[pve-devel] [PATCH manager] pve8to9: only allow systemd-boot when it is actually used before upgrade

[Stoiko Ivanov]

On some (non-standard) setups having systemd-boot installed, causes
issues, even if the system is using proxmox-boot-tool (p-b-t) for booting.
The currently observed edge-case is:
before the upgrade:
* system is booted with grub (w/o secure boot), using p-b-t, results
  in the ESP not being mounted on /boot/efi

after the upgrade:
* systemd-gpt-auto-generator(8) is active, and mounts the (single) ESP
  on /efi (because grub w/o secure-boot sets the needed efivar+it is
  not mounted)
* the next upgrade of systemd-boot causes systemd-boot to be
  installed on the ESP, but it will not get any kernels configured,
  since we disabled the /etc/kernel/postinst.d/zz-systemd-boot in
  PVE8.

so this patch further restricts the case were having systemd-boot
installed to the cases where p-b-t says it's used for booting.

Additionally raise the level from info to warn in the legacy-boot
case. and add a log_pass message that was added to the equivalent
check in pbs3to4[0]

[0] https://lore.proxmox.com/pbs-devel/20250811091135.127299-1-s.ivanov@proxmox.com/

Signed-off-by: Stoiko Ivanov <s.ivanov at proxmox.com>
---
tested minimally on a system with btrfs raid1 and combinations of
`p-b-t init /dev/sdX2 grub`, and `p-b-t init /dev/sdX2`
 PVE/CLI/pve8to9.pm | 24 +++++++++++++++++++++---
 1 file changed, 21 insertions(+), 3 deletions(-)

diff --git a/PVE/CLI/pve8to9.pm b/PVE/CLI/pve8to9.pm
index b639e212..a321f550 100644
--- a/PVE/CLI/pve8to9.pm
+++ b/PVE/CLI/pve8to9.pm
@@ -1560,7 +1560,7 @@ sub check_bootloader {
 
     if (!-d '/sys/firmware/efi') {
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
-            log_info(
+            log_warn(
                 "systemd-boot package installed on legacy-boot system is not necessary, consider removing it"
             );
             return;
@@ -1572,8 +1572,25 @@ sub check_bootloader {
     my $boot_ok = 1;
     if (-f "/etc/kernel/proxmox-boot-uuids") {
         if (!$upgraded) {
-            log_skip("not yet upgraded, systemd-boot still needed for bootctl");
-            return;
+            my $sd_boot_used = 0;
+            eval {
+                run_command(
+                    ['proxmox-boot-tool', 'status'],
+                    outfunc => sub {
+                        my ($line) = @_;
+                        if ($line =~ m#configured with:.* (uefi|systemd-boot) \(versions:#) {
+                             $sd_boot_used = 1;
+                        }
+                    },
+                    errfunc => sub { },
+                    noerr => 1,
+                );
+            };
+
+            if ($sd_boot_used) {
+                log_skip("not yet upgraded, systemd-boot still needed for bootctl");
+                return;
+            }
         }
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
             log_fail("systemd-boot meta-package installed this will cause issues on upgrades of"
@@ -1581,6 +1598,7 @@ sub check_bootloader {
                 . " and remove 'systemd-boot'");
             return;
         }
+        log_pass("bootloader packages installed correctly");
     } else {
         if (-f "/usr/share/doc/systemd-boot/changelog.Debian.gz") {
             log_fail(
-- 
2.39.5