a few things changed in systemd-boot upstream packages we use as for proxmox-boot-tool systems: * systemd-boot was split up further into systemd-boot-tools (we need `bootctl`) and `systemd-boot`(the meta-package which triggers updates * the ESPs updates now also run upon updates of shim(-signed) and probably other boot-related packages. These triggered updated breaks apt for systems booted by proxmox-boot-tool (more generally for systems which don't have the ESP mounted).
This patch reworks our logic for checking: * before upgrade the log message just reflects that we need systemd-boot in bookworm * for legacy booted systems we suggest removing `systemd-boot` (so it does not cause more issues in the future, and is definitely not needed for booting there * for p-b-t we suggest to remove the meta-package * for non-p-b-t we suggest to remove it as well, unless the system was manually setup to use systemd-boot. see the changes for proxmox-kernel-helper for further background: https://lore.proxmox.com/all/20250731114455.995999-1-f.gruenbich...@proxmox.com/ minimally tested on a secure-boot enabled VM, and on one which uses p-b-t with systemd-boot. Co-Authored-by: Fabian Grünbichler <f.gruenbich...@proxmox.com> Signed-off-by: Stoiko Ivanov <s.iva...@proxmox.com> --- Thanks to Fabian for discussing the decision tree for this off-list! PVE/CLI/pve8to9.pm | 40 ++++++++++++++++++++++++++++------------ 1 file changed, 28 insertions(+), 12 deletions(-) diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm index 4d61cd83..9f2a3234 100644 --- a/PVE/CLI/pve8to9.pm +++ b/PVE/CLI/pve8to9.pm @@ -1601,30 +1601,46 @@ sub check_bootloader { log_info("Checking bootloader configuration..."); if (!-d '/sys/firmware/efi') { + if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") { + log_info("systemd-boot package installed on legacy-boot system is not necessary, consider remoing it"); + return; + } log_skip("System booted in legacy-mode - no need for additional packages"); return; } if (-f "/etc/kernel/proxmox-boot-uuids") { if (!$upgraded) { - log_skip("not yet upgraded, no need to check the presence of systemd-boot"); + log_skip("not yet upgraded, systemd-boot still needed for bootctl"); return; } if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") { - log_pass("bootloader packages installed correctly"); + log_warn("systemd-boot meta-package installed this will cause issues on upgrades of" + ." boot-related packages. Install 'systemd-boot-efi' and 'systemd-boot-tools' explicitly" + ." and remove 'systemd-boot'"); return; } - log_warn("proxmox-boot-tool is used for bootloader configuration in uefi mode" - . " but the separate systemd-boot package is not installed," - . " initializing new ESPs will not work until the package is installed"); - return; - } elsif (!-f "/usr/share/doc/grub-efi-amd64/changelog.Debian.gz") { - log_warn("System booted in uefi mode but grub-efi-amd64 meta-package not installed," - . " new grub versions will not be installed to /boot/efi!" - . " Install grub-efi-amd64."); - return; } else { - log_pass("bootloader packages installed correctly"); + if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") { + my $exit_code = eval { + run_command(['bootctl', 'is-installed', '--quiet', '--graceful'], noerr => 1); + }; + if ($exit_code != 0) { + log_warn("systemd-boot meta-package installed but the system does not seem to use it" + ." for booting. This can cause problems on upgrades of other boot-related packages" + ." Consider removing 'systemd-boot'"); + } else { + log_info("systemd-boot used as bootloader and fitting meta-package installed."); + return; + } + } + if (!-f "/usr/share/doc/grub-efi-amd64/changelog.Debian.gz") { + log_warn("System booted in uefi mode but grub-efi-amd64 meta-package not installed," + . " new grub versions will not be installed to /boot/efi! Install grub-efi-amd64."); + return; + } else { + log_pass("bootloader packages installed correctly"); + } } } -- 2.39.5 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
