On Wed, 2007-08-01 at 17:31 -0700, Jan Setje-Eilers wrote:
> I get the impression that you're placing some value on how old the
> data is.
I'm placing a great deal of value on a system in normal operation never
requiring manual intervention to come back up after an asynchronous
interruption (power hit, panic, etc.,).
> However in the case of a non-interfaced binary kernel
> component that really doesn't matter.
And that's why I conceded in the first message I sent to this case that
it was okay to interrupt boot in the event an upgrade of the active root
was interrupted. You'd be just as screwed without the boot archive.
The only way to ensure you always run with a a matched set of kernel
modules is via live upgrade or equivalent, where you upgrade a copy of
the boot environment and atomicly swap the new one in once it's
complete.
To repeat what I wrote earlier today:
Several of the files included in the boot archive (the files in /etc,
for instance) have dynamic content which is expected to change under
normal system operation in the presence of hardware changes (for
instance, USB hotplug or disk replacement). If it's possible to
continue to bypass the boot archive during boot, it seems to me that it
should be possibile to omit dynamic files from the boot archive entirely
and instead always read them from the root filesystem; if we limit cases
where we report inconsistencies to cases where we crash in the middle of
a non-alternate-root upgrade, I think we can make this dissatisfier
just vanish.
--
I feel TCR-strong about this.
- Bill
