Re: trying to understand how the /boot/loader symlink is supposed to work.

From: Colin Walters <walters verbum org>
To: Daniel Drake <drake endlessm com>
Cc: Leon Woestenberg <leon sidebranch com>, ostree-list gnome org, Carlo Caione <carlo endlessm com>
Subject: Re: trying to understand how the /boot/loader symlink is supposed to work.
Date: Fri, 02 Feb 2018 13:14:58 -0500



On Fri, Feb 2, 2018, at 9:32 AM, Daniel Drake wrote:

On Fri, Feb 2, 2018 at 10:13 AM, Colin Walters <walters verbum org> wrote:

What at least for Fedora Atomic we settled on is a model where
the bootloader and its data are installed *once*, and never updated again.


I'm curious why you went with this model. Is it just because it's an
unsolved problem? What if the bootloader has a bug that needs to be
fixed, or a security issue?


We just haven't crossed the issue yet honestly.  A number of the server
cases involve re-provisioning periodically anyways; in talking with
some big server deployments, even though ostree is very "image-like",
they still prefer full re-provisions say once a month to entirely flush out
even corner-case state like the filesystem feature set.
(This last one actually did bite us with XFS + ftype=1 requirement for
 overlayfs)

Anyways it's a big messy topic, and gets into again how the distribution
is built.  I'm just describing what we sort of settled on, but it's
by no means the *only* way one could do things.  If someone has better
ideas, I'd love to discuss.  Particularly if someone has a design for how
updates to the bootloader itself should work.  (Is anyone using e.g. UEFI+ostree
actually updating the copy of grub.x64 or whatever on the ESP?)


We are just starting a project to update the bootloader files on the ESP.
https://github.com/endlessm/eos-boot-helper/pull/178


Interesting.  Maybe this is something that could be shared with
other libostree users somehow?  One thing that made me pause around
this is just ensuring power-loss safety.  Which gets messy with FAT.
Maybe the easiest thing is to have a "do not power off your device"
screen and require the system be plugged in like you see on other OSes,
but so far libostree has had no such requirement and I really like that
for obvious reasons ;)

It's actually related to the grub.cfg (or equivalent) file on FAT; and actually
XFS; see https://github.com/ostreedev/ostree/pull/1049
And specifically https://marc.info/?l=linux-fsdevel&m=150179189820971&w=2

I could imagine doing something like this with a "pre-grubx64.efi" binary
or the like whose sole purpose was to iterate over an available set of
grubx64-1.efi, grubx64-2.efi etc. which had .checksum files available too,
and if the checksum didn't match it was skipped or so.

Follow-Ups:
- Re: trying to understand how the /boot/loader symlink is supposed to work.
  - From: Daniel Drake

References:
- Re: trying to understand how the /boot/loader symlink is supposed to work.
  - From: Leon Woestenberg
- Re: trying to understand how the /boot/loader symlink is supposed to work.
  - From: Colin Walters
- Re: trying to understand how the /boot/loader symlink is supposed to work.
  - From: Daniel Drake

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]