feat(arm,bootloader,efi): use separate BLS directory for upgrades

Use a separate BLS directory '/boot/upgrade-loader/entries'
that mimics '/boot/loader/entries'. This allows very fine
control of what boot entries are available when booting
into upgrade environment via a separate EFI entry.

Author: Michal Hecko

repos/system_upgrade/common/actors/addupgradebootentry/actor.py

@@ -4,6 +4,7 @@
 from leapp.exceptions import StopActorExecutionError
 from leapp.libraries.actor.addupgradebootentry import add_boot_entry, fix_grub_config_error
 from leapp.models import (
+    ArmWorkaroundEFIBootloaderInfo,
     BootContent,
     FirmwareFacts,
     GrubConfigError,
@@ -28,6 +29,7 @@ class AddUpgradeBootEntry(Actor):
 
     name = 'add_upgrade_boot_entry'
     consumes = (
+        ArmWorkaroundEFIBootloaderInfo,
         BootContent,
         GrubConfigError,
         FirmwareFacts,

repos/system_upgrade/common/actors/addupgradebootentry/libraries/addupgradebootentry.py

@@ -1,11 +1,13 @@
 import itertools
 import os
 import re
+import shutil
 
 from leapp.exceptions import StopActorExecutionError
 from leapp.libraries.common.config import architecture, get_env
 from leapp.libraries.stdlib import api, CalledProcessError, run
 from leapp.models import (
+    ArmWorkaroundEFIBootloaderInfo,
     BootContent,
     KernelCmdline,
     KernelCmdlineArg,
@@ -197,6 +199,8 @@ def run_commands_adding_entry(extra_command_suffix=None):
            details={'details': '{}: {}'.format(str(e), e.stderr)}
         )
 
+    apply_arm_specific_modifications()
+
 
 def _remove_old_upgrade_boot_entry(kernel_dst_path, configs=None):
     """
@@ -357,3 +361,96 @@ def construct_cmdline_args_for_livemode():
     api.current_logger().info('The use of live mode image implies the following cmdline args: %s', args)
 
     return args
+
+
+def _list_grubenv_variables():
+    try:
+        output_lines = run(['grub2-editenv', 'list'], split=True)['stdout']
+    except CalledProcessError:
+        raise StopActorExecutionError('Failed to list grubenv variables used by the system')
+
+    vars_with_values = {}
+    for line in output_lines:
+        var_with_value = line.split('=', 1)
+        if len(var_with_value) <= 1:
+            api.current_logger().warning(
+                'Skipping \'{}\' in grub2-editenv output, the line does not have the form <var>=<value>'
+            )
+            continue
+        vars_with_values[var_with_value[0]] = var_with_value[1]
+
+    return vars_with_values
+
+
+def apply_arm_specific_modifications():
+    arm_efi_info = next(api.consume(ArmWorkaroundEFIBootloaderInfo), None)
+    if not arm_efi_info:
+        return
+
+    modify_our_grubenv_to_have_separate_blsdir(arm_efi_info)
+
+
+def modify_our_grubenv_to_have_separate_blsdir(efi_info):
+    """ Create a new blsdir for the upgrade entry if using a separate EFI entry. """
+    leapp_efi_grubenv_path = os.path.join(efi_info.upgrade_entry_efi_path, 'grubenv')
+
+    api.current_logger().debug(
+        'Setting up separate blsdir for the upgrade using grubenv: {}'.format(leapp_efi_grubenv_path)
+    )
+
+    grubenv_vars = _list_grubenv_variables()
+    system_bls_dir = grubenv_vars.get('blsdir', '/loader/entries').lstrip('/')
+
+    # BLS dir is relative to /boot, prepend it so we can list its contents
+    system_bls_dir = os.path.join('/boot', system_bls_dir)
+
+    # Find our loader entry
+    try:
+        bls_entries = os.listdir(system_bls_dir)
+    except IOError:  # Technically, we want FileNotFoundError, but that is only Python3.3+, so this is fine
+        details = {
+            'details': 'Failed to list {}.'.format(system_bls_dir)
+        }
+        raise StopActorExecutionError('Failed to set up bootloader for the upgrade.', details=details)
+
+    leapp_bls_entry = None
+    for bls_entry in bls_entries:
+        if bls_entry.endswith('upgrade.aarch64.conf'):
+            leapp_bls_entry = bls_entry
+            break
+
+    if not leapp_bls_entry:
+        details = {
+            'details': 'Failed to identify BLS entry that belongs to leapp in {}'.format(system_bls_dir)
+        }
+        raise StopActorExecutionError('Failed to set up bootloader for the upgrade.')
+
+    # The 'blsdir' grubenv variable specifies location of bls directory relative to /boot
+    if os.path.exists(efi_info.upgrade_bls_dir):
+        msg = 'The {} directory exists, probably a left-over from previous executions. Removing.'
+        api.current_logger().debug(msg.format(efi_info.upgrade_bls_dir))
+        shutil.rmtree(efi_info.upgrade_bls_dir)
+
+    os.makedirs(efi_info.upgrade_bls_dir)
+    api.current_logger().debug('Successfully created upgrade BLS directory: {}'.format(efi_info.upgrade_bls_dir))
+
+    leapp_bls_entry_fullpath = os.path.join(system_bls_dir, leapp_bls_entry)
+    bls_entry_dst = os.path.join(efi_info.upgrade_bls_dir, leapp_bls_entry)
+    api.current_logger().debug(
+        'Moving leapp\'s BLS entry ({}) into a separate BLS dir located at {}'.format(
+            leapp_bls_entry, efi_info.upgrade_bls_dir
+        )
+    )
+
+    shutil.move(leapp_bls_entry_fullpath, bls_entry_dst)
+
+    upgrade_bls_dir_rel_to_boot = efi_info.upgrade_bls_dir[len('/boot'):]
+
+    # Modify leapp's grubenv to define our own BLSDIR
+    try:
+        run(['grub2-editenv', leapp_efi_grubenv_path, 'set', 'blsdir={}'.format(upgrade_bls_dir_rel_to_boot)])
+    except CalledProcessError as error:
+        details = {
+            'details': 'Failed to modify upgrade grubenv to contain a custom blsdir definition. Error {}'.format(error)
+        }
+        raise StopActorExecutionError('Failed to set up bootloader for the upgrade.', details=details)

repos/system_upgrade/common/actors/addupgradebootentry/tests/unit_test_addupgradebootentry.py

@@ -1,4 +1,5 @@
 import os
+import shutil
 from collections import namedtuple
 
 import pytest
@@ -9,7 +10,9 @@
 from leapp.libraries.common.testutils import CurrentActorMocked, produce_mocked
 from leapp.libraries.stdlib import api
 from leapp.models import (
+    ArmWorkaroundEFIBootloaderInfo,
     BootContent,
+    EFIBootEntry,
     KernelCmdline,
     KernelCmdlineArg,
     LateTargetKernelCmdlineArgTasks,
@@ -326,3 +329,53 @@ def readlink_mock(path):
     uuid = addupgradebootentry._get_device_uuid(path)
 
     assert uuid == 'MY_UUID1'
+
+
+def test_modify_grubenv_to_have_separate_blsdir(monkeypatch):
+    efi_info = ArmWorkaroundEFIBootloaderInfo(
+        original_entry=EFIBootEntry(
+            boot_number='0001',
+            label='Redhat',
+            active=True,
+            efi_bin_source="HD(.*)/File(\\EFI\\redhat\\shimx64.efi)",
+        ),
+        upgrade_entry=EFIBootEntry(
+            boot_number='0002',
+            label='Leapp',
+            active=True,
+            efi_bin_source="HD(.*)/File(\\EFI\\leapp\\shimx64.efi)",
+        ),
+        upgrade_bls_dir='/boot/upgrade-loader/entries',
+        upgrade_entry_efi_path='/boot/efi/EFI/leapp'
+    )
+
+    def list_grubenv_variables_mock():
+        return {
+            'blsdir': '/blsdir'
+        }
+
+    def listdir_mock(dir_path):
+        assert dir_path == '/boot/blsdir'
+        return [
+            '4a9c76478b98444fb5e0fbf533950edf-6.12.5-200.fc41.x86_64.conf',
+            '4a9c76478b98444fb5e0fbf533950edf-upgrade.aarch64.conf',
+        ]
+
+    def assert_path_correct(path):
+        assert path == efi_info.upgrade_bls_dir
+
+    def move_mocked(src, dst):
+        assert src == '/boot/blsdir/4a9c76478b98444fb5e0fbf533950edf-upgrade.aarch64.conf'
+        assert dst == '/boot/upgrade-loader/entries/4a9c76478b98444fb5e0fbf533950edf-upgrade.aarch64.conf'
+
+    def run_mocked(cmd, *arg, **kwargs):
+        assert cmd == ['grub2-editenv', '/boot/efi/EFI/leapp/grubenv', 'set', 'blsdir=/upgrade-loader/entries']
+
+    monkeypatch.setattr(addupgradebootentry, '_list_grubenv_variables', list_grubenv_variables_mock)
+    monkeypatch.setattr(os, 'listdir', listdir_mock)
+    monkeypatch.setattr(os.path, 'exists', assert_path_correct)
+    monkeypatch.setattr(os, 'makedirs', assert_path_correct)
+    monkeypatch.setattr(shutil, 'move', move_mocked)
+    monkeypatch.setattr(addupgradebootentry, 'run', run_mocked)
+
+    addupgradebootentry.modify_our_grubenv_to_have_separate_blsdir(efi_info)

repos/system_upgrade/common/actors/removeupgradebootentry/actor.py

@@ -1,6 +1,6 @@
 from leapp.actors import Actor
 from leapp.libraries.actor.removeupgradebootentry import remove_boot_entry
-from leapp.models import BootContent, FirmwareFacts
+from leapp.models import ArmWorkaroundEFIBootloaderInfo, BootContent, FirmwareFacts
 from leapp.tags import InitRamStartPhaseTag, IPUWorkflowTag
 
 
@@ -12,7 +12,7 @@ class RemoveUpgradeBootEntry(Actor):
     """
 
     name = 'remove_upgrade_boot_entry'
-    consumes = (BootContent, FirmwareFacts)
+    consumes = (ArmWorkaroundEFIBootloaderInfo, BootContent, FirmwareFacts)
     produces = ()
     tags = (IPUWorkflowTag, InitRamStartPhaseTag)
 

repos/system_upgrade/common/actors/removeupgradebootentry/libraries/removeupgradebootentry.py

@@ -1,7 +1,7 @@
 from leapp.exceptions import StopActorExecutionError
 from leapp.libraries.common.config import architecture
 from leapp.libraries.stdlib import api, CalledProcessError, run
-from leapp.models import BootContent, FirmwareFacts
+from leapp.models import ArmWorkaroundEFIBootloaderInfo, BootContent, FirmwareFacts
 
 
 def remove_boot_entry():
@@ -25,6 +25,14 @@ def remove_boot_entry():
             # partitions have been most likely already mounted
             pass
     kernel_filepath = get_upgrade_kernel_filepath()
+
+    arm_bootloader_workaround_info = next(api.consume(ArmWorkaroundEFIBootloaderInfo), None)
+    if arm_bootloader_workaround_info and arm_bootloader_workaround_info.upgrade_bls_dir:
+        # Leapp has a separate BLS dir and grubby will not know about it. We don't need to call
+        # grubby here - we are removing the entire BLS dir in another actor.
+        api.current_logger().debug('Skipping removal of upgrade kernel entry since we are using a separate BLS dir.')
+        return
+
     run([
         '/usr/sbin/grubby',
         '--remove-kernel={0}'.format(kernel_filepath)

repos/system_upgrade/common/actors/removeupgradebootentry/tests/unit_test_removeupgradebootentry.py

@@ -5,29 +5,38 @@
 from leapp.libraries.common.config import architecture
 from leapp.libraries.common.testutils import CurrentActorMocked, logger_mocked
 from leapp.libraries.stdlib import api
-from leapp.models import BootContent, FirmwareFacts
+from leapp.models import ArmWorkaroundEFIBootloaderInfo, BootContent, EFIBootEntry, FirmwareFacts
 
 
 class run_mocked(object):
-    args = []
+    def __init__(self):
+        self.args = []
 
     def __call__(self, args, split=True):
         self.args.append(args)
 
 
 @pytest.mark.parametrize('firmware', ['bios', 'efi'])
 @pytest.mark.parametrize('arch', [architecture.ARCH_X86_64, architecture.ARCH_S390X])
-def test_remove_boot_entry(firmware, arch, monkeypatch):
+@pytest.mark.parametrize('has_separate_bls_dir', [True, False])
+def test_remove_boot_entry(firmware, arch, has_separate_bls_dir, monkeypatch):
     def get_upgrade_kernel_filepath_mocked():
         return '/abc'
 
-    def consume_systemfacts_mocked(*models):
-        yield FirmwareFacts(firmware=firmware)
-
-    monkeypatch.setattr(removeupgradebootentry, 'get_upgrade_kernel_filepath', get_upgrade_kernel_filepath_mocked, )
-    monkeypatch.setattr(api, 'consume', consume_systemfacts_mocked)
+    messages = [FirmwareFacts(firmware=firmware)]
+    if has_separate_bls_dir:
+        some_efi_entry = EFIBootEntry(boot_number='0001', label='entry', active=True, efi_bin_source='')
+        workaround_info = ArmWorkaroundEFIBootloaderInfo(
+            original_entry=some_efi_entry,
+            upgrade_entry=some_efi_entry,
+            upgrade_bls_dir='/boot/upgrade-loader/entries',
+            upgrade_entry_efi_path='/boot/efi/EFI/leapp/'
+        )
+        messages.append(workaround_info)
+
+    monkeypatch.setattr(removeupgradebootentry, 'get_upgrade_kernel_filepath', get_upgrade_kernel_filepath_mocked)
     monkeypatch.setattr(removeupgradebootentry, 'run', run_mocked())
-    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(arch))
+    monkeypatch.setattr(api, 'current_actor', CurrentActorMocked(arch, msgs=messages))
     monkeypatch.setattr(api, 'current_logger', logger_mocked())
 
     removeupgradebootentry.remove_boot_entry()
@@ -36,16 +45,16 @@ def consume_systemfacts_mocked(*models):
     if firmware == 'efi':
         boot_mounts.append(['/bin/mount', '/boot/efi'])
 
-    calls = boot_mounts + [['/usr/sbin/grubby', '--remove-kernel=/abc']]
-    if arch == architecture.ARCH_S390X:
-        calls.append(['/usr/sbin/zipl'])
-    calls.append(['/bin/mount', '-a'])
+    calls = boot_mounts
+    if not has_separate_bls_dir:
+        # If we are using a separate BLS dir (ARM specific), then do not call anything
+        calls += [['/usr/sbin/grubby', '--remove-kernel=/abc']]
+        if arch == architecture.ARCH_S390X:
+            calls.append(['/usr/sbin/zipl'])
+        calls.append(['/bin/mount', '-a'])
 
     assert removeupgradebootentry.run.args == calls
 
-    # clear args for next run
-    del removeupgradebootentry.run.args[:]
-
 
 def test_get_upgrade_kernel_filepath(monkeypatch):
     # BootContent message available

repos/system_upgrade/el8toel9/actors/addarmbootloaderworkaround/libraries/addupgradebootloader.py

@@ -24,6 +24,7 @@
 EFI_MOUNTPOINT = '/boot/efi/'
 LEAPP_EFIDIR_CANONICAL_PATH = os.path.join(EFI_MOUNTPOINT, 'EFI/leapp/')
 RHEL_EFIDIR_CANONICAL_PATH = os.path.join(EFI_MOUNTPOINT, 'EFI/redhat/')
+UPGRADE_BLS_DIR = '/boot/upgrade-loader'
 
 CONTAINER_DOWNLOAD_DIR = '/tmp_pkg_download_dir'
 
@@ -64,7 +65,6 @@ def process():
         current_boot_entry = efibootinfo.entries[efibootinfo.current_bootnum]
         upgrade_boot_entry = _add_upgrade_boot_entry(efibootinfo)
 
-        leapp_efi_grubenv = os.path.join(EFI_MOUNTPOINT, LEAPP_EFIDIR_CANONICAL_PATH, 'grubenv')
         patch_efi_redhat_grubcfg_to_load_correct_grubenv()
 
         _set_bootnext(upgrade_boot_entry.boot_number)
@@ -74,6 +74,8 @@ def process():
             ArmWorkaroundEFIBootloaderInfo(
                 original_entry=EFIBootEntry(**{f: getattr(current_boot_entry, f) for f in efibootentry_fields}),
                 upgrade_entry=EFIBootEntry(**{f: getattr(upgrade_boot_entry, f) for f in efibootentry_fields}),
+                upgrade_bls_dir=UPGRADE_BLS_DIR,
+                upgrade_entry_efi_path=os.path.join(EFI_MOUNTPOINT, LEAPP_EFIDIR_CANONICAL_PATH),
             )
         )
 

repos/system_upgrade/el8toel9/actors/addarmbootloaderworkaround/tests/test_addarmbootloaderworkaround.py

@@ -310,7 +310,7 @@ def mock_add_upgrade_boot_entry(efibootinfo):
     expected = ArmWorkaroundEFIBootloaderInfo(
             original_entry=EFIBootEntry(**{f: getattr(TEST_RHEL_EFI_ENTRY, f) for f in efibootentry_fields}),
             upgrade_entry=EFIBootEntry(**{f: getattr(TEST_UPGRADE_EFI_ENTRY, f) for f in efibootentry_fields}),
-            upgrade_bls_dir='/boot/upgrade-loader/entries',
+            upgrade_bls_dir=addupgradebootloader.UPGRADE_BLS_DIR,
             upgrade_entry_efi_path='/boot/efi/EFI/leapp/',
         )
     actual = api.produce.model_instances[0]
@@ -323,6 +323,7 @@ def test_patch_grubcfg(is_config_ok, monkeypatch):
     expected_grubcfg_path = os.path.join(addupgradebootloader.EFI_MOUNTPOINT,
                                          addupgradebootloader.LEAPP_EFIDIR_CANONICAL_PATH,
                                          'grub.cfg')
+
     def isfile_mocked(path):
         assert expected_grubcfg_path == path
         return True

repos/system_upgrade/el8toel9/actors/removeupgradeefientry/libraries/removeupgradeefientry.py

@@ -54,6 +54,8 @@ def remove_upgrade_efi_entry():
     except CalledProcessError:
         api.current_logger().warning('Unable to remove Leapp upgrade efi files.')
 
+    _remove_upgrade_blsdir(bootloader_info)
+
     original_boot_number = bootloader_info.original_entry.boot_number
     run(['/usr/sbin/efibootmgr', '--bootnext', original_boot_number])
 
@@ -82,7 +84,7 @@ def _copy_file(src_path, dst_path):
 
 def _copy_grub_files(required, optional):
     """
-    Copy grub files from redhat/ dir to the /boot/efi/EFI/leapp/ dir.
+    Copy grub files from /boot/efi/EFI/leapp/ dir to the /boot/efi/EFI/redhat/ dir.
     """
 
     all_files = required + optional
@@ -98,3 +100,13 @@ def _copy_grub_files(required, optional):
             continue
 
         _copy_file(src_path, dst_path)
+
+
+def _remove_upgrade_blsdir(bootloader_info):
+    api.current_logger().debug('Removing upgrade BLS directory: {}'.format(bootloader_info.upgrade_bls_dir))
+    try:
+        shutil.rmtree(bootloader_info.upgrade_bls_dir)
+    except OSError as error:
+        # I tried, no can do at this point
+        msg = 'Failed to remove upgrade BLS directory: {} with error {}'
+        api.current_logger().debug(msg.format(bootloader_info.upgrade_bls_dir, error))