NeilHanlon
commented
4 months ago Steps to reproduce
git clone --branch fresh-empanadas https://git.resf.org/sig_core/toolkit.gitpushd toolkit/iso/empanadas && poetry installpoetry run build-image --version 9 --type GenericCloud --variant Base --debug
(last step will checkout the rocky kiwi descriptions as well as the mock config needed into /tmp)
OS and Software information
KIWI version: 10.0.16 Operating system host version: Rocky Linux 9 (via mock) Operating system target version: Rocky Linux 9.4 Open Build Service version (N/A if not using OBS): N/A Koji version (N/A if not using Koji): N/A
Problem description
Hi, We recently noticed that official Rocky Linux 9.4 images include additional files compared to 9.3:
These files do not belong to any package and this is a problem because
/boot/efi/EFI/BOOT/grub.cfgdoes not get updated (unlike/boot/efi/EFI/rocky/grub.cfgwhose update is triggered bygrub2-common's posttrans). This means that, if the UUID of the boot partition is changed, nothing will update its value in/boot/efi/EFI/BOOT/grub.cfg, making the system unbootable. I also believe that/boot/efi/EFI/BOOT/grubx64.efiwill never be updated either, which poses a security risk.@nazunalika explained that these files are created by kiwi and pointed me to this line which seems to handle the creation of
/boot/efi/EFI/BOOT/grub.cfg: https://github.com/OSInside/kiwi/blob/1e9fdf24a15e3bd591f0ac01684d25469710492d/kiwi/bootloader/config/grub2.py#L561I am also seeing the same thing on Fedora 40 images.
Could you please explain what the purpose of these files is? I can understand the need for a default bootloader file (
/boot/efi/EFI/BOOT/BOOTX64.EFI) but/boot/efi/EFI/BOOT/grubx64.efidoes not look like a special path to me.Expected behaviour
Additional EFI files which do not belong to a package should not be created, or there should be a way to disable their creation.
Steps to reproduce the behaviour
I do not know the specifics of how the Rocky Linux or Fedora images are created.
OS and Software information
Same answer as above.