systemd: stop building gpt-auto-generator to avoid remounting /boot

During boot prairiedog figures out which partition bank is in use and mounts the correct boot partition containing the kernel binary and configuration at /boot. When an x86 system booted via BIOS/CSM, it was observed that at some point after boot the EFI System Partition would be mounted at /boot instead. The cause for the unexpected remount is systemd-gpt-auto-generator, a generator running during systemd start that creates mount and automount units for well-known partition GUIDs. This undoes the work previously performed by prairiedog. Convincing gpt-auto-generator to do right by Bottlerocket would involve changing partition GUIDs and implementing logic for the GPT priority fields. Alternatively, gpt-auto-generator can be disabled at boot via the `systemd.gpt_auto=0` kernel command line option, leaving the work of mounting partitions to prairiedog and other already existing mount units. Since we would disable the gpt-auto-generator via the kernel command line for all variants, we might as well stop building and shipping it. Add a local patch to allow selecting/deselecting gpt-auto-generator at build-time and actually deselect it. Signed-off-by: Markus Boehme <[email protected]>
bottlerocket-os · Nov 9, 2023 · 27168c5 · 27168c5
1 parent 70877e9
commit 27168c5
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 0 deletions.
diff --git a/packages/systemd/9014-meson-make-gpt-auto-generator-selectable-at-build-ti.patch b/packages/systemd/9014-meson-make-gpt-auto-generator-selectable-at-build-ti.patch
@@ -0,0 +1,66 @@
+From 33a689a000d56444ed47803b2fbec4376814e633 Mon Sep 17 00:00:00 2001
+From: Markus Boehme <[email protected]>
+Date: Thu, 9 Nov 2023 15:02:14 +0000
+Subject: [PATCH] meson: make gpt-auto-generator selectable at build-time
+
+Signed-off-by: Markus Boehme <[email protected]>
+---
+ meson.build       | 21 ++++++++++++---------
+ meson_options.txt |  2 ++
+ 2 files changed, 14 insertions(+), 9 deletions(-)
+
+diff --git a/meson.build b/meson.build
+index 3bef553..16421ce 100644
+--- a/meson.build
++++ b/meson.build
+@@ -1851,6 +1851,7 @@ foreach term : ['analyze',
+                 'efi',
+                 'environment-d',
+                 'firstboot',
++                'gpt-auto-generator',
+                 'gshadow',
+                 'hibernate',
+                 'hostnamed',
+@@ -2424,15 +2425,17 @@ if conf.get('ENABLE_HIBERNATE') == 1
+ endif
+
+ if conf.get('HAVE_BLKID') == 1
+-        executable(
+-                'systemd-gpt-auto-generator',
+-                'src/gpt-auto-generator/gpt-auto-generator.c',
+-                include_directories : includes,
+-                link_with : [libshared],
+-                dependencies : libblkid,
+-                install_rpath : rootpkglibdir,
+-                install : true,
+-                install_dir : systemgeneratordir)
++        if conf.get('ENABLE_GPT_AUTO_GENERATOR') == 1
++                executable(
++                        'systemd-gpt-auto-generator',
++                        'src/gpt-auto-generator/gpt-auto-generator.c',
++                        include_directories : includes,
++                        link_with : [libshared],
++                        dependencies : libblkid,
++                        install_rpath : rootpkglibdir,
++                        install : true,
++                        install_dir : systemgeneratordir)
++        endif
+
+         public_programs += executable(
+                 'systemd-dissect',
+diff --git a/meson_options.txt b/meson_options.txt
+index 26dfab5..2df5361 100644
+--- a/meson_options.txt
++++ b/meson_options.txt
+@@ -176,6 +176,8 @@ option('html', type : 'combo', choices : ['auto', 'true', 'false'],
+        description : 'build and install html pages')
+ option('translations', type : 'boolean', value : true,
+        description : 'build and install translations')
++option('gpt-auto-generator', type : 'boolean', value : true,
++       description : 'build and install systemd-gpt-auto-generator')
+
+ option('certificate-root', type : 'string', value : '/etc/ssl',
+        description : 'the prefix for TLS certificates')
+-- 
+2.40.1
+
diff --git a/packages/systemd/systemd.spec b/packages/systemd/systemd.spec
@@ -70,6 +70,10 @@ Patch9012: 9012-core-mount-increase-mount-rate-limit-burst-to-25.patch
 # lease in EC2.
 Patch9013: 9013-sd-dhcp-lease-parse-multiple-domains-in-option-15.patch
 
+# Local patch that allows to deselect systemd-gpt-auto-generator. We deselect
+# it since prairiedog mounts /boot depending on the partition bank in use.
+Patch9014: 9014-meson-make-gpt-auto-generator-selectable-at-build-ti.patch
+
 BuildRequires: gperf
 BuildRequires: intltool
 BuildRequires: meson
@@ -192,6 +196,7 @@ CONFIGURE_OPTS=(
  -Dman=false
  -Dhtml=false
  -Dtranslations=false
+ -Dgpt-auto-generator=false
  -Dlog-message-verification=false
 
  -Dcertificate-root='%{_cross_sysconfdir}/ssl'