-
Notifications
You must be signed in to change notification settings - Fork 157
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
overlay/15fcos: fix aleph file and update bootloader for Secure Boot nodes #3042
Conversation
9bc291e
to
02578f1
Compare
857c991
to
9ace03e
Compare
overlay.d/15fcos/usr/lib/systemd/system/coreos-bootupctl-update-secureboot.service
Show resolved
Hide resolved
secureboot -> Secure Boot |
overlay.d/15fcos/usr/lib/systemd/system/coreos-bootupctl-update-secureboot.service
Outdated
Show resolved
Hide resolved
overlay.d/15fcos/usr/lib/systemd/system/coreos-bootupctl-update-secureboot.service
Outdated
Show resolved
Hide resolved
overlay.d/15fcos/usr/lib/systemd/system/coreos-bootupctl-update-secureboot.service
Outdated
Show resolved
Hide resolved
In the script, I think let's just have two separate paths entirely for RAID1 and non-RAID1. You can detect if a system is using RAID1 or not by checking if there is a
|
This won´t support RAID-1 with more than two disks though |
51c42eb
to
2fad4a6
Compare
Sorry for the multiples force pushes, I'm getting burn by the trailing whitespaces ! |
2fad4a6
to
a7347d4
Compare
de8c104
to
3379e15
Compare
Due to an ordering mishap, some builds have both a `version` and a `build` field. This causes bootupctl to fail while parsing the file. Detect this case, and fix the aleph if necessary by removing the `build` field. This should be removed after the next barrier release. Fixes: coreos/fedora-coreos-tracker#1724 Co-authored-by: Jonathan Lebon <[email protected]>
The 6.9 kernel won't boot on systems installed prior to F39, as the shim is too old. Add a systemd unit that updates the bootloader on those machines. Manually handle systems with mirrored ESPs. See also: coreos/fedora-coreos-tracker#1752 Fixes: fedora-silverblue/issue-tracker#543 Co-authored-by: Jonathan Lebon <[email protected]>
3379e15
to
8f0bfde
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested this pretty extensively. Secure Boot/non-Secure boot, RAID/non-RAID, old builds, new builds, builds affected by coreos/fedora-coreos-tracker#1724.
LGTM
Thanks @jlebon for pushing it through! |
👍🏻 |
This enables bootloader updates automatically on boot. Note that the service is intentionally not enabled by default, it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. Right now RAID setups are not supported but see [1] for an example in coreos. [1] coreos/fedora-coreos-config#3042
This enables bootloader updates automatically on boot. Note that the service is intentionally not enabled by default, it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. Right now RAID setups are not supported but see [1] for an example in coreos. [1] coreos/fedora-coreos-config#3042
This enables bootloader updates automatically on boot. Note that the service is intentionally not enabled by default, it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. Right now RAID setups are not supported but see [1] for an example in coreos. [1] coreos/fedora-coreos-config#3042
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
overlay/15fcos: ensure valid aleph file
Due to an ordering mishap, some builds have both a
version
and abuild
field. This causes bootupctl to fail while parsing the file.Detect this case, and fix the aleph if necessary by removing the
build
field.
This should be removed after the next barrier release.
Fixes: coreos/fedora-coreos-tracker#1724
overlay/15fcos: upgrade bootloader for Secure Boot-enabled systems
The 6.9 kernel won't boot on systems installed prior to F39, as the shim
is too old.
Add a systemd unit that updates the bootloader on those machines.
Manually handle systems with mirrored ESPs.
See also: coreos/fedora-coreos-tracker#1752
Fixes: fedora-silverblue/issue-tracker#543