Commit Graph

34 Commits

Author SHA1 Message Date
renovate[bot] 1d7bf54752
fix(deps): update rust crate serde_json to 1.0.112 2024-01-29 03:15:57 +00:00
renovate[bot] 82898a7c31
fix(deps): update all dependencies 2024-01-22 00:19:38 +00:00
renovate[bot] 438cd262e4
chore(deps): update all dependencies 2024-01-15 00:17:37 +00:00
renovate[bot] 2d90d83018
fix(deps): update all dependencies 2024-01-08 19:11:43 +00:00
renovate[bot] 79a90e783b
fix(deps): update all dependencies 2024-01-02 10:13:03 +00:00
Julien Malka f06680ea68 add more helpful message in case of append_initrd_secrets script failure 2023-12-27 20:43:19 +00:00
renovate[bot] 872f9f3ea8
fix(deps): update rust crate anyhow to 1.0.76 2023-12-25 02:00:56 +00:00
renovate[bot] 7b7fcbce58
fix(deps): update all dependencies 2023-12-11 00:54:29 +00:00
renovate[bot] 627be8398d
fix(deps): update rust crate clap to 4.4.10 2023-12-04 02:01:42 +00:00
Julian Stecklina dd18daae09 tool: parse systemd rc versions 2023-11-23 19:50:04 +01:00
Julian Stecklina e8ba04aab7 tool: extend SystemdVersion with patch level 2023-11-22 19:45:46 +01:00
renovate[bot] 752d2d4347
fix(deps): update all dependencies 2023-11-13 01:34:32 +00:00
renovate[bot] dd729cdaeb
fix(deps): update rust crate serde_json to 1.0.108 2023-11-06 00:54:20 +00:00
Julian Stecklina 87d2087a7a tool: drop unused dependencies via machete 2023-10-30 10:22:41 +01:00
renovate[bot] 03c2f52ee9
fix(deps): update all dependencies 2023-10-30 00:00:50 +00:00
Julian Stecklina ec05d707f3 tool: always include version in PRETTY_NAME
... to give a consistent user experience in systemd-boot.

Fixes #220.
2023-10-20 11:55:53 +02:00
Julian Stecklina 3da3049bef tool: remove unhelpful wrappers and lightly refactor 2023-10-20 11:29:00 +02:00
renovate[bot] eabbae0e0c
fix(deps): update all dependencies 2023-10-16 01:54:44 +00:00
Alois Wohlschlager 90a1adac54
tool: fix atomic write
Atomic write works by first writing a temporary file, then syncing that
temporary file to ensure it is fully on disk before the program can
continue, and in the last step renaming the temporary file to the
target. The middle step was missing, which is likely to lead to a
truncated target file being present after power loss. Add this step.

Furthermore, even with this fix, atomicity is not fully guaranteed,
because FAT32 can become corrupted after power loss due to its design
shortcomings. Even though we cannot really do anything about this case,
adjust the comment to at least acknowledge the situation.
2023-10-04 07:29:35 +02:00
Alois Wohlschlager 4fd37670e2
tool: stop most overwriting in the ESP
Since most files (stubs, kernels and initrds) on the ESP are properly
input-addressed or content-addressed now, there is no point in
overwriting them any more. Hence we detect what generations are already
properly installed, and don't reinstall them any more.

This approach leads to two distinct improvements:
* Rollbacks are more reliable, because initrd secrets and stubs do not
  change any more for existing generations (with the necessary exception
  of stubs in case of signature key rotation). In particular, the risk
  of a newer stub breaking (for example, because of bad interactions
  with certain firmware) old and previously working generations is
  avoided.
* Kernels and initrds that are not going to be (re)installed anyway are
  not read and hashed any more. This significantly reduces the I/O and
  CPU time required for the installation process, particularly when
  there is a large number of generations.

The following drawbacks are noted:
* The first time installation is performed after these changes, most of
  the ESP is re-written at a different path; as a result, the disk usage
  increases to roughly the double until the GC is performed.
* If multiple generations share a bare initrd, but have different
  secrets scripts, the final initrds will now be separated, leading to
  increased disk usage. However, this situation should be rare, and the
  previous behavior was arguably incorrect anyway.
* If the files on the ESP are corrupted, running the installation again
  will not overwrite them with the correct versions. Since the files are
  written atomically, this situation should not happen except in case of
  file system corruption, and it is questionable whether overwriting
  really fixes the problem in this case.
2023-10-04 07:29:21 +02:00
Alois Wohlschlager ca070a9eec
tool: make stubs input-addressed
The stubs on the ESP are now input-addressed, where the inputs are the
system toplevel and the public key used for signature. This way, it is
guaranteed that any stub at a given path will boot the desired system,
even in the presence of one of the two edge-cases where it was not
previously guaranteed:
* The latest generation was deleted at one point, and its generation
  number was reused by a different system configuration. This is
  detected because the toplevel will change.
* The secure boot signing key was rotated, so old stubs would not boot
  at all any more. This is detected because the public key will change.

Avoiding these two cases will allow to skip reinstallation of stubs that
are already in place at the correct path.
2023-10-03 22:08:10 +02:00
Alois Wohlschlager 240914d763
tool: make kernels and initrds content-addressed
Kernels and initrds on the ESP are now content-addressed. By definition,
it is impossible for two different kernels or initrds to ever end up at
the same place, even in the presence of changing initrd secrets or other
unreproducibility.

The basic advantage of this is that installing the kernel or initrd for
a generation can never break another generation. In turn, this enables
the following two improvements:
* All generations can be installed independently. In particular, the
  installation can be performed in one pass, one generation at a time.
  As a result, the code is significantly simplified, and memory usage
  (due to the temporary files) does not grow with the number of
  generations any more.
* Generations that already have their files in place on the ESP do not
  need to be reinstalled. This will be taken advantage of in a
  subsequent commit.
2023-10-03 22:08:03 +02:00
nikstur 3bf55f92b8 test: clean up a few minor details 2023-09-14 16:35:53 +02:00
Raito Bezarius 1330292008 tool/systemd: make clippy happy I guess 2023-09-14 16:35:53 +02:00
Raito Bezarius 0107754d62 tool(architecture): make it generic
Architecture is now a generic structure that can be specialized
via an "external" trait for generating the paths you care about
depending on your target bootloader.
2023-09-14 16:35:53 +02:00
Raito Bezarius 609c11f26d tool(systemd-boot): install it once instead of checking for each generation
systemd-boot is now installed once for many generations rather than multiple times.

This means it is not really possible to manage different system in the same "machine", which is a very
obscure usecase, theoretically possible, but not yet encountered.
2023-09-14 16:35:53 +02:00
Raito Bezarius e5c1d74e3f tool: introduce --target-system to choose target architecture
We will hard fail in case of encountering different architectures in bootspec.
This should still be compatible with cross-compiling systems in the future.
2023-09-14 16:35:53 +02:00
Raito Bezarius acc4c2e0a1 tool(tests): use library to use the "target architecture" properly in tests 2023-09-14 16:35:53 +02:00
Raito Bezarius 7acb1b218a tool: implement general architecture support - for aarch64, x86 for now 2023-09-14 16:35:53 +02:00
nikstur 143a000f36 tool: separates use statements correctly with whitespace 2023-09-14 12:36:02 +02:00
nikstur baf2f5f6bb tool: use workspace values in Cargo.toml 2023-09-14 12:35:42 +02:00
nikstur efd8c50214 tool: remove superfluous lock file 2023-09-14 12:29:54 +02:00
Raito Bezarius 923567d08a systemd-tool: make integration test pass 2023-09-14 11:55:09 +02:00
Raito Bezarius 8029449cba tool: split systemd into a new crate and make tool into a lib-only crate
This is necessary to make integration testing specific to the backend.
2023-09-14 11:55:09 +02:00