CP-53030: bootloader: stop MenuEntry.contents getting clobbered by setNextBoot

Kevin Lampis · Kevin Lampis · commit bb777a00cdc4 · 2025-11-25T12:09:08.000Z
This makes MenuEntry.contents more useful as a way to inject arbitrary
data into a menuentry. Before this change setNextBoot assumed it was the
only user of this field as was clobbering any existing data.

New method setGrubVariable() which will be used by an external tool.

Signed-off-by: Kevin Lampis &lt;kevin.lampis@citrix.com&gt;
diff --git a/tests/test_bootloader.py b/tests/test_bootloader.py
@@ -52,12 +52,31 @@ def test_no_hypervisor(self):
         with self.assertRaises(RuntimeError):
             Bootloader.readGrub2("tests/data/grub-no-hypervisor.cfg")
 
+    def test_set_grub_variable(self):
+        tmpdir = mkdtemp(prefix="testbl")
+        env = os.path.join(tmpdir, 'grubenv')
+        bl = Bootloader("", "", env_block=env)
+
+        self.assertFalse(os.path.isfile(env))
+
+        self.assertTrue(bl.setGrubVariable("waffles=true"))
+
+        self.assertTrue(os.path.isfile(env))
+        self.assertGreater(os.path.getsize(env), 0)
+
+    def test_set_grub_variable_throws_without_envfile(self):
+        bl = Bootloader("", "", env_block=None)
+
+        with self.assertRaises(AssertionError):
+            bl.setGrubVariable("waffles=true")
+
 
 class TestMenuEntry(unittest.TestCase):
     def setUp(self):
         self.tmpdir = mkdtemp(prefix="testbl")
         self.fn = os.path.join(self.tmpdir, 'grub.cfg')
         self.bl = Bootloader('grub2', self.fn)
+        self.env = os.path.join(self.tmpdir, 'grubenv')
 
     def tearDown(self):
         shutil.rmtree(self.tmpdir)
@@ -137,6 +156,101 @@ def test_new_linux(self):
 }
 ''')
 
+    def test_arbitrary_contents(self):
+        """ Test that arbitrary data can be injected into the MenuEntry.contents field. """
+        e = MenuEntry(hypervisor='xen.efi', hypervisor_args='a',
+                      kernel='vmlinuz', kernel_args='b',
+                      initrd='initrd.img',
+                      title='menu_name')
+
+        e.contents.append("\textra data line 1")
+        e.contents.append("\textra data line 2")
+
+        e.entry_format = Grub2Format.XEN_BOOT
+
+        self.bl.append('menu_name', e)
+        self.bl.commit()
+
+        with open_with_codec_handling(self.fn, 'r') as f:
+            content = f.read()
+
+        self.assertEqual(content,
+'''menuentry 'menu_name' {
+	extra data line 1
+	extra data line 2
+	xen_hypervisor xen.efi a
+	xen_module vmlinuz b
+	xen_module initrd.img
+}
+''')
+
+    def test_contents_not_clobbered_by_setnextboot(self):
+
+        self.assertIsNone(self.bl.env_block)
+        self.bl.env_block = self.env
+
+        e = MenuEntry(hypervisor='xen.efi', hypervisor_args='a',
+                      kernel='vmlinuz', kernel_args='b',
+                      initrd='initrd.img',
+                      title='menu_title')
+
+        e.contents.append("\textra data line 1")
+        e.contents.append("\textra data line 2")
+
+        e.entry_format = Grub2Format.XEN_BOOT
+
+        self.bl.append('menu_title', e)
+        self.assertTrue(self.bl.setNextBoot('menu_title'))
+        self.bl.commit()
+
+
+        with open_with_codec_handling(self.fn, 'r') as f:
+            content = f.read()
+
+        self.assertEqual(content,
+'''menuentry 'menu_title' {
+	unset override_entry
+	save_env override_entry
+	extra data line 1
+	extra data line 2
+	xen_hypervisor xen.efi a
+	xen_module vmlinuz b
+	xen_module initrd.img
+}
+''')
+
+    def test_setnextboot_is_indempotent(self):
+        self.bl.env_block = self.env
+
+        e = MenuEntry(hypervisor='xen.efi', hypervisor_args='a',
+                      kernel='vmlinuz', kernel_args='b',
+                      initrd='initrd.img',
+                      title='menu_title')
+
+        e.entry_format = Grub2Format.XEN_BOOT
+
+        self.bl.append('menu_title', e)
+
+        # Calling twice should have thte same effect as calling once
+        self.assertTrue(self.bl.setNextBoot('menu_title'))
+        self.assertTrue(self.bl.setNextBoot('menu_title'))
+
+        self.bl.commit()
+
+
+        with open_with_codec_handling(self.fn, 'r') as f:
+            content = f.read()
+
+        self.assertEqual(content,
+'''menuentry 'menu_title' {
+	unset override_entry
+	save_env override_entry
+	xen_hypervisor xen.efi a
+	xen_module vmlinuz b
+	xen_module initrd.img
+}
+''')
+
 
 class TestLinuxBootloader(unittest.TestCase):
     def setUp(self):
diff --git a/xcp/bootloader.py b/xcp/bootloader.py
@@ -374,15 +374,21 @@ def setNextBoot(self, entry):
             return False
 
         clear_default = ['\tunset override_entry', '\tsave_env override_entry']
-        self.menu[entry].contents = clear_default
+        if clear_default[0] not in self.menu[entry].contents:
+            self.menu[entry].contents = clear_default + self.menu[entry].contents
 
         for i in range(len(self.menu_order)):
             if self.menu_order[i] == entry:
-                cmd = ['grub-editenv', self.env_block, 'set', 'override_entry=%d' % i]
-                return xcp.cmd.runCmd(cmd) == 0
+                return self.setGrubVariable('override_entry=%d' % i)
 
         return False
 
+    def setGrubVariable(self, var):
+        if self.env_block is None:
+            raise AssertionError("No grubenv file")
+        cmd = ['grub-editenv', self.env_block, 'set', var]
+        return xcp.cmd.runCmd(cmd) == 0
+
     @classmethod
     def newDefault(cls, kernel_link_name, initrd_link_name, root = '/'):
         b = cls.loadExisting(root)
