Browse Source
This means that `grub-install` and `update-grub` no longer risk bricking the device, but will produce boot scripts with Mender support integrated. It also means that the standard GRUB menu will be available. It is supported on x86_64 platforms where `grub.d` is available, and can be turned on and off with `MENDER_GRUB_D_INTEGRATION`. The default is to use it if available. Devices that did not previously use `grub.d` integration won't be upgraded correctly with it turned on, so it is advised to set `MENDER_GRUB_D_INTEGRATION=n` if you are upgrading existing devices. Changelog: Commit Signed-off-by: Kristian Amlie <kristian.amlie@northern.tech>change-dependabot-prefix
Kristian Amlie
3 years ago
10 changed files with 323 additions and 26 deletions
@ -1 +1 @@ |
|||||
Subproject commit ee1266afe8ec58efce9b4223e2489ac023b0582f |
Subproject commit 8af131b9eface1555d2141d513c0dd6860c7815f |
@ -0,0 +1,199 @@ |
|||||
|
#!/usr/bin/python |
||||
|
# Copyright 2022 Northern.tech AS |
||||
|
# |
||||
|
# Licensed under the Apache License, Version 2.0 (the "License"); |
||||
|
# you may not use this file except in compliance with the License. |
||||
|
# You may obtain a copy of the License at |
||||
|
# |
||||
|
# http://www.apache.org/licenses/LICENSE-2.0 |
||||
|
# |
||||
|
# Unless required by applicable law or agreed to in writing, software |
||||
|
# distributed under the License is distributed on an "AS IS" BASIS, |
||||
|
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
||||
|
# See the License for the specific language governing permissions and |
||||
|
# limitations under the License. |
||||
|
|
||||
|
import pytest |
||||
|
import re |
||||
|
import os |
||||
|
import subprocess |
||||
|
|
||||
|
from utils.common import ( |
||||
|
extract_partition, |
||||
|
get_no_sftp, |
||||
|
) |
||||
|
|
||||
|
|
||||
|
@pytest.fixture(scope="function") |
||||
|
def cleanup_boot_scripts(request, connection): |
||||
|
"""Take a backup of the various grub.cfg files and restore them after the |
||||
|
test. This is recommended for tests that call `grub-install` and/or |
||||
|
`update-grub`, so that other tests can also run them from a pristine |
||||
|
state.""" |
||||
|
|
||||
|
connection.run( |
||||
|
"cp $(find /boot/efi/EFI/ -name grub.cfg -not -path '*/EFI/BOOT/*') /data/grub-efi.cfg" |
||||
|
) |
||||
|
connection.run("cp /boot/grub/grub.cfg /data/grub-main.cfg") |
||||
|
connection.run("cp /boot/grub-mender-grubenv.cfg /data/grub-mender-grubenv.cfg") |
||||
|
|
||||
|
def cleanup(): |
||||
|
connection.run( |
||||
|
"mv /data/grub-efi.cfg $(find /boot/efi/EFI/ -name grub.cfg -not -path '*/EFI/BOOT/*')" |
||||
|
) |
||||
|
connection.run("mv /data/grub-main.cfg /boot/grub/grub.cfg") |
||||
|
connection.run("mv /data/grub-mender-grubenv.cfg /boot/grub-mender-grubenv.cfg") |
||||
|
|
||||
|
request.addfinalizer(cleanup) |
||||
|
|
||||
|
|
||||
|
def check_all_root_occurrences_valid(grub_cfg): |
||||
|
found_expected = False |
||||
|
inside_10_header = False |
||||
|
# One of the functions we define and use. |
||||
|
expected = "mender_check_and_restore_env" |
||||
|
with open(grub_cfg) as fd: |
||||
|
lineno = 0 |
||||
|
for line in fd.readlines(): |
||||
|
lineno += 1 |
||||
|
if re.match(r'^\s*root="\$\{mender_grub_storage_device\}', line): |
||||
|
continue |
||||
|
|
||||
|
if line.strip() == "### BEGIN /etc/grub.d/00_header ###": |
||||
|
# We allow root references inside the 00_header, because they |
||||
|
# are overriden by Mender later. |
||||
|
inside_10_header = True |
||||
|
elif line.strip() == "### END /etc/grub.d/00_header ###": |
||||
|
inside_10_header = False |
||||
|
if not inside_10_header and re.match(r"^\s*(set +)?root=", line): |
||||
|
pytest.fail( |
||||
|
"Found unexpected occurrence of `root=` in grub boot script\n" |
||||
|
"%d:%s" % (lineno, line) |
||||
|
) |
||||
|
|
||||
|
if line.find(expected) >= 0: |
||||
|
found_expected = True |
||||
|
|
||||
|
assert found_expected, "Expected content (%s) not found" % expected |
||||
|
|
||||
|
|
||||
|
@pytest.mark.usefixtures("setup_board", "cleanup_boot_scripts") |
||||
|
class TestGrubIntegration: |
||||
|
@pytest.mark.min_mender_version("1.0.0") |
||||
|
def test_no_root_occurrences(self, connection, latest_part_image): |
||||
|
"""Test that the generated grub scripts do not contain any occurrences of |
||||
|
`root=<something>` except for known instances that we control. This is |
||||
|
important because Mender needs to keep tight control of when this |
||||
|
variable is set, in order to boot from, and mount, the correct root |
||||
|
partition.""" |
||||
|
|
||||
|
# First, check that the offline generated scripts don't have any. |
||||
|
extract_partition(latest_part_image, 1) |
||||
|
try: |
||||
|
subprocess.check_call( |
||||
|
["mcopy", "-i", "img1.fs", "::/grub-mender-grubenv/grub.cfg", "."] |
||||
|
) |
||||
|
check_all_root_occurrences_valid("grub.cfg") |
||||
|
finally: |
||||
|
os.remove("img1.fs") |
||||
|
os.remove("grub.cfg") |
||||
|
|
||||
|
extract_partition(latest_part_image, 2) |
||||
|
try: |
||||
|
subprocess.check_call( |
||||
|
[ |
||||
|
"debugfs", |
||||
|
"-R", |
||||
|
"dump -p /boot/grub-mender-grubenv.cfg grub-mender-grubenv.cfg", |
||||
|
"img2.fs", |
||||
|
] |
||||
|
) |
||||
|
check_all_root_occurrences_valid("grub-mender-grubenv.cfg") |
||||
|
finally: |
||||
|
os.remove("img2.fs") |
||||
|
os.remove("grub-mender-grubenv.cfg") |
||||
|
|
||||
|
# Then, check that the runtime generated scripts don't have any. |
||||
|
get_no_sftp("/boot/grub/grub.cfg", connection) |
||||
|
try: |
||||
|
check_all_root_occurrences_valid("grub.cfg") |
||||
|
finally: |
||||
|
os.remove("grub.cfg") |
||||
|
|
||||
|
get_no_sftp("/boot/grub-mender-grubenv.cfg", connection) |
||||
|
try: |
||||
|
check_all_root_occurrences_valid("grub-mender-grubenv.cfg") |
||||
|
finally: |
||||
|
os.remove("grub-mender-grubenv.cfg") |
||||
|
|
||||
|
# Check again after running `update-grub`. |
||||
|
connection.run("grub-install && update-grub") |
||||
|
get_no_sftp("/boot/grub/grub.cfg", connection) |
||||
|
try: |
||||
|
check_all_root_occurrences_valid("grub.cfg") |
||||
|
finally: |
||||
|
os.remove("grub.cfg") |
||||
|
|
||||
|
get_no_sftp("/boot/grub-mender-grubenv.cfg", connection) |
||||
|
try: |
||||
|
check_all_root_occurrences_valid("grub-mender-grubenv.cfg") |
||||
|
finally: |
||||
|
os.remove("grub-mender-grubenv.cfg") |
||||
|
|
||||
|
@pytest.mark.min_mender_version("1.0.0") |
||||
|
def test_offline_and_runtime_boot_scripts_identical(self, connection): |
||||
|
# Update scripts at runtime. |
||||
|
connection.run("grub-install && update-grub") |
||||
|
|
||||
|
# Take advantage of the copies already made by cleanup_boot_scripts |
||||
|
# fixture above, and use the copies in /data. |
||||
|
|
||||
|
# Take into account some known, but harmless differences. The "hd0,gpt1" |
||||
|
# style location is missing from the offline generated grub-efi.cfg |
||||
|
# file, but it is harmless because the filesystem UUID is being used |
||||
|
# instead. |
||||
|
connection.run( |
||||
|
r"sed -Ee 's/ *hd[0-9]+,gpt[0-9]+//' " |
||||
|
"$(find /boot/efi/EFI/ -name grub.cfg -not -path '*/EFI/BOOT/*') " |
||||
|
"> /data/new-grub-efi-modified.cfg" |
||||
|
) |
||||
|
try: |
||||
|
connection.run("diff -u /data/grub-efi.cfg /data/new-grub-efi-modified.cfg") |
||||
|
finally: |
||||
|
connection.run("rm -f /data/new-grub-efi-modified.cfg") |
||||
|
|
||||
|
# Another few differences we work around in the main grub files: |
||||
|
# * `--hint` parameters are not generated in offline copy. |
||||
|
# * `root` variable is not set in offline copy. |
||||
|
# * `fwsetup` is added somewhat randomly depending on availability both |
||||
|
# on build host and device. |
||||
|
try: |
||||
|
connection.run("cp /data/grub-main.cfg /data/old-grub-modified.cfg") |
||||
|
connection.run("cp /boot/grub/grub.cfg /data/new-grub-modified.cfg") |
||||
|
connection.run( |
||||
|
r"sed -i -En -e '/\bsearch\b/{s/ --hint[^ ]*//g;}' " |
||||
|
"-e \"/^set root='hd0,gpt1'$/d\" " |
||||
|
r"-e '\,### BEGIN /etc/grub.d/30_uefi-firmware ###,{p; n; :loop; \,### END /etc/grub.d/30_uefi-firmware ###,b end; n; b loop; :end;}' " |
||||
|
"-e p " |
||||
|
"/data/old-grub-modified.cfg /data/new-grub-modified.cfg" |
||||
|
) |
||||
|
connection.run("diff -u /data/old-grub-modified.cfg /data/new-grub-modified.cfg") |
||||
|
finally: |
||||
|
connection.run("rm -f /data/old-grub-modified.cfg /data/new-grub-modified.cfg") |
||||
|
|
||||
|
# Same differences as in previous check. |
||||
|
try: |
||||
|
connection.run("cp /data/grub-mender-grubenv.cfg /data/old-grub-mender-grubenv-modified.cfg") |
||||
|
connection.run("cp /boot/grub-mender-grubenv.cfg /data/new-grub-mender-grubenv-modified.cfg") |
||||
|
connection.run( |
||||
|
r"sed -i -En -e '/\bsearch\b/{s/ --hint[^ ]*//g;}' " |
||||
|
"-e \"/^set root='hd0,gpt1'$/d\" " |
||||
|
r"-e '\,### BEGIN /etc/grub.d/30_uefi-firmware ###,{p; n; :loop; \,### END /etc/grub.d/30_uefi-firmware ###,b end; n; b loop; :end;}' " |
||||
|
"-e p " |
||||
|
"/data/old-grub-mender-grubenv-modified.cfg /data/new-grub-mender-grubenv-modified.cfg" |
||||
|
) |
||||
|
connection.run( |
||||
|
"diff -u /data/old-grub-mender-grubenv-modified.cfg /data/new-grub-mender-grubenv-modified.cfg" |
||||
|
) |
||||
|
finally: |
||||
|
connection.run("rm -f /data/old-grub-mender-grubenv-modified.cfg /data/new-grub-mender-grubenv-modified.cfg") |
Loading…
Reference in new issue