[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: [DRAFT] Policy for Linux kernel, initramfs, boot loader update process

I took the liberty of adding debian-boot and debian-s390 to the CC
list on this e-mail, since it affects the Debian installer and
the s390-tools package, which contains the zipl boot loader, which
has a design very similar to that of lilo.  If this results in some people
getting more than one copy of this e-mail, please accept my apologies; but
I figured it was better to err on the side of caution in this case.
I also added Joachim Wiedorn, the new lilo upstream maintainer (who
also happens to be the Debian package maintainer for backup2l).

On Sun, 27 Jun 2010 22:02:35 -0400 (EDT), Ben Hutchings wrote:
> I propose the following policy for squeeze and later releases.  This
> affects all Linux kernel, initramfs builder and boot loader packages,
> and the installer.
> I regret that this is happening so late in the release cycle, but
> currently a kernel update can easily leave the system unbootable and
> this does need to be addressed before release and I want to do so in a
> way that is reasonably clean and maintainable.
> ---
> 1. Packages for boot loaders that need to be updated whenever the files
> they load are modified (i.e. those that store a block list) must install
> hook scripts in /etc/kernel/postinst.d and /etc/kernel/postrm.d, which
> will be called on installation/upgrade and removal of kernel packages,
> respectively.
> The arguments given to all kernel hook scripts are the kernel ABI
> version (the string that uname -r reports) and the absolute path to the
> kernel image.

Currently, hook scripts invoked by a stock kernel maintainer script
or a maintainer script from a kernel image package created by make-kpkg
pass these exact same arguments.  But a maintainer script for a kernel
image package created by "make deb-pkg" passes only the first argument.
Existing hook scripts rely on that difference to determine whether or
not to take action.  For example, the initramfs hook script provided by
the initramfs-tools package tests the number of arguments and exits
without doing anything if more than one argument is supplied.  In other
words, this hook script is designed to create the initial RAM file system
for a kernel image created by "make deb-pkg", and only for a kernel
image created by "make deb-pkg".  It does nothing otherwise.  Are you
proposing to change this behavior?

> The environment variable DEB_MAINT_PARAMS will contain
> the arguments given to the kernel maintainer script, single-quoted.

Is this environment variable provided by the maintainer scripts
that come with kernel image packages created by "make deb-pkg"?
(I honestly don't know.  I've never used "make deb-pkg".)

> Since these boot loaders should be updated as the last step during
> installation/upgrade and removal, hook scripts for boot loaders must be
> named using the prefix 'zz-' and no other packages may use this prefix
> or one that sorts later by the rules used by run-parts.  A postrm hook
> script should warn but exit with code 0 if the boot loader configuration
> file still refers to the kernel image that has been removed.
> 2. Packages for boot loaders that need to be updated whenever the files
> they load are modified must also install hook scripts in
> /etc/mkinitramfs/post-update.d.  Initramfs builders must call these
> scripts using run-parts after they create, update or delete an
> initramfs.  The arguments given to these hook scripts are the kernel ABI
> version and the absolute path to the initramfs image.
> 3. Initramfs builders must complete their work before returning from the
> kernel postinst hook script.  [initramfs-tools currently uses a trigger
> to defer this because it can also be invoked twice, but this means it
> also has to know how to update specific boot loaders.]
> 4. During a kernel package installation, upgrade or removal, various
> boot loader hooks may be invoked (in this order):
> a. A postinst_hook or postrm_hook command set by the user or the
>    installer in /etc/kernel-img.conf
> b. A hook script in /etc/mkinitramfs/post-update.d
> c. A hook script in /etc/kernel/postinst.d or .../postrm.d
> To avoid unnecessary updates, the hooks invoked at step a and b may
> check whether $DPKG_MAINTSCRIPT_PACKAGE begins with 'linux-image-' and
> do nothing in this case.  [Is this sensible or is it too 'clever'?]
> 5. Kernel and initramfs builder packages must not invoke boot loaders
> except via hooks.  If /etc/kernel-img.conf contains an explicit
> 'do_bootloader = yes', kernel package maintainer scripts should warn
> that this is now ignored.

At the risk of flogging a dead horse, I would prefer to see
"do_bootloader = yes" supported until Squeeze+1, both by the
kernel maintainer scripts and by "update-initramfs -u", particularly
since we are so close to a freeze.  But if
you're going to drop support for it in Squeeze, then yes,
a warning message is necessary.  Both the kernel maintainer scripts
*and* "update-initramfs -u" *must* issue a warning message if they
find "do_bootloader = yes" specified in /etc/kernel-img.conf.
In fact, since the default value is "yes", they should issue
the warning message unless do_bootloader is *explicitly* set
to no.

> 6. The installer must not define do_bootloader, postinst_hook or
> postrm_hook in /etc/kernel-img.conf.

Doesn't this conflict with point 4 (a)?

  .''`.     Stephen Powell    
 : :'  :
 `. `'`

Reply to: