| Commit message (Collapse) | Author | Age |
|---|
| |\
| |
| |
| |
| | |
ElvishJerricco/systemd-boot-boot-pass-flags-to-update
nixos/systemd-boot: pass EFI variable flags during update too
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
8f2babd0326e was partially reverted by mistake. Original message below
---
On some systems, EFI variables are not supported or otherwise wonky.
bootctl attempting to access them causes failures during bootloader
installations and updates. For such systems, NixOS provides the options
`boot.loader.efi.canTouchEfiVariables` and
`boot.loader.systemd-boot.graceful` which pass flags to bootctl that
change whether and how EFI variables are accessed.
Previously, these flags were only passed to bootctl during an install
operation. However, they also apply during an update operation, which
can cause the same sorts of errors. This change passes the flags during
update operations as well to prevent those errors.
Fixes https://github.com/NixOS/nixpkgs/issues/151336
|
| | |
| |
| |
| |
| |
| | |
Generation built with old versions of NixOS with no bootspec
support may still be present on the system and must be
accounted for.
|
| |\ \ |
|
| | | |
| | |
| | |
| | | |
Now the builder is using Bootspec documents.
|
| | |/
|/|
| |
| | |
Using the script in maintainers/scripts/update-redirected-urls.sh
|
| | | |
|
| | |
| |
| |
| | |
This reverts commit ea0dcd0ae14b99c5740acc7a1b874ea4446cb5be.
|
| | |
| |
| |
| |
| | |
Fix descriptions that don't account for (1) the "Whether to enable"
prefix or (2) the automatically added trailing dot.
|
| |/ |
|
| |
|
|
| |
write(2) and close(2) doesn't ensure the file content actually got synched, so let's also fsync before doing the rename
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This reverts commit 80665d606ab66a82fc969a24a8d0143914683806.
Parsing the package version broke our systemd-boot builder test.
i.e. it won't be able to parse systemd-boot efi binaries coming from
ubuntu
We no longer use the faulty systemd-boot version so this code should no
longer be needed.
|
| |
|
|
| |
otherwise there are warnings for \.
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
| |
this is python, not C.
|
| |
|
|
| |
foo
|
| |
|
|
|
| |
uboot (#240358)" (#257251)
This reverts commit 94e939985b7730fd74b1c2e03292661734b490f0.
|
| |
|
| |
Co-authored-by: digital <didev@dinid.net>
|
| |
|
|
| |
Signed-off-by: Anders Kaseorg <andersk@mit.edu>
|
| |
|
|
|
|
|
|
|
| |
Before this commit there was no way to access (boot into) specialisation of previous generations from grub,even tho they are there.
This commit will add grub submenu for each generation if the generation has any specialisation.
Which will allow you to boot into them.
Co-authored-by: Samuel Dionne-Riel <samuel@dionne-riel.com>
|
| |\ |
|
| | | |
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
There is only other `with` with a somewhat broad scope, `with pkgs`, but
it's used in a place where it would become awkward to change out. And
anyway its scope is rather limited still.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| | |
With a limited testing of all packaged GRUB 2 themes (pkgs.nixos-grub2-theme)
this is tested to work.
Without this change, the theme loading will error out (waiting for a key press).
With this change, the theme loads and works as expected.
|
| | | |
|
| | |
| |
| |
| |
| |
| | |
This directly copies the systemd-boot logic, which works.
`install` with `-D` will create all leading directory components.
|
| |/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The intent was to not pass the flag when installing as removable. In
reality there is a third case, where you may not want to touch EFI
variables, and not want to install as removable.
In that case, it would install to the generic \EFI\grub\grubx64.efi,
which is not a good choice in any cases. The operating system should
"own" their path under \EFI\ to be a good citizen [citation needed].
With this change, there can be only two paths GRUB can be installed to:
- \EFI\NixOS-boot\grubx64.efi
- \EFI\BOOT\bootx64.efi
This removes the surprising behaviour where GRUB may be installed to a
different location only because we configured NixOS not to touch EFI
variables.
It may be necessary under some configurations to install GRUB without
touching EFI variables, but to the NixOS-owned location.
|
| |\
| |
| | |
nixos/grub: don't die on EFI-only systems if devices != ["nodev"]
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Without this change, GRUB installation on non-PC systems (such as
aarch64-linux) only works if boot.loader.grub.devices is set to exactly
`["nodev"]`. If boot.loader.grub.devices was any other value (including
the default `[]`), users got the error:
Died at /nix/store/an9ngv2vg95bdcy0ifsxlbkasprm4dcw-install-grub.pl line 586.
install-grub.pl verifies that if both $grub and $grubEfi are set, then
$grubTarget (e.g. i386-pc) and $grubTargetEfi (e.g. x86_64-efi) must
both be set, or the script will `die`. On non-PC systems, $grubTarget
is "".
When boot.loader.grub.devices is ["nodev"], $grub is set to null,
disabling non-EFI installation. But if a user has devices set for an
x86_64 config, or is using only mirroredBoots without setting devices,
they will hit this `die`.
This change sets $grub to "" if $grubTarget is "".
|
| |\ \
| | |
| | | |
treewide: use optionalString instead of 'then ""'
|
| | |/ |
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
The whole option set was recommended against since mid-2019, and never
worked with the Raspberry Pi 4 family of devices.
We should have deprecated it in early 2020 for removal by 2021. At the
time I did not feel confident in making such a decision, and never
ended-up getting around to it.
The ***only*** supported-by-NixOS boot methods for AArch64 are
standards-based boot methods, namely UEFI or the pragmatically
almost-standard extlinux-compatible for U-Boot.
You can quote me on that.
|
| |/ |
|
| | |
|
| | |
|
| |
|
|
| |
because a lot of configurations (generated by nixos-generate-config) contain it
|
| | |
|
| |\
| |
| | |
nixos/grub-install: don't rely on shell to run commands
|
| | | |
|
| | |
| |
| |
| |
| | |
data passed to these programs might be accidentially interpreted as
shell. Discovered in https://github.com/Mic92/envfs/issues/111
|
| |\ \ |
|
| | |/ |
|
| |/
|
|
|
|
|
|
|
|
|
|
|
| |
In order to fix
https://github.com/NixOS/nixpkgs/issues/114552 (profile name with
special characters), all OSError have been ignored while only the OSError
with errno 22 (invalid argument) could has been ignored.
The drawback of ignoring all OSError is that the "No space left on
device" error is also ignored. When the /boot doesn't have enough
available disk space, the switch-to-configuration script succeeds
while the boot menu has not been updated: the user thinks it's system
has been updated, but on the next reboot it is actually rollbacked.
|
| |\
| |
| | |
nixos/grub: Name initrd-secrets by system, not by initrd
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Previously, secrets were named according to the initrd they were
associated with. This created a problem: If secrets were changed whilst
the initrd remained the same, there were two versions of the secrets
with one initrd. The result was that only one version of the secrets would
by recorded into the /boot partition and get used. AFAICT this would
only be the oldest version of the secrets for the given initrd version.
This manifests as #114594, which I found frustrating while trying to use
initrd secrets for the first time. While developing the secrets I found
I could not get new versions of the secrets to take effect.
Additionally, it's a nasty issue to run into if you had cause to change
the initrd secrets for credential rotation, etc, if you change them and
discover you cannot, or alternatively that you can't roll back as you
would expect.
Additional changes in this patch.
* Add a regression test that switching to another grub configuration
with the alternate secrets works. This test relies on the fact that it
is not changing the initrd. I have checked that the test fails if I
undo my change.
* Persist the useBootLoader disk state, similarly to other boot state.
* I had to do this, otherwise I could not find a route to testing the
alternate boot configuration. I did attempt a few different ways of
testing this, including directly running install-grub.pl, but what
I've settled on is most like what a user would do and avoids
depending on lots of internal details.
* Making tests that test the boot are a bit tricky (see hibernate.nix
and installer.nix for inspiration), I found that in addition to
having to copy quite a bit of code I still couldn't get things to
work as desired since the bootloader state was being clobbered.
My change to persist the useBootLoader state could break things,
conceptually. I need some help here discovering if that is the case,
possibly by letting this run through a staging CI if there is one.
Fix #114594.
cc potential reviewers:
@lopsided98 (original implementer) @joachifm (original reviewer),
@wkennington (numerous fixes to grub-install.pl), @lheckemann (wrote
original secrets test).
|
| | | |
|