From 72c315716237c74c608c555ca6fc7724f592f5a1 Mon Sep 17 00:00:00 2001
From: Tom Gundersen <teg@jklm.no>
Date: Mon, 2 Sep 2019 22:56:19 +0200
Subject: [PATCH] assemblers/qemu: replace grub2-install

Background:

grub2 works in three stages:
 - The first stage is found in the first 440 bytes of the master
   boot record, and its only purpose is to load and execute the
   second stage. This stage is static, and just copied from the rpm
   without modification.
 - The second stage is found in the gap between the MBR and the
   first partition, and may be up to 31kB in size. This stage is
   specific to the host and must contain the instructions for
   finding the right file system and subdirectory for the grub2
   config and modules on the host, as well as the modules needed
   to do this.
 - The third stage is found in the `normal` module, which loads
   grub2.conf, which in turn may load more modules and perform
   arbitrary instructions.

Problem:

grub2-install is responsible for installing all these stages on the
target image. This goes against our design, as modifications outside
the filesystem should happen in the assembler, but modifications to
the filesystem should happen in a stage. In particular, we don't
want the contents of the image to differ in any way from the output
tree that is stored in our content store (the output of our last
stage). This causes a practical problem at the moment, as our
selinux stage is ran before the assembler, and as such the grub
modules do not get selinux labels applied.

It turns out that we could split grub2-install in two as we want,
by passing `--no-bootsector` to it to install only the modules,
and copy/genereta the two first stages as files under /boot and
then run `grub2-bios-setup` to write the stages from /boot into
the image where they belong.

Regrettably, this does not work as both `grub2-install` and
`grub2-bios-setup` introspect the system and block devices they
are being run on to generate the right configuration. This is not
what we want, as we would like to specifcy the config explicitly
and run them independently of the target image. The specific bug
we get in both cases is that the canonical path containing our
object store cannot be found.

Before osbuild this was not a problem, as other installers would
instal and assemble everything directly in the target image as a
loopback device. Something we explicitly do not want to do.

Solution:

This patch essentially reimplements grub2-install, or rather the
parts of it that we need. One change in behavior from the upstream
tool is that we no longer write the level one and level two boot
loaders to /boot before moving them into place, but just write them
directly where they belong (so they do not end up on the
filesystem).

The parts that copy files into /boot are now in the grub2 installer
and the parts that write the level one/two bootloaders are in the
qemu assembler.

This achieves a few principles I think we should always adher to:
 - never run tools from the target image (no chroot)
 - don't read/copy files from the target image that was written
   by other stages. We already try to avoid sharing state, and
   by treating the image as write-only, we avoid accidentally
   sharing state through the target tree.

Based-on-suggestions-from: Javier Martinez Canillas <javierm@redhat.com>
With-god-like-debugging-and-fixes-by: Lars Karlitski <lubreni@redhat.com>
Signed-off-by: Tom Gundersen <teg@jklm.no>
---
 assemblers/org.osbuild.qemu  | 64 +++++++++++++++++++++++++-----------
 stages/org.osbuild.grub2     | 15 +++++++++
 test/pipelines/f30-boot.json |  4 +++
 3 files changed, 64 insertions(+), 19 deletions(-)

diff --git a/assemblers/org.osbuild.qemu b/assemblers/org.osbuild.qemu
index 808d2021..9c572648 100755
--- a/assemblers/org.osbuild.qemu
+++ b/assemblers/org.osbuild.qemu
@@ -4,6 +4,7 @@ import contextlib
 import json
 import os
 import socket
+import shutil
 import subprocess
 import sys
 import osbuild.remoteloop as remoteloop
@@ -17,14 +18,6 @@ def mount(source, dest, *options):
     finally:
         subprocess.run(["umount", "-R", dest], check=True)
 
-@contextlib.contextmanager
-def mount_api(dest):
-    with mount("/dev", f"{dest}/dev", "-o", "rbind"), \
-         mount("/proc", f"{dest}/proc", "-o", "rbind"), \
-         mount("/sys", f"{dest}/sys", "-o", "rbind"), \
-         mount("none", f"{dest}/run", "-t", "tmpfs"):
-        yield
-
 @contextlib.contextmanager
 def loop_device(loop_client, image, size, offset=0):
     fd = os.open(image, os.O_RDWR | os.O_DIRECT)
@@ -51,6 +44,8 @@ def main(tree, output_dir, options, loop_client):
         raise ValueError("`format` must be one of raw, qcow, vdi, vmdk")
 
     image = f"/var/tmp/osbuild-image.raw"
+    grub2_core = "/var/tmp/grub2-core.img"
+    grub2_load = "/var/tmp/grub2-load.cfg"
     mountpoint = f"/tmp/osbuild-mnt"
 
     # Create an empty image file
@@ -59,27 +54,58 @@ def main(tree, output_dir, options, loop_client):
     # Set up the partition table of the image
     partition_table = f"label: mbr\nlabel-id: {ptuuid}\nbootable, type=83"
     subprocess.run(["sfdisk", "-q", image], input=partition_table, encoding='utf-8', check=True)
+
     r = subprocess.run(["sfdisk", "--json", image], stdout=subprocess.PIPE, encoding='utf-8', check=True)
     partition_table = json.loads(r.stdout)
     partition = partition_table["partitiontable"]["partitions"][0]
     partition_offset = partition["start"] * 512
     partition_size = partition["size"] * 512
 
-    # Populate the first partition of the image with an ext4 fs and fill it with the contents of the
-    # tree we are operating on.
+    with open(grub2_load, "w") as load:
+        load.write(f"search.fs_uuid {root_fs_uuid} root \n"
+                   "set prefix=($root)'/boot/grub2'\n")
+
+    # Create the level-2 bootloader
+    # The purpose of this is to find the grub modules and configuration
+    # to be able to start the level-3 bootloader. It contains the modules
+    # necessary to do this, but nothing else.
+    subprocess.run(["grub2-mkimage",
+                    "--verbose",
+                    "--directory", "/usr/lib/grub/i386-pc",
+                    "--prefix", "/boot/grub2",
+                    "--format", "i386-pc",
+                    "--compression", "auto",
+                    "--config", grub2_load,
+                    "--output", grub2_core,
+                    "part_msdos", "ext2", "biosdisk", "search_fs_uuid"],
+                   check=True)
+
+    assert os.path.getsize(grub2_core) < partition_offset - 512
+
+    with open(image, "rb+") as image_f:
+        # Install the level-1 bootloader into the start of the MBR
+        # The purpose of this is simply to jump into the level-2 bootloader.
+        with open("/usr/lib/grub/i386-pc/boot.img", "rb") as boot_f:
+            # The boot.img file is 512 bytes, but we must only copy the first 440
+            # bytes, as these contain the bootstrapping code. The rest of the
+            # first sector contains the partition table, and must not be
+            # overwritten.
+            image_f.write(boot_f.read(440))
+
+        # Install the level-2 bootloader into the space after the MBR, before
+        # the first partition.
+        with open(grub2_core, "rb") as core_f:
+            image_f.seek(512)
+            shutil.copyfileobj(core_f, image_f)
+
+    # Populate the first partition of the image with an ext4 fs
     subprocess.run(["mkfs.ext4", "-U", root_fs_uuid, "-E", f"offset={partition_offset}", image,
                     f"{int(partition_size / 1024)}k"], input="y", encoding='utf-8', check=True)
 
-    # Mount the created image as a loopback device
-    with loop_device(loop_client, image, partition_offset) as loop_block, \
-        loop_device(loop_client, image, partition_size, partition_offset) as loop_part, \
-        mount(loop_part, mountpoint):
-        # Copy the tree into the target image
+    # Copy the tree into the target image
+    with loop_device(loop_client, image, partition_size, partition_offset) as loop, \
+        mount(loop, mountpoint):
         subprocess.run(["cp", "-a", f"{tree}/.", mountpoint], check=True)
-        # Install grub2 into the boot sector of the image, and copy the grub2 imagise into /boot/grub2
-        with mount_api(mountpoint):
-            subprocess.run(["chroot", mountpoint, "grub2-install", "--no-floppy",
-                            "--modules=part_msdos", "--target=i386-pc", loop_block], check=True)
 
     subprocess.run(["qemu-img", "convert", "-O", fmt, "-c", image, f"{output_dir}/{filename}"], check=True)
 
diff --git a/stages/org.osbuild.grub2 b/stages/org.osbuild.grub2
index 54da098d..22806140 100755
--- a/stages/org.osbuild.grub2
+++ b/stages/org.osbuild.grub2
@@ -2,6 +2,7 @@
 
 import json
 import os
+import shutil
 import sys
 
 
@@ -31,6 +32,20 @@ def main(tree, options):
                   "}\n"
                   "blscfg\n")
 
+    # Copy all modules from the build image to /boot
+    os.makedirs(f"{tree}/boot/grub2/i386-pc", exist_ok=True)
+    for dirent in os.scandir("/usr/lib/grub/i386-pc"):
+        (_, ext) = os.path.splitext(dirent.name)
+        if ext not in ('.mod', '.lst'):
+            continue
+        if dirent.name == "fdt.lst":
+            continue
+        shutil.copy2(f"/usr/lib/grub/i386-pc/{dirent.name}", f"{tree}/boot/grub2/i386-pc/")
+
+    # Copy a unicode font into /boot
+    os.makedirs(f"{tree}/boot/grub2/fonts", exist_ok=True)
+    shutil.copy2("/usr/share/grub/unicode.pf2", f"{tree}/boot/grub2/fonts/")
+
     return 0
 
 
diff --git a/test/pipelines/f30-boot.json b/test/pipelines/f30-boot.json
index 8c1a94c6..7ff426e5 100644
--- a/test/pipelines/f30-boot.json
+++ b/test/pipelines/f30-boot.json
@@ -17,6 +17,7 @@
           "packages": [
             "dnf",
             "e2fsprogs",
+            "grub2-pc",
             "policycoreutils",
             "qemu-img",
             "systemd"
@@ -49,6 +50,9 @@
           "qemu-guest-agent",
           "xen-libs",
           "langpacks-en"
+        ],
+        "exclude-packages": [
+          "dracut-config-rescue"
         ]
       }
     },