From 85ca1588c07059cac6f45f22b4a712cf37c6604c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?J=C3=B6rg=20Behrmann?= Date: Fri, 12 Jul 2024 10:43:54 +0200 Subject: [PATCH] kernel-install: Remove existing loader entries and UKIs When boot counting is enabled, adding a new loader entry or UKI can conflict with an existing one that has booted successfully and therefore has its boot counter removed. systemd-bless-boot will fail to bless the new successful boot, since a file without a boot counter already exists. Since kernel-install will clobber existing files without boot counting, we should therefore remove files without a boot count as well, when we add a file with one. Fixes: #33504 (cherry picked from commit 99d4575e541fa1fb00dc80f7aad572f3a66db461) (cherry picked from commit b78618540659a40c4c26aa588b3cd8b9c46116d1) --- src/kernel-install/90-loaderentry.install.in | 5 +++++ src/kernel-install/90-uki-copy.install | 6 ++++++ 2 files changed, 11 insertions(+) diff --git a/src/kernel-install/90-loaderentry.install.in b/src/kernel-install/90-loaderentry.install.in index a52dd812e43..0408530f05f 100755 --- a/src/kernel-install/90-loaderentry.install.in +++ b/src/kernel-install/90-loaderentry.install.in @@ -101,6 +101,11 @@ if [ -f "$TRIES_FILE" ]; then echo "$TRIES_FILE does not contain an integer." >&2 exit 1 fi + if [ -f "$LOADER_ENTRY" ]; then + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ + echo "Removing previous loader entry '$LOADER_ENTRY' without boot counting." >&2 + rm -f "$LOADER_ENTRY" "${LOADER_ENTRY%.conf}+"*.conf + fi LOADER_ENTRY="${LOADER_ENTRY%.conf}+$TRIES.conf" fi diff --git a/src/kernel-install/90-uki-copy.install b/src/kernel-install/90-uki-copy.install index d443c4b4011..d6f71349cb9 100755 --- a/src/kernel-install/90-uki-copy.install +++ b/src/kernel-install/90-uki-copy.install @@ -61,6 +61,12 @@ if [ -f "$TRIES_FILE" ]; then echo "$TRIES_FILE does not contain an integer." >&2 exit 1 fi + if [ -f "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" ]; then + [ "$KERNEL_INSTALL_VERBOSE" -gt 0 ] && \ + echo "Removing previous UKI '$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi' without boot counting." >&2 + rm -f "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi" "$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION+"*.efi + fi + UKI_FILE="$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION+$TRIES.efi" else UKI_FILE="$UKI_DIR/$ENTRY_TOKEN-$KERNEL_VERSION.efi"