1497918 – /boot/grub2/grubenv is changed into a dead symlink by installing grub2-efi package on non-uefi machine

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1497918 - /boot/grub2/grubenv is changed into a dead symlink by installing grub2-efi package on non-uefi machine

Summary: /boot/grub2/grubenv is changed into a dead symlink by installing grub2-efi pa...

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	grub2
Sub Component:
Version:	7.4
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	rc
Target Release:	---
Assignee:	Peter Jones
QA Contact:	Release Test Team
Docs Contact:
URL:
Whiteboard:
Duplicates (1):	1524554 (view as bug list)
Depends On:
Blocks:	1477664 1546815 1571842 1630910 1660473
TreeView+	depends on / blocked

Reported:	2017-10-03 06:38 UTC by Masahiro Matsuya
Modified:	2023-09-07 18:57 UTC (History)
CC List:	17 users (show)
Fixed In Version:	grub2-2.02-0.78.el7
Doc Type:	If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:	2019-08-06 12:02:09 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Knowledge Base (Solution)	3398571	0	None	None	None	2018-04-03 15:40:57 UTC
Red Hat Product Errata	RHBA-2019:2014	0	None	None	None	2019-08-06 12:02:26 UTC

Description Masahiro Matsuya 2017-10-03 06:38:52 UTC

Description of problem:
/boot/grub2/grubenv is a regular file on Non-uEFI machine.
(NOTE: it's a symlink to /boot/efi/EFI/redhat/grubenv on uEFI machine)
grub-efi package is not installed by default on Non-uEFI machine.
But, It can be installed on Non-uEFI by intent.
One example is to create a PXE environment for uEFI client on Non-uEFI machine.
bootloader for uEFI client is included in grub2-efi.

But, when grub2-efi is installed, /boot/grub2/grubenv was recreated as a symlink. And, the original content in /boot/grub2/grubenv was lost.

Version-Release number of selected component (if applicable):
Red Hat Enterprise Linux 7

How reproducible:
Always

Steps to Reproduce:
1. Install RHEL7.3
2. Install a newer kernel from RHEL7.4 repo
3. change the default kernel to be booted with grubby command.
   # grubby --set-default=/boot/vmlinuz-3.10.0-514.el7.x86_64
4. check the status in /boot/grub2/grubenv
   # ls -l /boot/grub2/grubenv
   -rw-r--r--. 1 root root 1024 Oct  3 14:59 /boot/grub2/grubenv
   # grub2-editenv list
   saved_entry=Red Hat Enterprise Linux Server (3.10.0-514.el7.x86_64) 7.3 (Maipo)
5. install grub2-efi from RHEL7.4 repo. (NOTE: grub2-efi-x64 is installed actually)
6. check the status in /boot/grub2/grubenv

# ls -l /boot/grub2/grubenv 
lrwxrwxrwx. 1 root root 28 Oct  3 15:05 /boot/grub2/grubenv -> /boot/efi/EFI/redhat/grubenv

# ls -l /boot/efi/EFI/redhat/grubenv
ls: cannot access /boot/efi/EFI/redhat/grubenv: No such file or directory

7. /boot/efi/EFI/redhat/grubenv is created by "grub2-editenv list". But, it's empty. The original content was lost.

Actual results:
The original content of /boot/grub2/grubenv was lost by installing grub2-efi on Non-uEFI machine.

Expected results:
The original content is not lost by installing grub2-efi.

Additional info:

Comment 1 troy.engel 2017-10-03 13:50:47 UTC

Additionally, the absolute symlink with /boot in the name is invalid when GRUB2 boots on a non-UEFI boot; installing the package causes even a valid grubenv file contents to not get used, as at GRUB2 boot time "/boot" is "/" to it's world view. A relative symlink instead of absolute would solve this problem, which is actually how we discovered the problem (GRUB2 failed to find it's environment block due to dangling symlink).

Comment 3 Pavel Cahyna 2018-01-23 17:48:15 UTC

(In reply to troy.engel from comment #1)
> Additionally, the absolute symlink with /boot in the name is invalid when
> GRUB2 boots on a non-UEFI boot; installing the package causes even a valid
> grubenv file contents to not get used, as at GRUB2 boot time "/boot" is "/"
> to it's world view. A relative symlink instead of absolute would solve this
> problem, which is actually how we discovered the problem (GRUB2 failed to
> find it's environment block due to dangling symlink).

This is a problem not only at boot time but also at install time. We discovered this in ReaR, which restores the system to disks mounted under /mnt/local and then calls grub2-install --root-directory=/mnt/local, which fails with "grub2-install: error: cannot rename the file /mnt/local/boot/grub2/grubenv.new to /mnt/local/boot/grub2/grubenv: No such file or directory.", see bz1498748.

There are two problems here:
- even if the symlink target /boot/efi/EFI/redhat/grubenv exists in the target filesystem hierarchy, it is accessible only as /mnt/local/boot/efi/EFI/redhat/grubenv, so the symlink is dangling during the restore operation. Converting the symlink to relative would help here.
- if the symlink target does not exists (as mentioned in the original report), the symlink will be always dangling and grub2-install will fail as well (it has no support to create a symlink target even if the symlink points to a nonexinstent file in an existing directory). Here converting the symlink to relative does not help.

As a result the restored system is left unbootable. The second case actually even prevents reinstallation of Grub into MBR using grub2-install in a running system.

Comment 6 Brian Lane 2018-07-10 23:12:31 UTC

I am still seeing this with grub2-2.02-0.73.el7.x86_64, using lorax-composer (an API on top of livemedia-creator) that is trying to build a disk image. The kickstart includes both versions of grub2 because we don't know how the image will be booting.

Anaconda logs this when running grub2-install

22:24:11,171 INFO program: Running... grub2-install --no-floppy /dev/loop0
22:24:13,322 INFO program: Installing for i386-pc platform.
22:24:13,322 INFO program: grub2-install: error: cannot rename the file /boot/grub2/grubenv.new to /boot/grub2/grubenv: No such file or directory.
22:24:13,322 DEBUG program: Return code: 1
22:24:13,324 INFO program: Running... grub2-set-default 0
22:24:13,370 INFO program: /usr/bin/grub2-editenv: error: cannot rename the file /boot/grub2/grubenv.new to /boot/grub2/grubenv: No such file or directory.
22:24:13,371 INFO program: /usr/bin/grub2-editenv: error: cannot rename the file /boot/grub2/grubenv.new to /boot/grub2/grubenv: No such file or directory.
22:24:13,371 INFO program: /usr/bin/grub2-editenv: error: cannot rename the file /boot/grub2/grubenv.new to /boot/grub2/grubenv: No such file or directory.
22:24:13,371 DEBUG program: Return code: 0
22:24:13,371 INFO program: Running... grub2-mkconfig -o /boot/grub2/grub.cfg
22:24:13,910 INFO program: /usr/bin/grub2-editenv: error: cannot rename the file /boot/grub2/grubenv.new to /boot/grub2/grubenv: No such file or directory.
22:24:13,911 INFO program: Generating grub configuration file ...
22:24:13,911 INFO program: Found linux image: /boot/vmlinuz-3.10.0-918.el7.x86_64
22:24:13,911 INFO program: Found initrd image: /boot/initramfs-3.10.0-918.el7.x86_64.img
22:24:13,911 INFO program: done

Comment 11 Yaniv Ferszt 2018-11-26 07:40:34 UTC

*** Bug 1524554 has been marked as a duplicate of this bug. ***

Comment 12 Pavel Cahyna 2018-12-14 16:34:13 UTC

The part which was problematic for ReaR was fixed. Absolute symlink was converted to a relative one and this is sufficient for us. Dropping bz1498748

Comment 16 Gregory Lee Bartholomew 2019-05-02 21:55:28 UTC

I'm running into issues with grub2-efi trying to use a /boot/grub2/grubenv symlink on current Fedora systems as well. In my case, I've used my ESP as $BOOT as recommended in the new boot loader specification (https://systemd.io/BOOT_LOADER_SPECIFICATION#technical-details):

"... if the OS is installed on a disk with GPT disk label, and no ESP partition exists yet, a new suitably sized (let’s say 500MB) ESP should be created and should be used as $BOOT."

However, because this forces $BOOT to be formatted with a VFAT file system, the symlink does not work. IMHO, grub2-efi should not be trying to write to /boot/grub2/grubenv. It should be writing directly to $ESP/efi/fedora/grubenv. As it is currently, I have to manually copy /boot/grub2/grubenv to /boot/efi/fedora/grubenv every time I update my kernel parameters.

Comment 17 Ryan Blakley 2019-05-03 13:32:04 UTC

(In reply to Gregory Lee Bartholomew from comment #16)
> I'm running into issues with grub2-efi trying to use a /boot/grub2/grubenv
> symlink on current Fedora systems as well. In my case, I've used my ESP as
> $BOOT as recommended in the new boot loader specification
> (https://systemd.io/BOOT_LOADER_SPECIFICATION#technical-details):
> 
> "... if the OS is installed on a disk with GPT disk label, and no ESP
> partition exists yet, a new suitably sized (let’s say 500MB) ESP should be
> created and should be used as $BOOT."
> 
> However, because this forces $BOOT to be formatted with a VFAT file system,
> the symlink does not work. IMHO, grub2-efi should not be trying to write to
> /boot/grub2/grubenv. It should be writing directly to
> $ESP/efi/fedora/grubenv. As it is currently, I have to manually copy
> /boot/grub2/grubenv to /boot/efi/fedora/grubenv every time I update my
> kernel parameters.

I would recommend filling a separate bug for Fedora, as this bz is for RHEL 7, and it does not implement blscfg, your issue also doesn't look related to the specific issue in this bz. In addition Fedora implements blscfg slightly different than the original specification that you linked, you can view the differences here. https://fedoraproject.org/wiki/Changes/BootLoaderSpecByDefault#Differences_from_BootLoaderSpec 

Also you can symlinks to a file located on a vfat fs, you just can't create symlinks from a vfat fs. So as long as /boot is not vfat, which it shouldn't be, you can create a symlink from /boot/grub2/grubenv to /boot/efi/EFI/fedora/grubenv.

Comment 18 Marek Havrila 2019-06-05 11:46:26 UTC

Verified on RHEL-7.7-20190403.0 and grub2-2.02-0.80.el7.x86_64.rpm.

Comment 20 errata-xmlrpc 2019-08-06 12:02:09 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2019:2014

Note You need to log in before you can comment on or make changes to this bug.