Merge pull request #155 from nix-community/desaster-control

Avoid Unbootable System on Bootspec Changes
This commit is contained in:
Julian Stecklina 2023-04-23 15:29:18 +02:00 committed by GitHub
commit 9bf192bb79
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 22 additions and 14 deletions

View File

@ -4,7 +4,7 @@ use std::os::unix::prelude::PermissionsExt;
use std::path::{Path, PathBuf}; use std::path::{Path, PathBuf};
use std::process::Command; use std::process::Command;
use anyhow::{Context, Result}; use anyhow::{anyhow, Context, Result};
use nix::unistd::sync; use nix::unistd::sync;
use tempfile::TempDir; use tempfile::TempDir;
@ -163,24 +163,31 @@ impl Installer {
where where
F: FnMut(&mut Self, &Generation, &mut GenerationArtifacts) -> Result<()>, F: FnMut(&mut Self, &Generation, &mut GenerationArtifacts) -> Result<()>,
{ {
for link in links { let generations = links
.iter()
.filter_map(|link| {
let generation_result = Generation::from_link(link) let generation_result = Generation::from_link(link)
.with_context(|| format!("Failed to build generation from link: {link:?}")); .with_context(|| format!("Failed to build generation from link: {link:?}"));
// Ignore failing to read a generation so that old malformed generations do not stop // Ignore failing to read a generation so that old malformed generations do not stop
// lzbt from working. // lzbt from working.
let generation = match generation_result { if let Err(e) = &generation_result {
Ok(generation) => generation, log::warn!(
Err(e) => { "Ignoring generation {} because it's malformed: {e:#}",
log::debug!(
"Ignoring generation {} because it's malformed.",
link.version link.version
); );
log::debug!("{e:#}");
continue;
} }
};
generation_result.ok()
})
.collect::<Vec<Generation>>();
if generations.is_empty() {
// We can't continue, because we would remove all boot entries, if we did.
return Err(anyhow!("No bootable generations found! Aborting to avoid unbootable system. Please check for Lanzaboote updates!"));
}
for generation in generations {
build_generation_artifacts(self, &generation, generation_artifacts) build_generation_artifacts(self, &generation, generation_artifacts)
.context("Failed to build generation artifacts.")?; .context("Failed to build generation artifacts.")?;
@ -191,6 +198,7 @@ impl Installer {
.context("Failed to build generation artifacts for specialisation.")?; .context("Failed to build generation artifacts for specialisation.")?;
} }
} }
Ok(()) Ok(())
} }