[Bug 1938635] Re: update-grub fails when having multiple encrypted zfs root datasets

Chris Guiver 1938635 at bugs.launchpad.net
Sun Aug 1 12:07:43 UTC 2021 

Thank you for taking the time to report this bug and helping to make
Ubuntu better. Please execute the following command only once, as it
will automatically gather debugging information, in a terminal:

apport-collect 1938635

When reporting bugs in the future please use apport by using 'ubuntu-
bug' and the name of the package affected. You can learn more about this
functionality at https://wiki.ubuntu.com/ReportingBugs.

(no release, grub2 package details etc details were provided)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to grub2 in Ubuntu.
https://bugs.launchpad.net/bugs/1938635

Title:
  update-grub fails when having multiple encrypted zfs root datasets

Status in grub2 package in Ubuntu:
  New

Bug description:
  == Test Case ==
  1. Have a multi-boot linux setup installed on zfs
  2. Use external boot partition 
  3. Use encryption (using diffent keys) for each zfs root dataset
  4. Boot into one environment without loading key of other dataset
  5. Run update-grub

  In our case we have 2 root datasets. We're booted into /legion/work/root
  /legion/personal/root
  /legion/work/root

  * Expected Result *
  update-grub succeeds updating grub config file with (at least) currently booted environment in configuration file.

  * Actual Result *
  update-grub fails, effectively updating config file removing currently booted environment from grub config.

  update-grub output:

  $ sudo update-grub           
  Sourcing file `/etc/default/grub'
  Sourcing file `/etc/default/grub.d/init-select.cfg'
  Generating grub configuration file ...
  filesystem 'legion/personal/root' can not be mounted: Permission denied
  Adding boot menu entry for UEFI Firmware Settings
  done

  * Workaround / Fix *
  A nice fix would be to add flag to either ignore datasets without loaded key. As I'm not interested in having personal root dataset listed in grub I added a workaround in "/etc/grub.d/10_linux_zfs" modifying function "get_root_datasets()".

  Original expression: zfs list -H -o name,canmount,mountpoint -t
  filesystem | grep -E
  '^'"${p}"'(\s|/[[:print:]]*\s)(on|noauto)\s'"${rel_pool_root}"'$' |
  awk '{print $1}'

  Modified expression: zfs list -H -o name,canmount,mountpoint,keystatus -t filesystem | grep -E '^'"${p}"'(\s|/[[:print:]]*\s)(on|noauto)\s'"${rel_pool_root}"'\savailable$' | awk '{print $1}'
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu27.18
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 20.04
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
  Package: grub2 (not installed)
  ProcVersionSignature: Ubuntu 5.4.0-80.90-generic 5.4.124
  Tags:  focal
  Uname: Linux 5.4.0-80-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip libvirt lpadmin plugdev sudo
  _MarkForUpload: True
  --- 
  ProblemType: Bug
  ApportVersion: 2.20.11-0ubuntu27.18
  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: KDE
  DistroRelease: Ubuntu 20.04
  NonfreeKernelModules: zfs zunicode zavl icp zcommon znvpair nvidia_modeset nvidia
  Package: grub2 (not installed)
  ProcVersionSignature: Ubuntu 5.4.0-80.90-generic 5.4.124
  Tags:  focal
  Uname: Linux 5.4.0-80-generic x86_64
  UpgradeStatus: No upgrade log present (probably fresh install)
  UserGroups: adm cdrom dip libvirt lpadmin plugdev sudo
  _MarkForUpload: True

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/grub2/+bug/1938635/+subscriptions

More information about the foundations-bugs mailing list