The `efibootmgr -c` command always creates a new boot entry rather than
updating an existing one. Prior to commit c6ba53c, the GRUB installation
block only ran on fresh installs. That commit extended it to run on
upgrades when GRUB versions differ, which also caused `efibootmgr -c` to
run on upgrades, creating duplicate TrueNAS-X entries. While firmware
typically cleans up duplicate entries on reboot (as observed on TrueNAS
MINI hardware), EFI NVRAM has limited space and users with NVRAM already
full from other sources reported `No space left on device` error during
updates as creating a new entry fails before the next reboot can clean up.
The boot entry created during fresh installation remains valid across
upgrades since GRUB binaries are updated at the same path
(`/EFI/debian/grubx64.efi`). Only create the boot entry on fresh installs
where `old_root` is None.
* Trixie related changes for scale-build
* Point to HM mirrors
* Update apt preferences for trixie
* Update debootstrap changes for trixie
* Minor fix
* Remove python3 package
* Remove mandatory explicit dep
* Use openjdk-21-jdk for kernel
* Update passwd
* There is no need for custom openssl now
* Move from libssl3 to libssl3t64
* Remove util-linux from build manifest
* Set env variable for spdk
* Don't buidl spdk for now
* ipmctl is not available in stable
* Remove legacy sysv unit stuff
* Comment out netdata for now
* Small umount fix
* Also umount efivars
* Update build manifest to reflect updated branches
* Remove nfs entry from mtree
* Make sure to umount efivars
* Properly have apt sources fixed in update image
* Pull in grub2-common
* Add netdata mirror
* Fix url
* Make sure corepack is non-interactive
* Update netdata groups
* Fix efivars mounting
* Properly use clean_mounts
* Add fixme for netdata
* Properly comment out spdk explicit deps
* Remove grub-efi-amd64-signed from iso
* Make sure efivarfs is definitely mounted
* Bring in isc-dhcp-client for now
* Revert "Bring in isc-dhcp-client for now"
This reverts commit 259ffebba5.
* Only try to umount efivarfs if host is actually efi based
* Update repo's branches
This commit adds a basic python version check to the truenas_install
module so that we can raise a useful error message if someone
is somehow running the installer in the context of a really old
python version (like in 13).
During the upgrade process its possible for the syslog-ng cursor for
the systemd journal to advance beyond what is present in the newly
cloned logs dataset. This results in syslog-ng re-reading the same
messages and sending them a second time to remote syslog servers, our
audit databases, and local files.
For typical purposes the systemd journal is treated as ephemeral data,
but is not something we want to lose on reboot or upgrade. This means
that volatile storage is undesirable. As a compromise solution that
absolutely prevents duplicate entries we have settled on creating a new
dedicated systemd journal dataset on upgrades. The old journal contents
dataset are preserved in the previous boot environment.
This has the added advantage of allowing us to disable ACL support
on the logs dataset.
grub2 installs config generation scripts under /etc/grub.d/. If
update-grub cannot run those scripts, config generation fails and
update-grub errors out.
We should remove noexec for etc dataset. There has been an upstream
ZFS fix that enforces the correct mount options for Linux runtime.
To enable that patch, we should first remove noexec permission for
/etc, otherwise installation would break.
Signed-off-by: Umer Saleem <usaleem@ixsystems.com>
The syslog-ng.persist file contains information about last read
systemd journal message which will prevent duplicate audit table
insertions and sending duplicate messages to remote syslog server.
