Create filesystem on xvda1 on update

marmarek · marmarek · commit 09e3dd35b189 · 2025-09-17T02:23:51.000+02:00
The new systemd (Debian trixie, Fedora 43) really insist on having proper filesystem on the EFI partition, otherwise it marks several units as failed. Create a filesystem there on package update too. Do not interrupt package update if it fails. Fixes QubesOS/qubes-issues#8954
diff --git a/archlinux/PKGBUILD.in b/archlinux/PKGBUILD.in
@@ -59,6 +59,7 @@ package_qubes-vm-core() {
     release=${BASH_REMATCH[1]}.${BASH_REMATCH[2]}
     depends=(
         dconf
+        dosfstools
         fakeroot
         gawk
         gnome-packagekit
diff --git a/archlinux/PKGBUILD.install b/archlinux/PKGBUILD.install
@@ -85,6 +85,16 @@ update_qubesconfig() {
         mount /usr/local || :
     fi
 
+    rootdev=$(grep -o '^[^ ]* / ' /proc/mounts | cut -f 1 -d ' ') || rootdev=
+    # if root volume uses partitions, and is mounted directly (no dm-snapshot),
+    # check if xvda1 needs filesystem to be created
+    if [ -n "$rootdev" ] && [ "$(readlink -f "$rootdev")" = "/dev/xvda3" ]; then
+        if [ -z "$(blkid -o value -s TYPE /dev/xvda1)" ]; then
+            mkfs.vfat -S 4096 -n EFI /dev/xvda1 || \
+                echo "Creating EFI fs failed: 'mkfs.vfat -S 4096 -n EFI /dev/xvda1': $?" >&2
+        fi
+    fi
+
     # Install qubes version of fstab
     if ! grep -q dmroot /etc/fstab; then
         cp -f /etc/fstab.qubes /etc/fstab
diff --git a/debian/control b/debian/control
@@ -31,6 +31,7 @@ Depends:
     dconf-cli,
     distro-info-data,
     dmsetup,
+    dosfstools,
     e2fsprogs,
     gawk,
     graphicsmagick,
diff --git a/debian/qubes-core-agent.postinst b/debian/qubes-core-agent.postinst
@@ -166,6 +166,16 @@ case "${1}" in
             mount /usr/local || :
         fi
 
+        rootdev=$(grep -o '^[^ ]* / ' /proc/mounts | cut -f 1 -d ' ') || rootdev=
+        # if root volume uses partitions, and is mounted directly (no dm-snapshot),
+        # check if xvda1 needs filesystem to be created
+        if [ -n "$rootdev" ] && [ "$(readlink -f "$rootdev")" = "/dev/xvda3" ]; then
+            if [ -z "$(blkid -o value -s TYPE /dev/xvda1)" ]; then
+                mkfs.vfat -S 4096 -n EFI /dev/xvda1 || \
+                    echo "Creating EFI fs failed: 'mkfs.vfat -S 4096 -n EFI /dev/xvda1': $?" >&2
+            fi
+        fi
+
         # remove old symlinks
         if [ -L /etc/systemd/system/sysinit.target.wants/qubes-random-seed.service ]; then
             rm /etc/systemd/system/sysinit.target.wants/qubes-random-seed.service
diff --git a/rpm_spec/core-agent.spec.in b/rpm_spec/core-agent.spec.in
@@ -186,6 +186,7 @@ Obsoletes:  qubes-core-vm-doc < 4.0.0
 Conflicts:  qubes-gui-agent < 4.1.6
 Conflicts:  pulseaudio-qubes < 4.2.0
 Provides:   group(qubes)
+Requires(post): dosfstools
 Requires(pre): shadow
 Requires(pre): qubes-db
 BuildRequires: gcc
@@ -574,6 +575,15 @@ if [ -L /usr/local ]; then
     mount /usr/local || :
 fi
 
+rootdev=$(grep -o '^[^ ]* / ' /proc/mounts | cut -f 1 -d ' ') || rootdev=
+# if root volume uses partitions, and is mounted directly (no dm-snapshot),
+# check if xvda1 needs filesystem to be created
+if [ -n "$rootdev" ] && [ "$(readlink -f "$rootdev")" = "/dev/xvda3" ]; then
+    if [ -z "$(blkid -o value -s TYPE /dev/xvda1)" ]; then
+        mkfs.vfat -S 4096 -n EFI /dev/xvda1 || echo "Creating EFI fs failed: 'mkfs.vfat -S 4096 -n EFI /dev/xvda1': $?" >&2
+    fi
+fi
+
 %if 0%{?fedora} < 41
 if [ ! -f /etc/qubes-dnf-hardened ]; then
     dnf config-manager --setopt=zchunk=0 --setopt=deltarpm=0 --save &&
