID preventing symlinks from working.
if [ -d /boot/efi/$EFI_BOOT_DIR ] ; then
cp $GRUB_CFG /boot/efi/$EFI_BOOT_DIR/grub.cfg
fi
fi
}
DIB_EXTLINUX=${DIB_EXTLINUX:-0}
if [ "$DIB_EXTLINUX" != "0" ]; then
install_extlinux
else
install_grub2
fi
Reference in New Issue View Git Blame Copy Permalink