Re: How is OSTree designed to be safe from power loss damage?
- From: Colin Walters <walters verbum org>
- To: ostree-list gnome org
- Subject: Re: How is OSTree designed to be safe from power loss damage?
- Date: Mon, 09 Jan 2017 05:13:39 -0500
Hi,
On Sun, Jan 8, 2017, at 09:40 PM, Leon Woestenberg wrote:
I understand how OSTree, at the end of it's deploy does an atomic switch in the "ostree admin" case of deployment of say a Linux OS. It assumes the softlink change is atomic on the filesystem (fair enough for me).
We actually reworked this logic a bit, this commit message should be useful:
However, how does OSTree recover from a situation where power loss occured during a pull or deployment? I would assume some files are then missing and some files are damaged (or incomplete).
The next time the system boots, how does OSTree verify that no files were corrupted by the underlying filesystem and how does it bring a next pull or deployment into a valid state?
Basically we use syncfs() to ensure the file contents are flushed to disk before
doing the symlink swap.
`git log --grep=fsync` in the ostree source shows you both how our
thinking on this has worked over time, and the diffs provide links to the
source code.
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]
