On Wed, Oct 23, 2019, at 10:24 AM, Chris Murphy wrote: > On Wed, Oct 23, 2019 at 2:53 PM Colin Walters <walters@xxxxxxxxxx> wrote: > > > > > > > > On Tue, Oct 22, 2019, at 8:10 PM, Chris Murphy wrote: > > > > > > For multiple kernels, it doesn't matter if a crash happens anywhere > > > from new kernel being written to FAT, through initramfs, because the > > > old bootloader configuration still points to old kernel + initramfs. > > > But in multiple kernel distros, the bootloader configuration needs > > > modification or a new drop in scriptlet to point to the new > > > kernel+initramfs pair. And that needs to be completely atomic: write > > > new files to a tmp location, that way a crash won't matter. The tricky > > > part is to write out the bootloader configuration change such that it > > > can be an atomic operation. > > > > Related: https://github.com/ostreedev/ostree/issues/1951 > > There I'm proposing there to not try to fix this at the kernel/filesystem > > level (since we can't do much on FAT, and even on real filesystems we > > have the journaling-vs-bootloader issues), but instead create a protocol > > between things writing bootloader data and the bootloaders to help > > verify integrity. > > The symlink method now being used, you describe as an OSTree-specific > invention. How is the new method you're proposing more generic such > that it's not also an OSTree-specific invention? It'd take a usual slow process of gathering consensus among the two groups of projects writing data in /boot, and bootloaders.
