Bootloader vendor detection is using old (non-standard) directories #1171
Description
I've been getting an odd issue trying to build ISOs with the latest fedora-bootc images, but not with centos-bootc:
Build script with hashes
build.sh:
#!/usr/bin/env bash
fedora_image="quay.io/fedora/fedora-bootc:latest@sha256:597b9cb204a467088c470dbbfe632994d851b227470c00e845d4d773410abd46"
centos_image=quay.io/centos-bootc/centos-bootc:c10s@sha256:feea845d2e245b5e125181764cfbc26b6dacfb3124f9c8d6a2aaa4a3f91082e
bib_image=quay.io/centos-bootc/bootc-image-builder:latest@sha256:6b0433acb5819d62d9afdd8fd735cf3c7cc11dcf9bcc343e7df593423b3994fb \
target_image=$fedora_image
mkdir -p output
sudo podman pull "${target_image}"
sudo podman run \
--rm \
-it \
--privileged \
--pull=newer \
--security-opt label=type:unconfined_t \
-v "./iso.toml:/config.toml:ro" \
-v ./output:/output \
-v /var/lib/containers/storage:/var/lib/containers/storage \
"${bib_image}" \
--type iso \
--rootfs btrfs \
--use-librepo=True \
"${target_image}"iso.toml:
[customizations.installer.modules]
enable = [
"org.fedoraproject.Anaconda.Modules.Storage",
"org.fedoraproject.Anaconda.Modules.Runtime",
"org.fedoraproject.Anaconda.Modules.Network",
"org.fedoraproject.Anaconda.Modules.Security",
"org.fedoraproject.Anaconda.Modules.Services",
"org.fedoraproject.Anaconda.Modules.Users",
"org.fedoraproject.Anaconda.Modules.Timezone"
]
disable = [
"org.fedoraproject.Anaconda.Modules.Subscription",
]On fedora-bootc specifically it fails with "output["vendor"]" not being found on the generated manifest (whereas centos-bootc works fine)
Error output
# ...
Finished pipeline build
Starting pipeline efiboot-tree
Starting module org.osbuild.grub2.iso
Traceback (most recent call last):
File "/run/osbuild/bin/org.osbuild.grub2.iso", line 136, in <module>
ret = main(args["tree"], args["options"])
File "/run/osbuild/bin/org.osbuild.grub2.iso", line 70, in main
vendor = options["vendor"]
~~~~~~~^^^^^^^^^^
KeyError: 'vendor'
Finished module org.osbuild.grub2.iso
Finished pipeline efiboot-tree
manifest - failed
Output:
Failed
On the generated fedora-bootc manifest, there is a lack of the vendor key on the osbuild.grub2 module:
"stages": [
{
"type": "org.osbuild.grub2.iso",
"options": {
"product": {
"name": "Fedora Linux",
"version": "43"
},
"kernel": {
"dir": "/images/pxeboot",
"opts": [
"inst.stage2=hd:LABEL=Fedora-S-dvd-x86_64-43",
"inst.ks=hd:LABEL=Fedora-S-dvd-x86_64-43:/osbuild.ks"
]
},
"isolabel": "Fedora-S-dvd-x86_64-43",
"architectures": [
"X64"
]
- // No vendor here?
}
}
"stages": [
{
"type": "org.osbuild.grub2.iso",
"options": {
"product": {
"name": "CentOS Stream",
"version": "10"
},
"kernel": {
"dir": "/images/pxeboot",
"opts": [
"inst.stage2=hd:LABEL=CentOS-Stream-10-BaseOS-x86_64",
"inst.ks=hd:LABEL=CentOS-Stream-10-BaseOS-x86_64:/osbuild.ks"
]
},
"isolabel": "CentOS-Stream-10-BaseOS-x86_64",
"architectures": [
"X64"
],
+ "vendor": "centos"
}
}
]
This seems to be happening due to EFI binaries not being found where bootc-image-builder expects them (/usr/lib/bootupd/updates/EFI/*), so it isn't able to infer the vendor for grub. This directory doesn't seem to be generated on the fedora-bootc images anymore since a recent fedora proposal moved the .efi files that would normally be put on /usr/lib/ostree-boot to /usr/lib/efi/(component)/(version)/EFI/(vendor) instead. So bootupd generate-update-metadata doesn't find these and doesn't copy them to /usr/lib/bootupd/updates/EFI, thus the vendor detection fails and generating the ISO doesn't work.
AFAIK bootupd will get updated to handle these /usr/lib/efi paths instead of manually vendoring everything into its own directories, so maybe osbuild (or bootc-image-builder) should autodetect the vendor in a different way?
A workaround I've found for this is adding the following to my fedora-bootc-based image:
FROM quay.io/fedora/fedora-bootc:latest
RUN mkdir -p /usr/lib/bootupd/updates && cp -r /usr/lib/efi/*/*/* /usr/lib/bootupd/updates