common: Add workaround for issue with newer GRUB2

New GRUB2 config modules are causing issues on Atomic Desktops systems
as the new GRUB2 config get regenerated with new options that are not
supported by the currently installed version of GRUB2.

The root cause is that we don't (yet) systematically update the
bootloader on Atomic Desktops. This is related to:
https://gitlab.com/fedora/ostree/sig/-/issues/1

Temporarily remove / modify those config modules from the GRUB2 set of
configs used to generate the final GRUB2 config, until we are able to
enable bootloader updates by default.

See: https://github.com/fedora-silverblue/issue-tracker/issues/587
See: https://bugzilla.redhat.com/show_bug.cgi?id=2305291
This commit is contained in:
Timothée Ravier 2024-08-26 12:04:02 +02:00
parent 47a85fb29e
commit c23d23e933
2 changed files with 24 additions and 0 deletions

View file

@ -15,6 +15,8 @@ include:
- initramfs.yaml - initramfs.yaml
# Read only sysroot # Read only sysroot
- sysroot-ro.yaml - sysroot-ro.yaml
# Workaround for https://github.com/fedora-silverblue/issue-tracker/issues/587
- grub2-workaround.yaml
# systemd-pcrphase module fails on ppc64le: # systemd-pcrphase module fails on ppc64le:
# https://gitlab.com/fedora/ostree/sig/-/issues/44 # https://gitlab.com/fedora/ostree/sig/-/issues/44

22
grub2-workaround.yaml Normal file
View file

@ -0,0 +1,22 @@
# Temporarily disable new GRUB2 config options until we can ensure that we
# have an updated bootloader via bootupd.
# This is workaround for: https://bugzilla.redhat.com/show_bug.cgi?id=2305291
# See: https://github.com/fedora-silverblue/issue-tracker/issues/587
postprocess:
- |
#!/usr/bin/env bash
set -xeuo pipefail
# Completely disable this module
sed -i '2i exit 0' /etc/grub.d/25_bli
# Skip check that was not performed in previous Fedora versions
sed -i '/fwsetup --is-supported/d' /etc/grub.d/30_uefi-firmware
sed -i '/\tif/d' /etc/grub.d/30_uefi-firmware
sed -i '/\tfi/d' /etc/grub.d/30_uefi-firmware
sed -i 's/\t\t/\t/' /etc/grub.d/30_uefi-firmware
# Verify that the content matches what we expect the file to look like.
# This will fail the build here instead of breaking users' systems.
hash="5a77a16c6a94e664e2e96a870f4531b9a0b4e63be1f46751d01e774629a8c84b"
echo "$hash /etc/grub.d/30_uefi-firmware" | sha256sum -c