fix(acl): harmonize UKI discovery error handling across cleanup and test

- cleanup-vhd.sh: fail loud (exit 1) when no UKI is found instead of
  silently no-op'ing. Previously the silent skip could ship a VHD without
  the firstboot addon -- the exact failure mode this PR set out to fix
  (no flatcar.first_boot=detected -> Ignition subsequent-boot -> oem-
  cloudinit skipped -> scriptless CSE 17-min hang). The fail-loud path
  stays ACL-scoped under the existing [ -f /boot/acl/uki-addons/
  firstboot.addon.efi ] guard, so non-ACL distros are unaffected.
- cleanup-vhd.sh: use basename(uki_path) for addon_dir so the variable
  shape matches tool_installs_acl.sh and linux-vhd-content-test.sh.
- linux-vhd-content-test.sh: rename acl_uki_path/acl_uki_name/
  acl_fips_addon to uki_path/uki_name/fips_addon_path for grep parity
  with the production install path. Capitalize "No UKI..." message to
  match the other two sites.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

Author: aadhar-agarwal

vhdbuilder/packer/cleanup-vhd.sh

@@ -20,11 +20,14 @@ if [ -f /boot/acl/uki-addons/firstboot.addon.efi ]; then
   uki_path="$(find /boot/EFI/Linux -maxdepth 1 -type f \
         \( -name 'vmlinuz-*.efi' -o -name 'acl.efi' \) 2>/dev/null \
         | sort | head -n1)"
-  if [ -n "${uki_path}" ]; then
-    addon_dir="${uki_path}.extra.d"
-    if [ ! -f "${addon_dir}/firstboot.addon.efi" ]; then
-      install -D -m 0644 /boot/acl/uki-addons/firstboot.addon.efi "${addon_dir}/firstboot.addon.efi"
-    fi
+  if [ -z "${uki_path}" ]; then
+    echo "cleanup-vhd: No UKI found under /boot/EFI/Linux (expected acl.efi or vmlinuz-*.efi); firstboot addon not restored" >&2
+    exit 1
+  fi
+  uki_name="$(basename "${uki_path}")"
+  addon_dir="/boot/EFI/Linux/${uki_name}.extra.d"
+  if [ ! -f "${addon_dir}/firstboot.addon.efi" ]; then
+    install -D -m 0644 /boot/acl/uki-addons/firstboot.addon.efi "${addon_dir}/firstboot.addon.efi"
   fi
 fi
 # Cleanup disk usage diagnostics file (created by generate-disk-usage.sh)

vhdbuilder/packer/test/linux-vhd-content-test.sh

@@ -646,17 +646,17 @@ testFips() {
     # images use "vmlinuz-<version>.efi". systemd-boot loads cmdline addons
     # from "<UKI filename>.extra.d/", so the addon directory tracks the
     # UKI's actual name. Probe for either layout.
-    acl_uki_path=$(find /boot/EFI/Linux -maxdepth 1 -type f \
+    uki_path=$(find /boot/EFI/Linux -maxdepth 1 -type f \
       \( -name 'vmlinuz-*.efi' -o -name 'acl.efi' \) 2>/dev/null | sort | head -n1)
-    if [ -z "${acl_uki_path}" ]; then
-      err $test "no UKI found under /boot/EFI/Linux (expected acl.efi or vmlinuz-*.efi)."
+    if [ -z "${uki_path}" ]; then
+      err $test "No UKI found under /boot/EFI/Linux (expected acl.efi or vmlinuz-*.efi)."
     else
-      acl_uki_name=$(basename "${acl_uki_path}")
-      acl_fips_addon="/boot/EFI/Linux/${acl_uki_name}.extra.d/fips.addon.efi"
-      if [ -f "${acl_fips_addon}" ]; then
-        echo "ACL FIPS UKI addon file exists at ${acl_fips_addon}."
+      uki_name=$(basename "${uki_path}")
+      fips_addon_path="/boot/EFI/Linux/${uki_name}.extra.d/fips.addon.efi"
+      if [ -f "${fips_addon_path}" ]; then
+        echo "ACL FIPS UKI addon file exists at ${fips_addon_path}."
       else
-        err $test "ACL FIPS UKI addon file does not exist at ${acl_fips_addon}."
+        err $test "ACL FIPS UKI addon file does not exist at ${fips_addon_path}."
       fi
     fi
   fi