-
Notifications
You must be signed in to change notification settings - Fork 26
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
packaging: add a systemd unit to run every boot #716
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
LGTM. Thanks!
I'll do some manual testing. |
e86b791
to
3903dde
Compare
This enables bootloader updates automatically on boot. Note that the service is intentionally not enabled by default, it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. Right now RAID setups are not supported but see [1] for an example in coreos. [1] coreos/fedora-coreos-config#3042
I built a RPM and tested in a fcos build.
|
3903dde
to
43bcccb
Compare
[Unit] | ||
Description=Update Bootloader on boot | ||
Documentation=https://github.com/coreos/bootupd | ||
ConditionPathExists=/dev/disk/by-label/EFI-SYSTEM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We should add as well:
ConditionPathExists=|/dev/disk/by-partlabel/EFI\x20System\x20Partition
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
There's already also ConditionFirmware=uefi
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That said we need to support BIOS too...so probably the best would be e.g.
RequiresMountsFor=/boot
ConditionPathExists=/boot/bootupd-state.json
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ConditionPathExists=/boot/bootupd-state.json
wouldn't that prevent it to run on atomic desktops as bootupd was not enabled until now ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Yes, but that's by design in bootupd today; there is bootupctl adopt-and-update
but that's a distinct thing intended only for explicit invocation in tested scenarios, distinct from a "bootupd -> bootupd" update.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I am OK with ConditionFirmware=uefi
, can remove it until we add adopt-and-update
for BIOS later.
One minor suggestion, should we add ConditionKernelCommandLine=ostree
to skip this for live boots like coreos/rpm-ostree#4944 ?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
i think the overall agreement was to close this PR and carry this in the distribution
[Unit] | ||
Description=Update Bootloader on boot | ||
Documentation=https://github.com/coreos/bootupd | ||
ConditionPathExists=/dev/disk/by-label/EFI-SYSTEM |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
ConditionPathExists=/dev/disk/by-label/EFI-SYSTEM | |
ConditionPathExists=|/dev/disk/by-partlabel/EFI-SYSTEM |
As that's what's used in https://github.com/coreos/bootupd/blob/main/src/efi.rs#L39
needs a |
With those changes, that works for me on Silverblue |
I'm not opposed to this but the reason I didn't do this until now is basically I think what we really want is more like #108 which means the thing doing the OS updates drives bootupd itself by default. |
@@ -41,6 +41,9 @@ install-grub-static: | |||
install -m 644 -D -t ${DESTDIR}$(PREFIX)/lib/bootupd/grub2-static src/grub2/*.cfg | |||
install -m 755 -d ${DESTDIR}$(PREFIX)/lib/bootupd/grub2-static/configs.d | |||
|
|||
install-systemd-unit: | |||
install -m 644 -D -t "${DESTDIR}$(PREFIX)/lib/systemd/system/" contrib/packaging/bootupctl-update.service |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
An overall challenge here is that we'll have come full circle since #663 ...and then e.g. people maintaining SELinux policy are still going to come by and say "oh hey there's a systemd service, we need to write a policy for it...".
With this combined I would probably say that instead of this we should implement bootupd support into rpm-ostree and bootc.
(This also relates to #432 )
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Marking as requested-changes per #716 (comment) but not a hard blocker for me, if you or someone wants to do this in the interim I'm OK, but it does basically clash and I think longer term it'll be more understandable for users; we'd have to maintain this newly introduced service unit here ~forever.
I would really like to get this into Atomic Desktops for F41 as we desperately need it there. So I can carry it there in the mean time until we get a cleaner solution here. Agree that #108 feels like an improvement but I don't think it should hold us from doing this one in the mean time? |
Isn't what is desperately needed more something like automatic blocking of OS updates when the bootloader state is too old? I think we could turn around an implementation of that in a few days. |
One thing this is also basically sweeping under the rug of an on-by-default systemd unit is the rationale stated in https://github.com/coreos/bootupd?tab=readme-ov-file#questions-and-answers from the very start of this project. Yes the problem stinks, and the rename_exchage work probably makes it better, but still...the semantics here are going to be that during the middle of OS bootup we do this (potentially) unsafe operation with zero warning about that unsafety. |
The initial issue was that bootupd looked-like a daemon program with a service unit. At this point, I don't know if we'll be able to go back to no policy module.
If we did that, we would have to surface that somehow to the user in the interface. I find it very unlikely that we'll have something ready for Fedora 41 for all Atomic Desktops, even just GNOME & KDE. fwupd already has a mechanism to hold updates if the system is not on AC or doesn't have enough battery so that could be a good place to look at as well as that is already integrated in Plasma Discover & GNOME Software. We also don't have barrier releases either like Fedora CoreOS so we can't do one shot updates before major releases.
I think that the residual unsafety [1] [2] remaining after the work on #669 is more theoretical than practical. So far, we have had a lot of issues due to the fact that we are not updating the bootloaders and those impacted a very significant chunk of our users. I don't expect this kind of widespread trouble from this safety gap. We are already far safer than what classic package mode systems do during updates.
Why do you thing we would have to support it forever? I think it should be fine to migrate systems to a better way once we have it ready. |
I like this idea, it makes sense to me to encourage grouping of these two things, even if technically they are distinct. |
Anyways to your larger point...fair. I am OK to merge but let's at least get https://github.com/coreos/bootupd/pull/716/files#r1742591590 changed? |
@@ -0,0 +1,13 @@ | |||
[Unit] |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Let's name this unit bootloader-update.service
as its what will be user visible and users ideally should not have to know about bootupd.
@@ -0,0 +1,13 @@ | |||
[Unit] | |||
Description=Update Bootloader on boot |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Description=Update Bootloader on boot | |
Description=Update bootloader on boot |
I think we should keep this check as broad as possible. We can not require |
So i guess we should add a script and do |
I can't find a way to select BIOS systems in https://www.freedesktop.org/software/systemd/man/latest/systemd.unit.html#ConditionFirmware=. And an installed Silverblue system does not have a distinct partition to select on, so we can't match that. |
OK, it looks like this requires different trade-offs and conditions check depending on which system is installed right now so it might be better downstream. I've made: https://pagure.io/workstation-ostree-config/pull-request/571 |
I'm OK with that too, though the tradeoff is it's just going to get copy-pasted again by IoT... |
Hmm, I think if we did that in rpm-ostree in a way that literally prevented |
Basically, something like:
When true (default is false), rpm-ostree does
? I guess the question is whether that error message would percolate up into the UIs in full so the user understands what they need to do. |
Chatting with @travier, it doesn't seem to be the case. See e.g. https://gitlab.gnome.org/GNOME/gnome-software/-/issues/2000. Obviously, there's nothing that prevents us from adding it now, and then improving it during the f41 cycle. |
Looks like we never implemented adoption for BIOS systems so we will have to make this EFI only 😞 |
I feel the general agreement here is that this would be better carried in the distribution side. I'll close this |
One thing I am concern is if booting with But first thing, will add adoption for BIOS. |
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
Add a systemd service unit to trigger an adoption and update on every boot. Note that the service is intentionally not enabled by default as it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired. This unit does not come with any specific restrictions (i.e. EFI or BIOS only). For an assesment of the safety of updates as performed by bootupd, see coreos#454. Distributiuons should also apply the restrictions (i.e. EFI or BIOS only for example) as needed as unit files overrides. Notably, Fedora CoreOS can not yet enable automatic updates until we get support for the multiple EFI partitions for RAID setups. See: coreos/fedora-coreos-tracker#1468 See: coreos/fedora-coreos-config#3042 Initial version from: coreos#716 Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=2332868
This enables bootloader updates automatically on boot. Note that the service is intentionally not enabled by default, it should be up to the distribution to add a systemd preset if auto-update for the bootloader is desired.
Right now RAID setups are not supported but see [1] for an example in coreos.
[1] coreos/fedora-coreos-config#3042