[pve-devel] [PATCH pve-kernel-meta 7/7] proxmox-boot: add grub-install wrapper

[Stoiko Ivanov]

if a (legacy) system is booted with proxmox-boot-tool, running
`grub-install` without being aware of the fact can render the system
unbootable (e.g. when letting the early stage point to an incompatible
zpool instead of the ESP).

To prevent this we add a dpkg-diversion [0], which simply checks if
`proxmox-boot-tool status` indicates that proxmox-boot is used and
errors out in that case, and runs the actual grub-install else.

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
 bin/Makefile                     |  1 +
 bin/grub-install-wrapper         | 12 ++++++++++++
 bin/proxmox-boot-tool            |  2 +-
 debian/pve-kernel-helper.install |  1 +
 debian/pve-kernel-helper.postrm  | 14 ++++++++++++++
 debian/pve-kernel-helper.preinst |  9 +++++++++
 6 files changed, 38 insertions(+), 1 deletion(-)
 create mode 100755 bin/grub-install-wrapper
 create mode 100644 debian/pve-kernel-helper.postrm
 create mode 100644 debian/pve-kernel-helper.preinst

diff --git a/bin/Makefile b/bin/Makefile
index b78fa42..2e18342 100644
--- a/bin/Makefile
+++ b/bin/Makefile
@@ -6,6 +6,7 @@ all:
 install:
 	install -d ${SBINDIR}
 	install -m 0755 proxmox-boot-tool ${SBINDIR}/
+	install -m 0755 grub-install-wrapper ${SBINDIR}/grub-install
 
 .PHONY: clean distclean
 distclean:
diff --git a/bin/grub-install-wrapper b/bin/grub-install-wrapper
new file mode 100755
index 0000000..d9ef9cc
--- /dev/null
+++ b/bin/grub-install-wrapper
@@ -0,0 +1,12 @@
+#! /bin/sh
+set -e
+
+. /usr/share/pve-kernel-helper/scripts/functions
+
+if proxmox-boot-tool status; then
+	warn "grub-install is disabled because this system is booted via proxmox-boot-tool, if you really need to run it, run /usr/sbin/grub-install.real"
+	exit 1
+else
+	grub-install.real "$@"
+fi
+
diff --git a/bin/proxmox-boot-tool b/bin/proxmox-boot-tool
index 8baa577..bf9af7c 100755
--- a/bin/proxmox-boot-tool
+++ b/bin/proxmox-boot-tool
@@ -161,7 +161,7 @@ init() {
 		mv "$esp_mp/$PMX_LOADER_CONF.tmp" "$esp_mp/$PMX_LOADER_CONF"
 	else
 		echo "Installing grub i386-pc target.."
-		grub-install \
+		grub-install.real \
 			--boot-directory $esp_mp \
 			--target i386-pc \
 			--no-floppy \
diff --git a/debian/pve-kernel-helper.install b/debian/pve-kernel-helper.install
index aae9494..e410ce7 100644
--- a/debian/pve-kernel-helper.install
+++ b/debian/pve-kernel-helper.install
@@ -2,4 +2,5 @@ etc/kernel/postinst.d/*
 etc/kernel/postrm.d/*
 etc/initramfs/post-update.d/proxmox-boot-sync
 usr/sbin/proxmox-boot-tool
+usr/sbin/grub-install
 usr/share/pve-kernel-helper/scripts/functions
diff --git a/debian/pve-kernel-helper.postrm b/debian/pve-kernel-helper.postrm
new file mode 100644
index 0000000..98e5550
--- /dev/null
+++ b/debian/pve-kernel-helper.postrm
@@ -0,0 +1,14 @@
+#! /bin/sh
+
+set -e
+
+if [ remove = "$1" ] || [ abort-install = "$1" ] || [ disappear = "$1" ]; then
+	dpkg-divert --package pve-kernel-helper --remove --rename \
+		--divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+fi
+
+if [ abort-upgrade = "$1" ] && dpkg --compare-versions "$2" lt 6.3-9; then
+	dpkg-divert --package pve-kernel-helper --remove --rename \
+		--divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+fi
+
diff --git a/debian/pve-kernel-helper.preinst b/debian/pve-kernel-helper.preinst
new file mode 100644
index 0000000..d0a8f67
--- /dev/null
+++ b/debian/pve-kernel-helper.preinst
@@ -0,0 +1,9 @@
+#! /bin/sh
+
+set -e
+
+if [ upgrade != "$1" ] || dpkg --compare-versions "$2" lt 6.3-9; then
+	dpkg-divert --package pve-kernel-helper --add --rename \
+		--divert /usr/sbin/grub-install.real /usr/sbin/grub-install
+fi
+
-- 
2.20.1