[neon/neon/livecd-rootfs/Neon/release] live-build: fix: unset initrdless_boot_fallback_triggered instead of setting it to 0
Ivan Kapelyukhin
null at kde.org
Fri Feb 25 11:48:33 GMT 2022
Git commit 9eb9d89a604e844b306cb6c5bc80e77b8a6bc284 by Ivan Kapelyukhin.
Committed on 22/02/2022 at 06:06.
Pushed by jriddell into branch 'Neon/release'.
fix: unset initrdless_boot_fallback_triggered instead of setting it to 0
This fixes GCE shielded VM instances integrity monitoring failures on
focal and later. Our images are built with an empty /boot/grub/grubenv
file, however after the first boot `initrdless_boot_fallback_triggered`
is set to 0. This change in `grubenv` results in integrity monitoring
`lateBootReportEvent` error.
It seems that the only thing that's checking for this `grubenv` variable
is `grub-common.service`, and it is looking specifically for a `1`
value:
if grub-editenv /boot/grub/grubenv list | grep -q
initrdless_boot_fallback_triggered=1; then echo "grub:
GRUB_FORCE_PARTUUID set, initrdless boot paniced, fallback triggered.";
fi
Unsetting this variable instead of setting it to 0 would prevent issues
with integrity monitoring.
M +1 -1 live-build/functions
https://invent.kde.org/neon/neon/livecd-rootfs/commit/9eb9d89a604e844b306cb6c5bc80e77b8a6bc284
diff --git a/live-build/functions b/live-build/functions
index b43e20e7..d452d991 100644
--- a/live-build/functions
+++ b/live-build/functions
@@ -1076,7 +1076,7 @@ if [ -n "${have_grubenv}" ]; then
if [ -n "${initrdfail}" ]; then
set initrdless_boot_fallback_triggered="${initrdfail}"
else
- set initrdless_boot_fallback_triggered=0
+ unset initrdless_boot_fallback_triggered
fi
save_env initrdless_boot_fallback_triggered
fi
More information about the Neon-commits
mailing list