PDM install notes slightly askew

[monkfish]

I usually do all my Proxmox installs on top of a Debian deployment, that way I can customise disk partitioning etc. I am happy this works for me.
Sometimes I'm keeping the default kernel to work around secure boot issues (PBS in particular - wholly operational with default Debian kernel and secure boot provided you prevent the proxmox grub uefi binaries from overwriting the Debian binaries).

Went to check out PDM as I've been reading rave reviews on what I understand to be the first release.

From the install notes:

Proxmox ships as a set of Debian packages which can be installed on top of a standard Debian installation. After configuring the Debian Package Repositories, you need to run: apt update
apt install proxmox-datacenter-manager proxmox-datacenter-manager-ui
The above commands keep the current (Debian) kernel and install a minimal setof required packages.
You can install the Proxmox default kernel with ZFS support by using:
apt update
apt install proxmox-default-kernel

This is not the case - the proxmox kernel is installed and configured regardless and then secure boot issues - differences between default uefi shim and proxmox shim. Brief output is at end. I wanted to report this in case its actually unwanted behaviour. Not a blocker for me, I turned off secure boot for a while.

I wish the team well in development of PDM alongside the other products - thank you for Proxmox!

---- install output on fresh debian system -----

root@mybox01:/etc/apt/sources.list.d# apt install proxmox-datacenter-manager proxmox-datacenter-manager-ui
Installing:
  proxmox-datacenter-manager  proxmox-datacenter-manager-ui

Installing dependencies:
  fonts-font-awesome  gnulib-l10n  libidn12                 libuchardet0             proxmox-datacenter-manager-client  proxmox-default-kernel              proxmox-kernel-helper       pve-firmware
  fonts-mathjax       groff-base   libjs-mathjax            pdm-i18n                 proxmox-datacenter-manager-docs    proxmox-kernel-6.17                 proxmox-mini-journalreader  pve-xtermjs
  gdisk               idn          libproxmox-acme-plugins  proxmox-archive-keyring  proxmox-datacenter-manager-meta    proxmox-kernel-6.17.9-1-pve-signed  proxmox-termproxy

Suggested packages:
  groff  fonts-mathjax-extras  fonts-stix  libjs-mathjax-doc  systemd-boot-tools  systemd-boot-efi  linux-image

Summary:
  Upgrading: 0, Installing: 25, Removing: 0, Not Upgrading: 12
  Download size: 386 MB
  Space needed: 1,698 MB / 14.7 GB available

Continue? [Y/n] y

 

[monkfish]

Said it was minor - workaround is as per other installs - after configuring repos and updating boot shims from proxmox repo, we don't reboot until PDM install complete including kernel. This allows my machine to remain with secure boot enabled.

Still a discrepancy over proxmox kernel installing anyway but all good. Tweak of docs needed if this is actually intended rather that what is currently written. Thank you for proxmox!

 

[dcsapak]

aside from the install notes might needing an update, what problem do you have with secure boot with our shim/grub/kernel? They should be signed and bootable with secure boot?

 

[monkfish]

Hi Dominik, I should have perhaps phrased that better or logged a ticket before. My bad.
Its specifically PBS installed on top of Debian that yields secure boot issues.

Pretty much, if you perform a Debian install with custom partitioning with a nod to hardening compliance on partitions then install PBS, it breaks unless you revert to the Debian shim/grub. PBS doesnt (didnt?) force a custom kernel install but we know kernel and shim have to match.

Please do Not take this as any criticism, I was always aware that installing over Debian although supported not always straightforward.

Tell you what I'll do to take it out of here, is run through process again and feed a ticket back in?

Thank you for Proxmox!