On Thu, Nov 3, 2016 at 8:35 AM, Stephen Gallagher sgallagh@redhat.com wrote:
So, good news! This is in fact already possible to do today, as I just tested. The following set of commands does exactly this:
pkcon refresh force pkcon update --only-download pkcon offline-trigger systemctl isolate system-update.target
This all runs in the current boot and will trigger a reboot immediately after the update completes. All of this should be easily possible to do for Workstation within GNOME Software if we agree that's easier on the end-user.
Cool. Are the sysfs leak concerns by systemd folks considered minor? Is there any advantage to running this in an nspawn container if that's a cleaner environment?
I asked about this on the ostree list and it looks like they're doing this with bubblewrap, although I can't comment on the qualitative difference, if any. https://mail.gnome.org/archives/ostree-list/2016-October/msg00021.html
There's also kexec: with recent kernels kexec does not work for me anymore (graphics crash). Nevertheless, kexec is something worth considering too: the state is reset quite thoroughly, and we avoid the potentially very slow POST.
2.0
I thought kexec was disabled for this purpose, at least on UEFI Secure Boot enabled computers?