-
Notifications
You must be signed in to change notification settings - Fork 301
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Rework BLS fragment writing to do "two phase commit" #1951
Comments
Cool. This'll solve the sd-boot problem. Would it be possible for OSTree to also be able to operate directly on /efi (systemd's preferred mount point for the ESP) |
Also just recording some other thoughts here. In some cases, we end up writing kernel+initramfs to FAT. And in general there's been longstanding issues with FS journaling versus bootloaders; see #1049 I think we should create a higher level "protocol" between things writing data in
etc. And the bootloader would validate these before trying to boot a particular entry. Or it'd at least verify the BLS fragment checksum since that should be basically free. Things writing kernels/initramfs to |
xref https://marc.info/?l=linux-fsdevel&m=157168785821373&w=2 |
What is the status of this? @cgwalters |
This would also fix systemd-boot usage in Silverblue which uses /boot/loader/entries/ not /boot/loader.0/ |
I believe that if that's the approach chosen then this protocol should be agreed with systemd and be properly described in the https://systemd.io/BOOT_LOADER_SPECIFICATION/ document. |
Another option is to use the I've proposed a patch series to add the missing support: https://lkml.org/lkml/2022/5/24/137 |
I was looking at this again as part of cleaning up an "install ostree inside existing booted system" flow, and this bit is definitely important. It seems also right now that we entirely drop non-ostree BLS entries, which is not cool at all. (Though, keeping them gets into a big mess around bootloader entry prioritization) |
Currently we require
/boot/loader
be a symbolic link, so that we can transactionally replace all of the entries. This causes various problems because it's an OSTree-specific invention.Another approach would be to use "journaling", something like this:
/boot/loader/.ostree-txn
which would be a single file containing the new list of OSTree-specific bootloader entries (i.e. things starting withostree-
today)Completion:
/boot/loader/.ostree-txn
exists, add all bootloader entries referenced by it, then delete all unreferenced onesunlink(/boot/loader.ostree-txn)
Now if we're interrupted between these steps, we can add a systemd unit which does
ConditionPathExists=/boot/loader/.ostree-txn
and does the work on bootup. If we also detect that this would have changed the default boot entry, then we reboot.The text was updated successfully, but these errors were encountered: