Bug 1573121 - Update of grub does not update /boot/grub files
Summary: Update of grub does not update /boot/grub files
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: grub
Version: 6.9
Hardware: x86_64
OS: Linux
medium
medium
Target Milestone: rc
: 6.9
Assignee: David Kaspar [Dee'Kej]
QA Contact: Release Test Team
Petr Bokoc
URL:
Whiteboard:
Depends On:
Blocks: 1577226
TreeView+ depends on / blocked
 
Reported: 2018-04-30 08:43 UTC by Welterlen Benoit
Modified: 2018-05-11 13:56 UTC (History)
3 users (show)

Fixed In Version:
Doc Type: Known Issue
Doc Text:
*GRUB* updates are not applied to the system When the *GRUB* boot loader is updated using "yum" or "rpm" (for example, "rpm -Uvh grub"), and the update process succeeds, then the "grub-install" command is not being run automatically due to technical limitations of *GRUB*. The updated package is downloaded and installed, but the new version of the boot loader provided by that package is not automatically applied to the system. Instead, the old version is used even after the package update, and therefore any fixes provided in the update are not applied to the system. To work around this problem, run the "grub-install" command manually using a command line with `root` privileges every time an update to the _grub_ package is installed.
Clone Of:
: 1577226 (view as bug list)
Environment:
Last Closed: 2018-04-30 13:54:41 UTC


Attachments (Terms of Use)

Description Welterlen Benoit 2018-04-30 08:43:33 UTC
Description of problem:
The update of the grub RPM does not update files used in the boot process /boot/grub/*
"grub-install" needs to be executed to have an up-to-date bootloader, else fixes will not be applied.

Version-Release number of selected component (if applicable):
RedHat 6

How reproducible:
easy

Steps to Reproduce:
1. md5sum /boot/grub/*
2. yum update grub (to a new version or a specific version if no new version available)
3. md5sum /boot/grub/*

Actual results:
Same files in /boot/grub

Expected results:
Updated bootloader to the last version (files are provided in )/usr/share/grub/x86_64-redhat/

Additional info:
Have you missed something in the update process ?
The post install script does not include "grub-install":

%post
if [ "$1" = 1 ]; then
  /sbin/install-info --info-dir=%{_infodir} %{_infodir}/grub.info.gz || :
  /sbin/install-info --info-dir=%{_infodir} %{_infodir}/multiboot.info.gz || :
fi

%preun
if [ "$1" = 0 ] ;then
  /sbin/install-info --delete --info-dir=%{_infodir} %{_infodir}/grub.info.gz || :
  /sbin/install-info --delete --info-dir=%{_infodir} %{_infodir}/multiboot.info.gz || :
fi

Comment 2 David Kaspar [Dee'Kej] 2018-04-30 13:54:41 UTC
Hello Welterlen,

I have discussed this issue with RTT guys to be sure about it. Unfortunately, this is not something we can fix.

The 'grub-install' is potentionally destructive command and running it automatically could leave a lot of machines of many of our customers in unbootable state, which is not desirable for RHEL-6 (we are in Maintenance Support Phase 2).

Even our documentation clearly states the warning:
https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/6/html/installation_guide/s1-grub-commands

The automatic running of 'grub-install' can leave the system in unbootable state, because grub (legacy version) is not so sophisticated. It can't detect easily if there was any change to grub's configuration, even more it can't tell if the configuration is sane. And there exist too many possible system configurations for grub to be able to deal with it.

Grub is a CRITICAL PATH package, and we do not want it to do anything behind administrator's back. As a result, it is necessary that any changes to grub's configuration or grub updates be supervised by system administrator in some way.

I hope this explanation answers our customer's questions.

However, looking at the KB article (https://access.redhat.com/solutions/1492003) I see it is clearly missing the part of manually running the 'grub-install', which might be confusing for some administrators using RHEL-6. Also, AFAICT our documentation does not state this information either.

So I will contact our documentation team, so we can fix it.

Best regards,

 -- David --

Comment 3 Welterlen Benoit 2018-04-30 14:40:02 UTC
Hi David,

Thanks for the answer. I understand that grub is a critical part of the system but from the user point of view, a "yum update" including grub makes him believe that his system is up to date and the running grub is the last one, with latest fixes. 
I have updated the KB article to add the grub-install advice (with caution).
A message may be written after the installation in post-install so the admin will be aware that grub has been updated and need a reinstall.

Best regards

Benoit

Comment 4 David Kaspar [Dee'Kej] 2018-04-30 14:56:02 UTC
(In reply to Welterlen Benoit from comment #3)
> I have updated the KB article to add the grub-install advice (with caution).

I have already contacted Lenka Spackova about this. There might be other KB articles that need updating as well.

> A message may be written after the installation in post-install so the admin
> will be aware that grub has been updated and need a reinstall.

It is possible to do so, but we need to primarily fix our documentation first. The %post warning message might get lost in some cases (like for example unattended update via some management system, or via serial console, etc.).

> Thanks for the answer. I understand that grub is a critical part of the
> system but from the user point of view, a "yum update" including grub makes
> him believe that his system is up to date and the running grub is the last
> one, with latest fixes.

I see, but there's not much we can do about it to be honest, especially for RHEL-6. The only(?) and IMHO best course of action is to "educate" our customers that they need to do the 'grub-install' manually after update, and to fix our documentation.


Note You need to log in before you can comment on or make changes to this bug.