Cannot update silverblue (grub2-mkconfig error)

[kisccz]

Solution

See the article: https://fedoramagazine.org/manual-action-required-to-update-fedora-silverblue-kinoite-and-iot-version-36/

Run:

$ sudo find /boot/efi -exec touch '{}' ';'
$ sudo touch /etc/kernel/cmdline 

Then update your system as usual.

Original issue below

This issue tracker is intended only for Silverblue specific issues. We would like to ask you to try to reproduce the issue on a relevant Fedora Workstation release. If you will be able to reproduce there, then please report it in Red Hat Bugzilla or in upstream (preferred for GNOME projects) and not in this issue tracker.

Describe the bug
I can't update silverblue. I run rpm-ostree upgrade, then reboot but the update is not implemented. I'm on 36.20220810.0 and want to update to 36.20220812.0

To Reproduce
Please describe the steps needed to reproduce the bug:

1. enter command rpm-ostree upgrade or do it through gnome software
2. reboot
3. grub appears with only two options 36.20220810.0 (cuurent version) and 36.20220809.0 (older version), no 36.20220812.0 (version after update)
4. login, update was not implemented

Expected behavior
system to update to newest version 36.20220812.0

Screenshots
If applicable, add screenshots to help explain your problem.

OS version:

$ rpm-ostree status -b
State: idle
Warning: failed to finalize previous deployment
         error: Bootloader write config: grub2-mkconfig: Child process exited with code 1
         check `journalctl -b -1 -u ostree-finalize-staged.service`
BootedDeployment:
● fedora:fedora/36/x86_64/silverblue
                  Version: 36.20220810.0 (2022-08-10T00:46:50Z)
                   Commit: 0adbf32421d4bf13c9d691b7ea8019f539f47002988e988078383413bfb73aa5
             GPGSignature: Valid signature by 53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4

Additional context
I'm only running silverblue, no dual boot

[kisccz]

$ journalctl -b -1 -u ostree-finalize-staged.service
Aug 12 14:57:40 host systemd[1]: Finished ostree-finalize-staged.service - OSTree Finalize Staged Deploymen>
Aug 12 14:58:07 host systemd[1]: Stopping ostree-finalize-staged.service - OSTree Finalize Staged Deploymen>
Aug 12 14:58:07 host ostree[5979]: Finalizing staged deployment
Aug 12 14:58:10 host ostree[5979]: Copying /etc changes: 25 modified, 3 removed, 88 added
Aug 12 14:58:10 host ostree[5979]: Copying /etc changes: 25 modified, 3 removed, 88 added
Aug 12 14:58:14 host ostree[5979]: error: Bootloader write config: grub2-mkconfig: Child process exited wit>
Aug 12 14:58:14 host systemd[1]: ostree-finalize-staged.service: Control process exited, code=exited, statu>
Aug 12 14:58:14 host systemd[1]: ostree-finalize-staged.service: Failed with result 'exit-code'.
Aug 12 14:58:14 host systemd[1]: Stopped ostree-finalize-staged.service - OSTree Finalize Staged Deployment.
Aug 12 14:58:14 host systemd[1]: ostree-finalize-staged.service: Consumed 4.975s CPU time.

[Zlopez]

I'm having the same issue with the same ostree image.

[bobslept]

I had the same issue. After some searching I found these issues:
coreos/rpm-ostree#3925
coreos/rpm-ostree#3715
https://bugzilla.redhat.com/show_bug.cgi?id=2096192

After that I used the following to fix the issue:

sudo find /boot/efi -exec touch '{}' ';'
rpm-ostree upgrade
sudo ostree admin finalize-staged
systemctl reboot

Edit:
Ran into the same issue again today with updating, had to run sudo ostree admin finalize-staged again after upgrade.

[Pryka]

Same issue.

sudo find /boot/efi -exec touch '{}' ';'
rpm-ostree upgrade
sudo ostree admin finalize-staged

did help though.

[TheSamsai]

I ran into the same issue on two separate systems, one running 36.20220810.0 and the other one running 36.20220812.0. Both systems are quite vanilla and I am not running any special kernels on them.

Running

rpm-ostree upgrade
sudo ostree admin finalize-staged

got both updated to 36.20220814.0 successfully.

The somewhat scary thing is that I only noticed the failed update when I was looking at an unrelated issue and noticed the failure in rpm-ostree status. Depending on when and how this gets fixed, Silverblue installations may go without system updates without the user noticing. This might deserve its own issue, but I think there should probably be more notification about failure to update.

[bobslept]

The somewhat scary thing is that I only noticed the failed update when I was looking at an unrelated issue and noticed the failure in rpm-ostree status. Depending on when and how this gets fixed, Silverblue installations may go without system updates without the user noticing. This might deserve its own issue, but I think there should probably be more notification about failure to update.

Yeah I noticed it when I got like 3 times the same packages when upgrading. And was like huh didn't I update those packages already. Very good point.

[Zlopez]

The somewhat scary thing is that I only noticed the failed update when I was looking at an unrelated issue and noticed the failure in rpm-ostree status. Depending on when and how this gets fixed, Silverblue installations may go without system updates without the user noticing. This might deserve its own issue, but I think there should probably be more notification about failure to update.

I agree, I noticed this after 2 days only when trying to layer new package and it wasn't in rpm-ostree status after reboot. And then I found out the error with grub config.

If this means that the current ostree image is corrupted and it couldn't be updated this could lead to systems that will not get any new update without user even noticing this happened.

[Pryka]

The somewhat scary thing is that I only noticed the failed update when I was looking at an unrelated issue and noticed the failure in rpm-ostree status. Depending on when and how this gets fixed, Silverblue installations may go without system updates without the user noticing. This might deserve its own issue, but I think there should probably be more notification about failure to update.

Fully agree, I noticed it on my system only because some folks on Fedora Discord was talking about it, I check it out and boom I was affected also.

[tazihad]

I am facing the same error. Although I can layer other package in 36.1.5 but not with latest version.

$ rpm-ostree status
State: idle
Warning: failed to finalize previous deployment
         error: Bootloader write config: grub2-mkconfig: Child process exited with code 1
         check `journalctl -b -1 -u ostree-finalize-staged.service`
Deployments:
● fedora:fedora/36/x86_64/kinoite
                  Version: 36.20220810.0 (2022-08-10T00:52:28Z)
               BaseCommit: 3ddbe834b41e05e70ae937b37588252643b095ee1bf5865c9c53761ddec65398
             GPGSignature: Valid signature by 53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4
          LayeredPackages: akmod-nvidia rpmfusion-free-release rpmfusion-nonfree-release xorg-x11-drv-nvidia-cuda

  fedora:fedora/36/x86_64/kinoite
                  Version: 36.1.5 (2022-05-04T18:46:01Z)
               BaseCommit: b1f915998a6d923c1a9180b7a3f68ab779359429b56a7abda27c37cb8064da58
             GPGSignature: Valid signature by 53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4
          LayeredPackages: akmod-nvidia xorg-x11-drv-nvidia-cuda
            LocalPackages: rpmfusion-free-release-36-1.noarch rpmfusion-nonfree-release-36-1.noarch

This is the error

$ journalctl -b -1 -u ostree-finalize-staged.service
Aug 14 18:52:25 fedora systemd[1]: Finished ostree-finalize-staged.service - OSTree Finalize Staged Deployment.
Aug 14 18:58:29 fedora systemd[1]: Stopping ostree-finalize-staged.service - OSTree Finalize Staged Deployment...
Aug 14 18:58:29 fedora ostree[2811]: Finalizing staged deployment
Aug 14 18:58:31 fedora ostree[2811]: Copying /etc changes: 9 modified, 1 removed, 83 added
Aug 14 18:58:31 fedora ostree[2811]: Copying /etc changes: 9 modified, 1 removed, 83 added
Aug 14 18:58:41 fedora ostree[2811]: error: Bootloader write config: grub2-mkconfig: Child process exited with code 1
Aug 14 18:58:41 fedora systemd[1]: ostree-finalize-staged.service: Control process exited, code=exited, status=1/FAILURE
Aug 14 18:58:41 fedora systemd[1]: ostree-finalize-staged.service: Failed with result 'exit-code'.
Aug 14 18:58:41 fedora systemd[1]: Stopped ostree-finalize-staged.service - OSTree Finalize Staged Deployment.
Aug 14 18:58:41 fedora systemd[1]: ostree-finalize-staged.service: Consumed 4.302s CPU time.

[benkei-kuruma]

I posted about this on reddit, but I was able to get around this mysterious issue just now with:

rpm-ostree update
sudo grub2-mkconfig

And that's it. No idea why it worked, but here I am (for now).

[rscm]

same here

will try the workaround

❯ rpm-ostree status 
State: idle
Warning: failed to finalize previous deployment
         error: Bootloader write config: grub2-mkconfig: El proceso hijo terminó con el código 1
         check `journalctl -b -1 -u ostree-finalize-staged.service`
Deployments:
● fedora:fedora/36/x86_64/silverblue
                  Version: 36.20220810.0 (2022-08-10T00:46:50Z)
               BaseCommit: 0adbf32421d4bf13c9d691b7ea8019f539f47002988e988078383413bfb73aa5
             GPGSignature: Valid signature by 53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4
          LayeredPackages: acpid akmod-nvidia gnome-tweaks gparted openssl printer-driver-brlaser starship tailscale
                           terminator xboxdrv xorg-x11-drv-nvidia xorg-x11-drv-nvidia-libs
            LocalPackages: rpmfusion-free-release-36-1.noarch rpmfusion-nonfree-release-36-1.noarch

  fedora:fedora/36/x86_64/silverblue
                  Version: 36.20220803.0 (2022-08-03T00:51:08Z)
               BaseCommit: 92428f2a60603f29cb8ef04b9eba39aefb2c93a07e9035d7cc164709d65dbfaa
             GPGSignature: Valid signature by 53DED2CB922D8B8D9E63FD18999F7CBF38AB71F4
          LayeredPackages: acpid akmod-nvidia gnome-tweaks gparted openssl printer-driver-brlaser starship tailscale
                           terminator xboxdrv xorg-x11-drv-nvidia xorg-x11-drv-nvidia-libs
            LocalPackages: rpmfusion-free-release-36-1.noarch rpmfusion-nonfree-release-36-1.noarch

---

this worked, thanks

[mikezila]

I had the same issue with the same symptoms and error messages at the others in this thread. I tried the proposed fixes and was able to get one instance of updating/layer to take, but trying to then do another deployment failed with the same error as before.

[ugurcansayan]

I had the same issue with the same symptoms and error messages at the others in this thread. I tried the proposed fixes and was able to get one instance of updating/layer to take, but trying to then do another deployment failed with the same error as before.

+1 that. They feel like temporary fixes, aka workarounds. Hopefully this issue will get a fix soon. Good luck

If anyone wants to put those workarounds in a single command, you can use the && notation.

Example-1 from #322 (comment)
sudo find /boot/efi -exec touch '{}' ';' && rpm-ostree upgrade && sudo ostree admin finalize-staged

Example-2 from #322 (comment)
rpm-ostree update && sudo grub2-mkconfig

rpm-ostree update is an alias to rpm-ostree upgrade, so you can interchange them.

Please note that you can also add && systemctl reboot at the end of those lines to make your computer reboot in the end.

[xrishox]

is this bug still present in current deployments or was it just if you grabbed it from like august 10-14?

[Zlopez]

I still see it with 36.20220815.0 (2022-08-15T00:52:34Z).

I'm actually not sure if the update will finish even if the fix is introduced in newer version. If not it potentially means we will have plenty of Silverblue systems, that will just stay on those versions that are broken.

[basvdlei]

Looks like grub is trying to write into a read-only etc and failing.

Added the following drop-in:

# /etc/systemd/system/ostree-finalize-staged.service.d/override.conf
[Service]
Environment=OSTREE_DEBUG_GRUB2=1

After running a rpm-ostree install command and rebooting, the unit will show the error that occurred with grub:

$ journalctl -b -1 -u ostree-finalize-staged.service 
Aug 17 12:16:57 systemd[1]: Finished ostree-finalize-staged.service - OSTree Finalize Staged Deployment.
Aug 17 12:18:37 systemd[1]: Stopping ostree-finalize-staged.service - OSTree Finalize Staged Deployment...
Aug 17 12:18:37 ostree[14815]: Finalizing staged deployment
Aug 17 12:18:37 ostree[14815]: Copying /etc changes: 27 modified, 1 removed, 90 added
Aug 17 12:18:37 ostree[14815]: Copying /etc changes: 27 modified, 1 removed, 90 added
Aug 17 12:18:38 ostree[14882]: Generating grub configuration file ...
Aug 17 12:18:38 ostree[14901]: /etc/grub.d/10_linux: line 167: /etc/kernel/cmdline: Read-only file system
Aug 17 12:18:38 ostree[14815]: error: Bootloader write config: grub2-mkconfig: Child process exited with code 1
Aug 17 12:18:38 systemd[1]: ostree-finalize-staged.service: Control process exited, code=exited, status=1/FAILURE
Aug 17 12:18:38 systemd[1]: ostree-finalize-staged.service: Failed with result 'exit-code'.
Aug 17 12:18:38 systemd[1]: Stopped ostree-finalize-staged.service - OSTree Finalize Staged Deployment.
Aug 17 12:18:38 systemd[1]: ostree-finalize-staged.service: Consumed 1.511s CPU time.

This is the section of 10_linux:

   161	    local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
   162	    local -a files=($(get_sorted_bls))
   163	
   164	    if [[ ! -f /etc/kernel/cmdline ]]; then
   165		# anaconda has the correct information to do this during install;
   166		# afterward, grubby will take care of syncing on updates.
   167		echo "$cmdline rhgb quiet" > /etc/kernel/cmdline
   168	    fi
   169	
   170	    for bls in "${files[@]}"; do

The /etc/kernel/cmdline file does not exist on my machine, maybe creating it is enough?

[jlebon]

OK, this history is messy here, but I think essentially there are two separate GRUB issues at hand. The first was GRUB not handling epoch timestamps on the EFI. This was fixed in grub2-2.06-43.fc36, which is already in the latest Silverblue composes.

The second was introduced more recently by rhboot/grub2@0837dcd (i.e. rhboot/grub2#105) and it causes issues on libostree systems because we run grub2-mkconfig with /etc mounted read-only. I proposed a fix for that in rhboot/grub2#106. In the meantime, a workaround as suggested above is to manually touch /etc/kernel/cmdline before updating.

[subvert0r]

I posted about this on reddit, but I was able to get around this mysterious issue just now with:

rpm-ostree update
sudo grub2-mkconfig

And that's it. No idea why it worked, but here I am (for now).

This worked and fixed the issue, but can someone explain WHY this fixes the issue?

[jlebon]

It works because grub2-mkconfig runs outside of the systemd unit which enforces /etc being read-only. See the comment above for more details.

[afland]

It works because grub2-mkconfig runs outside of the systemd unit which enforces /etc being read-only. See the comment above for more details.

So are all existing silverblue systems frozen on the version where this bug first appeared, unless they use one of those manual fixes? Or can a grub update be pushed separate from ostree's system image stuff?

[juhp]

(I don't have any /etc/kernel/cmdline or /etc/efi in my vm.)

rpm-ostree update
sudo grub2-mkconfig

Should this be the official workaround? (It worked for me too.) I guess this issue is impacting a lot of users.

(Also fwiw my laptop host was still on 36.20220725.0 and upgraded normally to 36.20220819.0 without a hitch.)

[alkazar]

I don't know if the root cause is the same, but I experienced this exact issue today when trying to upgrade from Fedora Silverblue 38 to 39.

EDIT: I was able to update manually with rpm-ostree rebase fedora:fedora/39/x86_64/silverblue

For some reason the update was not working through Gnome Software - it appeared to successfully download, but when I restarted my system was not updated and rpm-ostree status showed no silverblue 39 deployment.