liske/needrestart

RFE: Unified Kernel Images with Secure Boot

Opened this issue · 1 comments

tblancher commented

Here's the output of needrestart -v |& head on Arch Linux:

[main] eval /etc/needrestart/needrestart.conf
[main] needrestart v3.6
[main] running in user mode
[Core] Using UI 'NeedRestart::UI::stdio'...
[main] systemd detected
[main] #1516 uses deleted /usr/lib/libexpat.so.1.8.10
[main] #4924 uses deleted /usr/lib/libexpat.so.1.8.10
[main] #4933 uses deleted /usr/lib/libexpat.so.1.8.10
[main] #4950 uses deleted /usr/lib/libexpat.so.1.8.10
[main] #4951 uses obsolete binary /usr/bin/python3.11
...

I get the following message when running sudo needrestart:

...
Failed to retrieve available kernel versions.
...

I have a Unified Kernel Image, signed by sbctl for Secure Boot, and the full path to the kernel is:

/efi/EFI/Linux/490336ad3ce04b7bae989340da3fe01b-6.7.4-arch1-1.efi

My Perl is perennially so rusty I'm not sure where to begin to draft commits for a PR against needrestart. I think the first step is to configure needrestart to have alternate paths for the kernel, instead of only /boot. I'm willing to help test this, since this setup is very specific to my new laptop.

I believe it finds the CPU microcode image since for whatever reason Arch still deploys it to /boot/intel-ucode.img, but that's the only file in there.

liske commented

Yes, it is currently not possible to add additional paths for kernel images. There are some hard coded globs:

needrestart/perl/lib/NeedRestart/Kernel/Linux.pm

Lines 130 to 139 in c62b152

my %kfiles = map {
$_ => 1,
} grep {
# whitelist kernel images
m/$filter/;
}
grep {
# filter initrd images
(!m@^/boot/init@);
} (</boot/vmlinu*>, </boot/*.img>, </boot/kernel*>);

Should be possible to configure custom paths to be open for various EFI setups.