-
Notifications
You must be signed in to change notification settings - Fork 18
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
'sudo iiab' reboot if any file/dir modified in /boot since boot [as /var/run/reboot-required and 'needrestart' command were NOT reliable] #188
Conversation
@darkenvy @jvonau & All: Just a clarificastion that some versions of Ubuntu and Debian (used to?) touch the files Ubuntu and others are recently moving to use the [*] Yes installing RECAP: Reliability may be painfully boring but we all benefit from it down the road, so I believe we should go for it. Finally, while waiting 8+ sec during an RPi install is a bit annoying, this same code also offers a dramatic new speedup when a reboot due to kernel mismatch is not necessary. So again, this seems very much worth it overall. (Linux support is not at all pretty business, dealing with "distro junkies" of every different kind and all their eccentric demands, so we definitely need more rock-solid implementations to navigate this and avoid pulling our hair out ;-) |
Uh-Oh! The
So it looks like an entirely new strategy is...likely necessary. This is unfortunate as the output of BUT it has its failings too — e.g.
|
if $(apt list --upgradable' | grep -q raspberrypi-kernel); then |
It's time to push this effort to the wider public for broader community testing. Thank you @darkenvy and @jvonau for all the many contributions over the past several days that made this possible, and any ongoing insights in case further corner cases might have been missed. FYI I've tested it quite carefully in eccentric conditions and it works very well — e.g. when
|
FWIW I guess the variable name As a directory within But the above var name gets the idea across concisely — and seems good enough for now (: |
Postscript: If some nutcase wants to force a future timestamp onto anything The lack-of-RTC situation is handled well, as explained here: Lines 258 to 268 in fa75d23
So I'm not too worried about active sabotage. As long as 99.99% of regular users don't end up in a "reboot loop" when trying to install IIAB. In any case: these are the kind of things to watch for — e.g. just in case any particularly weird distros or |
You know Ubuntu doesn't use /boot but rather /boot/firmware as the mount point for the first partition on ARM right? I don't see an issue using |
Just thinking about Ubuntu where the initrd.img is generated on the machine locally, I've seen apt updates that regenerate the initrd.img without a newer kernel being installed which would require a reboot to load the new initrd.img. Maybe initrd.img would be a better target than vmlinuz. |
I wasn't aware. So the key will be to watch that situation, making sure that the lastmod time changes on the dir FYI Debian 11 doesn't use Ubuntu 21.10 likewise. Even if These are some of the reasons I (tried) hard to avoid getting involved with the many different (evolving) filename particulars within |
Worst case if Ubuntu-on-ARM does not modify the lastmod time on dir Not hard to do. Anyway something to keep in our back pocket, if nec! |
If making a change to any file lets say cmdline.txt under /boot/firmware/ is suppose to update the time of /boot/firmware it does not.
As in that is really a symlink pointing to the real kernel or not present at all?
Ubuntu doesn't really use /boot/vmlinuz either but link is changed to point to the latest kernel and the ARM platform is using uboot as the boot loader.
Might what to test on Ubuntu ARM. |
Indeed https://stackoverflow.com/a/3620704 says:
So if indeed Ubuntu-on-ARM's
|
The whole reboot to avoid the kernel module mismatch in network is only really applicable to RasPiOS as they sort of misuse /lib/modules to support the 4 kernels offered.
The rest of the distros allow side by side kernels to exist and could be bootable because the modules are preserved within /lib/modules/
|
That is interesting.
I'm not sure. Forcing sloppy implementers to reboot their machine could be very wise and precautionary in other circumstances as well. The rational would be: IIAB should not install if they (or apt, or unattended-upgrades, etc) are still fussing around making changes within |
Um, not really, the first changed file is the trigger
when you use head -1
The code never gets to /boot/firmware, but I don't think that matters.
Think code should be fine, it actually covers the regeneration of the initrd.img and there is duplication between /boot and /boot/firmware as these are different partitions anyway. |
Must not of recalled iiab/iiab#482, from a time before iiab #33 lived in git 8229bee
Sure major libraries being replaced should be a red flag for a reboot and the code does just that, reboot if any apt packages are updated.
What needed to be guarded against is 'short-cutters' on RasPiOS as the kernel has an unusual layout, think what is implemented should be good enough. Dealing with unattended-upgrades that might be running just as the user is starting the curl routine is problematic as that process should lock apt's database as the update is in progress, the user can receive message as such and stops the install. Forget where the lockfile lives off the top of my head, but should be pretty easy to pause the install while unattended-upgrades finishes up. |
Great question. Currently the output of Line 234 in fa75d23
But there's room for improvement for sure, as common pain points are identified. |
Clarif: 'sudo iiab' no longer does that. Now it reboots only if any mod-since-boot is detected within So this is an experiment to see if new IIAB community folk can avoid some of these very annoying reboots — during those first days/weeks after each OS ISO (distro image) is released — until |
I'll have to check the behavior in a builder environment where the 'kernel package installed by apt' might have later dates than what the host's own uptime calculation suggests when in the builder's chroot environment. |
Circling around, https://github.com/iiab/iiab-factory/blob/master/iiab#L258-L268 prevents execution in any chroot build environment, could that be changed to:
|
The above might be plausible. Whereas nudging testers to reboot is critical (among testers who generally use Question: might there be another way to (auto-)detect a chroot environment? (Instead of manually using |
Seems this one has been seen before when the upstream catalog is unavailable. Is that correct?
Given https://github.com/iiab/iiab/blob/master/vars/local_vars_min.yml#L293-L294 for a min install I take this as being expected? Now you don't get the nice summary at the end, just dropped to a prompt. Even if there is a summary the prompt for Y for the reboot at the end is not needed in the chroot, that could be conditional under ($MFABT) or ($FAST) |
Is this from /opt/iiab/iiab-admin-console/install? |
Is there an error message...or incorrect exit status from systemctl? (Any idea why...this apparently behaves very differently under a chroot?) |
Out right refuses to run the command, just like it does with restart, start or anything running state related command, just the way it is.
This is what I would expect for something the is not installed vs the below installed service
Yes, looks like during iiab-get-oer2go-cat. FWIW this has been working, think it's a transient issue with the web site. |
Thanks much for explaining. Can we consider using something like How do I tell I'm running in a chroot? Example: if [ "$(stat -c %d:%i /)" != "$(stat -c %d:%i /proc/1/root/.)" ]; then
echo "We are chrooted!"
else
echo "Business as usual"
fi |
The 2 sides of the conditional test return different values, seems to be a reliable test. FWIW |
|
This looks very promising. FWIW on 32-bit Raspberry Pi OS Bullseye on RPi 4:
|
The '-f -t' options don't appear to work, I always see '0' returned for a chroot environment and '1' for a normal environment despite whether f or t was passed on the command line in either environment. |
Proposed fix for situations like:
Also tidies up the PR below, using
apt install perl
to deal with "distro junkies" running anomalous OS's:Related: