Commit 8f2babd0 authored by Thomas Watson's avatar Thomas Watson
Browse files

nixos/systemd-boot: pass EFI variable flags during update too 

On some systems, EFI variables are not supported or otherwise wonky.
bootctl attempting to access them causes failures during bootloader
installations and updates. For such systems, NixOS provides the options
`boot.loader.efi.canTouchEfiVariables` and
`boot.loader.systemd-boot.graceful` which pass flags to bootctl that
change whether and how EFI variables are accessed.

Previously, these flags were only passed to bootctl during an install
operation. However, they also apply during an update operation, which
can cause the same sorts of errors. This change passes the flags during
update operations as well to prevent those errors.

Fixes https://github.com/NixOS/nixpkgs/issues/151336
parent ddc5d34f

nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py

+11 −10
Original line number Diff line number Diff line
@@ -228,20 +228,21 @@ def main() -> None: 
        warnings.warn("NIXOS_INSTALL_GRUB env var deprecated, use NIXOS_INSTALL_BOOTLOADER", DeprecationWarning)

        os.environ["NIXOS_INSTALL_BOOTLOADER"] = "1"



    if os.getenv("NIXOS_INSTALL_BOOTLOADER") == "1":

        # bootctl uses fopen() with modes "wxe" and fails if the file exists.

        if os.path.exists("@efiSysMountPoint@/loader/loader.conf"):

            os.unlink("@efiSysMountPoint@/loader/loader.conf")



        flags = []

    # flags to pass to bootctl install/update

    bootctl_flags = []



    if "@canTouchEfiVariables@" != "1":

            flags.append("--no-variables")

        bootctl_flags.append("--no-variables")



    if "@graceful@" == "1":

            flags.append("--graceful")

        bootctl_flags.append("--graceful")



    if os.getenv("NIXOS_INSTALL_BOOTLOADER") == "1":

        # bootctl uses fopen() with modes "wxe" and fails if the file exists.

        if os.path.exists("@efiSysMountPoint@/loader/loader.conf"):

            os.unlink("@efiSysMountPoint@/loader/loader.conf")



        subprocess.check_call(["@systemd@/bin/bootctl", "--esp-path=@efiSysMountPoint@"] + flags + ["install"])

        subprocess.check_call(["@systemd@/bin/bootctl", "--esp-path=@efiSysMountPoint@"] + bootctl_flags + ["install"])

    else:

        # Update bootloader to latest if needed

        available_out = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[2]
@@ -270,7 +271,7 @@ def main() -> None: 
                print("skipping systemd-boot update to %s because of known regression" % available_version)

            else:

                print("updating systemd-boot from %s to %s" % (installed_version, available_version))

                subprocess.check_call(["@systemd@/bin/bootctl", "--esp-path=@efiSysMountPoint@", "update"])

                subprocess.check_call(["@systemd@/bin/bootctl", "--esp-path=@efiSysMountPoint@"] + bootctl_flags + ["update"])



    mkdir_p("@efiSysMountPoint@/efi/nixos")

    mkdir_p("@efiSysMountPoint@/loader/entries")