WIP: ISO boot detection fixes and test improvements

- Fix duplicate iso-scan/filename parameter injection
- Add deduplication to cfg boot method extraction
- Add selective parameter injection (boot=live, boot=casper, live-media)
- Add header comments to kexec-iso-init.sh, kexec-parse-boot.sh, kexec-boot.sh
- Add param injection validation to test suite
- Fix Tails boot parameter regression (was injecting boot=casper incorrectly)
- Show boot params in boot menu options

Author: tlaurion

initrd/bin/kexec-boot.sh

@@ -1,5 +1,22 @@
 #!/bin/bash
-# Launches kexec from saved configuration entries
+# Execute kexec to boot an OS kernel from parsed boot configuration
+#
+# This script takes a boot entry (from kexec-parse-boot.sh) and executes
+# kexec to load and boot the OS kernel. It handles:
+# - ELF kernels (standard Linux)
+# - Multiboot kernels (Xen)
+# - Initial ramdisks (initrd)
+# - Kernel command line modification (add/remove parameters)
+#
+# Options:
+#   -b  Boot directory (e.g., /boot)
+#   -e  Entry string (name|kexectype|kernel path[|initrd][|append])
+#   -r  Parameters to remove from cmdline
+#   -a  Parameters to add to cmdline
+#   -o  Override initrd path
+#   -f  Dry run: print files only
+#   -i  Dry run: print initrd only
+#
 set -e -o pipefail
 . /tmp/config
 . /etc/functions.sh
@@ -65,6 +82,8 @@ fix_file_path() {
 adjusted_cmd_line="n"
 adjust_cmd_line() {
 	DEBUG "adjust_cmd_line: original cmdline='$cmdline'"
+	cmdline=$(echo "$cmdline" | sed 's/---.*$//' | xargs)
+	DEBUG "adjust_cmd_line: after stripping --- separator='$cmdline'"
 	if [ -n "$cmdremove" ]; then
 		for i in $cmdremove; do
 			cmdline=$(echo $cmdline | sed "s/\b$i\b//g")
@@ -164,6 +183,7 @@ if [ "$dryrun" = "y" ]; then exit 0; fi
 
 DEBUG "kexec-boot.sh: cmdadd='$cmdadd'"
 DEBUG "kexec-boot.sh: cmdremove='$cmdremove'"
+DEBUG "kexec-boot.sh: final cmdline='$cmdline'"
 STATUS "Loading the new kernel"
 DEBUG "kexec command: $kexeccmd"
 DEBUG "kexec-boot: executing kexec with adjusted_cmd_line=$adjusted_cmd_line kexectype=$kexectype"

initrd/bin/kexec-iso-init.sh

@@ -1,5 +1,33 @@
 #!/bin/bash
-# Boot from signed ISO
+# Boot from signed ISO file on USB media
+#
+# This script handles booting from ISO files stored on USB storage.
+# It works by mounting the ISO, detecting boot mechanisms supported by
+# the ISO's initrd, injecting appropriate kernel parameters, and
+# executing kexec to boot the OS.
+#
+# Detection approach:
+# 1. Mount the ISO as a loopback device
+# 2. Extract and scan the initrd for supported boot mechanisms
+# 3. Fall back to scanning *.cfg files if initrd detection yields nothing
+# 4. If no known boot-from-ISO mechanism is found, warn and guide user
+#
+# Supported boot mechanisms (detected in initrd or config):
+# - iso-scan/findiso: Dracut-based (Ubuntu, Debian Live, Tails, etc.)
+# - live-media: Dracut live-media parameter
+# - boot=live: Debian Live / Fedora Live
+# - boot=casper: Ubuntu Casper
+# - nixos: NixOS
+# - anaconda: Fedora/RHEL Anaconda (block device required)
+# - overlay: OverlayFS support
+# - toram: Load-to-RAM support
+#
+# If no mechanism is detected, the user is warned that the ISO may not
+# support booting from ISO file on USB, and is given alternative options:
+# - Write ISO directly to USB with dd
+# - Use Ventoy in USB emulation mode
+# - Boot from real DVD drive
+#
 set -e -o pipefail
 . /etc/functions.sh
 . /etc/gui_functions.sh
@@ -52,6 +80,18 @@ mount -t iso9660 -o loop $MOUNTED_ISO_PATH /boot ||
 
 DEV_UUID=$(blkid $DEV | tail -1 | tr " " "\n" | grep UUID | cut -d\" -f2)
 
+# Scan an initrd for supported filesystems and boot mechanisms.
+# This function unpacks the initrd and searches for:
+# - Kernel modules (*.ko/*.ko.xz) -> supported filesystems
+# - Scripts and configs (*.sh, *.conf, init, scripts/*) -> boot mechanisms
+#
+# Supported filesystems detected: ext4, vfat, exfat, ntfs, btrfs, xfs
+# Supported boot mechanisms detected: iso-scan, live-media, boot-live,
+#   casper, nixos, anaconda, overlay, toram, device
+#
+# Results are stored in global variables:
+# - supported_fses: Space-separated list of supported filesystem types
+# - supported_boot: Space-separated list of supported boot mechanisms
 scan_initramfs() {
 	local path="$1"
 	local tmpdir=""
@@ -82,20 +122,40 @@ scan_initramfs() {
 		boot_content=$(strings "$path" 2>/dev/null) || true
 	fi
 
-	echo "$boot_content" | grep -qEi "iso.scan|findiso" &&
-		supported_boot="${supported_boot}iso-scan/findiso " || true
-	echo "$boot_content" | grep -qEi "live.media|live-media" &&
-		supported_boot="${supported_boot}live-media= " || true
-	echo "$boot_content" | grep -qEi "boot=live|rd.live.image|rd.live.squash" &&
-		supported_boot="${supported_boot}boot=live " || true
-	echo "$boot_content" | grep -qEi "boot.casper|casper" &&
-		supported_boot="${supported_boot}boot=casper " || true
-	echo "$boot_content" | grep -qEi "nixos" &&
-		supported_boot="${supported_boot}nixos " || true
-	echo "$boot_content" | grep -qEi "inst.stage2|inst.repo" &&
-		supported_boot="${supported_boot}anaconda " || true
+	for pattern in "iso.scan|findiso" "live.media|live-media" "boot=live|rd.live.image|rd.live.squash" "boot.casper|casper" "nixos" "inst.stage2|inst.repo" "overlay|overlayfs" "toram" "CDLABEL|img_dev|check_dev"; do
+		case "$pattern" in
+		iso.scan|findiso) label="iso-scan" ;;
+		live.media|live-media) label="live-media" ;;
+		boot=live|rd.live.image|rd.live.squash) label="boot-live" ;;
+		boot.casper|casper) label="casper" ;;
+		nixos) label="nixos" ;;
+		inst.stage2|inst.repo) label="anaconda" ;;
+		overlay|overlayfs) label="overlay" ;;
+		toram) label="toram" ;;
+		CDLABEL|img_dev|check_dev) label="device" ;;
+		esac
+		echo "$boot_content" | grep -qEi "$pattern" &&
+			supported_boot="${supported_boot}${label} " || true
+	done
 }
 
+# Detect if the mounted ISO is an installer ISO (not a live/bootable ISO).
+# Installer ISOs (like Debian DVD installer) do not support booting from
+# ISO file on USB - they only work with physical CD/DVD or PXE boot.
+#
+# Detection checks for:
+# - /boot/install* directory (installer content)
+# - /boot/isolinux or /boot/grub (boot configs, but no live boot)
+# - /boot/install.amd/vmlinuz and initrd.gz (installer kernel/initrd)
+#
+# Detect boot mechanisms supported by the ISO's initrd.
+# This function:
+# 1. Parses all *.cfg files to find initrd paths
+# 2. For each initrd, calls scan_initramfs() to extract supported features
+# 3. Outputs two lines: "fs:..." and "boot:..." with detected support
+#
+# This is the primary detection method - scanning initrd content directly
+# provides the most accurate picture of what the ISO can do.
 detect_initrd_boot_support() {
 	local supported_fses=""
 	local supported_boot=""
@@ -131,6 +191,13 @@ detect_initrd_boot_support() {
 	return 0
 }
 
+# Fallback detection: scan *.cfg files for boot parameters.
+# This is used when initrd detection fails or yields no results.
+# It greps through boot config files (GRUB, syslinux, ISOLINUX) for
+# known boot parameters that indicate ISO-on-USB support.
+#
+# This method is less accurate than initrd scanning but can provide
+# hints when initrd extraction fails.
 extract_boot_params_from_cfg() {
 	for cfg in $(find /boot -name '*.cfg' -type f 2>/dev/null); do
 		[ -r "$cfg" ] || continue
@@ -141,22 +208,49 @@ extract_boot_params_from_cfg() {
 		while IFS= read -r line; do
 			case "$line" in
 			*boot=live* | *rd.live.image* | *rd.live.squashimg=*)
-				boot_params="${boot_params}boot=live "
+				if ! echo "$boot_params" | grep -q "boot-live"; then
+					boot_params="${boot_params}boot-live "
+				fi
 				;;
 			*iso-scan/filename=* | *findiso=*)
-				boot_params="${boot_params}iso-scan/findiso "
+				if ! echo "$boot_params" | grep -q "iso-scan"; then
+					boot_params="${boot_params}iso-scan "
+				fi
 				;;
 			*live-media=* | *live.media=*)
-				boot_params="${boot_params}live-media= "
+				if ! echo "$boot_params" | grep -q "live-media"; then
+					boot_params="${boot_params}live-media "
+				fi
 				;;
 			*boot=casper* | *casper*)
-				boot_params="${boot_params}boot=casper "
+				if ! echo "$boot_params" | grep -q "casper"; then
+					boot_params="${boot_params}casper "
+				fi
 				;;
 			*inst.stage2=* | *inst.repo=*)
-				boot_params="${boot_params}anaconda "
+				if ! echo "$boot_params" | grep -q "anaconda"; then
+					boot_params="${boot_params}anaconda "
+				fi
 				;;
 			*nixos*)
-				boot_params="${boot_params}nixos "
+				if ! echo "$boot_params" | grep -q "nixos"; then
+					boot_params="${boot_params}nixos "
+				fi
+				;;
+			*overlay=* | *overlayfs*)
+				if ! echo "$boot_params" | grep -q "overlay"; then
+					boot_params="${boot_params}overlay "
+				fi
+				;;
+			*toram*)
+				if ! echo "$boot_params" | grep -q "toram"; then
+					boot_params="${boot_params}toram "
+				fi
+				;;
+			*CDLABEL=* | *img_dev=* | *check_dev*)
+				if ! echo "$boot_params" | grep -q "device"; then
+					boot_params="${boot_params}device "
+				fi
 				;;
 			esac
 		done <"$cfg"
@@ -165,6 +259,15 @@ extract_boot_params_from_cfg() {
 	return 1
 }
 
+# ============================================================================
+# Main detection flow
+# ============================================================================
+# Step 1: Scan initrd for supported boot mechanisms
+# Step 2: If no boot method found, fall back to cfg file scanning
+# Step 3: Check USB filesystem compatibility
+# Step 4: If no known mechanism found, warn user with guidance
+# ============================================================================
+
 STATUS "Detecting USB filesystem and boot method support..."
 SUPPORTED_FSES=""
 SUPPORTED_BOOT=""
@@ -177,12 +280,16 @@ SUPPORTED_BOOT=$(echo "$tmp_support" | grep "^boot:" | sed 's/^boot://') || SUPP
 DEBUG "SUPPORTED_FSES='$SUPPORTED_FSES'"
 DEBUG "SUPPORTED_BOOT from initrd='$SUPPORTED_BOOT'"
 
-if [ -z "$SUPPORTED_BOOT" ]; then
-	DEBUG "No boot method in initrd, scanning *.cfg files..."
-	CFG_BOOT=$(extract_boot_params_from_cfg 2>/dev/null | grep "^cfg:" | sed 's/^cfg://') || CFG_BOOT=""
-	DEBUG "CFG_BOOT='$CFG_BOOT'"
-else
-	DEBUG "Boot method found in initrd, skipping cfg extraction"
+DEBUG "Scanning *.cfg files to augment initrd results..."
+CFG_BOOT=$(extract_boot_params_from_cfg 2>/dev/null | grep "^cfg:" | sed 's/^cfg://') || CFG_BOOT=""
+DEBUG "CFG_BOOT='$CFG_BOOT'"
+
+if [ -n "$SUPPORTED_BOOT" ] && [ -n "$CFG_BOOT" ]; then
+	SUPPORTED_BOOT="$SUPPORTED_BOOT $CFG_BOOT"
+	DEBUG "Combined boot methods: $SUPPORTED_BOOT"
+elif [ -z "$SUPPORTED_BOOT" ] && [ -n "$CFG_BOOT" ]; then
+	SUPPORTED_BOOT="$CFG_BOOT"
+	DEBUG "Using cfg boot methods: $SUPPORTED_BOOT"
 fi
 
 if [ -n "$SUPPORTED_FSES" ]; then
@@ -197,28 +304,58 @@ fi
 
 if [ -n "$SUPPORTED_BOOT" ]; then
 	DETECTED_METHODS="$SUPPORTED_BOOT"
-	DEBUG "Initrd supports boot methods: $DETECTED_METHODS"
-elif [ -n "$CFG_BOOT" ]; then
-	DETECTED_METHODS="$CFG_BOOT"
-	DEBUG "Boot config (*.cfg) indicates boot methods: $DETECTED_METHODS"
+	DEBUG "Detected boot methods: $DETECTED_METHODS"
 fi
 
 DEBUG "DETECTED_METHODS='$DETECTED_METHODS'"
 if [ -z "$DETECTED_METHODS" ]; then
 	WARN "ISO may not boot from USB file: no supported boot method detected"
 	if [ -x /bin/whiptail ]; then
-		if ! whiptail_warning --title 'ISO BOOT COMPATIBILITY WARNING' --yesno \
-			"ISO boot from USB file may not work.\n\nThis ISO does not appear to support booting from ISO file on USB stick.\n\nKnown compatible ISOs: Ubuntu, Debian Live, Tails, NixOS, Fedora Workstation, PureOS, Kicksecure.\n\nFor this ISO, try:\n- Use distribution USB creation tool (Ventoy, Rufus, etc)\n- Write ISO directly to USB with dd\n- Report to upstream that ISO should support USB file boot\n\nDo you want to try anyway?" \
+		if ! whiptail_warning --title 'ISO BOOT NOT SUPPORTED' --yesno \
+			"This ISO does not support booting from ISO file on USB.\n\nThe initrd does not include boot-from-ISO mechanisms (no live-boot, casper, fromiso, iso-scan, anaconda, or nixos support detected).\n\nTo use this ISO, write the hybrid image directly to a USB flash drive:\n\nLinux: sudo cp image.iso /dev/sdX (Be cautious!)\nWindows/Mac: Use Rufus, select DD mode (NOT ISO mode)\n\nWrite to whole-disk device (NOT a partition, e.g. /dev/sdX not /dev/sdX1),\nthen boot from USB device directly (not as ISO file).\n\nSee Debian wiki: https://wiki.debian.org/DebianInstall" \
 			0 80; then
-			DIE "ISO boot cancelled - unsupported ISO on USB file"
+			DIE "ISO boot cancelled - initrd does not support USB file boot"
 		fi
 	else
-		INPUT "ISO may not support USB file boot. Try anyway? [y/N]:" -n 1 response
-		[ "$response" != "y" ] && [ "$response" != "Y" ] && DIE "ISO boot cancelled - unsupported ISO on USB file"
+		ERROR "ISO initrd has no boot-from-ISO support (no live-boot/casper/iso-scan)"
+		ERROR "Write hybrid image to USB: Linux: cp iso /dev/sdX | Win/Mac: Rufus DD mode"
+		INPUT "Try anyway? [y/N]:" -n 1 response
+		[ "$response" != "y" ] && [ "$response" != "Y" ] && DIE "ISO boot cancelled"
 	fi
 fi
 
-ADD="fromiso=/dev/disk/by-uuid/$DEV_UUID/$ISO_PATH img_dev=/dev/disk/by-uuid/$DEV_UUID iso-scan/filename=/${ISO_PATH} img_loop=$ISO_PATH iso=$DEV_UUID/$ISO_PATH live-media=/dev/disk/by-uuid/$DEV_UUID/$ISO_PATH live-media-path=casper"
+# ============================================================================
+# Boot parameter injection
+# ============================================================================
+# Inject all known boot-from-ISO parameters. The ISO's initrd will use
+# whichever parameters it understands and ignore the rest.
+#
+# Parameters injected (covering all major boot systems):
+# - findiso, fromiso, iso-scan/filename: Dracut standard
+# - img_dev, img_loop: additional Dracut variants
+# - iso: alternative parameter
+# - live-media, live-media-path: live-boot parameters
+# - boot=live, boot=casper: casper/live-boot parameters
+# ============================================================================
+
+ISO_DEV="/dev/disk/by-uuid/$DEV_UUID"
+ISO_PATH_ABS="/$ISO_PATH"
+
+base_params="findiso=$ISO_DEV/$ISO_PATH fromiso=$ISO_DEV/$ISO_PATH iso-scan/filename=$ISO_PATH_ABS img_dev=$ISO_DEV img_loop=$ISO_PATH iso=$DEV_UUID/$ISO_PATH"
+
+add_params=""
+if echo "$DETECTED_METHODS" | grep -q "casper"; then
+	add_params="$add_params boot=casper live-media-path=casper"
+fi
+if echo "$DETECTED_METHODS" | grep -q "boot-live"; then
+	add_params="$add_params boot=live"
+fi
+if echo "$DETECTED_METHODS" | grep -q "live-media"; then
+	add_params="$add_params live-media=$ISO_DEV/$ISO_PATH"
+fi
+
+ADD="$base_params $add_params"
+DEBUG "Injecting boot params: $ADD"
 REMOVE=""
 
 paramsdir="/media/kexec_iso/$ISO_PATH"

initrd/bin/kexec-parse-boot.sh

@@ -1,4 +1,14 @@
 #!/bin/bash
+# Parse boot loader configs (GRUB, syslinux, ISOLINUX) to extract boot entries
+#
+# This script parses boot configuration files to build a list of boot entries
+# that can be used by kexec-boot.sh to boot an OS. It handles:
+# - GRUB config files (grub.cfg)
+# - SYSLINUX/ISOLINUX config files (isolinux.cfg, syslinux.cfg)
+# - Multiboot kernels (Xen)
+#
+# Output format: name|kexectype|kernel path[|initrd path][|append params]
+#
 set -e -o pipefail
 . /etc/functions.sh
 

initrd/bin/kexec-select-boot.sh

@@ -144,7 +144,11 @@ get_menu_option() {
 		while read option; do
 			parse_option
 			n=$(expr $n + 1)
-			MENU_OPTIONS+=("$n" "$name")
+			if [ -n "$params" ]; then
+				MENU_OPTIONS+=("$n" "$name ($params)")
+			else
+				MENU_OPTIONS+=("$n" "$name")
+			fi
 		done <$TMP_MENU_FILE
 
 		whiptail_type $BG_COLOR_MAIN_MENU --title "Select your boot option" \
@@ -165,7 +169,7 @@ get_menu_option() {
 			# because DO_WITH_DEBUG pipes stdout through tee for debug logging,
 			# making it fully buffered — the last option would appear after the
 			# INPUT prompt.
-			printf '%d. %s [%s]\n' "$n" "$name" "$kernel" >"${HEADS_TTY:-/dev/stderr}"
+			printf '%d. %s %s [%s]\n' "$n" "$name" "${params:+($params)}" "$kernel" >"${HEADS_TTY:-/dev/stderr}"
 		done <$TMP_MENU_FILE
 
 		INPUT "Choose the boot option [1-$n, a to abort]:" -r option_index
@@ -202,6 +206,7 @@ confirm_menu_option() {
 parse_option() {
 	name=$(echo $option | cut -d\| -f1)
 	kernel=$(echo $option | cut -d\| -f3)
+	params=$(echo $option | cut -d\| -f5 | sed 's/append //' | xargs)
 }
 
 scan_options() {
@@ -212,10 +217,12 @@ scan_options() {
 		DIE "Failed to parse any boot options"
 	fi
 	if [ "$unique" = 'y' ]; then
-		sort -r $option_file | uniq >$TMP_MENU_FILE
+		sed 's/|append \([^|]*\)---[^|]*/|append \1/g' "$option_file" | sort -r | uniq >"$TMP_MENU_FILE"
 	else
 		cp $option_file $TMP_MENU_FILE
 	fi
+	DEBUG "Parsed boot options for user selection:"
+	cat "$TMP_MENU_FILE" | while read line; do DEBUG "  Option: $line"; done
 }
 
 save_default_option() {