Let's turn on validatefs automatically for all auto-discovered
partitions.
Let's add an x-systemd.validatefs option to optionally turn this on for
fstab listed file systems.
So far the gpt-auto logic only looked for the partition table of devices
that the ESP/XBOOTLDR partition used to boot was on. This works great
for local boots, but is more problematic if we boot a UKI via UEFI HTTP
boot, because there is no ESP in play in that case.
Let's introduce an alternative to communicate the intended default root
disk to cover for this situation: any loopback block device whose
backing file field (i.e. the userspace controlled freeform field we use
for /dev/disk/by-loop-ref/ naming) is set to "rootdisk" will be consider
for gpt-auto will be consider for gpt-auto.
With this in place we should have nice automatic behaviour:
1. If we are booted locally we'll get the ESP/XBOOTLDR data, and derive
the root disk from that.
2. If we are booted via UEFI HTTP boot we expect that the caller makes
the loopback device appear with the right loop-ref identifier, and
then will use that.
As per DPS the UUID for /var/ should be keyed by the local machine-id,
which is non-trivial to do in a script. Enhance 'systemd-id128' to
take 'var-partition-uuid' as a verb, and if so perform the
calculation.
We look for the root fs on the device of the booted ESP, and for the
other partitions on the device of the root fs. On EFI systems this
generally boils down to the same, but there are cases where this doesn't
hold, hence document this properly.
Fixes: #31199
Looking for the ESP node is useful to shortcut things but if we're told that
the node is not referenced in fstab that doesn't necessarily mean that ESP is
not mounted via fstab. Indeed the check is not reliable in all cases. Firstly
because it assumes that udev already set the symlinks up. This is not the case
for initrd-less boots. Secondly the devname of the ESP partition can be wrongly
constructed by the dissect code. For example, the approach which consists in
appending "p<partnum>" suffix to construct the partition devname from the disk
devname doesn't work for DM devices.
Hence this patch makes the logic more defensive and do not mount neither ESP
nor XBOOTLDR automatically if any path in paths that starts with /efi or /boot
exists.
As I noticed a lot of missing information when trying to implement checking
for missing info. I reimplemented the version information script to be more
robust, and here is the result.
Follow up to ec07c3c80b
This tries to add information about when each option was added. It goes
back to version 183.
The version info is included from a separate file to allow generating it,
which would allow more control on the formatting of the final output.
I started looking into https://github.com/uapi-group/specifications/issues/35.
BLS says:
> Otherwise [no existing XBOOTLDR partition], if on GPT and an ESP is found and
> it is large enough (let’s say at least 1G) it should be used as $BOOT and
> used as primary location to place boot loader menu resources in.
> It is recommended to mount $BOOT to /boot/, and the ESP to /efi/.
DPS says:
> The ESP used for the current boot is automatically mounted to /efi/ (or
> /boot/ as fallback), unless a different partition is mounted there (possibly
> via /etc/fstab, or because the Extended Boot Loader Partition — see below —
> exists) or the directory is non-empty on the root disk.
I don't think we want to mount the same partition in two places.
If the same partition is not mounted in two places, then the two specs are
contradictory.
The code in gpt-auto-generator implemented the logic from the DPS. It is
modified to implement the logic from BLS.
Effectively:
- if both /boot and /efi are available:
- if both XBOOTLDR and ESP exist:
ESP on /efi, XBOOTLDR on /boot
- if only ESP exists:
ESP on /boot
- if only XBOOTLDR exists:
XBOOTLDR on /boot
- if only /boot is available:
- if XBOOTLDR exists:
XBOOTLDR on /boot
- if only ESP exists:
ESP on /boot
- if only /efi is available:
- if ESP exists:
ESP on /efi
"Available" means that it the mount point is not mounted over and does not
contain files. If the directory doesn't exist, it is also "available" and will
be created later when the mount or automount unit is started.
Thus, the generator attempts to match the partitions and mount points to the
extent possible. In all cases, /boot is the primary place to install kernels.
ESP can be found on /boot or /efi, depending on the situation.
If this patch is merged, I'll submit fixes for BLS and DPS to describe the
same logic.
"located on the same disk as the ESP is located on" is hard to grok. Let's
use more natural phrasing. Also, we shouldn't say that "The first foo partition
… is mounted to …", because this doesn't explain what is happening. The
partition could be empty, and there could be other partitions with the "foo"
content, but what matters is the UUID.
We listed many of the root-partition type uuids, but not all. I think the
chances of somebody using the discoverable partition magic on an Itanium system
are fairly low at this point. So let's remove all architectures except the two
most popular consumer architectures. People building Longsoon or RISC-V images
are likely to have the online version of the Discoverable Partitions
Specifications handy anyway, and it makes the man page easier to read. It also
reduces the chances that somebody adding new entries to the table has some
select&paste mishap. We've already had this happen in the past and it's fairly
nasty bug. We don't need to expose the information in two places with manual
propagation between them.
I think those constants are generally useful. It's quite easy to make a mistake
when copying things from the docs, so let's make them easy and convenient to
access.
Previously volatile-root was only checked if "/" wasn't backed by a
block device, but the block device isn't necessarily original root block
device (ex: if the rootfs is copied to a ext4 fs backed by zram in the
initramfs), so we always want volatile-root checked.
So shuffle the code around so volatile-root is checked first and
fallback to the automatic logic.
Fix#20557
The docs didn't talk about this, so let's add an explicit mention that the
boot loader must cooperate. And also make the message from the generator
notice level. This should help people who are trying to mix grub and the
gpt auto logic.
* Use more secure https://www.uefi.orghttp://www.uefi.org directs to https://uefi.org/, so this saves one
redirect.
$ curl -I http://www.uefi.org
HTTP/1.1 302 Found
Server: nginx
Date: Tue, 09 Apr 2019 14:54:46 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
X-Content-Type-Options: nosniff
Location: https://uefi.org/
Cache-Control: max-age=1209600
Expires: Tue, 23 Apr 2019 14:54:46 GMT
Run the command below to update all occurrences.
git grep -l http://www.uefi.org | xargs sed -i 's,http://www.uefi.org,https://www.uefi.org,'
* Use https://uefi.org to save redirect
Save one redirect by using the target location.
$ curl -I https://www.uefi.org
HTTP/1.1 301 Moved Permanently
Server: nginx
Date: Tue, 09 Apr 2019 14:55:42 GMT
Content-Type: text/html; charset=iso-8859-1
Connection: keep-alive
X-Content-Type-Options: nosniff
Location: https://uefi.org/
Cache-Control: max-age=1209600
Expires: Tue, 23 Apr 2019 14:55:42 GMT
Run the command below to update all occurrences.
git grep -l https://www.uefi.org | xargs sed -i 's,https://www.uefi.org,https://uefi.org,'
The "include" files had type "book" for some raeason. I don't think this
is meaningful. Let's just use the same everywhere.
$ perl -i -0pe 's^..DOCTYPE (book|refentry) PUBLIC "-//OASIS//DTD DocBook XML V4.[25]//EN"\s+"http^<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"\n "http^gms' man/*.xml
No need to waste space, and uniformity is good.
$ perl -i -0pe 's|\n+<!--\s*SPDX-License-Identifier: LGPL-2.1..\s*-->|\n<!-- SPDX-License-Identifier: LGPL-2.1+ -->|gms' man/*.xml
Docbook styles required those to be present, even though the templates that we
use did not show those names anywhere. But something changed semi-recently (I
would suspect docbook templates, but there was only a minor version bump in
recent years, and the changelog does not suggest anything related), and builds
now work without those entries. Let's drop this dead weight.
Tested with F26-F29, debian unstable.
$ perl -i -0pe 's/\s*<authorgroup>.*<.authorgroup>//gms' man/*xml
