systemd-boot: add 'graceful' configuration option

On some systems bootctl cannot write the `LoaderSystemToken` EFI variable during installation, which results in a failure to install the boot loader. Upstream provides a flag (--graceful) to ignore such write failures - this change exposes it as a configuration option. As the exact semantics of this option appear to be somewhat volatile it should be used only if systemd-boot otherwise fails to install.
2021-09-26 17:54:36 +02:00
parent 5e37cc3186
commit 7bd84b6685
2 changed files with 26 additions and 5 deletions
--- a/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
+++ b/nixos/modules/system/boot/loader/systemd-boot/systemd-boot-builder.py
@@ -208,10 +208,15 @@ def main() -> None:
        if os.path.exists("@efiSysMountPoint@/loader/loader.conf"):
            os.unlink("@efiSysMountPoint@/loader/loader.conf")

-        if "@canTouchEfiVariables@" == "1":
-            subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "install"])
-        else:
-            subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@", "--no-variables", "install"])
+        flags = []
+
+        if "@canTouchEfiVariables@" != "1":
+            flags.append("--no-variables")
+
+        if "@graceful@" == "1":
+            flags.append("--graceful")
+
+        subprocess.check_call(["@systemd@/bin/bootctl", "--path=@efiSysMountPoint@"] + flags + ["install"])
    else:
        # Update bootloader to latest if needed
        systemd_version = subprocess.check_output(["@systemd@/bin/bootctl", "--version"], universal_newlines=True).split()[1]