On 11/03/2016 12:31 PM, Chris Murphy wrote: > On Thu, Nov 3, 2016 at 8:35 AM, Stephen Gallagher <sgallagh@xxxxxxxxxx> wrote: > > >> So, good news! This is in fact already possible to do today, as I just tested. >> The following set of commands does exactly this: >> >> ``` >> pkcon refresh force >> pkcon update --only-download >> pkcon offline-trigger >> systemctl isolate system-update.target >> ``` >> >> This all runs in the current boot and will trigger a reboot immediately after >> the update completes. All of this should be easily possible to do for >> Workstation within GNOME Software if we agree that's easier on the end-user. > > Cool. Are the sysfs leak concerns by systemd folks considered minor? > Is there any advantage to running this in an nspawn container if > that's a cleaner environment? > Sorry, I think you made some assumptions there that I can't follow. What advantage would nspawn provide? Would those advantages outweigh the complexity of dealing with namespacing? > I asked about this on the ostree list and it looks like they're doing > this with bubblewrap, although I can't comment on the qualitative > difference, if any. > https://mail.gnome.org/archives/ostree-list/2016-October/msg00021.html > I'm not sure what bubblewrap actually does. Does it provide an isolated environment for running %post scripts without root privilege? I'm not sure that's relevant to this discussion. > >>> There's also kexec: with recent kernels kexec does not work for me anymore >>> (graphics crash). Nevertheless, kexec is something worth considering too: >>> the state is reset quite thoroughly, and we avoid the potentially very >>> slow POST. >> >> 2.0 > > I thought kexec was disabled for this purpose, at least on UEFI Secure > Boot enabled computers? > My "2.0" there was meant to indicate that I'm not personally willing to investigate that at this time. I see it as more of a "2.0" feature.
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ desktop mailing list -- desktop@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe send an email to desktop-leave@xxxxxxxxxxxxxxxxxxxxxxx
