From: Luca Boccassi <luca.boccassi@gmail.com>
Date: Fri, 25 Jul 2025 10:30:51 +0000 (+0100)
Subject: bootctl: automatically set --graceful when running in chroot
X-Git-Tag: v258-rc2~83
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bcc73cafdbd9c3947c53e4cff3498f8a73e56d9d;p=thirdparty%2Fsystemd.git

bootctl: automatically set --graceful when running in chroot

Installing stuff in a chroot should not fail because efivars are
not available. When running in a container touching efivars is
completely disabled, but there are some cases (recovery) where
it is needed to touch them in a chroot, so don't disable them but
avoid failing the run instead.
---

diff --git a/man/bootctl.xml b/man/bootctl.xml
index f1968a0ba77..729183ad2c2 100644
--- a/man/bootctl.xml
+++ b/man/bootctl.xml
@@ -424,8 +424,9 @@
         <term><option>--graceful</option></term>
         <listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables
         cannot be written, or a different or newer boot loader is already installed. Currently only applies
-        to <command>is-installed</command>, <command>update</command>, and <command>random-seed</command>
-        verbs.</para>
+        to <command>is-installed</command>, <command>update</command>, <command>random-seed</command> and
+        <command>install</command> verbs. Since version v258, it is implicitly enabled when running inside a
+        chroot.</para>
 
         <xi:include href="version-info.xml" xpointer="v244"/></listitem>
       </varlistentry>
diff --git a/src/bootctl/bootctl.c b/src/bootctl/bootctl.c
index 0bd7aa2e41c..1235f524b93 100644
--- a/src/bootctl/bootctl.c
+++ b/src/bootctl/bootctl.c
@@ -37,6 +37,7 @@
 #include "varlink-io.systemd.BootControl.h"
 #include "varlink-util.h"
 #include "verbs.h"
+#include "virt.h"
 
 /* EFI_BOOT_OPTION_DESCRIPTION_MAX sets the maximum length for the boot option description
  * stored in NVRAM. The UEFI spec does not specify a minimum or maximum length for this
@@ -641,6 +642,11 @@ static int parse_argv(int argc, char *argv[]) {
         if (arg_secure_boot_auto_enroll && !arg_private_key)
                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Secure boot auto-enrollment requested but no private key provided");
 
+        if (!arg_graceful && running_in_chroot() > 0) {
+                log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Running in a chroot, enabling --graceful.");
+                arg_graceful = true;
+        }
+
         r = sd_varlink_invocation(SD_VARLINK_ALLOW_ACCEPT);
         if (r < 0)
                 return log_error_errno(r, "Failed to check if invoked in Varlink mode: %m");