Browse Source
This means that `grub-install` and `update-grub` no longer risk bricking the device, but will produce boot scripts with Mender support integrated. It also means that the standard GRUB menu will be available. It is supported on x86_64 platforms where `grub.d` is available, and can be turned on and off with `MENDER_GRUB_D_INTEGRATION`. The default is to use it if available. Devices that did not previously use `grub.d` integration won't be upgraded correctly with it turned on, so it is advised to set `MENDER_GRUB_D_INTEGRATION=n` if you are upgrading existing devices. Changelog: Commit Signed-off-by: Kristian Amlie <kristian.amlie@northern.tech>change-dependabot-prefix
Kristian Amlie
3 years ago
10 changed files with 323 additions and 26 deletions
@ -1 +1 @@ |
|||
Subproject commit ee1266afe8ec58efce9b4223e2489ac023b0582f |
|||
Subproject commit 8af131b9eface1555d2141d513c0dd6860c7815f |
@ -0,0 +1,199 @@ |
|||
#!/usr/bin/python |
|||
# Copyright 2022 Northern.tech AS |
|||
# |
|||
# Licensed under the Apache License, Version 2.0 (the "License"); |
|||
# you may not use this file except in compliance with the License. |
|||
# You may obtain a copy of the License at |
|||
# |
|||
# http://www.apache.org/licenses/LICENSE-2.0 |
|||
# |
|||
# Unless required by applicable law or agreed to in writing, software |
|||
# distributed under the License is distributed on an "AS IS" BASIS, |
|||
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|||
# See the License for the specific language governing permissions and |
|||
# limitations under the License. |
|||
|
|||
import pytest |
|||
import re |
|||
import os |
|||
import subprocess |
|||
|
|||
from utils.common import ( |
|||
extract_partition, |
|||
get_no_sftp, |
|||
) |
|||
|
|||
|
|||
@pytest.fixture(scope="function") |
|||
def cleanup_boot_scripts(request, connection): |
|||
"""Take a backup of the various grub.cfg files and restore them after the |
|||
test. This is recommended for tests that call `grub-install` and/or |
|||
`update-grub`, so that other tests can also run them from a pristine |
|||
state.""" |
|||
|
|||
connection.run( |
|||
"cp $(find /boot/efi/EFI/ -name grub.cfg -not -path '*/EFI/BOOT/*') /data/grub-efi.cfg" |
|||
) |
|||
connection.run("cp /boot/grub/grub.cfg /data/grub-main.cfg") |
|||
connection.run("cp /boot/grub-mender-grubenv.cfg /data/grub-mender-grubenv.cfg") |
|||
|
|||
def cleanup(): |
|||
connection.run( |
|||
"mv /data/grub-efi.cfg $(find /boot/efi/EFI/ -name grub.cfg -not -path '*/EFI/BOOT/*')" |
|||
) |
|||
connection.run("mv /data/grub-main.cfg /boot/grub/grub.cfg") |
|||
connection.run("mv /data/grub-mender-grubenv.cfg /boot/grub-mender-grubenv.cfg") |
|||
|
|||
request.addfinalizer(cleanup) |
|||
|
|||
|
|||
def check_all_root_occurrences_valid(grub_cfg): |
|||
found_expected = False |
|||
inside_10_header = False |
|||
# One of the functions we define and use. |
|||
expected = "mender_check_and_restore_env" |
|||
with open(grub_cfg) as fd: |
|||
lineno = 0 |
|||
for line in fd.readlines(): |
|||
lineno += 1 |
|||
if re.match(r'^\s*root="\$\{mender_grub_storage_device\}', line): |
|||
continue |
|||
|
|||
if line.strip() == "### BEGIN /etc/grub.d/00_header ###": |
|||
# We allow root references inside the 00_header, because they |
|||
# are overriden by Mender later. |
|||
inside_10_header = True |
|||
elif line.strip() == "### END /etc/grub.d/00_header ###": |
|||
inside_10_header = False |
|||
if not inside_10_header and re.match(r"^\s*(set +)?root=", line): |
|||
pytest.fail( |
|||
"Found unexpected occurrence of `root=` in grub boot script\n" |
|||
"%d:%s" % (lineno, line) |
|||
) |
|||
|
|||
if line.find(expected) >= 0: |
|||
found_expected = True |
|||
|
|||
assert found_expected, "Expected content (%s) not found" % expected |
|||
|
|||
|
|||
@pytest.mark.usefixtures("setup_board", "cleanup_boot_scripts") |
|||
class TestGrubIntegration: |
|||
@pytest.mark.min_mender_version("1.0.0") |
|||
def test_no_root_occurrences(self, connection, latest_part_image): |
|||
"""Test that the generated grub scripts do not contain any occurrences of |
|||
`root=<something>` except for known instances that we control. This is |
|||
important because Mender needs to keep tight control of when this |
|||
variable is set, in order to boot from, and mount, the correct root |
|||
partition.""" |
|||
|
|||
# First, check that the offline generated scripts don't have any. |
|||
extract_partition(latest_part_image, 1) |
|||
try: |
|||
subprocess.check_call( |
|||
["mcopy", "-i", "img1.fs", "::/grub-mender-grubenv/grub.cfg", "."] |
|||
) |
|||
check_all_root_occurrences_valid("grub.cfg") |
|||
finally: |
|||
os.remove("img1.fs") |
|||
os.remove("grub.cfg") |
|||
|
|||
extract_partition(latest_part_image, 2) |
|||
try: |
|||
subprocess.check_call( |
|||
[ |
|||
"debugfs", |
|||
"-R", |
|||
"dump -p /boot/grub-mender-grubenv.cfg grub-mender-grubenv.cfg", |
|||
"img2.fs", |
|||
] |
|||
) |
|||
check_all_root_occurrences_valid("grub-mender-grubenv.cfg") |
|||
finally: |
|||
os.remove("img2.fs") |
|||
os.remove("grub-mender-grubenv.cfg") |
|||
|
|||
# Then, check that the runtime generated scripts don't have any. |
|||
get_no_sftp("/boot/grub/grub.cfg", connection) |
|||
try: |
|||
check_all_root_occurrences_valid("grub.cfg") |
|||
finally: |
|||
os.remove("grub.cfg") |
|||
|
|||
get_no_sftp("/boot/grub-mender-grubenv.cfg", connection) |
|||
try: |
|||
check_all_root_occurrences_valid("grub-mender-grubenv.cfg") |
|||
finally: |
|||
os.remove("grub-mender-grubenv.cfg") |
|||
|
|||
# Check again after running `update-grub`. |
|||
connection.run("grub-install && update-grub") |
|||
get_no_sftp("/boot/grub/grub.cfg", connection) |
|||
try: |
|||
check_all_root_occurrences_valid("grub.cfg") |
|||
finally: |
|||
os.remove("grub.cfg") |
|||
|
|||
get_no_sftp("/boot/grub-mender-grubenv.cfg", connection) |
|||
try: |
|||
check_all_root_occurrences_valid("grub-mender-grubenv.cfg") |
|||
finally: |
|||
os.remove("grub-mender-grubenv.cfg") |
|||
|
|||
@pytest.mark.min_mender_version("1.0.0") |
|||
def test_offline_and_runtime_boot_scripts_identical(self, connection): |
|||
# Update scripts at runtime. |
|||
connection.run("grub-install && update-grub") |
|||
|
|||
# Take advantage of the copies already made by cleanup_boot_scripts |
|||
# fixture above, and use the copies in /data. |
|||
|
|||
# Take into account some known, but harmless differences. The "hd0,gpt1" |
|||
# style location is missing from the offline generated grub-efi.cfg |
|||
# file, but it is harmless because the filesystem UUID is being used |
|||
# instead. |
|||
connection.run( |
|||
r"sed -Ee 's/ *hd[0-9]+,gpt[0-9]+//' " |
|||
"$(find /boot/efi/EFI/ -name grub.cfg -not -path '*/EFI/BOOT/*') " |
|||
"> /data/new-grub-efi-modified.cfg" |
|||
) |
|||
try: |
|||
connection.run("diff -u /data/grub-efi.cfg /data/new-grub-efi-modified.cfg") |
|||
finally: |
|||
connection.run("rm -f /data/new-grub-efi-modified.cfg") |
|||
|
|||
# Another few differences we work around in the main grub files: |
|||
# * `--hint` parameters are not generated in offline copy. |
|||
# * `root` variable is not set in offline copy. |
|||
# * `fwsetup` is added somewhat randomly depending on availability both |
|||
# on build host and device. |
|||
try: |
|||
connection.run("cp /data/grub-main.cfg /data/old-grub-modified.cfg") |
|||
connection.run("cp /boot/grub/grub.cfg /data/new-grub-modified.cfg") |
|||
connection.run( |
|||
r"sed -i -En -e '/\bsearch\b/{s/ --hint[^ ]*//g;}' " |
|||
"-e \"/^set root='hd0,gpt1'$/d\" " |
|||
r"-e '\,### BEGIN /etc/grub.d/30_uefi-firmware ###,{p; n; :loop; \,### END /etc/grub.d/30_uefi-firmware ###,b end; n; b loop; :end;}' " |
|||
"-e p " |
|||
"/data/old-grub-modified.cfg /data/new-grub-modified.cfg" |
|||
) |
|||
connection.run("diff -u /data/old-grub-modified.cfg /data/new-grub-modified.cfg") |
|||
finally: |
|||
connection.run("rm -f /data/old-grub-modified.cfg /data/new-grub-modified.cfg") |
|||
|
|||
# Same differences as in previous check. |
|||
try: |
|||
connection.run("cp /data/grub-mender-grubenv.cfg /data/old-grub-mender-grubenv-modified.cfg") |
|||
connection.run("cp /boot/grub-mender-grubenv.cfg /data/new-grub-mender-grubenv-modified.cfg") |
|||
connection.run( |
|||
r"sed -i -En -e '/\bsearch\b/{s/ --hint[^ ]*//g;}' " |
|||
"-e \"/^set root='hd0,gpt1'$/d\" " |
|||
r"-e '\,### BEGIN /etc/grub.d/30_uefi-firmware ###,{p; n; :loop; \,### END /etc/grub.d/30_uefi-firmware ###,b end; n; b loop; :end;}' " |
|||
"-e p " |
|||
"/data/old-grub-mender-grubenv-modified.cfg /data/new-grub-mender-grubenv-modified.cfg" |
|||
) |
|||
connection.run( |
|||
"diff -u /data/old-grub-mender-grubenv-modified.cfg /data/new-grub-mender-grubenv-modified.cfg" |
|||
) |
|||
finally: |
|||
connection.run("rm -f /data/old-grub-mender-grubenv-modified.cfg /data/new-grub-mender-grubenv-modified.cfg") |
Loading…
Reference in new issue