Sometimes a kernel or initramfs-tools/dracut upgrade will result in failure to boot, and the previous kernel or initramfs will no longer be available as a fallback. - update-initramfs has a config option, backup_initramfs, but it is off by default. Changing that default may cause /boot to fill up. - Kernel upgrades that involve an ABI bump don't overwrite the previous kernel, but most upgrades within a stable release don't bump the ABI. We need to preserve the old kernel, modules and initramfs until we know that the new one is good, that works in general. This may require user interaction with the boot loader, and that won't be possible with every boot loader, but we can cover most systems by making this work in GRUB. Kernel image: - Whenever we replace the kernel that was used for the current boot, keep the old kernel image as a backup - Whenever we boot successfully with the primary kernel for a given kernel version string, delete the backup kernel (unless configured not to) - How to identify which kernel was used? - Maybe by `uname -v` - Maybe by BOOT_IMAGE on /proc/cmdline (but this is GRUB specific) - Rescue boot entry selects the backup kernel Initramfs: - Whenever we rebuild the initramfs that was used for the current boot, keep the old one as a backup even if backup_initramfs is diusabled - Whenever we boot successfully with the primary initramfs for a kernel version and backup_initramfs is disabled, delete the backup initramfs - How to identify which initramfs was used? - Include a UUID in each initramfs - Copy it to /run/initramfs at boot - Keep a mapping of UUID to filename & hash somewhere in /var - Rescue boot entry selects the backup initramfs Modules: - Whenever we replace the modules that are currently used, link the old ones into a backup directory under /lib/modules/<kversion> - Some new modules may fail to load on top of old kernel image, and network drivers may not be included in initramfs, so may be difficult to install old kernel package - Whenever we boot successfully, delete the backup modules - Rescue boot adds a configuration file under /run/depmod.d that puts the backup directory at the front of the search path, then runs depmod Did I miss anything? Does this look workable? Ben. -- Ben Hutchings Make three consecutive correct guesses and you will be considered an expert.
Attachment:
signature.asc
Description: This is a digitally signed message part