feat(arm,bootloader,efi): use separate BLS directory for upgrades

Michal Hecko · Michal Hecko · commit 4b16b71e48fa · 2025-01-20T16:13:51.000+01:00
Use a separate BLS directory '/boot/upgrade-loader/entries'
that mimics '/boot/loader/entries'. This allows very fine
control of what boot entries are available when booting
into upgrade environment via a separate EFI entry.
diff --git a/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py b/repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py
@@ -1,11 +1,13 @@
 import itertools
 import os
 import re
+import shutil
 
 from leapp.exceptions import StopActorExecutionError
 from leapp.libraries.common.config import architecture, get_env
 from leapp.libraries.stdlib import api, CalledProcessError, run
 from leapp.models import (
+    ArmWorkaroundEFIBootloaderInfo,
     BootContent,
     KernelCmdline,
     KernelCmdlineArg,
@@ -197,6 +199,8 @@ def run_commands_adding_entry(extra_command_suffix=None):
            details={'details': '{}: {}'.format(str(e), e.stderr)}
         )
 
+    apply_arm_specific_modifications()
+
 
 def _remove_old_upgrade_boot_entry(kernel_dst_path, configs=None):
     """
@@ -357,3 +361,88 @@ def construct_cmdline_args_for_livemode():
     api.current_logger().info('The use of live mode image implies the following cmdline args: %s', args)
 
     return args
+
+
+def _list_grubenv_variables():
+    try:
+        output_lines = run(['grub2-editenv', 'list'], split=True)['stdout']
+    except CalledProcessError:
+        raise StopActorExecutionError('Failed to list grubenv variables used by the system')
+
+    vars_with_values = {}
+    for line in output_lines:
+        var_with_value = line.split('=', 1)
+        if len(var_with_value) <= 1:
+            api.current_logger().warning(
+                'Skipping \'{}\' in grub2-editenv output, the line does not have the form <var>=<value>'
+            )
+            continue
+        vars_with_values[var_with_value[0]] = var_with_value[1]
+
+    return vars_with_values
+
+
+def apply_arm_specific_modifications():
+    arm_efi_info = next(api.consume(ArmWorkaroundEFIBootloaderInfo), None)
+    if not arm_efi_info:
+        return
+
+    modify_our_grubenv_to_have_separate_blsdir(arm_efi_info)
+
+
+def modify_our_grubenv_to_have_separate_blsdir(efi_info):
+    """ Create a new blsdir for the upgrade entry if using a separate EFI entry. """
+    leapp_efi_grubenv_path = os.path.join(efi_info.upgrade_entry_efi_path, 'grub.cfg')
+
+    api.current_logger().debug(
+        'Setting up separate blsdir for the upgrade using grubenv: {}'.format(leapp_efi_grubenv_path)
+    )
+
+    grubenv_vars = _list_grubenv_variables()
+    system_bls_dir = grubenv_vars.get('blsdir', '/boot/loader/entries')
+
+    # Find our loader enty
+    try:
+        bls_entries = os.listdir(system_bls_dir)
+    except FileNotFoundError:
+        details = {
+            'details': 'Failed to list {}.'.format(system_bls_dir)
+        }
+        raise StopActorExecutionError('Failed to set up bootloader for the upgrade.', details=details)
+
+    leapp_bls_entry = None
+    for bls_entry in bls_entries:
+        if bls_entry.endswith('upgrade.aarch64.conf'):
+            leapp_bls_entry = bls_entry
+            break
+
+    if not leapp_bls_entry:
+        details = {
+            'details': 'Failed to identify BLS entry that belongs to leapp in {}'.format(system_bls_dir)
+        }
+        raise StopActorExecutionError('Failed to set up bootloader for the upgrade.')
+
+    # The 'blsdir' grubenv variable specifies location of bls directory relative to /boot
+    os.makedirs(efi_info.upgrade_bls_dir)
+    api.current_logger().debug('Successfully created upgrade BLS directory: {}'.format(efi_info.upgrade_bls_dir))
+
+    leapp_bls_entry_fullpath = os.path.join(system_bls_dir, leapp_bls_entry)
+    bls_entry_dst = os.path.join(efi_info.upgrade_bls_dir, leapp_bls_entry)
+    api.current_logger().debug(
+        'Moving leapp\'s BLS entry ({}) into a separate BLS dir located at {}'.format(
+            leapp_bls_entry, efi_info.upgrade_bls_dir
+        )
+    )
+
+    shutil.move(leapp_bls_entry_fullpath, bls_entry_dst)
+
+    upgrade_bls_dir_rel_to_boot = efi_info.upgrade_bls_dir[len('/boot'):]
+
+    # Modify leapp's grubenv to define our own BLSDIR
+    try:
+        run(['grub2-editenv', leapp_efi_grubenv_path, 'set', 'blsdir="{}"'.format(upgrade_bls_dir_rel_to_boot)])
+    except CalledProcessError as error:
+        details = {
+            'details': 'Failed to modify upgrade grubenv to contain a custom blsdir definition. Error {}'.format(error)
+        }
+        raise StopActorExecutionError('Failed to set up bootloader for the upgrade.', details=details)
diff --git a/repos/system_upgrade/el8toel9/actors/addarmbootloaderworkaround/libraries/addupgradebootloader.py b/repos/system_upgrade/el8toel9/actors/addarmbootloaderworkaround/libraries/addupgradebootloader.py
@@ -24,6 +24,7 @@
 EFI_MOUNTPOINT = '/boot/efi/'
 LEAPP_EFIDIR_CANONICAL_PATH = os.path.join(EFI_MOUNTPOINT, 'EFI/leapp/')
 RHEL_EFIDIR_CANONICAL_PATH = os.path.join(EFI_MOUNTPOINT, 'EFI/redhat/')
+UPGRADE_BLS_DIR = '/boot/upgrade-loader/entries'
 
 CONTAINER_DOWNLOAD_DIR = '/tmp_pkg_download_dir'
 
@@ -63,7 +64,6 @@ def process():
         current_boot_entry = efibootinfo.entries[efibootinfo.current_bootnum]
         upgrade_boot_entry = _add_upgrade_boot_entry(efibootinfo)
 
-        leapp_efi_grubenv = os.path.join(EFI_MOUNTPOINT, LEAPP_EFIDIR_CANONICAL_PATH, 'grubenv')
         patch_efi_redhat_grubcfg_to_load_correct_grubenv()
 
         _set_bootnext(upgrade_boot_entry.boot_number)
@@ -73,6 +73,8 @@ def process():
             ArmWorkaroundEFIBootloaderInfo(
                 original_entry=EFIBootEntry(**{f: getattr(current_boot_entry, f) for f in efibootentry_fields}),
                 upgrade_entry=EFIBootEntry(**{f: getattr(upgrade_boot_entry, f) for f in efibootentry_fields}),
+                upgrade_bls_dir=UPGRADE_BLS_DIR,
+                upgrade_entry_efi_path=os.path.join(EFI_MOUNTPOINT, LEAPP_EFIDIR_CANONICAL_PATH),
             )
         )
 
@@ -224,10 +226,9 @@ def patch_efi_redhat_grubcfg_to_load_correct_grubenv():
                'We cannot reliably tell whether we will boot into our entry or not.')
         api.current_logger().info(msg)
         _notify_user_to_check_grub2_cfg()
+        return
 
     api.current_logger().info('Current grub2.cfg is known to be faulty (would not read our grubenv), patching.')
 
     patched_grub2_cfg_path = api.get_actor_file_path(PATCHED_EFI_GRUB2_CFG)
     shutil.copy(patched_grub2_cfg_path, leapp_grub_cfg_path)
-
-
diff --git a/repos/system_upgrade/el8toel9/models/upgradeefientry.py b/repos/system_upgrade/el8toel9/models/upgradeefientry.py
@@ -12,3 +12,19 @@ class ArmWorkaroundEFIBootloaderInfo(Model):
     original_entry = fields.Model(EFIBootEntry)
 
     upgrade_entry = fields.Model(EFIBootEntry)
+
+    upgrade_bls_dir = fields.String()
+    """
+    Path to custom BLS dir used by the upgrade EFI bootloader
+
+    The path is absolute w.r.t. '/'. The actual value of the 'blsdir' variable
+    that is set in the upgrade grubenv will be relative to '/boot/'.
+    """
+
+    upgrade_entry_efi_path = fields.String()
+    """
+    Full path to the folder containing EFI binaries for the upgrade entry. 
+
+    Example:
+        /boot/efi/EFI/leapp
+    """
