adopt: add tag to install static GRUB config from tree

HuijingHei · HuijingHei · commit 96242b0fec72 · 2025-06-11T13:45:58.000+08:00
And add `bootloader-migrate.service` to migrate a RHCOS system to use a static GRUB config for 4.1/4.2 born RHCOS nodes. Fixes: https://issues.redhat.com/browse/OCPBUGS-52485
diff --git a/Makefile b/Makefile
@@ -37,6 +37,7 @@ install-grub-static:
 .PHONY: install-systemd-unit
 install-systemd-unit:
 	install -m 644 -D -t "${DESTDIR}$(PREFIX)/lib/systemd/system/" systemd/bootloader-update.service
+	install -m 644 -D -t "${DESTDIR}$(PREFIX)/lib/systemd/system/" systemd/bootloader-migrate.service
 
 .PHONY: install-all
 install-all: install install-grub-static install-systemd-unit
diff --git a/src/bios.rs b/src/bios.rs
@@ -1,4 +1,5 @@
 use anyhow::{bail, Result};
+use camino::Utf8PathBuf;
 #[cfg(target_arch = "powerpc64")]
 use std::borrow::Cow;
 use std::io::prelude::*;
@@ -8,6 +9,7 @@ use std::process::Command;
 use crate::blockdev;
 use crate::bootupd::RootContext;
 use crate::component::*;
+use crate::grubconfigs;
 use crate::model::*;
 use crate::packagesystem;
 
@@ -157,10 +159,65 @@ impl Component for Bios {
         crate::component::query_adopt_state()
     }
 
+    // Backup "/boot/loader/grub.cfg" to "/boot/grub2/grub.cfg.bak"
+    // Remove symlink "/boot/grub2/grub.cfg"
+    // Install new static grub.cfg
+    // Remove old "/boot/loader/grub.cfg"
+    fn migrate_static_grub_config(&self, sysroot_path: &str, destdir: &openat::Dir) -> Result<()> {
+        use anyhow::Context;
+        use openat_ext::OpenatDirExt;
+
+        let grub_config_dir = Utf8PathBuf::from(sysroot_path).join("boot/grub2");
+        let dirfd = destdir
+            .sub_dir(grub_config_dir.as_std_path())
+            .context("Opening /boot/grub2")?;
+
+        let grubconfig = grub_config_dir.join(grubconfigs::GRUBCONFIG);
+
+        // On BIOS, /boot/grub2/grub.cfg is symlink to /boot/loader/grub.cfg,
+        // should backup it to /boot/grub2/grub.cfg.bak
+        if !grubconfig.exists() {
+            anyhow::bail!("Not found '{}'", grubconfig);
+        } else if grubconfig.is_symlink() {
+            let realconfig = dirfd.read_link(grubconfigs::GRUBCONFIG)?;
+            let realconfig =
+                Utf8PathBuf::from_path_buf(realconfig).expect("Path should be valid UTF-8");
+            // Resolve symlink location
+            let mut current_config = grub_config_dir.clone();
+            current_config.push(realconfig);
+            let backup_config = grub_config_dir.join(grubconfigs::BACKUP);
+
+            // Backup the current GRUB config which is hopefully working right now
+            println!(
+                "Creating a backup of the current GRUB config '{}' in '{}'...",
+                current_config, backup_config
+            );
+            std::fs::copy(&current_config, &backup_config)
+                .context("Failed to backup GRUB config")?;
+            // Remove the symlink (on BIOS)
+            dirfd.remove_file_optional(grubconfigs::GRUBCONFIG)?;
+            crate::grubconfigs::install(&destdir, None, false)?;
+        } else {
+            anyhow::bail!("'{}' is not a symlink", grubconfig);
+        }
+
+        // Remove the unused file, backuped as /boot/grub2/grub.cfg.bak
+        destdir.remove_file_optional("boot/loader/grub.cfg")?;
+
+        // Create the stamp file
+        dirfd
+            .write_file(".grub2-static-migrated", 0o644)
+            .context("Creating stamp file")?;
+        // Synchronize the filesystem containing /boot/grub2 to disk.
+        let _ = dirfd.syncfs();
+        Ok(())
+    }
+
     fn adopt_update(
         &self,
         rootcxt: &RootContext,
         update: &ContentMetadata,
+        with_static_config: bool,
     ) -> Result<Option<InstalledContent>> {
         let bios_devices = blockdev::find_colocated_bios_boot(&rootcxt.devices)?;
         let Some(meta) = self.query_adopt(&bios_devices)? else {
@@ -177,8 +234,13 @@ impl Component for Bios {
                 "Found multiple parent devices {parent} and {next}; not currently supported"
             );
         }
-        self.run_grub_install(rootcxt.path.as_str(), &parent)?;
+
+        let root_path = rootcxt.path.as_str();
+        self.run_grub_install(root_path, &parent)?;
         log::debug!("Installed grub modules on {parent}");
+        if with_static_config {
+            self.migrate_static_grub_config(root_path, &rootcxt.sysroot)?;
+        }
         Ok(Some(InstalledContent {
             meta: update.clone(),
             filetree: None,
diff --git a/src/bootupd.rs b/src/bootupd.rs
@@ -266,6 +266,7 @@ pub(crate) fn update(name: &str, rootcxt: &RootContext) -> Result<ComponentUpdat
 pub(crate) fn adopt_and_update(
     name: &str,
     rootcxt: &RootContext,
+    mut with_static_config: bool,
 ) -> Result<Option<ContentMetadata>> {
     let sysroot = &rootcxt.sysroot;
     let mut state = SavedState::load_from_disk("/")?.unwrap_or_default();
@@ -279,15 +280,40 @@ pub(crate) fn adopt_and_update(
     let Some(update) = component.query_update(sysroot)? else {
         anyhow::bail!("Component {} has no available update", name);
     };
+    // Installs the static configuration if the OSTree bootloader is either not set
+    // or is set to a value other than `none`.
+    if with_static_config {
+        if let Some(bootloader) = ostreeutil::get_ostree_bootloader()? {
+            if bootloader == "none" {
+                println!("Already using a static GRUB config, skipped adopting the static config");
+                with_static_config = false;
+            }
+            println!(
+                "ostree repo 'sysroot.bootloader' config option is currently set to: '{}'",
+                bootloader
+            );
+        } else {
+            println!("ostree repo 'sysroot.bootloader' config option is not set yet");
+        }
+    }
     let sysroot = sysroot.try_clone()?;
     let mut state_guard =
         SavedState::acquire_write_lock(sysroot).context("Failed to acquire write lock")?;
 
     let inst = component
-        .adopt_update(&rootcxt, &update)
+        .adopt_update(&rootcxt, &update, with_static_config)
         .context("Failed adopt and update")?;
     if let Some(inst) = inst {
         state.installed.insert(component.name().into(), inst);
+        // Set static_configs metadata and save
+        if with_static_config {
+            let meta = get_static_config_meta()?;
+            state.static_configs = Some(meta);
+            // Set bootloader to none
+            ostreeutil::set_ostree_bootloader("none")?;
+
+            println!("Static GRUB configuration has been adopted successfully.");
+        }
         state_guard.update_state(&state)?;
         return Ok(Some(update));
     } else {
@@ -505,7 +531,7 @@ pub(crate) fn client_run_update() -> Result<()> {
     }
     for (name, adoptable) in status.adoptable.iter() {
         if adoptable.confident {
-            if let Some(r) = adopt_and_update(name, &rootcxt)? {
+            if let Some(r) = adopt_and_update(name, &rootcxt, false)? {
                 println!("Adopted and updated: {}: {}", name, r.version);
                 updated = true;
             }
@@ -519,14 +545,14 @@ pub(crate) fn client_run_update() -> Result<()> {
     Ok(())
 }
 
-pub(crate) fn client_run_adopt_and_update() -> Result<()> {
+pub(crate) fn client_run_adopt_and_update(with_static_config: bool) -> Result<()> {
     let rootcxt = prep_before_update()?;
     let status: Status = status()?;
     if status.adoptable.is_empty() {
         println!("No components are adoptable.");
     } else {
         for (name, _) in status.adoptable.iter() {
-            if let Some(r) = adopt_and_update(name, &rootcxt)? {
+            if let Some(r) = adopt_and_update(name, &rootcxt, with_static_config)? {
                 println!("Adopted and updated: {}: {}", name, r.version);
             }
         }
diff --git a/src/cli/bootupctl.rs b/src/cli/bootupctl.rs
@@ -56,7 +56,7 @@ pub enum CtlVerb {
     #[clap(name = "update", about = "Update all components")]
     Update,
     #[clap(name = "adopt-and-update", about = "Update all adoptable components")]
-    AdoptAndUpdate,
+    AdoptAndUpdate(AdoptAndUpdateOpts),
     #[clap(name = "validate", about = "Validate system state")]
     Validate,
     #[clap(
@@ -88,13 +88,20 @@ pub struct StatusOpts {
     json: bool,
 }
 
+#[derive(Debug, Parser)]
+pub struct AdoptAndUpdateOpts {
+    /// Install the static GRUB config files
+    #[clap(long, action)]
+    with_static_config: bool,
+}
+
 impl CtlCommand {
     /// Run CLI application.
     pub fn run(self) -> Result<()> {
         match self.cmd {
             CtlVerb::Status(opts) => Self::run_status(opts),
             CtlVerb::Update => Self::run_update(),
-            CtlVerb::AdoptAndUpdate => Self::run_adopt_and_update(),
+            CtlVerb::AdoptAndUpdate(opts) => Self::run_adopt_and_update(opts),
             CtlVerb::Validate => Self::run_validate(),
             CtlVerb::Backend(CtlBackend::Generate(opts)) => {
                 super::bootupd::DCommand::run_generate_meta(opts)
@@ -133,9 +140,9 @@ impl CtlCommand {
     }
 
     /// Runner for `update` verb.
-    fn run_adopt_and_update() -> Result<()> {
+    fn run_adopt_and_update(opts: AdoptAndUpdateOpts) -> Result<()> {
         ensure_running_in_systemd()?;
-        bootupd::client_run_adopt_and_update()
+        bootupd::client_run_adopt_and_update(opts.with_static_config)
     }
 
     /// Runner for `validate` verb.
diff --git a/src/component.rs b/src/component.rs
@@ -31,11 +31,15 @@ pub(crate) trait Component {
     /// and "synthesize" content metadata from it.
     fn query_adopt(&self, devices: &Option<Vec<String>>) -> Result<Option<Adoptable>>;
 
+    // Backup the current grub config, and install static grub config from tree
+    fn migrate_static_grub_config(&self, sysroot_path: &str, destdir: &openat::Dir) -> Result<()>;
+
     /// Given an adoptable system and an update, perform the update.
     fn adopt_update(
         &self,
         rootcxt: &RootContext,
         update: &ContentMetadata,
+        with_static_config: bool,
     ) -> Result<Option<InstalledContent>>;
 
     /// Implementation of `bootupd install` for a given component.  This should
diff --git a/src/efi.rs b/src/efi.rs
@@ -23,7 +23,7 @@ use crate::bootupd::RootContext;
 use crate::model::*;
 use crate::ostreeutil;
 use crate::util::{self, CommandRunExt};
-use crate::{blockdev, filetree};
+use crate::{blockdev, filetree, grubconfigs};
 use crate::{component::*, packagesystem};
 
 /// Well-known paths to the ESP that may have been mounted external to us.
@@ -245,11 +245,48 @@ impl Component for Efi {
         crate::component::query_adopt_state()
     }
 
+    // Backup "/boot/efi/EFI/{vendor}/grub.cfg" to "/boot/efi/EFI/{vendor}/grub.cfg.bak"
+    // Install new static grub.cfg
+    fn migrate_static_grub_config(&self, sysroot_path: &str, destdir: &openat::Dir) -> Result<()> {
+        // On EFI, the current config is /boot/efi/EFI/{vendor}/grub.cfg
+        let sysroot =
+            openat::Dir::open(sysroot_path).with_context(|| format!("Opening {sysroot_path}"))?;
+        let Some(vendor) = self.get_efi_vendor(&sysroot)? else {
+            anyhow::bail!("Failed to find efi vendor");
+        };
+
+        // destdir is /boot/efi/EFI
+        let efidir = destdir
+            .sub_dir(&vendor)
+            .with_context(|| format!("Opening EFI/{}", vendor))?;
+        println!("Creating a backup of the current GRUB config on EFI");
+        efidir
+            .copy_file(grubconfigs::GRUBCONFIG, grubconfigs::BACKUP)
+            .context("Backuping grub.cfg")?;
+        grubconfigs::install(&sysroot, Some(&vendor), false)?;
+        // Synchronize the filesystem containing /boot/efi/EFI/{vendor} to disk.
+        // (ignore failures)
+        let _ = efidir.syncfs();
+
+        let dirfd = sysroot
+            .sub_dir("boot/grub2")
+            .context("Opening /boot/grub2")?;
+        // Create the stamp file
+        dirfd
+            .write_file(".grub2-static-migrated", 0o644)
+            .context("Creating stamp file")?;
+        // Synchronize the filesystem containing /boot/grub2 to disk.
+        let _ = dirfd.syncfs();
+
+        Ok(())
+    }
+
     /// Given an adoptable system and an update, perform the update.
     fn adopt_update(
         &self,
         rootcxt: &RootContext,
         updatemeta: &ContentMetadata,
+        with_static_config: bool,
     ) -> Result<Option<InstalledContent>> {
         let esp_devices = blockdev::find_colocated_esps(&rootcxt.devices)?;
         let Some(meta) = self.query_adopt(&esp_devices)? else {
@@ -282,6 +319,11 @@ impl Component for Efi {
         log::trace!("applying adoption diff: {}", &diff);
         filetree::apply_diff(&updated, &destdir, &diff, None)
             .context("applying filesystem changes")?;
+
+        // Backup current config and install static config
+        if with_static_config {
+            self.migrate_static_grub_config(rootcxt.path.as_str(), destdir)?;
+        }
         Ok(Some(InstalledContent {
             meta: updatemeta.clone(),
             filetree: Some(updatef),
diff --git a/src/filetree.rs b/src/filetree.rs
@@ -28,6 +28,11 @@ use openat_ext::OpenatDirExt;
     target_arch = "riscv64"
 ))]
 use openssl::hash::{Hasher, MessageDigest};
+#[cfg(any(
+    target_arch = "x86_64",
+    target_arch = "aarch64",
+    target_arch = "riscv64"
+))]
 use rustix::fd::BorrowedFd;
 use serde::{Deserialize, Serialize};
 #[allow(unused_imports)]
@@ -39,8 +44,6 @@ use std::fmt::Display;
     target_arch = "riscv64"
 ))]
 use std::os::unix::io::AsRawFd;
-use std::os::unix::process::CommandExt;
-use std::process::Command;
 
 /// The prefix we apply to our temporary files.
 #[cfg(any(
@@ -355,6 +358,8 @@ pub(crate) fn syncfs(d: &openat::Dir) -> Result<()> {
 ))]
 fn copy_dir(root: &openat::Dir, src: &str, dst: &str) -> Result<()> {
     use bootc_utils::CommandRunExt;
+    use std::os::unix::process::CommandExt;
+    use std::process::Command;
 
     let rootfd = unsafe { BorrowedFd::borrow_raw(root.as_raw_fd()) };
     unsafe {
diff --git a/src/grubconfigs.rs b/src/grubconfigs.rs
@@ -11,7 +11,10 @@ use openat_ext::OpenatDirExt;
 const GRUB2DIR: &str = "grub2";
 const CONFIGDIR: &str = "/usr/lib/bootupd/grub2-static";
 const DROPINDIR: &str = "configs.d";
+// The related grub files
 const GRUBENV: &str = "grubenv";
+pub(crate) const GRUBCONFIG: &str = "grub.cfg";
+pub(crate) const BACKUP: &str = "grub.cfg.backup";
 
 /// Install the static GRUB config files.
 #[context("Installing static GRUB configs")]
diff --git a/systemd/bootloader-migrate.service b/systemd/bootloader-migrate.service
@@ -0,0 +1,19 @@
+[Unit]
+# e.g. OpenShift RHCOS 4.1/4.2 nodes
+Description=Static GRUB config migration
+ConditionArchitecture=!s390x
+ConditionPathExists=!/boot/grub2/.grub2-static-migrated
+RequiresMountsFor=/sysroot /boot
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/bootupctl adopt-and-update --with-static-config
+RemainAfterExit=yes
+# Keep this stuff in sync with SYSTEMD_ARGS_BOOTUPD in general
+PrivateNetwork=yes
+ProtectHome=yes
+KillMode=mixed
+MountFlags=slave
+
+[Install]
+WantedBy=multi-user.target
