In this post, I’d like to share my thoughts and the solution I adopted to circumvent the terrible incident that happened a few days ago with grub in Linux Arch. The bug affected all Arch-based distributions (not Manjaro, which is not really Arch-based, but for sure EndeavourOS and Arch itself).
You can find the details of the problem online:
- The official bug: https://bugs.archlinux.org/task/75701
- A post in the XeroLinux forum: https://forum.xerolinux.xyz/thread-164.html
- A very well-detailed written report on the issue in the EndeavourOS forum: https://forum.endeavouros.com/t/full-transparency-on-the-grub-issue-updated-2022-08-29/30784
If you’re reading this, you’re already aware of the bug, and maybe you’ve been hit by it. Thus, I’m not going into the details of the issue itself.
First of all, although I’ve been enjoying Arch for some time, I must say I was not pleased with the way the Arch team handled the problem (it’s really a severe issue, and having bootable snapshots does not save you from that if you don’t take countermeasures to avoid it or to fix the problem, once you’ve already been hit). After a few days, the Arch team closed the bug, blaming other Arch-based distros because they have hooks that update the grub configuration during package upgrades. The Arch team says that if you use grub the “Arch way,” you have no problem.
However, if I understand the details of the issue correctly, as soon as you have a software update that installs a new kernel version, it will also update the grub configuration, and the bug will hit you. (update: no, that’s not the case in Arch, since the kernel image file always has the same name and does not have the version in the name).
Moreover, I have hooks to take Timeshift snapshots before a system upgrade and to generate grub entries to boot the snapshots. Isn’t this the “Arch way”? For sure, it’s a safety mechanism widely adopted. After all, Linux is about choice! 🙂 (update: since, as said above, the kernel image file name is always the same, even, for example, if you update from version 5.19.4 to 5.19.5, having bootable snapshots is even more crucial in Arch).
The issue is said to be fixed by showing a warning during the upgrade of the grub package saying:
:: Processing package changes...
(1/1) upgrading grub [----------------------] 100%
:: To use the new features provided in this GRUB update, it is recommended
to install it to the MBR or UEFI. Due to potential configuration
incompatibilities, it is advised to run both, installation and generation
$ grub-install ...
$ grub-mkconfig -o /boot/grub/grub.cfg
Seriously?! That’s just a warning, which is likely to go unnoticed. That’s not a fix; it’s a patch (In the true sense of the word).
However, let’s say that you note that warning and do what it says.
You will have no problem on the next boot, but I found these huge drawbacks (at least for me):
- The grub installation of the current Arch distribution will replace the default UEFI boot configuration. Of course, you can reorder the boot configurations from the UEFI setup, but that’s an unwanted side-effect if you had already configured things the way you wanted;
- Related to the previous point, if you have another grub configuration (e.g., of another distro) to boot other distros on the same machine (see, e.g., my blog post on this mechanism), including this Arch installation, it will not work anymore. That’s expected because the other grub does not know anything about the new grub configuration anyway.
Moreover, in my humble opinion, what the grub developers have done in this new version does not make much sense: why do you want to execute a command to generate a boot entry dynamically?! Perform that choice when generating the grub configuration once and for all!
If you’re curious, that’s the difference after the grub update in the file used to generate the culprit entry in the grub.cfg (old file on the left, new file on the right):
So, after restoring my computer with arch-chroot (because I was hit by the bug), instead of their proposed “solution,” I ignored the package update by adding this line to /etc/pacman.conf:
# Pacman won't upgrade packages listed in IgnorePkg and members of IgnoreGroup
IgnorePkg = grub
This way, I won’t be hit by the bug again (until, hopefully, grub developers will revert that implementation decision, and Arch developers will provide a new grub package)
Then, I realized that, in the end, I don’t need a grub entry to enter UEFI! I can enter UEFI when starting the computer with a key combination (not to mention that, as I said above, my main grub is not the Arch one, but the Fedora one, as shown in my blog post)! Thus, I updated the grub package (of course, after removing the IgnorePkg entry shown above). Before rebooting (that’s crucial), instead of following the suggestion shown during the upgrade, I simply removed the grub file to generate the culprit configuration for UEFI in the grub.cfg (and, of course, I regenerated the grub configuration afterward):
sudo rm /etc/grub.d/30_uefi-firmware
sudo grub-mkconfig -o /boot/grub/grub.cfg
That’s all! Your grub.cfg will not have an entry for entering UEFI anymore. I don’t need that.
Of course, you have to repeat these operations if Arch releases an update to the grub package without fixing the problem. However, I prefer this solution, which does not have the abovementioned drawbacks.