kernel-install: Remove existing loader entries and UKIs

When boot counting is enabled, adding a new loader entry or UKI can conflict
with an existing one that has booted successfully and therefore has its boot
counter removed. systemd-bless-boot will fail to bless the new successful boot,
since a file without a boot counter already exists. Since kernel-install will
clobber existing files without boot counting, we should therefore remove files
without a boot count as well, when we add a file with one.

Fixes: #33504
(cherry picked from commit 99d4575e541fa1fb00dc80f7aad572f3a66db461)
(cherry picked from commit b78618540659a40c4c26aa588b3cd8b9c46116d1)

src/kernel-install/90-loaderentry.install.in

@@ -101,6 +101,11 @@ if [ -f "$TRIES_FILE" ]; then
         echo "$TRIES_FILE does not contain an integer." >&2
         exit 1
     fi
+    if [ -f "$LOADER_ENTRY" ]; then
+        [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+            echo "Removing previous loader entry '$LOADER_ENTRY' without boot counting." >&2
+        rm -f "$LOADER_ENTRY" "${LOADER_ENTRY%.conf}+"*.conf
+    fi
     LOADER_ENTRY="${LOADER_ENTRY%.conf}+$TRIES.conf"
 fi
 

src/kernel-install/90-uki-copy.install

@@ -61,6 +61,12 @@ if [ -f "$TRIES_FILE" ]; then
         echo "$TRIES_FILE does not contain an integer." >&2
         exit 1
     fi
+    if [ -f "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" ]; then
+        [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \
+            echo "Removing previous UKI '$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi' without boot counting." >&2
+        rm -f "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION+"*.efi
+    fi
+
     UKI_FILE="$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION+$TRIES.efi"
 else
     UKI_FILE="$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi"