feat: support systemd-boot via config and build flag

p5 · p5 · commit 23d044ce9533 · 2025-08-22T14:27:07.000+01:00
diff --git a/Cargo.toml b/Cargo.toml
@@ -15,6 +15,10 @@ include = ["src", "LICENSE", "Makefile", "systemd"]
 platforms = ["*-unknown-linux-gnu"]
 tier = "2"
 
+[features]
+default = ["systemd-boot"]
+systemd-boot = []
+
 [[bin]]
 name = "bootupd"
 path = "src/main.rs"
@@ -27,7 +31,14 @@ bootc-internal-utils = "0.0.0"
 cap-std-ext = "4.0.6"
 camino = "1.1.11"
 chrono = { version = "0.4.41", features = ["serde"] }
-clap = { version = "4.5", default-features = false, features = ["cargo", "derive", "std", "help", "usage", "suggestions"] }
+clap = { version = "4.5", default-features = false, features = [
+    "cargo",
+    "derive",
+    "std",
+    "help",
+    "usage",
+    "suggestions",
+] }
 env_logger = "0.11"
 fail = { version = "0.5", features = ["failpoints"] }
 fn-error-context = "0.2.1"
diff --git a/src/bios.rs b/src/bios.rs
@@ -112,6 +112,7 @@ impl Component for Bios {
         dest_root: &str,
         device: &str,
         _update_firmware: bool,
+        _bootloader: crate::bootupd::Bootloader,
     ) -> Result<InstalledContent> {
         let Some(meta) = get_component_update(src_root, self)? else {
             anyhow::bail!("No update metadata for component {} found", self.name());
diff --git a/src/bootupd.rs b/src/bootupd.rs
@@ -25,6 +25,14 @@ use std::fs::{self, File};
 use std::io::{BufRead, BufReader, BufWriter, Write};
 use std::path::{Path, PathBuf};
 
+#[derive(Debug, Clone, Copy, PartialEq, Eq)]
+// TODO: Implement dynamic bootloader detection
+pub(crate) enum Bootloader {
+    _Auto,
+    Grub,
+    SystemdBoot,
+}
+
 pub(crate) enum ConfigMode {
     None,
     Static,
@@ -46,9 +54,10 @@ pub(crate) fn install(
     dest_root: &str,
     device: Option<&str>,
     configs: ConfigMode,
-    update_firmware: bool,
+    mut update_firmware: bool,
     target_components: Option<&[String]>,
     auto_components: bool,
+    bootloader: Bootloader,
 ) -> Result<()> {
     // TODO: Change this to an Option<&str>; though this probably balloons into having
     // DeviceComponent and FileBasedComponent
@@ -93,15 +102,33 @@ pub(crate) fn install(
             continue;
         }
 
+        if component.name() == "BIOS" && bootloader == Bootloader::SystemdBoot {
+            println!(
+                "Skip installing component {} for systemd-boot",
+                component.name()
+            );
+            continue;
+        }
+
+        if bootloader == Bootloader::SystemdBoot {
+            log::warn!(
+                "Disabling firmware updates for component {}",
+                component.name()
+            );
+            update_firmware = false;
+        }
         let meta = component
-            .install(&source_root, dest_root, device, update_firmware)
+            .install(&source_root, dest_root, device, update_firmware, bootloader)
             .with_context(|| format!("installing component {}", component.name()))?;
         log::info!("Installed {} {}", component.name(), meta.meta.version);
         state.installed.insert(component.name().into(), meta);
-        // Yes this is a hack...the Component thing just turns out to be too generic.
-        if let Some(vendor) = component.get_efi_vendor(&source_root)? {
-            assert!(installed_efi_vendor.is_none());
-            installed_efi_vendor = Some(vendor);
+
+        if bootloader != Bootloader::SystemdBoot {
+            // Yes this is a hack...the Component thing just turns out to be too generic.
+            if let Some(vendor) = component.get_efi_vendor(&source_root)? {
+                assert!(installed_efi_vendor.is_none());
+                installed_efi_vendor = Some(vendor);
+            }
         }
     }
     let sysroot = &openat::Dir::open(dest_root)?;
@@ -119,7 +146,9 @@ pub(crate) fn install(
             crate::grubconfigs::install(sysroot, installed_efi_vendor.as_deref(), uuid)?;
             // On other architectures, assume that there's nothing to do.
         }
-        None => {}
+        None => {
+            log::info!("Skipping static config generation");
+        }
     }
 
     // Unmount the ESP, etc.
diff --git a/src/cli/bootupd.rs b/src/cli/bootupd.rs
@@ -1,4 +1,4 @@
-use crate::bootupd::{self, ConfigMode};
+use crate::bootupd::{self, Bootloader, ConfigMode};
 use anyhow::{Context, Result};
 use clap::Parser;
 use log::LevelFilter;
@@ -73,6 +73,12 @@ pub struct InstallOpts {
     /// then only enable installation to the ESP.
     #[clap(long)]
     auto: bool,
+
+    /// The bootloader to configure
+    ///
+    /// Defaults to Grub
+    #[clap(long, default_value = "grub")]
+    bootloader: String,
 }
 
 #[derive(Debug, Parser)]
@@ -103,13 +109,23 @@ impl DCommand {
 
     /// Runner for `install` verb.
     pub(crate) fn run_install(opts: InstallOpts) -> Result<()> {
-        let configmode = if opts.write_uuid {
+        let bootloader = match opts.bootloader.as_str() {
+            "grub" => Bootloader::Grub,
+            "systemd-boot" => Bootloader::SystemdBoot,
+            _ => anyhow::bail!("Unknown bootloader: {}", opts.bootloader),
+        };
+
+        // If systemd-boot, always use ConfigMode::None
+        let configmode = if let Bootloader::SystemdBoot = bootloader {
+            ConfigMode::None
+        } else if opts.write_uuid {
             ConfigMode::WithUUID
         } else if opts.with_static_configs {
             ConfigMode::Static
         } else {
             ConfigMode::None
         };
+
         bootupd::install(
             &opts.src_root,
             &opts.dest_root,
@@ -118,6 +134,7 @@ impl DCommand {
             opts.update_firmware,
             opts.components.as_deref(),
             opts.auto,
+            bootloader,
         )
         .context("boot data installation failed")?;
         Ok(())
diff --git a/src/component.rs b/src/component.rs
@@ -55,6 +55,7 @@ pub(crate) trait Component {
         dest_root: &str,
         device: &str,
         update_firmware: bool,
+        bootloader: crate::bootupd::Bootloader,
     ) -> Result<InstalledContent>;
 
     /// Implementation of `bootupd generate-update-metadata` for a given component.
diff --git a/src/efi.rs b/src/efi.rs
@@ -342,51 +342,81 @@ impl Component for Efi {
         dest_root: &str,
         device: &str,
         update_firmware: bool,
+        bootloader: crate::bootupd::Bootloader,
     ) -> Result<InstalledContent> {
-        let Some(meta) = get_component_update(src_root, self)? else {
-            anyhow::bail!("No update metadata for component {} found", self.name());
-        };
-        log::debug!("Found metadata {}", meta.version);
-        let srcdir_name = component_updatedirname(self);
-        let ft = crate::filetree::FileTree::new_from_dir(&src_root.sub_dir(&srcdir_name)?)?;
-
-        // Let's attempt to use an already mounted ESP at the target
-        // dest_root if one is already mounted there in a known ESP location.
-        let destpath = if let Some(destdir) = self.get_mounted_esp(Path::new(dest_root))? {
-            destdir
-        } else {
-            // Using `blockdev` to find the partition instead of partlabel because
-            // we know the target install toplevel device already.
+        let esp_path = self.get_mounted_esp(Path::new(dest_root))?.or_else(|| {
             if device.is_empty() {
-                anyhow::bail!("Device value not provided");
+                None
+            } else {
+                let esp_device = blockdev::get_esp_partition(device).ok().flatten()?;
+                self.mount_esp_device(Path::new(dest_root), Path::new(&esp_device))
+                    .ok()
             }
-            let esp_device = blockdev::get_esp_partition(device)?
-                .ok_or_else(|| anyhow::anyhow!("Failed to find ESP device"))?;
-            self.mount_esp_device(Path::new(dest_root), Path::new(&esp_device))?
-        };
+        });
+
+        match bootloader {
+            crate::bootupd::Bootloader::SystemdBoot => {
+                log::info!("Installing systemd-boot via bootctl");
+                let esp_dir = openat::Dir::open(esp_path.as_ref().ok_or_else(|| {
+                    anyhow::anyhow!("No ESP mount found for systemd-boot install")
+                })?)
+                .context("Opening mounted ESP directory for systemd-boot")?;
+                crate::systemdbootconfigs::install(&esp_dir)?;
+                Ok(InstalledContent {
+                    meta: ContentMetadata {
+                        timestamp: chrono::Utc::now(),
+                        version: "systemd-boot".to_string(),
+                    },
+                    filetree: None,
+                    adopted_from: None,
+                })
+            }
+            crate::bootupd::Bootloader::Grub | crate::bootupd::Bootloader::_Auto => {
+                let meta = match get_component_update(src_root, self)? {
+                    Some(meta) => meta,
+                    None => {
+                        log::debug!(
+                            "No update metadata for component {} found, continuing (GRUB case)",
+                            self.name()
+                        );
+                        return Ok(InstalledContent {
+                            meta: ContentMetadata {
+                                timestamp: chrono::Utc::now(),
+                                version: "grub".to_string(),
+                            },
+                            filetree: None,
+                            adopted_from: None,
+                        });
+                    }
+                };
+                log::debug!("Found metadata {}", meta.version);
+                let srcdir_name = component_updatedirname(self);
+                let ft = crate::filetree::FileTree::new_from_dir(&src_root.sub_dir(&srcdir_name)?)?;
+
+                let destpath = esp_path
+                    .ok_or_else(|| anyhow::anyhow!("No ESP mount found for GRUB install"))?;
+                let destd = &openat::Dir::open(&destpath)
+                    .with_context(|| format!("opening dest dir {}", destpath.display()))?;
+                validate_esp_fstype(destd)?;
 
-        let destd = &openat::Dir::open(&destpath)
-            .with_context(|| format!("opening dest dir {}", destpath.display()))?;
-        validate_esp_fstype(destd)?;
-
-        // TODO - add some sort of API that allows directly setting the working
-        // directory to a file descriptor.
-        std::process::Command::new("cp")
-            .args(["-rp", "--reflink=auto"])
-            .arg(&srcdir_name)
-            .arg(destpath)
-            .current_dir(format!("/proc/self/fd/{}", src_root.as_raw_fd()))
-            .run()?;
-        if update_firmware {
-            if let Some(vendordir) = self.get_efi_vendor(&src_root)? {
-                self.update_firmware(device, destd, &vendordir)?
+                std::process::Command::new("cp")
+                    .args(["-rp", "--reflink=auto"])
+                    .arg(&srcdir_name)
+                    .arg(&destpath)
+                    .current_dir(format!("/proc/self/fd/{}", src_root.as_raw_fd()))
+                    .run()?;
+                if update_firmware {
+                    if let Some(vendordir) = self.get_efi_vendor(&src_root)? {
+                        self.update_firmware(device, destd, &vendordir)?
+                    }
+                }
+                Ok(InstalledContent {
+                    meta,
+                    filetree: Some(ft),
+                    adopted_from: None,
+                })
             }
         }
-        Ok(InstalledContent {
-            meta,
-            filetree: Some(ft),
-            adopted_from: None,
-        })
     }
 
     fn run_update(
diff --git a/src/main.rs b/src/main.rs
@@ -46,6 +46,8 @@ mod model_legacy;
 mod ostreeutil;
 mod packagesystem;
 mod sha512string;
+#[cfg(feature = "systemd-boot")]
+mod systemdbootconfigs;
 mod util;
 
 use clap::crate_name;
diff --git a/src/systemdbootconfigs.rs b/src/systemdbootconfigs.rs
@@ -0,0 +1,42 @@
+use std::path::Path;
+
+use anyhow::{Context, Result};
+use fn_error_context::context;
+
+/// Install files required for systemd-boot
+#[context("Installing systemd-boot")]
+pub(crate) fn install(esp_path: &openat::Dir) -> Result<()> {
+    let esp_path = esp_path.recover_path().context("ESP path is not valid")?;
+    let status = std::process::Command::new("bootctl")
+        .args([
+            "install",
+            "--esp-path",
+            esp_path.to_str().context("ESP path is not valid UTF-8")?,
+        ])
+        .status()
+        .context("Failed to execute bootctl")?;
+
+    if !status.success() {
+        anyhow::bail!(
+            "bootctl install failed with status code {}",
+            status.code().unwrap_or(-1)
+        );
+    }
+
+    // If loader.conf is present in the bootupd configuration, replace the original config with it
+    let src_loader_conf = "/usr/lib/bootupd/systemd-boot/loader.conf";
+    let dst_loader_conf = Path::new(&esp_path).join("loader/loader.conf");
+    if Path::new(src_loader_conf).exists() {
+        std::fs::copy(src_loader_conf, &dst_loader_conf)
+            .context("Failed to copy loader.conf to ESP")?;
+        log::info!(
+            "Copied {} to {}",
+            src_loader_conf,
+            dst_loader_conf.display()
+        );
+    } else {
+        log::warn!("{} does not exist, skipping copy", src_loader_conf);
+    }
+
+    Ok(())
+}
