]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/boot/bootctl-install.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #30284 from YHNdnzj/fstab-wantedby-defaultdeps
[thirdparty/systemd.git] / src / boot / bootctl-install.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "bootctl.h"
4 #include "bootctl-install.h"
5 #include "bootctl-random-seed.h"
6 #include "bootctl-util.h"
7 #include "chase.h"
8 #include "copy.h"
9 #include "dirent-util.h"
10 #include "efi-api.h"
11 #include "env-file.h"
12 #include "fd-util.h"
13 #include "fileio.h"
14 #include "fs-util.h"
15 #include "glyph-util.h"
16 #include "id128-util.h"
17 #include "os-util.h"
18 #include "path-util.h"
19 #include "rm-rf.h"
20 #include "stat-util.h"
21 #include "sync-util.h"
22 #include "tmpfile-util.h"
23 #include "umask-util.h"
24 #include "utf8.h"
25
26 static int load_etc_machine_id(void) {
27 int r;
28
29 r = sd_id128_get_machine(&arg_machine_id);
30 if (ERRNO_IS_NEG_MACHINE_ID_UNSET(r)) /* Not set or empty */
31 return 0;
32 if (r < 0)
33 return log_error_errno(r, "Failed to get machine-id: %m");
34
35 log_debug("Loaded machine ID %s from /etc/machine-id.", SD_ID128_TO_STRING(arg_machine_id));
36 return 0;
37 }
38
39 static int load_etc_machine_info(void) {
40 /* systemd v250 added support to store the kernel-install layout setting and the machine ID to use
41 * for setting up the ESP in /etc/machine-info. The newer /etc/kernel/entry-token file, as well as
42 * the $layout field in /etc/kernel/install.conf are better replacements for this though, hence this
43 * has been deprecated and is only returned for compatibility. */
44 _cleanup_free_ char *p = NULL, *s = NULL, *layout = NULL;
45 int r;
46
47 p = path_join(arg_root, "etc/machine-info");
48 if (!p)
49 return log_oom();
50
51 r = parse_env_file(NULL, p,
52 "KERNEL_INSTALL_LAYOUT", &layout,
53 "KERNEL_INSTALL_MACHINE_ID", &s);
54 if (r == -ENOENT)
55 return 0;
56 if (r < 0)
57 return log_error_errno(r, "Failed to parse /etc/machine-info: %m");
58
59 if (!isempty(s)) {
60 if (!arg_quiet)
61 log_notice("Read $KERNEL_INSTALL_MACHINE_ID from /etc/machine-info. "
62 "Please move it to /etc/kernel/entry-token.");
63
64 r = sd_id128_from_string(s, &arg_machine_id);
65 if (r < 0)
66 return log_error_errno(r, "Failed to parse KERNEL_INSTALL_MACHINE_ID=%s in /etc/machine-info: %m", s);
67
68 log_debug("Loaded KERNEL_INSTALL_MACHINE_ID=%s from /etc/machine-info.",
69 SD_ID128_TO_STRING(arg_machine_id));
70 }
71
72 if (!isempty(layout)) {
73 if (!arg_quiet)
74 log_notice("Read $KERNEL_INSTALL_LAYOUT from /etc/machine-info. "
75 "Please move it to the layout= setting of /etc/kernel/install.conf.");
76
77 log_debug("KERNEL_INSTALL_LAYOUT=%s is specified in /etc/machine-info.", layout);
78 free_and_replace(arg_install_layout, layout);
79 }
80
81 return 0;
82 }
83
84 static int load_etc_kernel_install_conf(void) {
85 _cleanup_free_ char *layout = NULL, *p = NULL;
86 int r;
87
88 p = path_join(arg_root, etc_kernel(), "install.conf");
89 if (!p)
90 return log_oom();
91
92 r = parse_env_file(NULL, p, "layout", &layout);
93 if (r == -ENOENT)
94 return 0;
95 if (r < 0)
96 return log_error_errno(r, "Failed to parse %s: %m", p);
97
98 if (!isempty(layout)) {
99 log_debug("layout=%s is specified in %s.", layout, p);
100 free_and_replace(arg_install_layout, layout);
101 }
102
103 return 0;
104 }
105
106 static bool use_boot_loader_spec_type1(void) {
107 /* If the layout is not specified, or if it is set explicitly to "bls" we assume Boot Loader
108 * Specification Type #1 is the chosen format for our boot loader entries */
109 return !arg_install_layout || streq(arg_install_layout, "bls");
110 }
111
112 static int settle_make_entry_directory(void) {
113 int r;
114
115 r = load_etc_machine_id();
116 if (r < 0)
117 return r;
118
119 r = load_etc_machine_info();
120 if (r < 0)
121 return r;
122
123 r = load_etc_kernel_install_conf();
124 if (r < 0)
125 return r;
126
127 r = settle_entry_token();
128 if (r < 0)
129 return r;
130
131 bool layout_type1 = use_boot_loader_spec_type1();
132 if (arg_make_entry_directory < 0) { /* Automatic mode */
133 if (layout_type1) {
134 if (arg_entry_token_type == BOOT_ENTRY_TOKEN_MACHINE_ID) {
135 r = path_is_temporary_fs("/etc/machine-id");
136 if (r < 0)
137 return log_debug_errno(r, "Couldn't determine whether /etc/machine-id is on a temporary file system: %m");
138
139 arg_make_entry_directory = r == 0;
140 } else
141 arg_make_entry_directory = true;
142 } else
143 arg_make_entry_directory = false;
144 }
145
146 if (arg_make_entry_directory > 0 && !layout_type1)
147 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
148 "KERNEL_INSTALL_LAYOUT=%s is configured, but Boot Loader Specification Type #1 entry directory creation was requested.",
149 arg_install_layout);
150
151 return 0;
152 }
153
154 static int compare_product(const char *a, const char *b) {
155 size_t x, y;
156
157 assert(a);
158 assert(b);
159
160 x = strcspn(a, " ");
161 y = strcspn(b, " ");
162 if (x != y)
163 return x < y ? -1 : x > y ? 1 : 0;
164
165 return strncmp(a, b, x);
166 }
167
168 static int compare_version(const char *a, const char *b) {
169 assert(a);
170 assert(b);
171
172 a += strcspn(a, " ");
173 a += strspn(a, " ");
174 b += strcspn(b, " ");
175 b += strspn(b, " ");
176
177 return strverscmp_improved(a, b);
178 }
179
180 static int version_check(int fd_from, const char *from, int fd_to, const char *to) {
181 _cleanup_free_ char *a = NULL, *b = NULL;
182 int r;
183
184 assert(fd_from >= 0);
185 assert(from);
186 assert(fd_to >= 0);
187 assert(to);
188
189 r = get_file_version(fd_from, &a);
190 if (r == -ESRCH)
191 return log_notice_errno(r, "Source file \"%s\" does not carry version information!", from);
192 if (r < 0)
193 return r;
194
195 r = get_file_version(fd_to, &b);
196 if (r == -ESRCH)
197 return log_notice_errno(r, "Skipping \"%s\", it's owned by another boot loader (no version info found).",
198 to);
199 if (r < 0)
200 return r;
201 if (compare_product(a, b) != 0)
202 return log_notice_errno(SYNTHETIC_ERRNO(ESRCH),
203 "Skipping \"%s\", it's owned by another boot loader.", to);
204
205 r = compare_version(a, b);
206 log_debug("Comparing versions: \"%s\" %s \"%s", a, comparison_operator(r), b);
207 if (r < 0)
208 return log_warning_errno(SYNTHETIC_ERRNO(ESTALE),
209 "Skipping \"%s\", newer boot loader version in place already.", to);
210 if (r == 0)
211 return log_info_errno(SYNTHETIC_ERRNO(ESTALE),
212 "Skipping \"%s\", same boot loader version in place already.", to);
213
214 return 0;
215 }
216
217 static int copy_file_with_version_check(const char *from, const char *to, bool force) {
218 _cleanup_close_ int fd_from = -EBADF, fd_to = -EBADF;
219 _cleanup_free_ char *t = NULL;
220 int r;
221
222 fd_from = open(from, O_RDONLY|O_CLOEXEC|O_NOCTTY);
223 if (fd_from < 0)
224 return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", from);
225
226 if (!force) {
227 fd_to = open(to, O_RDONLY|O_CLOEXEC|O_NOCTTY);
228 if (fd_to < 0) {
229 if (errno != ENOENT)
230 return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", to);
231 } else {
232 r = version_check(fd_from, from, fd_to, to);
233 if (r < 0)
234 return r;
235
236 if (lseek(fd_from, 0, SEEK_SET) < 0)
237 return log_error_errno(errno, "Failed to seek in \"%s\": %m", from);
238
239 fd_to = safe_close(fd_to);
240 }
241 }
242
243 r = tempfn_random(to, NULL, &t);
244 if (r < 0)
245 return log_oom();
246
247 WITH_UMASK(0000) {
248 fd_to = open(t, O_WRONLY|O_CREAT|O_CLOEXEC|O_EXCL|O_NOFOLLOW, 0644);
249 if (fd_to < 0)
250 return log_error_errno(errno, "Failed to open \"%s\" for writing: %m", t);
251 }
252
253 r = copy_bytes(fd_from, fd_to, UINT64_MAX, COPY_REFLINK);
254 if (r < 0) {
255 (void) unlink(t);
256 return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
257 }
258
259 (void) copy_times(fd_from, fd_to, 0);
260
261 r = fsync_full(fd_to);
262 if (r < 0) {
263 (void) unlink(t);
264 return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
265 }
266
267 r = RET_NERRNO(renameat(AT_FDCWD, t, AT_FDCWD, to));
268 if (r < 0) {
269 (void) unlink(t);
270 return log_error_errno(r, "Failed to rename \"%s\" to \"%s\": %m", t, to);
271 }
272
273 log_info("Copied \"%s\" to \"%s\".", from, to);
274
275 return 0;
276 }
277
278 static int mkdir_one(const char *prefix, const char *suffix) {
279 _cleanup_free_ char *p = NULL;
280
281 p = path_join(prefix, suffix);
282 if (mkdir(p, 0700) < 0) {
283 if (errno != EEXIST)
284 return log_error_errno(errno, "Failed to create \"%s\": %m", p);
285 } else
286 log_info("Created \"%s\".", p);
287
288 return 0;
289 }
290
291 static const char *const esp_subdirs[] = {
292 /* The directories to place in the ESP */
293 "EFI",
294 "EFI/systemd",
295 "EFI/BOOT",
296 "loader",
297 NULL
298 };
299
300 static const char *const dollar_boot_subdirs[] = {
301 /* The directories to place in the XBOOTLDR partition or the ESP, depending what exists */
302 "loader",
303 "loader/entries", /* Type #1 entries */
304 "EFI",
305 "EFI/Linux", /* Type #2 entries */
306 NULL
307 };
308
309 static int create_subdirs(const char *root, const char * const *subdirs) {
310 int r;
311
312 STRV_FOREACH(i, subdirs) {
313 r = mkdir_one(root, *i);
314 if (r < 0)
315 return r;
316 }
317
318 return 0;
319 }
320
321 static int update_efi_boot_binaries(const char *esp_path, const char *source_path) {
322 _cleanup_closedir_ DIR *d = NULL;
323 _cleanup_free_ char *p = NULL;
324 int r, ret = 0;
325
326 r = chase_and_opendir("/EFI/BOOT", esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &p, &d);
327 if (r == -ENOENT)
328 return 0;
329 if (r < 0)
330 return log_error_errno(r, "Failed to open directory \"%s/EFI/BOOT\": %m", esp_path);
331
332 FOREACH_DIRENT(de, d, break) {
333 _cleanup_close_ int fd = -EBADF;
334 _cleanup_free_ char *v = NULL;
335
336 if (!endswith_no_case(de->d_name, ".efi"))
337 continue;
338
339 fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
340 if (fd < 0)
341 return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
342
343 r = get_file_version(fd, &v);
344 if (r == -ESRCH)
345 continue; /* No version information */
346 if (r < 0)
347 return r;
348 if (startswith(v, "systemd-boot ")) {
349 _cleanup_free_ char *dest_path = NULL;
350
351 dest_path = path_join(p, de->d_name);
352 if (!dest_path)
353 return log_oom();
354
355 RET_GATHER(ret, copy_file_with_version_check(source_path, dest_path, /* force = */ false));
356 }
357 }
358
359 return ret;
360 }
361
362 static int copy_one_file(const char *esp_path, const char *name, bool force) {
363 char *root = IN_SET(arg_install_source, ARG_INSTALL_SOURCE_AUTO, ARG_INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
364 _cleanup_free_ char *source_path = NULL, *dest_path = NULL, *p = NULL, *q = NULL;
365 const char *e;
366 char *dest_name, *s;
367 int r, ret;
368
369 dest_name = strdupa_safe(name);
370 s = endswith_no_case(dest_name, ".signed");
371 if (s)
372 *s = 0;
373
374 p = path_join(BOOTLIBDIR, name);
375 if (!p)
376 return log_oom();
377
378 r = chase(p, root, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &source_path, NULL);
379 /* If we had a root directory to try, we didn't find it and we are in auto mode, retry on the host */
380 if (r == -ENOENT && root && arg_install_source == ARG_INSTALL_SOURCE_AUTO)
381 r = chase(p, NULL, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &source_path, NULL);
382 if (r < 0)
383 return log_error_errno(r,
384 "Failed to resolve path %s%s%s: %m",
385 p,
386 root ? " under directory " : "",
387 strempty(root));
388
389 q = path_join("/EFI/systemd/", dest_name);
390 if (!q)
391 return log_oom();
392
393 r = chase(q, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_NONEXISTENT, &dest_path, NULL);
394 if (r < 0)
395 return log_error_errno(r, "Failed to resolve path %s under directory %s: %m", q, esp_path);
396
397 /* Note that if this fails we do the second copy anyway, but return this error code,
398 * so we stash it away in a separate variable. */
399 ret = copy_file_with_version_check(source_path, dest_path, force);
400
401 e = startswith(dest_name, "systemd-boot");
402 if (e) {
403 _cleanup_free_ char *default_dest_path = NULL;
404 char *v;
405
406 /* Create the EFI default boot loader name (specified for removable devices) */
407 v = strjoina("/EFI/BOOT/BOOT", e);
408 ascii_strupper(strrchr(v, '/') + 1);
409
410 r = chase(v, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_NONEXISTENT, &default_dest_path, NULL);
411 if (r < 0)
412 return log_error_errno(r, "Failed to resolve path %s under directory %s: %m", v, esp_path);
413
414 RET_GATHER(ret, copy_file_with_version_check(source_path, default_dest_path, force));
415
416 /* If we were installed under any other name in /EFI/BOOT, make sure we update those binaries
417 * as well. */
418 if (!force)
419 RET_GATHER(ret, update_efi_boot_binaries(esp_path, source_path));
420 }
421
422 return ret;
423 }
424
425 static int install_binaries(const char *esp_path, const char *arch, bool force) {
426 char *root = IN_SET(arg_install_source, ARG_INSTALL_SOURCE_AUTO, ARG_INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
427 _cleanup_closedir_ DIR *d = NULL;
428 _cleanup_free_ char *path = NULL;
429 int r;
430
431 r = chase_and_opendir(BOOTLIBDIR, root, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &path, &d);
432 /* If we had a root directory to try, we didn't find it and we are in auto mode, retry on the host */
433 if (r == -ENOENT && root && arg_install_source == ARG_INSTALL_SOURCE_AUTO)
434 r = chase_and_opendir(BOOTLIBDIR, NULL, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &path, &d);
435 if (r == -ENOENT && arg_graceful) {
436 log_debug("Source directory does not exist, ignoring.");
437 return 0;
438 }
439 if (r < 0)
440 return log_error_errno(r, "Failed to open boot loader directory %s%s: %m", strempty(root), BOOTLIBDIR);
441
442 const char *suffix = strjoina(arch, ".efi");
443 const char *suffix_signed = strjoina(arch, ".efi.signed");
444
445 FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read \"%s\": %m", path)) {
446 int k;
447
448 if (!endswith_no_case(de->d_name, suffix) && !endswith_no_case(de->d_name, suffix_signed))
449 continue;
450
451 /* skip the .efi file, if there's a .signed version of it */
452 if (endswith_no_case(de->d_name, ".efi")) {
453 _cleanup_free_ const char *s = strjoin(de->d_name, ".signed");
454 if (!s)
455 return log_oom();
456 if (faccessat(dirfd(d), s, F_OK, 0) >= 0)
457 continue;
458 }
459
460 k = copy_one_file(esp_path, de->d_name, force);
461 /* Don't propagate an error code if no update necessary, installed version already equal or
462 * newer version, or other boot loader in place. */
463 if (arg_graceful && IN_SET(k, -ESTALE, -ESRCH))
464 continue;
465 RET_GATHER(r, k);
466 }
467
468 return r;
469 }
470
471 static int install_loader_config(const char *esp_path) {
472 _cleanup_(unlink_and_freep) char *t = NULL;
473 _cleanup_fclose_ FILE *f = NULL;
474 _cleanup_free_ char *p = NULL;
475 int r;
476
477 assert(arg_make_entry_directory >= 0);
478
479 p = path_join(esp_path, "/loader/loader.conf");
480 if (!p)
481 return log_oom();
482 if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */
483 return 0;
484
485 r = fopen_tmpfile_linkable(p, O_WRONLY|O_CLOEXEC, &t, &f);
486 if (r < 0)
487 return log_error_errno(r, "Failed to open \"%s\" for writing: %m", p);
488
489 fprintf(f, "#timeout 3\n"
490 "#console-mode keep\n");
491
492 if (arg_make_entry_directory) {
493 assert(arg_entry_token);
494 fprintf(f, "default %s-*\n", arg_entry_token);
495 }
496
497 r = flink_tmpfile(f, t, p, LINK_TMPFILE_SYNC);
498 if (r == -EEXIST)
499 return 0; /* Silently skip creation if the file exists now (recheck) */
500 if (r < 0)
501 return log_error_errno(r, "Failed to move \"%s\" into place: %m", p);
502
503 t = mfree(t);
504 return 1;
505 }
506
507 static int install_loader_specification(const char *root) {
508 _cleanup_(unlink_and_freep) char *t = NULL;
509 _cleanup_fclose_ FILE *f = NULL;
510 _cleanup_free_ char *p = NULL;
511 int r;
512
513 p = path_join(root, "/loader/entries.srel");
514 if (!p)
515 return log_oom();
516
517 if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */
518 return 0;
519
520 r = fopen_tmpfile_linkable(p, O_WRONLY|O_CLOEXEC, &t, &f);
521 if (r < 0)
522 return log_error_errno(r, "Failed to open \"%s\" for writing: %m", p);
523
524 fprintf(f, "type1\n");
525
526 r = flink_tmpfile(f, t, p, LINK_TMPFILE_SYNC);
527 if (r == -EEXIST)
528 return 0; /* Silently skip creation if the file exists now (recheck) */
529 if (r < 0)
530 return log_error_errno(r, "Failed to move \"%s\" into place: %m", p);
531
532 t = mfree(t);
533 return 1;
534 }
535
536 static int install_entry_directory(const char *root) {
537 assert(root);
538 assert(arg_make_entry_directory >= 0);
539
540 if (!arg_make_entry_directory)
541 return 0;
542
543 assert(arg_entry_token);
544 return mkdir_one(root, arg_entry_token);
545 }
546
547 static int install_entry_token(void) {
548 _cleanup_free_ char* p = NULL;
549 int r;
550
551 assert(arg_make_entry_directory >= 0);
552 assert(arg_entry_token);
553
554 /* Let's save the used entry token in /etc/kernel/entry-token if we used it to create the entry
555 * directory, or if anything else but the machine ID */
556
557 if (!arg_make_entry_directory && arg_entry_token_type == BOOT_ENTRY_TOKEN_MACHINE_ID)
558 return 0;
559
560 p = path_join(arg_root, etc_kernel(), "entry-token");
561 if (!p)
562 return log_oom();
563
564 r = write_string_file(p, arg_entry_token, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_MKDIR_0755);
565 if (r < 0)
566 return log_error_errno(r, "Failed to write entry token '%s' to %s: %m", arg_entry_token, p);
567
568 return 0;
569 }
570
571 static bool same_entry(uint16_t id, sd_id128_t uuid, const char *path) {
572 _cleanup_free_ char *opath = NULL;
573 sd_id128_t ouuid;
574 int r;
575
576 r = efi_get_boot_option(id, NULL, &ouuid, &opath, NULL);
577 if (r < 0)
578 return false;
579 if (!sd_id128_equal(uuid, ouuid))
580 return false;
581
582 /* Some motherboards convert the path to uppercase under certain circumstances
583 * (e.g. after booting into the Boot Menu in the ASUS ROG STRIX B350-F GAMING),
584 * so use case-insensitive checking */
585 if (!strcaseeq_ptr(path, opath))
586 return false;
587
588 return true;
589 }
590
591 static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) {
592 _cleanup_free_ uint16_t *options = NULL;
593
594 int n = efi_get_boot_options(&options);
595 if (n < 0)
596 return n;
597
598 /* find already existing systemd-boot entry */
599 for (int i = 0; i < n; i++)
600 if (same_entry(options[i], uuid, path)) {
601 *id = options[i];
602 return 1;
603 }
604
605 /* find free slot in the sorted BootXXXX variable list */
606 for (int i = 0; i < n; i++)
607 if (i != options[i]) {
608 *id = i;
609 return 0;
610 }
611
612 /* use the next one */
613 if (n == 0xffff)
614 return -ENOSPC;
615 *id = n;
616 return 0;
617 }
618
619 static int insert_into_order(uint16_t slot, bool first) {
620 _cleanup_free_ uint16_t *order = NULL;
621 uint16_t *t;
622 int n;
623
624 n = efi_get_boot_order(&order);
625 if (n <= 0)
626 /* no entry, add us */
627 return efi_set_boot_order(&slot, 1);
628
629 /* are we the first and only one? */
630 if (n == 1 && order[0] == slot)
631 return 0;
632
633 /* are we already in the boot order? */
634 for (int i = 0; i < n; i++) {
635 if (order[i] != slot)
636 continue;
637
638 /* we do not require to be the first one, all is fine */
639 if (!first)
640 return 0;
641
642 /* move us to the first slot */
643 memmove(order + 1, order, i * sizeof(uint16_t));
644 order[0] = slot;
645 return efi_set_boot_order(order, n);
646 }
647
648 /* extend array */
649 t = reallocarray(order, n + 1, sizeof(uint16_t));
650 if (!t)
651 return -ENOMEM;
652 order = t;
653
654 /* add us to the top or end of the list */
655 if (first) {
656 memmove(order + 1, order, n * sizeof(uint16_t));
657 order[0] = slot;
658 } else
659 order[n] = slot;
660
661 return efi_set_boot_order(order, n + 1);
662 }
663
664 static int remove_from_order(uint16_t slot) {
665 _cleanup_free_ uint16_t *order = NULL;
666 int n;
667
668 n = efi_get_boot_order(&order);
669 if (n <= 0)
670 return n;
671
672 for (int i = 0; i < n; i++) {
673 if (order[i] != slot)
674 continue;
675
676 if (i + 1 < n)
677 memmove(order + i, order + i+1, (n - i) * sizeof(uint16_t));
678 return efi_set_boot_order(order, n - 1);
679 }
680
681 return 0;
682 }
683
684 static const char *pick_efi_boot_option_description(void) {
685 return arg_efi_boot_option_description ?: "Linux Boot Manager";
686 }
687
688 static int install_variables(
689 const char *esp_path,
690 uint32_t part,
691 uint64_t pstart,
692 uint64_t psize,
693 sd_id128_t uuid,
694 const char *path,
695 bool first,
696 bool graceful) {
697
698 uint16_t slot;
699 int r;
700
701 if (arg_root) {
702 log_info("Acting on %s, skipping EFI variable setup.",
703 arg_image ? "image" : "root directory");
704 return 0;
705 }
706
707 if (!is_efi_boot()) {
708 log_warning("Not booted with EFI, skipping EFI variable setup.");
709 return 0;
710 }
711
712 r = chase_and_access(path, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, F_OK, NULL);
713 if (r == -ENOENT)
714 return 0;
715 if (r < 0)
716 return log_error_errno(r, "Cannot access \"%s/%s\": %m", esp_path, path);
717
718 r = find_slot(uuid, path, &slot);
719 if (r < 0) {
720 int level = graceful ? arg_quiet ? LOG_DEBUG : LOG_INFO : LOG_ERR;
721 const char *skip = graceful ? ", skipping" : "";
722
723 log_full_errno(level, r,
724 r == -ENOENT ?
725 "Failed to access EFI variables%s. Is the \"efivarfs\" filesystem mounted?" :
726 "Failed to determine current boot order%s: %m", skip);
727
728 return graceful ? 0 : r;
729 }
730
731 if (first || r == 0) {
732 r = efi_add_boot_option(slot, pick_efi_boot_option_description(),
733 part, pstart, psize,
734 uuid, path);
735 if (r < 0) {
736 int level = graceful ? arg_quiet ? LOG_DEBUG : LOG_INFO : LOG_ERR;
737 const char *skip = graceful ? ", skipping" : "";
738
739 log_full_errno(level, r, "Failed to create EFI Boot variable entry%s: %m", skip);
740
741 return graceful ? 0 : r;
742 }
743
744 log_info("Created EFI boot entry \"%s\".", pick_efi_boot_option_description());
745 }
746
747 return insert_into_order(slot, first);
748 }
749
750 static int are_we_installed(const char *esp_path) {
751 int r;
752
753 /* Tests whether systemd-boot is installed. It's not obvious what to use as check here: we could
754 * check EFI variables, we could check what binary /EFI/BOOT/BOOT*.EFI points to, or whether the
755 * loader entries directory exists. Here we opted to check whether /EFI/systemd/ is non-empty, which
756 * should be a suitable and very minimal check for a number of reasons:
757 *
758 * → The check is architecture independent (i.e. we check if any systemd-boot loader is installed,
759 * not a specific one.)
760 *
761 * → It doesn't assume we are the only boot loader (i.e doesn't check if we own the main
762 * /EFI/BOOT/BOOT*.EFI fallback binary.
763 *
764 * → It specifically checks for systemd-boot, not for other boot loaders (which a check for
765 * /boot/loader/entries would do). */
766
767 _cleanup_free_ char *p = path_join(esp_path, "/EFI/systemd/");
768 if (!p)
769 return log_oom();
770
771 log_debug("Checking whether %s contains any files%s", p, special_glyph(SPECIAL_GLYPH_ELLIPSIS));
772 r = dir_is_empty(p, /* ignore_hidden_or_backup= */ false);
773 if (r < 0 && r != -ENOENT)
774 return log_error_errno(r, "Failed to check whether %s contains any files: %m", p);
775
776 return r == 0;
777 }
778
779 int verb_install(int argc, char *argv[], void *userdata) {
780 sd_id128_t uuid = SD_ID128_NULL;
781 uint64_t pstart = 0, psize = 0;
782 uint32_t part = 0;
783 bool install, graceful;
784 int r;
785
786 /* Invoked for both "update" and "install" */
787
788 install = streq(argv[0], "install");
789 graceful = !install && arg_graceful; /* support graceful mode for updates */
790
791 r = acquire_esp(/* unprivileged_mode= */ false, graceful, &part, &pstart, &psize, &uuid, NULL);
792 if (graceful && r == -ENOKEY)
793 return 0; /* If --graceful is specified and we can't find an ESP, handle this cleanly */
794 if (r < 0)
795 return r;
796
797 if (!install) {
798 /* If we are updating, don't do anything if sd-boot wasn't actually installed. */
799 r = are_we_installed(arg_esp_path);
800 if (r < 0)
801 return r;
802 if (r == 0) {
803 log_debug("Skipping update because sd-boot is not installed in the ESP.");
804 return 0;
805 }
806 }
807
808 r = acquire_xbootldr(/* unprivileged_mode= */ false, NULL, NULL);
809 if (r < 0)
810 return r;
811
812 r = settle_make_entry_directory();
813 if (r < 0)
814 return r;
815
816 const char *arch = arg_arch_all ? "" : get_efi_arch();
817
818 WITH_UMASK(0002) {
819 if (install) {
820 /* Don't create any of these directories when we are just updating. When we update
821 * we'll drop-in our files (unless there are newer ones already), but we won't create
822 * the directories for them in the first place. */
823 r = create_subdirs(arg_esp_path, esp_subdirs);
824 if (r < 0)
825 return r;
826
827 r = create_subdirs(arg_dollar_boot_path(), dollar_boot_subdirs);
828 if (r < 0)
829 return r;
830 }
831
832 r = install_binaries(arg_esp_path, arch, install);
833 if (r < 0)
834 return r;
835
836 if (install) {
837 r = install_loader_config(arg_esp_path);
838 if (r < 0)
839 return r;
840
841 r = install_entry_directory(arg_dollar_boot_path());
842 if (r < 0)
843 return r;
844
845 r = install_entry_token();
846 if (r < 0)
847 return r;
848
849 r = install_random_seed(arg_esp_path);
850 if (r < 0)
851 return r;
852 }
853
854 r = install_loader_specification(arg_dollar_boot_path());
855 if (r < 0)
856 return r;
857 }
858
859 (void) sync_everything();
860
861 if (!arg_touch_variables)
862 return 0;
863
864 if (arg_arch_all) {
865 log_info("Not changing EFI variables with --all-architectures.");
866 return 0;
867 }
868
869 char *path = strjoina("/EFI/systemd/systemd-boot", arch, ".efi");
870 return install_variables(arg_esp_path, part, pstart, psize, uuid, path, install, graceful);
871 }
872
873 static int remove_boot_efi(const char *esp_path) {
874 _cleanup_closedir_ DIR *d = NULL;
875 _cleanup_free_ char *p = NULL;
876 int r, c = 0;
877
878 r = chase_and_opendir("/EFI/BOOT", esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &p, &d);
879 if (r == -ENOENT)
880 return 0;
881 if (r < 0)
882 return log_error_errno(r, "Failed to open directory \"%s/EFI/BOOT\": %m", esp_path);
883
884 FOREACH_DIRENT(de, d, break) {
885 _cleanup_close_ int fd = -EBADF;
886 _cleanup_free_ char *v = NULL;
887
888 if (!endswith_no_case(de->d_name, ".efi"))
889 continue;
890
891 fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
892 if (fd < 0)
893 return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
894
895 r = get_file_version(fd, &v);
896 if (r == -ESRCH)
897 continue; /* No version information */
898 if (r < 0)
899 return r;
900 if (startswith(v, "systemd-boot ")) {
901 r = unlinkat(dirfd(d), de->d_name, 0);
902 if (r < 0)
903 return log_error_errno(errno, "Failed to remove \"%s/%s\": %m", p, de->d_name);
904
905 log_info("Removed \"%s/%s\".", p, de->d_name);
906 }
907
908 c++;
909 }
910
911 return c;
912 }
913
914 static int rmdir_one(const char *prefix, const char *suffix) {
915 const char *p;
916
917 p = prefix_roota(prefix, suffix);
918 if (rmdir(p) < 0) {
919 bool ignore = IN_SET(errno, ENOENT, ENOTEMPTY);
920
921 log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, errno,
922 "Failed to remove directory \"%s\": %m", p);
923 if (!ignore)
924 return -errno;
925 } else
926 log_info("Removed \"%s\".", p);
927
928 return 0;
929 }
930
931 static int remove_subdirs(const char *root, const char *const *subdirs) {
932 int r, q;
933
934 /* We use recursion here to destroy the directories in reverse order. Which should be safe given how
935 * short the array is. */
936
937 if (!subdirs[0]) /* A the end of the list */
938 return 0;
939
940 r = remove_subdirs(root, subdirs + 1);
941 q = rmdir_one(root, subdirs[0]);
942
943 return r < 0 ? r : q;
944 }
945
946 static int remove_entry_directory(const char *root) {
947 assert(root);
948 assert(arg_make_entry_directory >= 0);
949
950 if (!arg_make_entry_directory || !arg_entry_token)
951 return 0;
952
953 return rmdir_one(root, arg_entry_token);
954 }
955
956 static int remove_binaries(const char *esp_path) {
957 const char *p;
958 int r, q;
959
960 p = prefix_roota(esp_path, "/EFI/systemd");
961 r = rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
962
963 q = remove_boot_efi(esp_path);
964 if (q < 0 && r == 0)
965 r = q;
966
967 return r;
968 }
969
970 static int remove_file(const char *root, const char *file) {
971 const char *p;
972
973 assert(root);
974 assert(file);
975
976 p = prefix_roota(root, file);
977 if (unlink(p) < 0) {
978 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno,
979 "Failed to unlink file \"%s\": %m", p);
980
981 return errno == ENOENT ? 0 : -errno;
982 }
983
984 log_info("Removed \"%s\".", p);
985 return 1;
986 }
987
988 static int remove_variables(sd_id128_t uuid, const char *path, bool in_order) {
989 uint16_t slot;
990 int r;
991
992 if (arg_root || !is_efi_boot())
993 return 0;
994
995 r = find_slot(uuid, path, &slot);
996 if (r != 1)
997 return 0;
998
999 r = efi_remove_boot_option(slot);
1000 if (r < 0)
1001 return r;
1002
1003 if (in_order)
1004 return remove_from_order(slot);
1005
1006 return 0;
1007 }
1008
1009 static int remove_loader_variables(void) {
1010 int r = 0;
1011
1012 /* Remove all persistent loader variables we define */
1013
1014 FOREACH_STRING(var,
1015 EFI_LOADER_VARIABLE(LoaderConfigConsoleMode),
1016 EFI_LOADER_VARIABLE(LoaderConfigTimeout),
1017 EFI_LOADER_VARIABLE(LoaderConfigTimeoutOneShot),
1018 EFI_LOADER_VARIABLE(LoaderEntryDefault),
1019 EFI_LOADER_VARIABLE(LoaderEntryLastBooted),
1020 EFI_LOADER_VARIABLE(LoaderEntryOneShot),
1021 EFI_LOADER_VARIABLE(LoaderSystemToken)){
1022
1023 int q;
1024
1025 q = efi_set_variable(var, NULL, 0);
1026 if (q == -ENOENT)
1027 continue;
1028 if (q < 0) {
1029 log_warning_errno(q, "Failed to remove EFI variable %s: %m", var);
1030 if (r >= 0)
1031 r = q;
1032 } else
1033 log_info("Removed EFI variable %s.", var);
1034 }
1035
1036 return r;
1037 }
1038
1039 int verb_remove(int argc, char *argv[], void *userdata) {
1040 sd_id128_t uuid = SD_ID128_NULL;
1041 int r, q;
1042
1043 r = acquire_esp(/* unprivileged_mode= */ false, /* graceful= */ false, NULL, NULL, NULL, &uuid, NULL);
1044 if (r < 0)
1045 return r;
1046
1047 r = acquire_xbootldr(/* unprivileged_mode= */ false, NULL, NULL);
1048 if (r < 0)
1049 return r;
1050
1051 r = settle_make_entry_directory();
1052 if (r < 0)
1053 return r;
1054
1055 r = remove_binaries(arg_esp_path);
1056
1057 q = remove_file(arg_esp_path, "/loader/loader.conf");
1058 if (q < 0 && r >= 0)
1059 r = q;
1060
1061 q = remove_file(arg_esp_path, "/loader/random-seed");
1062 if (q < 0 && r >= 0)
1063 r = q;
1064
1065 q = remove_file(arg_esp_path, "/loader/entries.srel");
1066 if (q < 0 && r >= 0)
1067 r = q;
1068
1069 q = remove_subdirs(arg_esp_path, esp_subdirs);
1070 if (q < 0 && r >= 0)
1071 r = q;
1072
1073 q = remove_subdirs(arg_esp_path, dollar_boot_subdirs);
1074 if (q < 0 && r >= 0)
1075 r = q;
1076
1077 q = remove_entry_directory(arg_esp_path);
1078 if (q < 0 && r >= 0)
1079 r = q;
1080
1081 if (arg_xbootldr_path) {
1082 /* Remove a subset of these also from the XBOOTLDR partition if it exists */
1083
1084 q = remove_file(arg_xbootldr_path, "/loader/entries.srel");
1085 if (q < 0 && r >= 0)
1086 r = q;
1087
1088 q = remove_subdirs(arg_xbootldr_path, dollar_boot_subdirs);
1089 if (q < 0 && r >= 0)
1090 r = q;
1091
1092 q = remove_entry_directory(arg_xbootldr_path);
1093 if (q < 0 && r >= 0)
1094 r = q;
1095 }
1096
1097 (void) sync_everything();
1098
1099 if (!arg_touch_variables)
1100 return r;
1101
1102 if (arg_arch_all) {
1103 log_info("Not changing EFI variables with --all-architectures.");
1104 return r;
1105 }
1106
1107 char *path = strjoina("/EFI/systemd/systemd-boot", get_efi_arch(), ".efi");
1108 q = remove_variables(uuid, path, true);
1109 if (q < 0 && r >= 0)
1110 r = q;
1111
1112 q = remove_loader_variables();
1113 if (q < 0 && r >= 0)
1114 r = q;
1115
1116 return r;
1117 }
1118
1119 int verb_is_installed(int argc, char *argv[], void *userdata) {
1120 int r;
1121
1122 r = acquire_esp(/* unprivileged_mode= */ false,
1123 /* graceful= */ arg_graceful,
1124 NULL, NULL, NULL, NULL, NULL);
1125 if (r < 0)
1126 return r;
1127
1128 r = are_we_installed(arg_esp_path);
1129 if (r < 0)
1130 return r;
1131
1132 if (r > 0) {
1133 if (!arg_quiet)
1134 puts("yes");
1135 return EXIT_SUCCESS;
1136 } else {
1137 if (!arg_quiet)
1138 puts("no");
1139 return EXIT_FAILURE;
1140 }
1141 }
Unnamed repository; edit this file 'description' to name the repository.