Bug#778849: Support restoring initrd on shutdown and pivoting into it

To: intrigeri <intrigeri@debian.org>, 778849@bugs.debian.org
Cc: Lukas Wunner <lukas@wunner.de>
Subject: Bug#778849: Support restoring initrd on shutdown and pivoting into it
From: "Trent W. Buck" <trentbuck@gmail.com>
Date: Mon, 18 Sep 2023 17:52:49 +1000
Message-id: <[🔎] ZQgB0Q5nqeooJo6b@hera.lan>
Reply-to: "Trent W. Buck" <trentbuck@gmail.com>, 778849@bugs.debian.org
In-reply-to: <8560igpmbd.fsf@boum.org>
References: <20150220155912.GA2024@wunner.de> <85wpaxq3z5.fsf@boum.org> <8560igpmbd.fsf@boum.org> <20150220155912.GA2024@wunner.de>

On Fri 07 Apr 2017 12:02:46 +0200, intrigeri wrote:
> /lib/systemd/system/initramfs-shutdown.service:
>     ⋯
> /usr/share/initramfs-tools/initramfs-restore:
>     ⋯
>     /usr/bin/unmkinitramfs /initrd.img "$WORKDIR"
>     ⋯
> /lib/systemd/system-shutdown/initramfs-tools:
>     ⋯
> /usr/share/initramfs-tools/hooks/shutdown:
>     ⋯
>     copy_exec /lib/systemd/systemd-shutdown /shutdown
>     touch $DESTDIR/etc/initrd-release

I am interested in this ticket for two use cases:

    a. netbooting Debian Live on diskless hosts.
    b. "zpool export -a" on servers.

I am only considering case (a), below.

I tried intrigeri's approach for Debian Live but I ran into a couple of problems:

    1. it assumes /initrd.img inside the rootfs exists and
       is consistent with the already-running system.
       This is not the case for me (I remove it to save space), and
       also not necessarily the case during upgrades.

    2. it tries to unpack /initrd.img after systemd-networkd stops.
       Without KeepConfiguration= (which is a pain to guarantee),
       that means no network access, which means no access to remote rootfs.

I instead tried just keeping the boot initrd around.
Using a simple bind-mount didn't work (I don't understand why) – SOME files are missing after switch_root.
Doing a full cp -a did work, though.

This method seems to work for my very simple test case of failed-to-unmount-rootfs error going away.
I'm really not happy with it overall, though.
I've run out of "time budget" to work on this in the short term.

    https://github.com/cyberitsolutions/bootstrap2020/tree/twb/doc/workaround-778849

PS: I looked at dracut, but it's simply unsupported for live-boot (Debian Live / Tails), and
    for servers, I found it unreliable (much worse than initramfs-tools).
    (e.g. if bash has a security update, dracut doesn't trigger and the embedded copy of bash in the initrd remains vulnerable.)
    (e.g. telling dracut to use only busybox/klibc and not bash breaks, because lots of dracut components need bash but don't declare a dependency on it.)
    (e.g. dracut is written in bash and regularly has errors but doesn't exit non-zero, so you do not notice until the server doesn't actually boot anymore.)

Attachment: usr_share_initramfs-tools_hooks_PrisonPC-install-systemd-shutdown
Description: Bourne shell script

Attachment: shSmnrEZrhXc.sh
Description: Bourne shell script

Reply to:

Prev by Date: Why firmware hsa not been updated for 4 months
Next by Date: Bug#778849: Support restoring initrd on shutdown and pivoting into it
Previous by thread: Re: Why firmware hsa not been updated for 4 months
Next by thread: Bug#778849: Support restoring initrd on shutdown and pivoting into it
Index(es):
- Date
- Thread