Re: Grub 2 protected packages

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Mo, 12.04.21 06:00, Neal Gompa (ngompa13@xxxxxxxxx) wrote:

> > In fact, the presence of a bunch of other files in /boot in
> > grub2-efi-x64 seems like a bad idea. IMO, just installing the grub2
> > packages should either not modify /boot (which is not the exclusive
> > property of grub2 and often has limited space), or if this cannot
> > be done, grub2 needs to make sure that the grub2 packages are not
> > a dependency of anything and can only be installed with an explicit
> > user request.
>
> Ideally, we should change to a system similar to what openSUSE does
> and have the RPMs install bootloader content into /usr, then execute a
> helper program that copies things over to /boot and configures things
> properly (we should still have the files %ghosted in /boot, though!).
> This makes it much more straightforward to support updating or
> downgrading bootloader files when needed, which is why openSUSE does
> it this way to support full system snapshots with rollback
> functionality.

I vehemently agree with this. The ESP and other boot loader partitions
should really be considered common good and not really "owned" by RPM
or other packaging tools the way stuff in /usr/ is owned by them.

Multiple OSes and Linux distributions might want to drop stuff in
these partitions (under common names even, consider the main EFI
entrypoint after all), and hence the update semantics need to be a bit
more cooperative, to avoid everyone steps on each other toes all the
time. Hence: use RPM to update boot loaders binaries in /usr, and use
a separate tool to copy things over to the ESP and other boot
partitions when appropriate.

(Of course, sd-boot works this way: the RPM packages drop EFI binaries
into /usr/, and "bootctl install" and "bootctl update" will copy them
into the boot loader partitions, carefully and defensively in order
not to corrupt what else might be there.)

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux