sysroot: Support boot counting for boot entries #3310
Conversation
|
Hi @igoropaniuk. Thanks for your PR. I'm waiting for a ostreedev member to verify that this patch is reasonable to test. If it is, they should reply with Once the patch is verified, the new status will be reflected by the I understand the commands that are listed here. Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes-sigs/prow repository. |
|
This PR was created for initial feedback, I'll address the naming in the tests if needed and re-push |
|
I love the idea of integrating here, thanks for starting this! This came up before in at least #3032 Hmm don't we need to consider how we make this configurable? Currently systemd kernel-install parses |
|
@cgwalters thanks for the feedback, my concern regarding parsing A can add an optional autoconf flag for that |
igoropaniuk
force-pushed
the
boot_count
branch
from
6b33424
to
8ea23c7
Compare
|
@cgwalters added support for |
igoropaniuk
changed the title
|
BTW, which bootloader are you looking at using this with? |
|
@cgwalters EDK2 + systemd-boot |
igoropaniuk
force-pushed
the
boot_count
branch
from
8ea23c7
to
4bce924
Compare
|
@cgwalters I've addressed all comments, thanks! |
Add support for boot counting for bootloader entries [1]. The boot counting data is stored in the name of the boot loader entry. A boot loader entry file name may contain a plus (+) followed by a number. This may optionally be followed by a minus (-) followed by a second number. The dot (.) and file name suffix (conf or efi) must immediately follow. All "pending" entries (in the middle of boot counting) are automatically removed during creation of new boot entries for new deployments. The feature is enabled via sysroot configuration: [sysroot] boot_counting=3 Testing: $ ostree admin deploy 91fc19319be9e79d07159303dff125f40f10e5c25614630dcbed23d95e36f907 Copying /etc changes: 2 modified, 3 removed, 4 added bootfs is sufficient for calculated new size: 0 bytes Transaction complete; bootconfig swap: yes; bootversion: boot.0.1, deployment count change: 1 $ ls /boot/loader/entries ostree-1+3.conf ostree-2+3.conf [1] https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting Signed-off-by: Igor Opaniuk <[email protected]>
igoropaniuk
force-pushed
the
boot_count
branch
from
4bce924
to
57e988e
Compare
|
@cgwalters looks like some CI tests are still failing, but all of them are unrelated to this change, for example: |
|
Yes CI failures are unrelated, will look at this soon |
| @@ -416,6 +416,14 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>. | |||
| </listitem> | |||
| </varlistentry> | |||
|
|
|||
| <varlistentry> | |||
| <term><varname>boot_counting</varname></term> | |||
There was a problem hiding this comment.
Bikeshed: for consistency with other knobs in this file, boot-counting?
Also, should this be e.g. boot-counting-tries to make it clearer?
| <term><varname>boot_counting</varname></term> | ||
| <listitem><para>Integer value controlling the number of maximum boot attempts. The boot counting data is stored in the name of the | ||
| boot loader entry. A boot loader entry file name may contain a plus (+) followed by a number. This may optionally be followed by | ||
| a minus (-) followed by a second number. The dot (.) and file name suffix (conf or efi) must immediately follow. |
There was a problem hiding this comment.
Feel like a link to the spec here would be helpful.
| &boot_counting_str, NULL); | ||
|
|
||
| if (boot_counting_str) | ||
| /* Ensure boot count value is in [0,5] */ |
There was a problem hiding this comment.
Hmm, doesn't seem required by the spec. Is that a systemd-boot requirement?
There was a problem hiding this comment.
well, I took the initiative here :) . I personally don't see any reasons why we should have support for more then 5 boot attempts.
I can drop this limitation if there are objections.
| if (!ostree_sysroot_get_repo (self, &repo, cancellable, error)) | ||
| return FALSE; | ||
|
|
||
| return (repo->boot_counting != 0 ? TRUE : FALSE); |
There was a problem hiding this comment.
| return (repo->boot_counting != 0 ? TRUE : FALSE); | |
| return repo->boot_counting != 0; |
| g_autofree char *bootconf_filename; | ||
| if (bootloader_is_boot_count_enabled(sysroot, cancellable, error)) | ||
| { | ||
| guint max_tries = bootloader_get_max_boot_tries (sysroot, cancellable, error); | ||
| bootconf_filename = g_strdup_printf ("%s+%u.conf", bootconf_name, max_tries); | ||
|
|
||
| if (!bootloader_remove_tmp_entries(bootconf_dfd, bootconf_name, max_tries, cancellable, error)) | ||
| return FALSE; | ||
| } | ||
| else | ||
| { | ||
| bootconf_filename = g_strdup_printf ("%s.conf", bootconf_name); | ||
| } | ||
|
|
||
| if (!ostree_bootconfig_parser_write_at (ostree_deployment_get_bootconfig (deployment), | ||
| bootconf_dfd, bootconf_name, cancellable, error)) | ||
| bootconf_dfd, bootconf_filename, cancellable, error)) |
There was a problem hiding this comment.
Hmm, but note that this function is called for every deployment on every update (that results in a BLS write). So this would effectively "unbless" a boot that was previously blessed (or reset to the max boots that did have some failures).
ISTM like the boot count needs to be part of e.g. the OstreeDeployment object so that we can leave it untouched when rewriting BLS entries.
There was a problem hiding this comment.
Technically we can have just a boolean flag (bootable field for example) for that, and check if a filename of an old BLS entry (stored in /boot/loader.%d/entries) still has a boot counter suffix. And if it doesn't -> set OstreeDeployment->bootable, so then we can create all new BLS entries for this particular deployment without any boot counters.
The problem is that deployment index for OstreeDeployment is not static and there is no deterministic way to match existing boot entry with a specific OstreeDeployment, maybe only parsing BLS entry contents could help
There was a problem hiding this comment.
The problem is that deployment index for OstreeDeployment is not static and there is no deterministic way to match existing boot entry with a specific OstreeDeployment, maybe only parsing BLS entry contents could help
There is, but that state is currently not kept around. If you look at e.g. sysroot_load_from_bootloader_configs() is where we go through the BLS entries and convert those to an ordered list of OstreeDeployments. So we could parse the counter information from the filename there and keep that state in the deployment objects.
Add support for boot counting for bootloader entries [1]. The boot counting data is stored in the name of the boot loader entry. A boot loader entry file name may contain a plus (+) followed by a number. This may optionally be followed by a minus (-) followed by a second number. The dot (.) and file name suffix (conf or efi) must immediately follow.
All "pending" entries (in the middle of boot counting) are automatically removed during creation of new boot entries for new deployments.
Testing:
$ ostree admin deploy 91fc19319be9e79d07159303dff125f40f10e5c25614630dcbed23d95e36f907 Copying /etc changes: 2 modified, 3 removed, 4 added bootfs is sufficient for calculated new size: 0 bytes Transaction complete; bootconfig swap: yes; bootversion: boot.0.1, deployment count change: 1
$ ls /boot/loader/entries
ostree-1+3.conf ostree-2+3.conf
[1] https://uapi-group.org/specifications/specs/boot_loader_specification/#boot-counting