On Mi, 07.02.24 20:42, Valentin David (me@xxxxxxxxxxxxxxxxx) wrote: > Hello everybody, > > The behavior of ConditionNeedsUpdate is that if /etc/.updated is > older than /usr/, then it is true. > > I have some issues with this. But maybe I do not use it the right > way. > > First, when using a read-only /usr partition (updated through > sysupdate), the time of /usr is of the build of that filesystem. In > the case of GNOME OS, to ensure reproducibility bit by bit, we set > all times to some time in 2011. So that does not work for us. Hmm, I wonder if the os-release file in /usr/ should optionally have a timestamp field which could be used. That could be directly initialized from $SOURCE_DATE_EPOCH at build time (maybe the field should even be named like that). I think that would make sense, no? > But now let's say we work-around that, and we make our system take a > date that is reproducible, let's say the git commit of our > metadata. Then we have a second issue. > > Because of systemd-sysext, it might be that /usr is not anymore the > time of the /usr filesystem, but the time of a directory created on > the fly by systemd-sysext (or maybe it keeps the time from the / > fileystem, I do not know, but for sure the time stamp is from when > systemd-sysext was started). If systemd-update-done happens after > systemd-sysext (and it effectively does on 254), then the date of > /etc/.updated will become the time when systemd-sysext started. Uh. That'd be a bug. Can you file an issue about this? > Let's imagine that I do not boot that machine often. My system is > booting a new version. And there is already another new version > available on the sysupdate server. My system will download a build > of /usr that is likely to be older than the boot time. So next > reboot, the condition will be false, even though I did have an > update. And it will be false until I download a version that was > built after the boot time of my last successful update. > > So my question is, is there plan to replace time stamp comparison > for ConditionNeedsUpdate with something that works better with > sysupdate and sysext? Maybe copying IMAGE_VERSION from > /usr/lib/os-release into /etc/.updated for example? Yeah, we should fix this. I have so far never though about the mixture of sysext and ConditionNeedsUpdate=. This is unchartered territory. But I think we can fix this. But please open issues about this. Lennart -- Lennart Poettering, Berlin
Re: ConditionNeedsUpdate, read-only /usr, and sysext
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: ConditionNeedsUpdate, read-only /usr, and sysext
- From: Lennart Poettering <lennart@xxxxxxxxxxxxxx>
- Date: Wed, 14 Feb 2024 10:07:29 +0100
- Cc: Systemd Devel <systemd-devel@xxxxxxxxxxxxxxxxxxxxx>
- In-reply-to: <Nq44xau--3-9@valentindavid.com>
- References: <Nq44xau--3-9@valentindavid.com>
- References:
- ConditionNeedsUpdate, read-only /usr, and sysext
- From: Valentin David
- ConditionNeedsUpdate, read-only /usr, and sysext
- Prev by Date: Wireguard routes only after connect
- Next by Date: Issue with systemd-logind
- Previous by thread: ConditionNeedsUpdate, read-only /usr, and sysext
- Next by thread: What creates a new machine-id ?
- Index(es):
 |