Merge ~arbell/grub:lp1965983 into ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu

Proposed by Adam Bell
Status: Rejected
Rejected by: Julian Andres Klode
Proposed branch: ~arbell/grub:lp1965983
Merge into: ~ubuntu-core-dev/grub/+git/ubuntu:ubuntu
Diff against target: 55 lines (+41/-0)
2 files modified
debian/patches/grubcfg-zfs-snapshot-generation-failure.patch (+40/-0)
debian/patches/series (+1/-0)
Reviewer Review Type Date Requested Status
Julian Andres Klode Pending
Ubuntu Core Development Team Pending
Review via email: mp+417575@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Adam Bell (arbell) wrote :

Hello!

I'll try to keep an eye out for any email notifications about this merge request (since this is a public repo), but I'll be leaving Canonical in a couple of days.
If I do not respond, please ping `@certs` in ~fips on MM -- that team will be able to help.

Once this patch is merged, please contact @kylerhornor on MM; this patch is a prerequisite to a couple of other FIPS patches (which he has) in his customer case SF#00328362.

Thank you!
Adam

Revision history for this message
Mauricio Faria de Oliveira (mfo) wrote :
Revision history for this message
Julian Andres Klode (juliank) wrote :

Rejected in favor of mfo's merged one.

Unmerged commits

b466085... by Adam Bell

ZFS snapshots causing grub.cfg generation failure

In the situation where ZFS snapshots do not contain a .../etc
directory, the generation of /b/g/grub.cfg silently fails, providing no
"linux" kernel lines in the /b/g/grub.cfg file. This patch prevents this
type of failure from occurring. This issue is especially apparent on
systems running in FIPS mode with ZFS boot+root pools. (LP: #1965983)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/patches/grubcfg-zfs-snapshot-generation-failure.patch b/debian/patches/grubcfg-zfs-snapshot-generation-failure.patch
0new file mode 1006440new file mode 100644
index 0000000..e21827e
--- /dev/null
+++ b/debian/patches/grubcfg-zfs-snapshot-generation-failure.patch
@@ -0,0 +1,40 @@
1From: Adam Bell <adam.bell@canonical.com>
2Date: Thu, 10 Mar 2022 22:22:39 +0700
3Subject: ZFS snapshots causing grub.cfg generation failure
4
5In the situation where ZFS snapshots do not contain a .../etc
6directory, the generation of /b/g/grub.cfg silently fails, providing no
7"linux" kernel lines in the /b/g/grub.cfg file. This patch prevents this
8type of failure from occurring. This issue is especially apparent on
9systems running in FIPS mode with ZFS boot+root pools. (LP: #1965983)
10
11Signed-off-by: Adam Bell <adam.bell@canonical.com>
12---
13 util/grub.d/10_linux_zfs.in | 14 +++++++++-----
14 1 file changed, 9 insertions(+), 5 deletions(-)
15
16diff --git a/util/grub.d/10_linux_zfs.in b/util/grub.d/10_linux_zfs.in
17index cc4f6bd..8170b46 100755
18--- a/util/grub.d/10_linux_zfs.in
19+++ b/util/grub.d/10_linux_zfs.in
20@@ -529,11 +529,15 @@ get_dataset_info() {
21
22 umount "${mntdir}" || true
23 # We needed to look in / for snapshots on root dataset, umount the snapshot for etc before zfs lazily unmount it
24- case "${etc_dir}" in /.zfs/snapshot/*/etc)
25- snapshot_path="$(findmnt -n -o TARGET -T "${etc_dir}")"
26- umount "${snapshot_path}" || true
27- ;;
28- esac
29+ # This process only needs to run if the snapshot contains an .../etc path,
30+ # otherwise the build process may silently fail and produce no kernel lines in grub.cfg
31+ if [ -e "${etc_dir}" ]; then
32+ case "${etc_dir}" in /.zfs/snapshot/*/etc)
33+ snapshot_path="$(findmnt -n -o TARGET -T "${etc_dir}")"
34+ umount "${snapshot_path}" || true
35+ ;;
36+ esac
37+ fi
38 }
39
40 # Scan available boot options and returns in a formatted list
diff --git a/debian/patches/series b/debian/patches/series
index 7c2c2d4..6c6dc90 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -123,3 +123,4 @@ efi-implement-grub_efi_run_image.patch
123fat-fix-listing-the-root-directory.patch123fat-fix-listing-the-root-directory.patch
124efivar-check-that-efivarfs-is-writeable.patch124efivar-check-that-efivarfs-is-writeable.patch
125linuxefi-do-not-validate-kernels-twice.patch125linuxefi-do-not-validate-kernels-twice.patch
126grubcfg-zfs-snapshot-generation-failure.patch

Subscribers

People subscribed via source and target branches