[rhel-9.8_10.2] edge bootupd metadata generation and bootloader-update service on 9.6+

[croissanne]

Enable bootupd_gen_metadata for edge-commit and edge-container image types in RHEL 9.8+ to fix Anaconda bootloader installation failures.

The bootupctl backend generate-update-metadata command creates the required /usr/lib/bootupd/updates/EFI.json metadata. This is conditionally enabled only for 9.8+ where bootupd is available.

Fixes: virt-s1/rhel-edge#11427
Related: 6340fa0

---

commit 84533e4 (HEAD -> rhel-9.8_10.2, sannehub/rhel-9.8_10.2)
Author: Sanne Raymaekers sanne.raymaekers@gmail.com
Date: Thu Jun 25 16:10:32 2026 +0200

rhel-9: enable bootloader-update service in edge from 9.6 onwards

Automatically update the bootloader on boot. The required update
metadata should be present on the system for 9.6+.

commit 46e151f
Author: Sanne Raymaekers sanne.raymaekers@gmail.com
Date: Thu Jun 25 15:55:01 2026 +0200

rhel-9: include bootupd in edge from 9.6 onwards

`bootupd` has been shipped into 9 since at least 9.6, so do not exclude
it. Additionally, in order for bootupctl to work correctly, it needs the
update metadata generated by bootupd.

[packit-as-a-service]

Failed to load packit config file:

Cannot parse package config. ValidationError({'jobs': {0: {'packages': defaultdict(<class 'dict'>, {'image-builder': {'value': {'synced_files': ['Unknown field.']}}})}, 1: {'packages': defaultdict(<class 'dict'>, {'image-builder': {'value': {'synced_files': ['Unknown field.']}}})}, 2: {'packages': defaultdict(<class 'dict'>, {'image-builder': {'value': {'synced_files': ['Unknown field.']}}})}, 3: {'packages': defaultdict(<class 'dict'>, {'image-builder': {'value': {'synced_files': ['Unknown field.']}}})}, 4: {'packages': defaultdict(<class 'dict'>, {'image-builder': {'value': {'synced_files': ['Unknown field.']}}})}}, 'packages': defaultdict(<class 'dict'>, {'image-builder': {'value': {'synced_files': ['Unknown field.']}}})})

For more info, please check out the documentation or contact the Packit team. You can also use our CLI command config validate or our pre-commit hooks for validation of the configuration.

[kgiusti]

I've done some light testing on this patch and it LGTM.

• generated a rhel9.6 x86_64 edge-commit and installed into a virtual-machine using kickstart
• verified bootloader-update.service loaded and ran successfully (no-op).
• verified bootupd meta data exists (/usr/lib/bootupd/updates/EFI.json present)
• verified edge-related systemd services present as per edge-commit configuration
• generated a rhel9.8 x86_64 edge-commit, setting ref to rhel9.6 parent
• performed rpm-ostree update/reboot to upgrade rhel9.6 to rhel9.8
• verified bootloader-update.service ran and upgraded shim-x64 to rhel9.8 package
• verified bootupd meta data correct

One unexpected issue: I'm hitting selinux denial when I run bootupctl on the console - works fine via an ssh session. Probably not related to this fix, nor is it bootupctl specific, but a systemd-run issue. I can reproduce simply with sudo systemd-run --wait -P echo hello
Failed to start transient service unit: Connection reset by peer

It doesn't effect the bootloader-update.service either.

[croissanne]

One unexpected issue: I'm hitting selinux denial when I run bootupctl on the console - works fine via an ssh session

Probably something that needs to be changed in the selinux policy yea. But thank you so much for testing all of this!

[croissanne]

Just the unattended installer failing rn, should be ok, was the case with the previous backport too

[supakeen]

Just the unattended installer failing rn, should be ok, was the case with the previous backport too

The rawhide failures are also expected as I think these definitions are before we dropped zd1211-firmware.