From c23d23e933971a7ef90950baf9c2129c474ae5b7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Timoth=C3=A9e=20Ravier?= <tim@siosm.fr>
Date: Mon, 26 Aug 2024 12:04:02 +0200
Subject: [PATCH] common: Add workaround for issue with newer GRUB2

New GRUB2 config modules are causing issues on Atomic Desktops systems
as the new GRUB2 config get regenerated with new options that are not
supported by the currently installed version of GRUB2.

The root cause is that we don't (yet) systematically update the
bootloader on Atomic Desktops. This is related to:
https://gitlab.com/fedora/ostree/sig/-/issues/1

Temporarily remove / modify those config modules from the GRUB2 set of
configs used to generate the final GRUB2 config, until we are able to
enable bootloader updates by default.

See: https://github.com/fedora-silverblue/issue-tracker/issues/587
See: https://bugzilla.redhat.com/show_bug.cgi?id=2305291
---
 common.yaml           |  2 ++
 grub2-workaround.yaml | 22 ++++++++++++++++++++++
 2 files changed, 24 insertions(+)
 create mode 100644 grub2-workaround.yaml

diff --git a/common.yaml b/common.yaml
index 19d9fb9..a556555 100644
--- a/common.yaml
+++ b/common.yaml
@@ -15,6 +15,8 @@ include:
   - initramfs.yaml
   # Read only sysroot
   - sysroot-ro.yaml
+  # Workaround for https://github.com/fedora-silverblue/issue-tracker/issues/587
+  - grub2-workaround.yaml
 
 # systemd-pcrphase module fails on ppc64le:
 # https://gitlab.com/fedora/ostree/sig/-/issues/44
diff --git a/grub2-workaround.yaml b/grub2-workaround.yaml
new file mode 100644
index 0000000..3b58a9e
--- /dev/null
+++ b/grub2-workaround.yaml
@@ -0,0 +1,22 @@
+# Temporarily disable new GRUB2 config options until we can ensure that we
+# have an updated bootloader via bootupd.
+# This is workaround for: https://bugzilla.redhat.com/show_bug.cgi?id=2305291
+# See: https://github.com/fedora-silverblue/issue-tracker/issues/587
+postprocess:
+  - |
+    #!/usr/bin/env bash
+    set -xeuo pipefail
+
+    # Completely disable this module
+    sed -i '2i exit 0' /etc/grub.d/25_bli
+
+    # Skip check that was not performed in previous Fedora versions
+    sed -i '/fwsetup --is-supported/d' /etc/grub.d/30_uefi-firmware
+    sed -i '/\tif/d'                   /etc/grub.d/30_uefi-firmware
+    sed -i '/\tfi/d'                   /etc/grub.d/30_uefi-firmware
+    sed -i 's/\t\t/\t/'                /etc/grub.d/30_uefi-firmware
+
+    # Verify that the content matches what we expect the file to look like.
+    # This will fail the build here instead of breaking users' systems.
+    hash="5a77a16c6a94e664e2e96a870f4531b9a0b4e63be1f46751d01e774629a8c84b"
+    echo "$hash  /etc/grub.d/30_uefi-firmware" | sha256sum -c