install: Update to new bootupd uuid/EFI code

This significantly simplifies this code even more; bootupd takes
care of writing the UUID files in both places (like coreos-installer does).

It also calls out to `efibootmgr` by default.

Signed-off-by: Colin Walters <walters@verbum.org>

lib/src/bootloader.rs

@@ -1,33 +1,27 @@
-use std::os::unix::prelude::PermissionsExt;
-
-use anyhow::{Context, Result};
+use anyhow::Result;
 use camino::Utf8Path;
-use cap_std::fs::Dir;
-use cap_std::fs::Permissions;
-use cap_std_ext::cap_std;
-use cap_std_ext::prelude::*;
 use fn_error_context::context;
 
 use crate::task::Task;
 
-const GRUB_BOOT_UUID_FILE: &str = "bootuuid.cfg";
 /// The name of the mountpoint for efi (as a subdirectory of /boot, or at the toplevel)
 pub(crate) const EFI_DIR: &str = "efi";
 
 #[context("Installing bootloader")]
 pub(crate) fn install_via_bootupd(
     device: &Utf8Path,
     rootfs: &Utf8Path,
-    boot_uuid: &str,
     is_alongside: bool,
+    update_firmware: bool,
 ) -> Result<()> {
     let verbose = std::env::var_os("BOOTC_BOOTLOADER_DEBUG").map(|_| "-vvvv");
     // If we're doing an alongside install, only match the host boot method because Anaconda defaults
     // to only doing that.
     let component_args = is_alongside.then_some("--auto");
-    let args = ["backend", "install", "--with-static-configs"]
+    let args = ["backend", "install", "--write-uuid"]
         .into_iter()
         .chain(verbose)
+        .chain(update_firmware.then_some("--update-firmware"))
         .chain(component_args)
         .chain([
             "--src-root",
@@ -36,22 +30,5 @@ pub(crate) fn install_via_bootupd(
             device.as_str(),
             rootfs.as_str(),
         ]);
-    Task::new_and_run("Running bootupctl to install bootloader", "bootupctl", args)?;
-
-    let grub2_uuid_contents = format!("set BOOT_UUID=\"{boot_uuid}\"\n");
-
-    let bootfs = &rootfs.join("boot");
-    let bootfs =
-        Dir::open_ambient_dir(bootfs, cap_std::ambient_authority()).context("Opening boot")?;
-    let grub2 = bootfs.open_dir("grub2").context("Opening boot/grub2")?;
-
-    grub2
-        .atomic_write_with_perms(
-            GRUB_BOOT_UUID_FILE,
-            grub2_uuid_contents,
-            Permissions::from_mode(0o644),
-        )
-        .with_context(|| format!("Writing {GRUB_BOOT_UUID_FILE}"))?;
-
-    Ok(())
+    Task::new_and_run("Running bootupctl to install bootloader", "bootupctl", args)
 }

lib/src/install.rs

@@ -104,6 +104,11 @@ pub(crate) struct InstallConfigOpts {
     #[clap(long)]
     /// Add a kernel argument
     karg: Option<Vec<String>>,
+
+    /// If set, do not attempt any changes to the firmware (e.g. EFI).
+    #[clap(long)]
+    #[serde(default)]
+    pub(crate) skip_firmware_update: bool,
 }
 
 /// Perform an installation to a block device.
@@ -894,6 +899,13 @@ async fn install_to_filesystem_impl(state: &State, rootfs: &mut RootSetup) -> Re
         rootfs.kargs.push("selinux=0".to_string());
     }
 
+    // We verify this upfront because it's currently required by bootupd
+    let boot_uuid = rootfs
+        .get_boot_uuid()?
+        .or(rootfs.rootfs_uuid.as_deref())
+        .ok_or_else(|| anyhow!("No uuid for boot/root"))?;
+    tracing::debug!("boot uuid={boot_uuid}");
+
     // Write the aleph data that captures the system state at the time of provisioning for aid in future debugging.
     {
         let aleph = initialize_ostree_root_from_self(state, rootfs).await?;
@@ -906,15 +918,11 @@ async fn install_to_filesystem_impl(state: &State, rootfs: &mut RootSetup) -> Re
             .context("Writing aleph version")?;
     }
 
-    let boot_uuid = rootfs
-        .get_boot_uuid()?
-        .or(rootfs.rootfs_uuid.as_deref())
-        .ok_or_else(|| anyhow!("No uuid for boot/root"))?;
     crate::bootloader::install_via_bootupd(
         &rootfs.device,
         &rootfs.rootfs,
-        boot_uuid,
         rootfs.is_alongside,
+        !state.config_opts.skip_firmware_update,
     )?;
     tracing::debug!("Installed bootloader");