From 80665d606ab66a82fc969a24a8d0143914683806 Mon Sep 17 00:00:00 2001 From: Naïm Favier Date: Tue, 27 Dec 2022 23:22:44 +0100 Subject: nixos/systemd-boot: skip EFI update to 252 That version has a regression that leaves some machines unbootable. While we wait for the fix (252.2) to land in master, this is a workaround that should save people some pain. --- .../boot/loader/systemd-boot/systemd-boot-builder.py | 15 +++++++++++---- .../system/boot/loader/systemd-boot/systemd-boot.nix | 6 ++++-- 2 files changed, 15 insertions(+), 6 deletions(-) mode change 100644 => 100755 nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py old mode 100644 new mode 100755 index 68da2061591..ad7e2184d2a --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py @@ -16,6 +16,7 @@ import datetime import glob import os.path from typing import NamedTuple, List, Optional +from packaging import version class SystemIdentifier(NamedTuple): profile: Optional[str] @@ -258,12 +259,18 @@ def main() -> None: if available_match is None: raise Exception("could not determine systemd-boot version") - installed_version = installed_match.group(1) - available_version = available_match.group(1) + installed_version = version.parse(installed_match.group(1)) + available_version = version.parse(available_match.group(1)) + # systemd 252 has a regression that leaves some machines unbootable, so we skip that update. + # The fix is in 252.2 + # See https://github.com/systemd/systemd/issues/25363 and https://github.com/NixOS/nixpkgs/pull/201558#issuecomment-1348603263 if installed_version < available_version: - print("updating systemd-boot from %s to %s" % (installed_version, available_version)) - subprocess.check_call(["@systemd@/bin/bootctl", "--esp-path=@efiSysMountPoint@", "update"]) + if version.parse('252') <= available_version < version.parse('252.2'): + print("skipping systemd-boot update to %s because of known regression" % available_version) + else: + print("updating systemd-boot from %s to %s" % (installed_version, available_version)) + subprocess.check_call(["@systemd@/bin/bootctl", "--esp-path=@efiSysMountPoint@", "update"]) mkdir_p("@efiSysMountPoint@/efi/nixos") mkdir_p("@efiSysMountPoint@/loader/entries") diff --git a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix index 8cb7c7b8e47..103d6e583c3 100644 --- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix +++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot.nix @@ -7,12 +7,14 @@ let efi = config.boot.loader.efi; + python3 = pkgs.python3.withPackages (ps: [ ps.packaging ]); + systemdBootBuilder = pkgs.substituteAll { src = ./systemd-boot-builder.py; isExecutable = true; - inherit (pkgs) python3; + inherit python3; systemd = config.systemd.package; @@ -48,7 +50,7 @@ let }; checkedSystemdBootBuilder = pkgs.runCommand "systemd-boot" { - nativeBuildInputs = [ pkgs.mypy ]; + nativeBuildInputs = [ pkgs.mypy python3 ]; } '' install -m755 ${systemdBootBuilder} $out mypy \ -- cgit 1.4.1