sbctl
sbctl copied to clipboard
Foxboron
Kernel removal fails if image file is already removed, resulting in multiple installed kernels on fedora
To test sbctl and I reinstalled the kernel quite a few times and got into weird problems, like kernels being installed multiple times, according to dnf.
So to fix it I created the following changes and now dnf reinstall kernel-core works like it should.
I have no idea if that's a valid fix, so let's clear that up first before I create a PR. The first hunk of the diff is just for debugging purposes.
--- ./contrib/kernel-install/91-sbctl.install 2024-02-23 22:10:05.654097343 +0100
+++ /usr/lib/kernel/install.d/91-sbctl.install 2024-03-21 17:46:08.229980568 +0100
@@ -1,4 +1,4 @@
-#!/bin/sh
+#!/bin/sh -x
# This file is part of sbctl.
COMMAND="$1"
@@ -39,8 +39,10 @@
sbctl sign -s "$IMAGE_FILE" 1>/dev/null
;;
remove)
- [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] &&
+ if [[ -e "$IMAGE_FILE" ]]; then
+ [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] &&
printf 'sbctl: Removing kernel %s from signing database\n' "$IMAGE_FILE"
- sbctl remove-file "$IMAGE_FILE" 1>/dev/null
+ sbctl remove-file "$IMAGE_FILE" 1>/dev/null
+ fi
;;
esac
sudo dnf reinstall kernel-core
[sudo] password for han:
Last metadata expiration check: 0:37:10 ago on Thu 21 Mar 2024 05:33:23 PM CET.
Dependencies resolved.
==============================================================================================================================================================================
Package Architecture Version Repository Size
==============================================================================================================================================================================
Reinstalling:
kernel-core x86_64 6.8.0-63.fc40.1 updates-testing 16 M
Transaction Summary
==============================================================================================================================================================================
Total download size: 16 M
Installed size: 66 M
Is this ok [Y/n]:
Downloading Packages:
kernel-core-6.8.0-63.fc40.1.x86_64.rpm 1.8 MB/s | 16 MB 00:08
------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Total 1.6 MB/s | 16 MB 00:10
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
Preparing : 1/1
Reinstalling : kernel-core-6.8.0-63.fc40.1.x86_64 1/2
Running scriptlet: kernel-core-6.8.0-63.fc40.1.x86_64 1/2
Running scriptlet: kernel-core-6.8.0-63.fc40.1.x86_64 2/2
+ COMMAND=remove
+ KERNEL_VERSION=6.8.0-63.fc40.1.x86_64
+ ENTRY_DIR_ABS=/efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64
+ KERNEL_IMAGE=
+ IMAGE_FILE=/efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64/linux
+ '[' bls = uki ']'
+ case "$COMMAND" in
+ [[ -e /efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64/linux ]]
+ '[' 0 -gt 0 ']'
+ sbctl remove-file /efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64/linux
Cleanup : kernel-core-6.8.0-63.fc40.1.x86_64 2/2
Running scriptlet: kernel-core-6.8.0-63.fc40.1.x86_64 2/2
dkms: running auto installation service for kernel 6.8.0-63.fc40.1.x86_64
dkms: autoinstall for kernel 6.8.0-63.fc40.1.x86_64 Done.
+ COMMAND=add
+ KERNEL_VERSION=6.8.0-63.fc40.1.x86_64
+ ENTRY_DIR_ABS=/efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64
+ KERNEL_IMAGE=/lib/modules/6.8.0-63.fc40.1.x86_64/vmlinuz
+ IMAGE_FILE=/efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64/linux
+ '[' bls = uki ']'
+ case "$COMMAND" in
+ printf 'sbctl: Signing kernel %s\n' /efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64/linux
sbctl: Signing kernel /efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64/linux
+ test -d /usr/share/secureboot/keys
+ sbctl sign -s /efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64/linux
Reinstalled:
kernel-core-6.8.0-63.fc40.1.x86_64
Complete!
Time: 0h:00m:58s
han@it1notebook ~/src/sbctl % <master> sudo sbctl verify
Verifying file database and EFI images in /efi...
✓ /efi/12a1f611b7024771b9b102a13c88175a/6.8.0-63.fc40.1.x86_64/linux is signed
✓ /efi/12a1f611b7024771b9b102a13c88175a/0-rescue/linux is signed
✓ /efi/EFI/BOOT/BOOTIA32.EFI is signed
✓ /efi/EFI/BOOT/BOOTX64.EFI is signed
✓ /efi/EFI/BOOT/fbia32.efi is signed
✓ /efi/EFI/BOOT/fbx64.efi is signed
✓ /efi/EFI/fedora/fwupdx64.efi is signed
✓ /efi/EFI/fedora/gcdia32.efi is signed
✓ /efi/EFI/fedora/gcdx64.efi is signed
✓ /efi/EFI/fedora/grubia32.efi is signed
✓ /efi/EFI/fedora/grubx64.efi is signed
✓ /efi/EFI/fedora/mmia32.efi is signed
✓ /efi/EFI/fedora/mmx64.efi is signed
✓ /efi/EFI/fedora/shim.efi is signed
✓ /efi/EFI/fedora/shimia32.efi is signed
✓ /efi/EFI/fedora/shimx64.efi is signed
✓ /efi/EFI/systemd/systemd-bootx64.efi is signed
I don't really use kernel-install, so if it solves a problem you have please do send a patch :)
