fix(acl): write VHD firstboot addon to active UKI's extra.d directory

aadhar-agarwal · Copilot · aadhar-agarwal · commit 23b9ea650a29 · 2026-05-23T11:24:43.000-07:00
cleanup-vhd.sh restores /boot/acl/uki-addons/firstboot.addon.efi onto the
ESP so that VMs spawned from the built VHD see flatcar.first_boot=detected
and run Ignition.

Newer ACL images (PR mariner-org/ACL#27198) renamed the UKI from acl.efi
to vmlinuz-&lt;version&gt;.efi per UAPI.  systemd-boot only auto-discovers addons
in &lt;uki-name&gt;.efi.extra.d/, so writing to the hardcoded acl.efi.extra.d/
left the addon undiscoverable on the new image.  Without the addon, the
first-boot kernel cmdline arg is absent, Ignition runs in subsequent-boot
mode, /etc/.ignition-result.json reports userConfigProvided=true, the
enable-oem-cloudinit.service ExecCondition fails, oem-cloudinit never
runs, the AgentBaker scriptless #cloud-config customData is never
processed, and scriptless E2E tests time out.

Discover the active UKI dynamically (matching uki_addon.sh in
mariner-org/ACL/acl-scripts) so the same script works against both the
old acl.efi naming and the new vmlinuz-&lt;version&gt;.efi naming.

Co-authored-by: Copilot &lt;223556219+Copilot@users.noreply.github.com&gt;
diff --git a/vhdbuilder/packer/cleanup-vhd.sh b/vhdbuilder/packer/cleanup-vhd.sh
@@ -13,9 +13,19 @@ rm -f /etc/machine-id
 touch /etc/machine-id
 chmod 644 /etc/machine-id
 # Restore the UKI firstboot addon consumed by ignition-quench during this build
-# Without this, VMs created from this VHD won't get flatcar.first_boot=detected on the kernel cmdline
-if [ -f /boot/acl/uki-addons/firstboot.addon.efi ] && [ ! -f /boot/EFI/Linux/acl.efi.extra.d/firstboot.addon.efi ]; then
-  install -D -m 0644 /boot/acl/uki-addons/firstboot.addon.efi /boot/EFI/Linux/acl.efi.extra.d/firstboot.addon.efi
+# Without this, VMs created from this VHD won't get flatcar.first_boot=detected on the kernel cmdline.
+# The active UKI follows UAPI naming (vmlinuz-<version>.efi) on newer ACL images and was
+# previously named acl.efi -- discover it dynamically rather than hardcoding either name.
+if [ -f /boot/acl/uki-addons/firstboot.addon.efi ]; then
+  uki_path="$(find /boot/EFI/Linux -maxdepth 1 -type f \
+        \( -name 'vmlinuz-*.efi' -o -name 'acl.efi' \) 2>/dev/null \
+        | sort | head -n1)"
+  if [ -n "${uki_path}" ]; then
+    addon_dir="${uki_path}.extra.d"
+    if [ ! -f "${addon_dir}/firstboot.addon.efi" ]; then
+      install -D -m 0644 /boot/acl/uki-addons/firstboot.addon.efi "${addon_dir}/firstboot.addon.efi"
+    fi
+  fi
 fi
 # Cleanup disk usage diagnostics file (created by generate-disk-usage.sh)
 rm -f /opt/azure/disk-usage.txt
