Merge branch 'efi'

* efi:
  lorax: disable debug output from xen and kernel
  lorax: make initrd back to work without ifcfg module
  lorax: efi: improve using ESP for 'root' device
  lorax: fix legacy mode boot after EFI initrd tinyfication
  lorax: Add rescue entry to grub2-efi.cfg
  lorax: Provide correct device information to xen.efi
  anaconda: use correct root= kernel parameter when creating EFI xen.cfg
  anaconda: workaround efibootmgr bug (SIGABRT while removing entries)
  anaconda: fix dracut module to work with reduced dependencies
  lorax: drop plymouth label plugin
  lorax: exclude SCSI and misc modules from UEFI initrd
  lorax: remove SecureBoot files - save some space in efiboot.img
  lorax: do not create macboot.img - it will be too big anyway
  lorax: remove network support from UEFI initrd
  lorax: select xen.cfg section to enable/disable media check
  lorax: disable UEFI Secure Boot shim
  pungi: do not use isohybrid --offset as it isn't compatible with EFI
  anaconda: generate xen efi configuration
  lorax: preliminary EFI support

QubesOS/qubes-issues#794

anaconda/dracut/anaconda-diskroot

@@ -35,6 +35,8 @@ path="$2" # optional, could be empty
 
 [ -e "/dev/root" ] && exit 1 # we already have a root device!
 
+modprobe -q loop
+
 info "anaconda using disk root at $dev"
 mount $dev $repodir || warn "Couldn't mount $dev"
 anaconda_live_root_dir $repodir $path

anaconda/dracut/module-setup.sh

@@ -7,7 +7,7 @@ check() {
 }
 
 depends() {
-    echo livenet nfs img-lib convertfs ifcfg
+    echo img-lib dmsquash-live
     case "$(uname -m)" in
         s390*) echo cms ;;
     esac

anaconda/dracut/parse-anaconda-options.sh

@@ -2,7 +2,11 @@
 # parse-anaconda-options.sh - parse installer-specific options
 
 . /lib/anaconda-lib.sh
-. /lib/url-lib.sh
+if [ -r /lib/url-lib.sh ]; then
+    . /lib/url-lib.sh
+else
+    alias set_http_header=:
+fi
 
 # create the repodir and isodir that anaconda will look for
 mkdir -p $repodir $isodir

anaconda/pyanaconda/bootloader.py

@@ -24,6 +24,7 @@
 import collections
 import os
 import re
+import shutil
 import struct
 from parted import PARTITION_BIOS_GRUB
 
@@ -1640,12 +1641,22 @@ class EFIGRUB(GRUB2):
 
     def remove_efi_boot_target(self):
         buf = self.efibootmgr(capture=True)
+        bootorder = None
         for line in buf.splitlines():
             try:
                 (slot, _product) = line.split(None, 1)
             except ValueError:
                 continue
 
+            # Workaround for bug in efibootmgr that causes abort() when
+            # removing an entry not present in BootOrder.
+            # This is already fixed in efibootmgr-0.12, so can be removed when
+            # we upgrade it one day
+            # The fix (with bug details):
+            # https://github.com/rhinstaller/efibootmgr/commit/f575bf87
+            if slot == "BootOrder:":
+                bootorder = _product
+
             if _product == productName:
                 slot_id = slot[4:8]
                 # slot_id is hex, we can't use .isint and use this regex:
@@ -1653,6 +1664,11 @@ class EFIGRUB(GRUB2):
                     log.warning("failed to parse efi boot slot (%s)", slot)
                     continue
 
+                if bootorder.count(slot_id) == 0:
+                    rc = self.efibootmgr("-o", bootorder + "," + slot_id)
+                    if rc:
+                        raise BootLoaderError("failed to update BootOrder while removing old boot entry")
+
                 rc = self.efibootmgr("-b", slot_id, "-B",
                                      root=ROOT_PATH)
                 if rc:
@@ -1710,6 +1726,73 @@ class EFIGRUB(GRUB2):
     def check(self):
         return True
 
+class XenEFI(EFIGRUB):
+    packages = ["efibootmgr"]
+    _config_file = 'xen.cfg'
+
+    def __init__(self):
+        super(XenEFI, self).__init__()
+        self.efi_dir = 'qubes'
+
+    def add_efi_boot_target(self):
+        if self.stage1_device.type == "partition":
+            boot_disk = self.stage1_device.disk
+            boot_part_num = self.stage1_device.partedPartition.number
+        elif self.stage1_device.type == "mdarray":
+            # FIXME: I'm just guessing here. This probably needs the full
+            #        treatment, ie: multiple targets for each member.
+            boot_disk = self.stage1_device.parents[0].disk
+            boot_part_num = self.stage1_device.parents[0].partedPartition.number
+        boot_part_num = str(boot_part_num)
+
+        if not os.path.exists(
+                "{}/{}".format(ROOT_PATH + self.config_dir, "xen.efi")):
+            xen_efi = [x for x in os.listdir(ROOT_PATH + self.config_dir) if
+                       x.startswith('xen-') and x.endswith('.efi')][0]
+            shutil.copy("{}/{}".format(ROOT_PATH + self.config_dir, xen_efi),
+                        "{}/{}".format(ROOT_PATH + self.config_dir, "xen.efi"))
+        rc = self.efibootmgr("-c", "-w", "-L", productName,
+                             "-d", boot_disk.path, "-p", boot_part_num,
+                             "-l",
+                             self.efi_dir_as_efifs_dir + "\\xen.efi",
+                             root=ROOT_PATH)
+        if rc:
+            raise BootLoaderError("failed to set new efi boot target")
+
+    def add_image(self, image):
+        super(XenEFI, self).add_image(image)
+        shutil.copy("{}/boot/{}".format(ROOT_PATH, image.kernel),
+                    os.path.normpath(
+                        "{}/{}".format(ROOT_PATH + self.config_dir,
+                                       image.kernel)))
+        if image.initrd is not None:
+            shutil.copy("{}/boot/{}".format(ROOT_PATH, image.initrd),
+                        os.path.normpath(
+                            "{}/{}".format(ROOT_PATH + self.config_dir,
+                                           image.initrd)))
+
+    def write_config_header(self, config):
+        config.write("[global]\n")
+        config.write("default={}\n".format(self.default.version))
+
+    def write_config_images(self, config):
+        for image in self.images:
+            config.write("\n")
+            config.write("[{}]\n".format(image.version))
+            config.write("options=loglvl=all\n")
+            config.write("kernel={} root={}\n".format(
+                image.kernel,
+                image.device.fstabSpec))
+            config.write("ramdisk={}\n".format(image.initrd))
+
+    def write_config_console(self, config):
+        pass
+
+    def write_config_post(self):
+        pass
+
+    write_config = BootLoader.write_config
+
 class MacEFIGRUB(EFIGRUB):
     def mactel_config(self):
         if os.path.exists(ROOT_PATH + "/usr/libexec/mactel-boot-setup"):
@@ -2201,7 +2284,7 @@ class EXTLINUX(BootLoader):
 
 # every platform that wants a bootloader needs to be in this dict
 bootloader_by_platform = {platform.X86: GRUB2,
-                          platform.EFI: EFIGRUB,
+                          platform.EFI: XenEFI,
                           platform.MacEFI: MacEFIGRUB,
                           platform.PPC: GRUB2,
                           platform.IPSeriesPPC: IPSeriesGRUB2,
@@ -2227,7 +2310,7 @@ def writeSysconfigKernel(storage, version):
     kernel_basename = "vmlinuz-" + version
     kernel_file = "/boot/%s" % kernel_basename
     if not os.path.isfile(ROOT_PATH + kernel_file):
-        kernel_file = "/boot/efi/EFI/redhat/%s" % kernel_basename
+        kernel_file = "/boot/efi/EFI/qubes/%s" % kernel_basename
         if not os.path.isfile(ROOT_PATH + kernel_file):
             log.error("failed to recreate path to default kernel image")
             return

anaconda/pyanaconda/installclasses/qubes.py

@@ -40,6 +40,7 @@ class InstallClass(BaseInstallClass):
     _descriptionFields = (productName,)
     sortPriority = 20000
     hidden = 0
+    efi_dir = 'qubes'
 
     bootloaderTimeoutDefault = 5
 

lorax-templates-qubes/templates/config_files/x86/grub2-efi.cfg

@@ -13,19 +13,22 @@ set gfxpayload=keep
 insmod gzio
 insmod part_gpt
 insmod ext2
+insmod chain
 
 set timeout=5
-### END /etc/grub.d/00_header ###
 
-search --no-floppy --set=root -l '@ISOLABEL@'
+# do not use search for ISO here, 'root' must point ESP, not the whole ISO9660
+# fs, otherwise xen.efi would not be able to access kernel and initrd
 
-### BEGIN /etc/grub.d/10_linux ###
-menuentry '@PRODUCT@ @VERSION@' --class fedora --class gnu-linux --class gnu --class os {
-	linuxefi @KERNELPATH@ @ROOT@
-	initrdefi @INITRDPATH@
+menuentry 'Test media and install @PRODUCT@ @VERSION@' --class qubes --class gnu-linux --class gnu --class os {
+    chainloader @EFIDIR@/xen.efi placeholder qubes-check
 }
-menuentry 'Test this media & start @PRODUCT@' --class fedora --class gnu-linux --class gnu --class os {
-	linuxefi @KERNELPATH@ @ROOT@ quiet rd.live.check
-	initrdefi @INITRDPATH@
+
+menuentry 'Install @PRODUCT@ @VERSION@' --class qubes --class gnu-linux --class gnu --class os {
+    chainloader @EFIDIR@/xen.efi
+}
+
+menuentry 'Rescue a @PRODUCT@ system' --class qubes --class gnu-linux --class gnu --class os {
+    chainloader @EFIDIR@/xen.efi placeholder qubes-rescue
 }
 

lorax-templates-qubes/templates/config_files/x86/isolinux.cfg

@@ -59,12 +59,12 @@ menu separator # insert an empty line
 label linux
   menu label ^Install @PRODUCT@
   kernel mboot.c32
-  append xen.gz console=none --- vmlinuz @ROOT@ quiet --- initrd.img
+  append xen.gz console=none --- vmlinuz @ROOT@ quiet rhgb --- initrd.img
 label check
   menu label Test this ^media & install @PRODUCT@
   menu default
   kernel mboot.c32
-  append xen.gz console=none --- vmlinuz @ROOT@ quiet rd.live.check --- initrd.img
+  append xen.gz console=none --- vmlinuz @ROOT@ quiet rhgb rd.live.check --- initrd.img
 menu separator # insert an empty line
 # utilities submenu
 menu begin ^Troubleshooting

lorax-templates-qubes/templates/config_files/x86/xen-efi.cfg

@@ -0,0 +1,17 @@
+[global]
+default=qubes
+
+[qubes-check]
+options=console=none
+kernel=vmlinuz @ROOT@ quiet rhgb rd.live.check
+ramdisk=initrd.img
+
+[qubes]
+options=console=none
+kernel=vmlinuz @ROOT@ quiet rhgb
+ramdisk=initrd.img
+
+[qubes-rescue]
+options=loglvl=all
+kernel=vmlinuz @ROOT@ rescue
+ramdisk=initrd.img

lorax-templates-qubes/templates/efi.tmpl

@@ -1,5 +1,6 @@
-<%page args="configdir, KERNELDIR, efiarch, isolabel"/>
+<%page args="configdir, KERNELDIR, efiarch, isolabel, kver"/>
 <%
+from string import lower
 EFIBOOTDIR="EFI/BOOT"
 APPLE_EFI_ICON=inroot+"/usr/share/pixmaps/bootloader/fedora.icns"
 APPLE_EFI_DISKNAME=inroot+"/usr/share/pixmaps/bootloader/fedora-media.vol"
@@ -7,48 +8,61 @@ APPLE_EFI_DISKNAME=inroot+"/usr/share/pixmaps/bootloader/fedora-media.vol"
 
 mkdir ${EFIBOOTDIR}
 mkdir ${EFIBOOTDIR}/fonts/
-install boot/efi/EFI/*/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
-install boot/efi/EFI/*/MokManager.efi ${EFIBOOTDIR}/
-install boot/efi/EFI/*/gcdx64.efi ${EFIBOOTDIR}/grubx64.efi
-install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
+install boot/efi/EFI/*/gcd${efiarch|lower}.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
+## keep also under original name to make mkefiboot --apple happy
+##install boot/efi/EFI/*/gcd${efiarch|lower}.efi ${EFIBOOTDIR}/grub${efiarch|lower}.efi
+install boot/efi/EFI/*/xen*.efi ${EFIBOOTDIR}/xen.efi
+
+
+# For Secure Boot restore those files (keep in mind 32MB limit on efiboot.img
+# imposed by ISO9660, details in #794):
+#install boot/efi/EFI/*/shim.efi ${EFIBOOTDIR}/BOOT${efiarch}.efi
+#install boot/efi/EFI/*/gcd${efiarch|lower}.efi ${EFIBOOTDIR}/grub${efiarch|lower}.efi
+#install boot/efi/EFI/*/MokManager.efi ${EFIBOOTDIR}/
+
 
 ## actually make the EFI images
-${make_efiboot("images/efiboot.img")}
-%if domacboot:
-    ${make_efiboot("images/macboot.img", imgtype="apple")}
-%endif
+${make_efiboot("images/efiboot.img", include_kernel=True)}
+
+## place fonts on ISO9660, but not in efiboot.img to save space
+install boot/efi/EFI/*/fonts/unicode.pf2 ${EFIBOOTDIR}/fonts/
 
 ## This is kinda gross, but then... so's EFI.
 <%def name="make_efiboot(img, include_kernel=False, disk=False, imgtype='default')">
     <%
     kdir = EFIBOOTDIR if include_kernel else KERNELDIR
     eficonf = "%s/grub.cfg" % (EFIBOOTDIR, )
-    args = "--label=ANACONDA"
+    xenconf = "%s/xen.cfg" % (EFIBOOTDIR, )
+    args = "--label=ANACONDA --debug"
+    scsi_modules = "3w-9xxx 3w-sas 3w-xxxx BusLogic a100u2w aacraid advansys aic79xx aic7xxx am53c974 arcmsr atp870u bfa bnx2fc csiostor dc395x dmx3191d esas2r esp_scsi fcoe fnic gdth hpsa hptiop hv_storvsc initio ipr ips isci iscsi_boot_sysfs libfc libfcoe libiscsi libosd libsas lpfc megaraid megaraid_mbox megaraid_mm megaraid_sas mpt2sas mpt3sas mvsas mvumi osd pm80xx pmcraid qla1280 qla2xxx qla4xxx raid_class scsi_debug scsi_dh_emc scsi_dh_rdac scsi_transport_fc scsi_transport_iscsi scsi_transport_sas scsi_transport_spi scsi_transport_srp stex sym53c8xx ufshcd virtio_scsi vmw_pvscsi wd719x"
+    extra_modules = "affs befs coda cuse dlm gfs2 mptfc ncpfs nilfs2 ocfs2 ocfs2_dlm ocfs2_dlmfs ocfs2_nodemanager ocfs2_stack_o2cb ocfs2_stack_user ocfs2_stackglue sctp sysv ubifs ufs"
     if disk: args += " --disk"
     if imgtype == "apple": args += ' --apple --icon=%s --diskname=%s --product="%s %s"' % (APPLE_EFI_ICON, APPLE_EFI_DISKNAME, product.name, product.version)
     %>
     %if include_kernel:
         copy ${KERNELDIR}/vmlinuz ${EFIBOOTDIR}
-        copy ${KERNELDIR}/initrd.img ${EFIBOOTDIR}
+        runcmd chroot ${inroot} dracut --nomdadmconf --nolvmconf --xz --install '/.buildstamp' --add 'anaconda pollcdrom' --omit "network multipath modsign systemd crypt shutdown plymouth fcoe fcoe-uefi nfs iscsi ifcfg" --omit-drivers="${scsi_modules}" --omit-drivers="${extra_modules}" /boot/efi/EFI/qubes/initrd-small.img ${kver}
+        install boot/efi/EFI/qubes/initrd-small.img ${EFIBOOTDIR}/initrd.img
     %endif
     install ${configdir}/grub2-efi.cfg ${eficonf}
+    install ${configdir}/xen-efi.cfg ${xenconf}
     replace @PRODUCT@ '${product.name}' ${eficonf}
     replace @VERSION@ ${product.version} ${eficonf}
     replace @KERNELNAME@ vmlinuz ${eficonf}
     replace @KERNELPATH@ /${kdir}/vmlinuz ${eficonf}
+    replace @KERNELPATH@ /${kdir}/vmlinuz ${xenconf}
     replace @INITRDPATH@ /${kdir}/initrd.img ${eficonf}
+    replace @EFIDIR@ /${EFIBOOTDIR} ${eficonf}
     replace @ISOLABEL@ '${isolabel}' ${eficonf}
     %if disk:
         replace @ROOT@ inst.stage2=hd:LABEL=ANACONDA ${eficonf}
+        replace @ROOT@ inst.stage2=hd:LABEL=ANACONDA ${xenconf}
     %else:
         replace @ROOT@ 'inst.stage2=hd:LABEL=${isolabel|udev}' ${eficonf}
+        replace @ROOT@ 'inst.stage2=hd:LABEL=${isolabel|udev}' ${xenconf}
     %endif
     %if efiarch == 'IA32':
         copy ${eficonf} ${EFIBOOTDIR}/BOOT.conf
     %endif
     runcmd mkefiboot ${args} ${outroot}/${EFIBOOTDIR} ${outroot}/${img}
-    %if include_kernel:
-        remove ${EFIBOOTDIR}/vmlinuz
-        remove ${EFIBOOTDIR}/initrd.img
-    %endif
 </%def>

lorax-templates-qubes/templates/runtime-cleanup.tmpl

@@ -92,6 +92,10 @@ arch/x86/kvm
 remove lib/modules/*/{build,source,*.map}
 ## NOTE: depmod gets re-run after cleanup finishes
 
+## do not include plymouth 'label' plugin (no text used in installer theme)
+remove etc/dracut.conf.d/plymouth-missing-fonts.conf
+remove etc/fonts/conf.d/57-dejavu-sans.conf
+
 ## remove unused themes, theme engines, icons, etc.
 removefrom gtk2 /usr/${libdir}/gtk-2.0/*/{engines,printbackends}/*
 removefrom gtk2 /usr/share/themes/*

lorax-templates-qubes/templates/runtime-postinstall.tmpl

@@ -115,7 +115,8 @@ append etc/depmod.d/dd.conf "search updates built-in"
 
 ## include additional modules in initramfs
 append etc/dracut.conf.d/extra-install-modules.conf "add_drivers+=' ehci-pci '"
-append etc/dracut.conf.d/extra-install-modules.conf "omit_dracutmodules+=' multipath '"
+## no longer hard dependencies of anaconda module (for smaller EFI initrd), so add them here
+append etc/dracut.conf.d/extra-install-modules.conf "add_dracutmodules+=' livenet nfs img-lib convertfs ifcfg '"
 
 ## make lvm auto-activate
 remove etc/lvm/*

lorax-templates-qubes/templates/x86.tmpl

@@ -69,6 +69,8 @@ sortedkernels = sorted(kernels, key=lambda k: LooseVersion(k['version']))
   append xen.gz --- vmlinuz-${shortkver} @ROOT@ quiet --- initrd-${shortkver}.img\n\
   @EXTRAKERNELS@' ${BOOTDIR}/isolinux.cfg
 
+  <% latestkver = kernel.version %>
+
 %endfor
 
 ## configure bootloader
@@ -90,23 +92,21 @@ hardlink ${KERNELDIR}/initrd.img ${BOOTDIR}
     %endif
 %endif
 
-## ## WHeeeeeeee, EFI.
-## ## We could remove the basearch restriction someday..
-## <% efiargs=""; efigraft=""; efihybrid="" %>
-## %if exists("boot/efi/EFI/fedora/gcdx64.efi") and basearch != 'i386':
-##     <%
-##     efiarch = 'X64' if basearch=='x86_64' else 'IA32'
-##     efigraft="EFI/BOOT={0}/EFI/BOOT".format(outroot)
-##     images = ["images/efiboot.img"]
-##     if domacboot:
-##         images.append("images/macboot.img")
-##     for img in images:
-##         efiargs += " -eltorito-alt-boot -e {0} -no-emul-boot".format(img)
-##         efigraft += " {0}={1}/{0}".format(img,outroot)
-##     efihybrid = "--uefi --mac" if domacboot else "--uefi"
-##     %>
-##     <%include file="efi.tmpl" args="configdir=configdir, KERNELDIR=KERNELDIR, efiarch=efiarch, isolabel=isolabel"/>
-## %endif
+## WHeeeeeeee, EFI.
+## We could remove the basearch restriction someday..
+<% efiargs=""; efigraft=""; efihybrid="" %>
+%if exists("boot/efi/EFI/*/gcdx64.efi") and basearch != 'i386':
+    <%
+    efiarch = 'X64' if basearch=='x86_64' else 'IA32'
+    efigraft="EFI/BOOT={0}/EFI/BOOT".format(outroot)
+    images = ["images/efiboot.img"]
+    for img in images:
+        efiargs += " -eltorito-alt-boot -e {0} -no-emul-boot".format(img)
+        efigraft += " {0}={1}/{0}".format(img,outroot)
+    efihybrid = "--uefi"
+    %>
+    <%include file="efi.tmpl" args="configdir=configdir, KERNELDIR=KERNELDIR, efiarch=efiarch, isolabel=isolabel, kver=latestkver"/>
+%endif
 
 ## ## make boot.iso
 ## runcmd mkisofs -o ${outroot}/images/boot.iso \

pungi/pungi.spec

@@ -16,7 +16,7 @@ Source0:        https://fedorahosted.org/pungi/attachment/wiki/%{version}/%{name
 Patch0:         support-verify-downloaded-packages.patch
 Patch1:         disable-efi.patch
 Patch2:         effective-nosource-option.patch
-Patch3:         fix-recursive-partition-table-on-iso-image.patch
+#Patch3:         fix-recursive-partition-table-on-iso-image.patch
 Patch4:         disable-upgrade.patch
 BuildRoot:      %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires:       yum => 3.4.3-28, repoview, createrepo >= 0.4.11
@@ -35,7 +35,7 @@ A tool to create anaconda based installation trees/isos of a set of rpms.
 %patch0 -p1
 %patch1 -p1
 %patch2 -p1
-%patch3 -p1
+#%%patch3 -p1
 %patch4 -p1
 
 %build