]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/boot/bootctl-install.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
bootctl: clean up handling of files with no version information
[thirdparty/systemd.git] / src / boot / bootctl-install.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include "bootctl.h"
4 #include "bootctl-install.h"
5 #include "bootctl-random-seed.h"
6 #include "bootctl-util.h"
7 #include "chase.h"
8 #include "copy.h"
9 #include "dirent-util.h"
10 #include "efi-api.h"
11 #include "env-file.h"
12 #include "fd-util.h"
13 #include "fileio.h"
14 #include "fs-util.h"
15 #include "glyph-util.h"
16 #include "id128-util.h"
17 #include "os-util.h"
18 #include "path-util.h"
19 #include "rm-rf.h"
20 #include "stat-util.h"
21 #include "sync-util.h"
22 #include "tmpfile-util.h"
23 #include "umask-util.h"
24 #include "utf8.h"
25
26 static int load_etc_machine_id(void) {
27 int r;
28
29 r = sd_id128_get_machine(&arg_machine_id);
30 if (r < 0) {
31 if (ERRNO_IS_MACHINE_ID_UNSET(r)) /* Not set or empty */
32 return 0;
33
34 return log_error_errno(r, "Failed to get machine-id: %m");
35 }
36
37 log_debug("Loaded machine ID %s from /etc/machine-id.", SD_ID128_TO_STRING(arg_machine_id));
38 return 0;
39 }
40
41 static int load_etc_machine_info(void) {
42 /* systemd v250 added support to store the kernel-install layout setting and the machine ID to use
43 * for setting up the ESP in /etc/machine-info. The newer /etc/kernel/entry-token file, as well as
44 * the $layout field in /etc/kernel/install.conf are better replacements for this though, hence this
45 * has been deprecated and is only returned for compatibility. */
46 _cleanup_free_ char *p = NULL, *s = NULL, *layout = NULL;
47 int r;
48
49 p = path_join(arg_root, "etc/machine-info");
50 if (!p)
51 return log_oom();
52
53 r = parse_env_file(NULL, p,
54 "KERNEL_INSTALL_LAYOUT", &layout,
55 "KERNEL_INSTALL_MACHINE_ID", &s);
56 if (r == -ENOENT)
57 return 0;
58 if (r < 0)
59 return log_error_errno(r, "Failed to parse /etc/machine-info: %m");
60
61 if (!isempty(s)) {
62 if (!arg_quiet)
63 log_notice("Read $KERNEL_INSTALL_MACHINE_ID from /etc/machine-info. "
64 "Please move it to /etc/kernel/entry-token.");
65
66 r = sd_id128_from_string(s, &arg_machine_id);
67 if (r < 0)
68 return log_error_errno(r, "Failed to parse KERNEL_INSTALL_MACHINE_ID=%s in /etc/machine-info: %m", s);
69
70 log_debug("Loaded KERNEL_INSTALL_MACHINE_ID=%s from /etc/machine-info.",
71 SD_ID128_TO_STRING(arg_machine_id));
72 }
73
74 if (!isempty(layout)) {
75 if (!arg_quiet)
76 log_notice("Read $KERNEL_INSTALL_LAYOUT from /etc/machine-info. "
77 "Please move it to the layout= setting of /etc/kernel/install.conf.");
78
79 log_debug("KERNEL_INSTALL_LAYOUT=%s is specified in /etc/machine-info.", layout);
80 free_and_replace(arg_install_layout, layout);
81 }
82
83 return 0;
84 }
85
86 static int load_etc_kernel_install_conf(void) {
87 _cleanup_free_ char *layout = NULL, *p = NULL;
88 int r;
89
90 p = path_join(arg_root, etc_kernel(), "install.conf");
91 if (!p)
92 return log_oom();
93
94 r = parse_env_file(NULL, p, "layout", &layout);
95 if (r == -ENOENT)
96 return 0;
97 if (r < 0)
98 return log_error_errno(r, "Failed to parse %s: %m", p);
99
100 if (!isempty(layout)) {
101 log_debug("layout=%s is specified in %s.", layout, p);
102 free_and_replace(arg_install_layout, layout);
103 }
104
105 return 0;
106 }
107
108 static bool use_boot_loader_spec_type1(void) {
109 /* If the layout is not specified, or if it is set explicitly to "bls" we assume Boot Loader
110 * Specification Type #1 is the chosen format for our boot loader entries */
111 return !arg_install_layout || streq(arg_install_layout, "bls");
112 }
113
114 static int settle_make_entry_directory(void) {
115 int r;
116
117 r = load_etc_machine_id();
118 if (r < 0)
119 return r;
120
121 r = load_etc_machine_info();
122 if (r < 0)
123 return r;
124
125 r = load_etc_kernel_install_conf();
126 if (r < 0)
127 return r;
128
129 r = settle_entry_token();
130 if (r < 0)
131 return r;
132
133 bool layout_type1 = use_boot_loader_spec_type1();
134 if (arg_make_entry_directory < 0) { /* Automatic mode */
135 if (layout_type1) {
136 if (arg_entry_token_type == BOOT_ENTRY_TOKEN_MACHINE_ID) {
137 r = path_is_temporary_fs("/etc/machine-id");
138 if (r < 0)
139 return log_debug_errno(r, "Couldn't determine whether /etc/machine-id is on a temporary file system: %m");
140
141 arg_make_entry_directory = r == 0;
142 } else
143 arg_make_entry_directory = true;
144 } else
145 arg_make_entry_directory = false;
146 }
147
148 if (arg_make_entry_directory > 0 && !layout_type1)
149 return log_error_errno(SYNTHETIC_ERRNO(EINVAL),
150 "KERNEL_INSTALL_LAYOUT=%s is configured, but Boot Loader Specification Type #1 entry directory creation was requested.",
151 arg_install_layout);
152
153 return 0;
154 }
155
156 static int compare_product(const char *a, const char *b) {
157 size_t x, y;
158
159 assert(a);
160 assert(b);
161
162 x = strcspn(a, " ");
163 y = strcspn(b, " ");
164 if (x != y)
165 return x < y ? -1 : x > y ? 1 : 0;
166
167 return strncmp(a, b, x);
168 }
169
170 static int compare_version(const char *a, const char *b) {
171 assert(a);
172 assert(b);
173
174 a += strcspn(a, " ");
175 a += strspn(a, " ");
176 b += strcspn(b, " ");
177 b += strspn(b, " ");
178
179 return strverscmp_improved(a, b);
180 }
181
182 static int version_check(int fd_from, const char *from, int fd_to, const char *to) {
183 _cleanup_free_ char *a = NULL, *b = NULL;
184 int r;
185
186 assert(fd_from >= 0);
187 assert(from);
188 assert(fd_to >= 0);
189 assert(to);
190
191 r = get_file_version(fd_from, &a);
192 if (r == -ESRCH)
193 return log_notice_errno(r, "Source file \"%s\" does not carry version information!", from);
194 if (r < 0)
195 return r;
196
197 r = get_file_version(fd_to, &b);
198 if (r == -ESRCH)
199 return log_notice_errno(r, "Skipping \"%s\", it's owned by another boot loader (no version info found).",
200 to);
201 if (r < 0)
202 return r;
203 if (compare_product(a, b) != 0)
204 return log_notice_errno(SYNTHETIC_ERRNO(ESRCH),
205 "Skipping \"%s\", it's owned by another boot loader.", to);
206
207 r = compare_version(a, b);
208 log_debug("Comparing versions: \"%s\" %s \"%s", a, comparison_operator(r), b);
209 if (r < 0)
210 return log_warning_errno(SYNTHETIC_ERRNO(ESTALE),
211 "Skipping \"%s\", newer boot loader version in place already.", to);
212 if (r == 0)
213 return log_info_errno(SYNTHETIC_ERRNO(ESTALE),
214 "Skipping \"%s\", same boot loader version in place already.", to);
215
216 return 0;
217 }
218
219 static int copy_file_with_version_check(const char *from, const char *to, bool force) {
220 _cleanup_close_ int fd_from = -EBADF, fd_to = -EBADF;
221 _cleanup_free_ char *t = NULL;
222 int r;
223
224 fd_from = open(from, O_RDONLY|O_CLOEXEC|O_NOCTTY);
225 if (fd_from < 0)
226 return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", from);
227
228 if (!force) {
229 fd_to = open(to, O_RDONLY|O_CLOEXEC|O_NOCTTY);
230 if (fd_to < 0) {
231 if (errno != ENOENT)
232 return log_error_errno(errno, "Failed to open \"%s\" for reading: %m", to);
233 } else {
234 r = version_check(fd_from, from, fd_to, to);
235 if (r < 0)
236 return r;
237
238 if (lseek(fd_from, 0, SEEK_SET) == (off_t) -1)
239 return log_error_errno(errno, "Failed to seek in \"%s\": %m", from);
240
241 fd_to = safe_close(fd_to);
242 }
243 }
244
245 r = tempfn_random(to, NULL, &t);
246 if (r < 0)
247 return log_oom();
248
249 WITH_UMASK(0000) {
250 fd_to = open(t, O_WRONLY|O_CREAT|O_CLOEXEC|O_EXCL|O_NOFOLLOW, 0644);
251 if (fd_to < 0)
252 return log_error_errno(errno, "Failed to open \"%s\" for writing: %m", t);
253 }
254
255 r = copy_bytes(fd_from, fd_to, UINT64_MAX, COPY_REFLINK);
256 if (r < 0) {
257 (void) unlink(t);
258 return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
259 }
260
261 (void) copy_times(fd_from, fd_to, 0);
262
263 r = fsync_full(fd_to);
264 if (r < 0) {
265 (void) unlink(t);
266 return log_error_errno(r, "Failed to copy data from \"%s\" to \"%s\": %m", from, t);
267 }
268
269 r = RET_NERRNO(renameat(AT_FDCWD, t, AT_FDCWD, to));
270 if (r < 0) {
271 (void) unlink(t);
272 return log_error_errno(r, "Failed to rename \"%s\" to \"%s\": %m", t, to);
273 }
274
275 log_info("Copied \"%s\" to \"%s\".", from, to);
276
277 return 0;
278 }
279
280 static int mkdir_one(const char *prefix, const char *suffix) {
281 _cleanup_free_ char *p = NULL;
282
283 p = path_join(prefix, suffix);
284 if (mkdir(p, 0700) < 0) {
285 if (errno != EEXIST)
286 return log_error_errno(errno, "Failed to create \"%s\": %m", p);
287 } else
288 log_info("Created \"%s\".", p);
289
290 return 0;
291 }
292
293 static const char *const esp_subdirs[] = {
294 /* The directories to place in the ESP */
295 "EFI",
296 "EFI/systemd",
297 "EFI/BOOT",
298 "loader",
299 NULL
300 };
301
302 static const char *const dollar_boot_subdirs[] = {
303 /* The directories to place in the XBOOTLDR partition or the ESP, depending what exists */
304 "loader",
305 "loader/entries", /* Type #1 entries */
306 "EFI",
307 "EFI/Linux", /* Type #2 entries */
308 NULL
309 };
310
311 static int create_subdirs(const char *root, const char * const *subdirs) {
312 int r;
313
314 STRV_FOREACH(i, subdirs) {
315 r = mkdir_one(root, *i);
316 if (r < 0)
317 return r;
318 }
319
320 return 0;
321 }
322
323
324 static int copy_one_file(const char *esp_path, const char *name, bool force) {
325 char *root = IN_SET(arg_install_source, ARG_INSTALL_SOURCE_AUTO, ARG_INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
326 _cleanup_free_ char *source_path = NULL, *dest_path = NULL, *p = NULL, *q = NULL;
327 const char *e;
328 char *dest_name, *s;
329 int r, ret;
330
331 dest_name = strdupa_safe(name);
332 s = endswith_no_case(dest_name, ".signed");
333 if (s)
334 *s = 0;
335
336 p = path_join(BOOTLIBDIR, name);
337 if (!p)
338 return log_oom();
339
340 r = chase(p, root, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &source_path, NULL);
341 /* If we had a root directory to try, we didn't find it and we are in auto mode, retry on the host */
342 if (r == -ENOENT && root && arg_install_source == ARG_INSTALL_SOURCE_AUTO)
343 r = chase(p, NULL, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &source_path, NULL);
344 if (r < 0)
345 return log_error_errno(r,
346 "Failed to resolve path %s%s%s: %m",
347 p,
348 root ? " under directory " : "",
349 strempty(root));
350
351 q = path_join("/EFI/systemd/", dest_name);
352 if (!q)
353 return log_oom();
354
355 r = chase(q, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_NONEXISTENT, &dest_path, NULL);
356 if (r < 0)
357 return log_error_errno(r, "Failed to resolve path %s under directory %s: %m", q, esp_path);
358
359 /* Note that if this fails we do the second copy anyway, but return this error code,
360 * so we stash it away in a separate variable. */
361 ret = copy_file_with_version_check(source_path, dest_path, force);
362
363 e = startswith(dest_name, "systemd-boot");
364 if (e) {
365 _cleanup_free_ char *default_dest_path = NULL;
366 char *v;
367
368 /* Create the EFI default boot loader name (specified for removable devices) */
369 v = strjoina("/EFI/BOOT/BOOT", e);
370 ascii_strupper(strrchr(v, '/') + 1);
371
372 r = chase(v, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS|CHASE_NONEXISTENT, &default_dest_path, NULL);
373 if (r < 0)
374 return log_error_errno(r, "Failed to resolve path %s under directory %s: %m", v, esp_path);
375
376 r = copy_file_with_version_check(source_path, default_dest_path, force);
377 if (r < 0 && ret == 0)
378 ret = r;
379 }
380
381 return ret;
382 }
383
384 static int install_binaries(const char *esp_path, const char *arch, bool force) {
385 char *root = IN_SET(arg_install_source, ARG_INSTALL_SOURCE_AUTO, ARG_INSTALL_SOURCE_IMAGE) ? arg_root : NULL;
386 _cleanup_closedir_ DIR *d = NULL;
387 _cleanup_free_ char *path = NULL;
388 int r;
389
390 r = chase_and_opendir(BOOTLIBDIR, root, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &path, &d);
391 /* If we had a root directory to try, we didn't find it and we are in auto mode, retry on the host */
392 if (r == -ENOENT && root && arg_install_source == ARG_INSTALL_SOURCE_AUTO)
393 r = chase_and_opendir(BOOTLIBDIR, NULL, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &path, &d);
394 if (r < 0)
395 return log_error_errno(r, "Failed to open boot loader directory %s%s: %m", strempty(root), BOOTLIBDIR);
396
397 const char *suffix = strjoina(arch, ".efi");
398 const char *suffix_signed = strjoina(arch, ".efi.signed");
399
400 FOREACH_DIRENT(de, d, return log_error_errno(errno, "Failed to read \"%s\": %m", path)) {
401 int k;
402
403 if (!endswith_no_case(de->d_name, suffix) && !endswith_no_case(de->d_name, suffix_signed))
404 continue;
405
406 /* skip the .efi file, if there's a .signed version of it */
407 if (endswith_no_case(de->d_name, ".efi")) {
408 _cleanup_free_ const char *s = strjoin(de->d_name, ".signed");
409 if (!s)
410 return log_oom();
411 if (faccessat(dirfd(d), s, F_OK, 0) >= 0)
412 continue;
413 }
414
415 k = copy_one_file(esp_path, de->d_name, force);
416 /* Don't propagate an error code if no update necessary, installed version already equal or
417 * newer version, or other boot loader in place. */
418 if (arg_graceful && IN_SET(k, -ESTALE, -ESRCH))
419 continue;
420 if (k < 0 && r == 0)
421 r = k;
422 }
423
424 return r;
425 }
426
427 static int install_loader_config(const char *esp_path) {
428 _cleanup_(unlink_and_freep) char *t = NULL;
429 _cleanup_fclose_ FILE *f = NULL;
430 _cleanup_free_ char *p = NULL;
431 int r;
432
433 assert(arg_make_entry_directory >= 0);
434
435 p = path_join(esp_path, "/loader/loader.conf");
436 if (!p)
437 return log_oom();
438 if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */
439 return 0;
440
441 r = fopen_tmpfile_linkable(p, O_WRONLY|O_CLOEXEC, &t, &f);
442 if (r < 0)
443 return log_error_errno(r, "Failed to open \"%s\" for writing: %m", p);
444
445 fprintf(f, "#timeout 3\n"
446 "#console-mode keep\n");
447
448 if (arg_make_entry_directory) {
449 assert(arg_entry_token);
450 fprintf(f, "default %s-*\n", arg_entry_token);
451 }
452
453 r = flink_tmpfile(f, t, p, /* replace= */ false);
454 if (r == -EEXIST)
455 return 0; /* Silently skip creation if the file exists now (recheck) */
456 if (r < 0)
457 return log_error_errno(r, "Failed to move \"%s\" into place: %m", p);
458
459 t = mfree(t);
460 return 1;
461 }
462
463 static int install_loader_specification(const char *root) {
464 _cleanup_(unlink_and_freep) char *t = NULL;
465 _cleanup_fclose_ FILE *f = NULL;
466 _cleanup_free_ char *p = NULL;
467 int r;
468
469 p = path_join(root, "/loader/entries.srel");
470 if (!p)
471 return log_oom();
472
473 if (access(p, F_OK) >= 0) /* Silently skip creation if the file already exists (early check) */
474 return 0;
475
476 r = fopen_tmpfile_linkable(p, O_WRONLY|O_CLOEXEC, &t, &f);
477 if (r < 0)
478 return log_error_errno(r, "Failed to open \"%s\" for writing: %m", p);
479
480 fprintf(f, "type1\n");
481
482 r = flink_tmpfile(f, t, p, /* replace= */ false);
483 if (r == -EEXIST)
484 return 0; /* Silently skip creation if the file exists now (recheck) */
485 if (r < 0)
486 return log_error_errno(r, "Failed to move \"%s\" into place: %m", p);
487
488 t = mfree(t);
489 return 1;
490 }
491
492 static int install_entry_directory(const char *root) {
493 assert(root);
494 assert(arg_make_entry_directory >= 0);
495
496 if (!arg_make_entry_directory)
497 return 0;
498
499 assert(arg_entry_token);
500 return mkdir_one(root, arg_entry_token);
501 }
502
503 static int install_entry_token(void) {
504 _cleanup_free_ char* p = NULL;
505 int r;
506
507 assert(arg_make_entry_directory >= 0);
508 assert(arg_entry_token);
509
510 /* Let's save the used entry token in /etc/kernel/entry-token if we used it to create the entry
511 * directory, or if anything else but the machine ID */
512
513 if (!arg_make_entry_directory && arg_entry_token_type == BOOT_ENTRY_TOKEN_MACHINE_ID)
514 return 0;
515
516 p = path_join(arg_root, etc_kernel(), "entry-token");
517 if (!p)
518 return log_oom();
519
520 r = write_string_file(p, arg_entry_token, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC|WRITE_STRING_FILE_MKDIR_0755);
521 if (r < 0)
522 return log_error_errno(r, "Failed to write entry token '%s' to %s: %m", arg_entry_token, p);
523
524 return 0;
525 }
526
527 static bool same_entry(uint16_t id, sd_id128_t uuid, const char *path) {
528 _cleanup_free_ char *opath = NULL;
529 sd_id128_t ouuid;
530 int r;
531
532 r = efi_get_boot_option(id, NULL, &ouuid, &opath, NULL);
533 if (r < 0)
534 return false;
535 if (!sd_id128_equal(uuid, ouuid))
536 return false;
537
538 /* Some motherboards convert the path to uppercase under certain circumstances
539 * (e.g. after booting into the Boot Menu in the ASUS ROG STRIX B350-F GAMING),
540 * so use case-insensitive checking */
541 if (!strcaseeq_ptr(path, opath))
542 return false;
543
544 return true;
545 }
546
547 static int find_slot(sd_id128_t uuid, const char *path, uint16_t *id) {
548 _cleanup_free_ uint16_t *options = NULL;
549
550 int n = efi_get_boot_options(&options);
551 if (n < 0)
552 return n;
553
554 /* find already existing systemd-boot entry */
555 for (int i = 0; i < n; i++)
556 if (same_entry(options[i], uuid, path)) {
557 *id = options[i];
558 return 1;
559 }
560
561 /* find free slot in the sorted BootXXXX variable list */
562 for (int i = 0; i < n; i++)
563 if (i != options[i]) {
564 *id = i;
565 return 0;
566 }
567
568 /* use the next one */
569 if (n == 0xffff)
570 return -ENOSPC;
571 *id = n;
572 return 0;
573 }
574
575 static int insert_into_order(uint16_t slot, bool first) {
576 _cleanup_free_ uint16_t *order = NULL;
577 uint16_t *t;
578 int n;
579
580 n = efi_get_boot_order(&order);
581 if (n <= 0)
582 /* no entry, add us */
583 return efi_set_boot_order(&slot, 1);
584
585 /* are we the first and only one? */
586 if (n == 1 && order[0] == slot)
587 return 0;
588
589 /* are we already in the boot order? */
590 for (int i = 0; i < n; i++) {
591 if (order[i] != slot)
592 continue;
593
594 /* we do not require to be the first one, all is fine */
595 if (!first)
596 return 0;
597
598 /* move us to the first slot */
599 memmove(order + 1, order, i * sizeof(uint16_t));
600 order[0] = slot;
601 return efi_set_boot_order(order, n);
602 }
603
604 /* extend array */
605 t = reallocarray(order, n + 1, sizeof(uint16_t));
606 if (!t)
607 return -ENOMEM;
608 order = t;
609
610 /* add us to the top or end of the list */
611 if (first) {
612 memmove(order + 1, order, n * sizeof(uint16_t));
613 order[0] = slot;
614 } else
615 order[n] = slot;
616
617 return efi_set_boot_order(order, n + 1);
618 }
619
620 static int remove_from_order(uint16_t slot) {
621 _cleanup_free_ uint16_t *order = NULL;
622 int n;
623
624 n = efi_get_boot_order(&order);
625 if (n <= 0)
626 return n;
627
628 for (int i = 0; i < n; i++) {
629 if (order[i] != slot)
630 continue;
631
632 if (i + 1 < n)
633 memmove(order + i, order + i+1, (n - i) * sizeof(uint16_t));
634 return efi_set_boot_order(order, n - 1);
635 }
636
637 return 0;
638 }
639
640 static const char *pick_efi_boot_option_description(void) {
641 return arg_efi_boot_option_description ?: "Linux Boot Manager";
642 }
643
644 static int install_variables(
645 const char *esp_path,
646 uint32_t part,
647 uint64_t pstart,
648 uint64_t psize,
649 sd_id128_t uuid,
650 const char *path,
651 bool first,
652 bool graceful) {
653
654 uint16_t slot;
655 int r;
656
657 if (arg_root) {
658 log_info("Acting on %s, skipping EFI variable setup.",
659 arg_image ? "image" : "root directory");
660 return 0;
661 }
662
663 if (!is_efi_boot()) {
664 log_warning("Not booted with EFI, skipping EFI variable setup.");
665 return 0;
666 }
667
668 r = chase_and_access(path, esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, F_OK, NULL);
669 if (r == -ENOENT)
670 return 0;
671 if (r < 0)
672 return log_error_errno(r, "Cannot access \"%s/%s\": %m", esp_path, path);
673
674 r = find_slot(uuid, path, &slot);
675 if (r < 0) {
676 int level = graceful ? arg_quiet ? LOG_DEBUG : LOG_INFO : LOG_ERR;
677 const char *skip = graceful ? ", skipping" : "";
678
679 log_full_errno(level, r,
680 r == -ENOENT ?
681 "Failed to access EFI variables%s. Is the \"efivarfs\" filesystem mounted?" :
682 "Failed to determine current boot order%s: %m", skip);
683
684 return graceful ? 0 : r;
685 }
686
687 if (first || r == 0) {
688 r = efi_add_boot_option(slot, pick_efi_boot_option_description(),
689 part, pstart, psize,
690 uuid, path);
691 if (r < 0) {
692 int level = graceful ? arg_quiet ? LOG_DEBUG : LOG_INFO : LOG_ERR;
693 const char *skip = graceful ? ", skipping" : "";
694
695 log_full_errno(level, r, "Failed to create EFI Boot variable entry%s: %m", skip);
696
697 return graceful ? 0 : r;
698 }
699
700 log_info("Created EFI boot entry \"%s\".", pick_efi_boot_option_description());
701 }
702
703 return insert_into_order(slot, first);
704 }
705
706 static int are_we_installed(const char *esp_path) {
707 int r;
708
709 /* Tests whether systemd-boot is installed. It's not obvious what to use as check here: we could
710 * check EFI variables, we could check what binary /EFI/BOOT/BOOT*.EFI points to, or whether the
711 * loader entries directory exists. Here we opted to check whether /EFI/systemd/ is non-empty, which
712 * should be a suitable and very minimal check for a number of reasons:
713 *
714 * → The check is architecture independent (i.e. we check if any systemd-boot loader is installed,
715 * not a specific one.)
716 *
717 * → It doesn't assume we are the only boot loader (i.e doesn't check if we own the main
718 * /EFI/BOOT/BOOT*.EFI fallback binary.
719 *
720 * → It specifically checks for systemd-boot, not for other boot loaders (which a check for
721 * /boot/loader/entries would do). */
722
723 _cleanup_free_ char *p = path_join(esp_path, "/EFI/systemd/");
724 if (!p)
725 return log_oom();
726
727 log_debug("Checking whether %s contains any files%s", p, special_glyph(SPECIAL_GLYPH_ELLIPSIS));
728 r = dir_is_empty(p, /* ignore_hidden_or_backup= */ false);
729 if (r < 0 && r != -ENOENT)
730 return log_error_errno(r, "Failed to check whether %s contains any files: %m", p);
731
732 return r == 0;
733 }
734
735 int verb_install(int argc, char *argv[], void *userdata) {
736 sd_id128_t uuid = SD_ID128_NULL;
737 uint64_t pstart = 0, psize = 0;
738 uint32_t part = 0;
739 bool install, graceful;
740 int r;
741
742 /* Invoked for both "update" and "install" */
743
744 install = streq(argv[0], "install");
745 graceful = !install && arg_graceful; /* support graceful mode for updates */
746
747 r = acquire_esp(/* unprivileged_mode= */ false, graceful, &part, &pstart, &psize, &uuid, NULL);
748 if (graceful && r == -ENOKEY)
749 return 0; /* If --graceful is specified and we can't find an ESP, handle this cleanly */
750 if (r < 0)
751 return r;
752
753 if (!install) {
754 /* If we are updating, don't do anything if sd-boot wasn't actually installed. */
755 r = are_we_installed(arg_esp_path);
756 if (r < 0)
757 return r;
758 if (r == 0) {
759 log_debug("Skipping update because sd-boot is not installed in the ESP.");
760 return 0;
761 }
762 }
763
764 r = acquire_xbootldr(/* unprivileged_mode= */ false, NULL, NULL);
765 if (r < 0)
766 return r;
767
768 r = settle_make_entry_directory();
769 if (r < 0)
770 return r;
771
772 const char *arch = arg_arch_all ? "" : get_efi_arch();
773
774 WITH_UMASK(0002) {
775 if (install) {
776 /* Don't create any of these directories when we are just updating. When we update
777 * we'll drop-in our files (unless there are newer ones already), but we won't create
778 * the directories for them in the first place. */
779 r = create_subdirs(arg_esp_path, esp_subdirs);
780 if (r < 0)
781 return r;
782
783 r = create_subdirs(arg_dollar_boot_path(), dollar_boot_subdirs);
784 if (r < 0)
785 return r;
786 }
787
788 r = install_binaries(arg_esp_path, arch, install);
789 if (r < 0)
790 return r;
791
792 if (install) {
793 r = install_loader_config(arg_esp_path);
794 if (r < 0)
795 return r;
796
797 r = install_entry_directory(arg_dollar_boot_path());
798 if (r < 0)
799 return r;
800
801 r = install_entry_token();
802 if (r < 0)
803 return r;
804
805 r = install_random_seed(arg_esp_path);
806 if (r < 0)
807 return r;
808 }
809
810 r = install_loader_specification(arg_dollar_boot_path());
811 if (r < 0)
812 return r;
813 }
814
815 (void) sync_everything();
816
817 if (!arg_touch_variables)
818 return 0;
819
820 if (arg_arch_all) {
821 log_info("Not changing EFI variables with --all-architectures.");
822 return 0;
823 }
824
825 char *path = strjoina("/EFI/systemd/systemd-boot", arch, ".efi");
826 return install_variables(arg_esp_path, part, pstart, psize, uuid, path, install, graceful);
827 }
828
829 static int remove_boot_efi(const char *esp_path) {
830 _cleanup_closedir_ DIR *d = NULL;
831 _cleanup_free_ char *p = NULL;
832 int r, c = 0;
833
834 r = chase_and_opendir("/EFI/BOOT", esp_path, CHASE_PREFIX_ROOT|CHASE_PROHIBIT_SYMLINKS, &p, &d);
835 if (r == -ENOENT)
836 return 0;
837 if (r < 0)
838 return log_error_errno(r, "Failed to open directory \"%s/EFI/BOOT\": %m", esp_path);
839
840 FOREACH_DIRENT(de, d, break) {
841 _cleanup_close_ int fd = -EBADF;
842 _cleanup_free_ char *v = NULL;
843
844 if (!endswith_no_case(de->d_name, ".efi"))
845 continue;
846
847 if (!startswith_no_case(de->d_name, "boot"))
848 continue;
849
850 fd = openat(dirfd(d), de->d_name, O_RDONLY|O_CLOEXEC);
851 if (fd < 0)
852 return log_error_errno(errno, "Failed to open \"%s/%s\" for reading: %m", p, de->d_name);
853
854 r = get_file_version(fd, &v);
855 if (r == -ESRCH)
856 continue; /* No version information */
857 if (r < 0)
858 return r;
859 if (startswith(v, "systemd-boot ")) {
860 r = unlinkat(dirfd(d), de->d_name, 0);
861 if (r < 0)
862 return log_error_errno(errno, "Failed to remove \"%s/%s\": %m", p, de->d_name);
863
864 log_info("Removed \"%s/%s\".", p, de->d_name);
865 }
866
867 c++;
868 }
869
870 return c;
871 }
872
873 static int rmdir_one(const char *prefix, const char *suffix) {
874 const char *p;
875
876 p = prefix_roota(prefix, suffix);
877 if (rmdir(p) < 0) {
878 bool ignore = IN_SET(errno, ENOENT, ENOTEMPTY);
879
880 log_full_errno(ignore ? LOG_DEBUG : LOG_ERR, errno,
881 "Failed to remove directory \"%s\": %m", p);
882 if (!ignore)
883 return -errno;
884 } else
885 log_info("Removed \"%s\".", p);
886
887 return 0;
888 }
889
890 static int remove_subdirs(const char *root, const char *const *subdirs) {
891 int r, q;
892
893 /* We use recursion here to destroy the directories in reverse order. Which should be safe given how
894 * short the array is. */
895
896 if (!subdirs[0]) /* A the end of the list */
897 return 0;
898
899 r = remove_subdirs(root, subdirs + 1);
900 q = rmdir_one(root, subdirs[0]);
901
902 return r < 0 ? r : q;
903 }
904
905 static int remove_entry_directory(const char *root) {
906 assert(root);
907 assert(arg_make_entry_directory >= 0);
908
909 if (!arg_make_entry_directory || !arg_entry_token)
910 return 0;
911
912 return rmdir_one(root, arg_entry_token);
913 }
914
915 static int remove_binaries(const char *esp_path) {
916 const char *p;
917 int r, q;
918
919 p = prefix_roota(esp_path, "/EFI/systemd");
920 r = rm_rf(p, REMOVE_ROOT|REMOVE_PHYSICAL);
921
922 q = remove_boot_efi(esp_path);
923 if (q < 0 && r == 0)
924 r = q;
925
926 return r;
927 }
928
929 static int remove_file(const char *root, const char *file) {
930 const char *p;
931
932 assert(root);
933 assert(file);
934
935 p = prefix_roota(root, file);
936 if (unlink(p) < 0) {
937 log_full_errno(errno == ENOENT ? LOG_DEBUG : LOG_ERR, errno,
938 "Failed to unlink file \"%s\": %m", p);
939
940 return errno == ENOENT ? 0 : -errno;
941 }
942
943 log_info("Removed \"%s\".", p);
944 return 1;
945 }
946
947 static int remove_variables(sd_id128_t uuid, const char *path, bool in_order) {
948 uint16_t slot;
949 int r;
950
951 if (arg_root || !is_efi_boot())
952 return 0;
953
954 r = find_slot(uuid, path, &slot);
955 if (r != 1)
956 return 0;
957
958 r = efi_remove_boot_option(slot);
959 if (r < 0)
960 return r;
961
962 if (in_order)
963 return remove_from_order(slot);
964
965 return 0;
966 }
967
968 static int remove_loader_variables(void) {
969 int r = 0;
970
971 /* Remove all persistent loader variables we define */
972
973 FOREACH_STRING(var,
974 EFI_LOADER_VARIABLE(LoaderConfigTimeout),
975 EFI_LOADER_VARIABLE(LoaderConfigTimeoutOneShot),
976 EFI_LOADER_VARIABLE(LoaderEntryDefault),
977 EFI_LOADER_VARIABLE(LoaderEntryOneShot),
978 EFI_LOADER_VARIABLE(LoaderSystemToken)){
979
980 int q;
981
982 q = efi_set_variable(var, NULL, 0);
983 if (q == -ENOENT)
984 continue;
985 if (q < 0) {
986 log_warning_errno(q, "Failed to remove EFI variable %s: %m", var);
987 if (r >= 0)
988 r = q;
989 } else
990 log_info("Removed EFI variable %s.", var);
991 }
992
993 return r;
994 }
995
996 int verb_remove(int argc, char *argv[], void *userdata) {
997 sd_id128_t uuid = SD_ID128_NULL;
998 int r, q;
999
1000 r = acquire_esp(/* unprivileged_mode= */ false, /* graceful= */ false, NULL, NULL, NULL, &uuid, NULL);
1001 if (r < 0)
1002 return r;
1003
1004 r = acquire_xbootldr(/* unprivileged_mode= */ false, NULL, NULL);
1005 if (r < 0)
1006 return r;
1007
1008 r = settle_make_entry_directory();
1009 if (r < 0)
1010 return r;
1011
1012 r = remove_binaries(arg_esp_path);
1013
1014 q = remove_file(arg_esp_path, "/loader/loader.conf");
1015 if (q < 0 && r >= 0)
1016 r = q;
1017
1018 q = remove_file(arg_esp_path, "/loader/random-seed");
1019 if (q < 0 && r >= 0)
1020 r = q;
1021
1022 q = remove_file(arg_esp_path, "/loader/entries.srel");
1023 if (q < 0 && r >= 0)
1024 r = q;
1025
1026 q = remove_subdirs(arg_esp_path, esp_subdirs);
1027 if (q < 0 && r >= 0)
1028 r = q;
1029
1030 q = remove_subdirs(arg_esp_path, dollar_boot_subdirs);
1031 if (q < 0 && r >= 0)
1032 r = q;
1033
1034 q = remove_entry_directory(arg_esp_path);
1035 if (q < 0 && r >= 0)
1036 r = q;
1037
1038 if (arg_xbootldr_path) {
1039 /* Remove a subset of these also from the XBOOTLDR partition if it exists */
1040
1041 q = remove_file(arg_xbootldr_path, "/loader/entries.srel");
1042 if (q < 0 && r >= 0)
1043 r = q;
1044
1045 q = remove_subdirs(arg_xbootldr_path, dollar_boot_subdirs);
1046 if (q < 0 && r >= 0)
1047 r = q;
1048
1049 q = remove_entry_directory(arg_xbootldr_path);
1050 if (q < 0 && r >= 0)
1051 r = q;
1052 }
1053
1054 (void) sync_everything();
1055
1056 if (!arg_touch_variables)
1057 return r;
1058
1059 if (arg_arch_all) {
1060 log_info("Not changing EFI variables with --all-architectures.");
1061 return r;
1062 }
1063
1064 char *path = strjoina("/EFI/systemd/systemd-boot", get_efi_arch(), ".efi");
1065 q = remove_variables(uuid, path, true);
1066 if (q < 0 && r >= 0)
1067 r = q;
1068
1069 q = remove_loader_variables();
1070 if (q < 0 && r >= 0)
1071 r = q;
1072
1073 return r;
1074 }
1075
1076 int verb_is_installed(int argc, char *argv[], void *userdata) {
1077 int r;
1078
1079 r = acquire_esp(/* privileged_mode= */ false,
1080 /* graceful= */ arg_graceful,
1081 NULL, NULL, NULL, NULL, NULL);
1082 if (r < 0)
1083 return r;
1084
1085 r = are_we_installed(arg_esp_path);
1086 if (r < 0)
1087 return r;
1088
1089 if (r > 0) {
1090 if (!arg_quiet)
1091 puts("yes");
1092 return EXIT_SUCCESS;
1093 } else {
1094 if (!arg_quiet)
1095 puts("no");
1096 return EXIT_FAILURE;
1097 }
1098 }
Unnamed repository; edit this file 'description' to name the repository.