On 11/03/2016 12:31 PM, Chris Murphy wrote:
On Thu, Nov 3, 2016 at 8:35 AM, Stephen Gallagher sgallagh@redhat.com wrote:
So, good news! This is in fact already possible to do today, as I just tested. The following set of commands does exactly this:
pkcon refresh force pkcon update --only-download pkcon offline-trigger systemctl isolate system-update.target
This all runs in the current boot and will trigger a reboot immediately after the update completes. All of this should be easily possible to do for Workstation within GNOME Software if we agree that's easier on the end-user.
Cool. Are the sysfs leak concerns by systemd folks considered minor? Is there any advantage to running this in an nspawn container if that's a cleaner environment?
Sorry, I think you made some assumptions there that I can't follow. What advantage would nspawn provide? Would those advantages outweigh the complexity of dealing with namespacing?
I asked about this on the ostree list and it looks like they're doing this with bubblewrap, although I can't comment on the qualitative difference, if any. https://mail.gnome.org/archives/ostree-list/2016-October/msg00021.html
I'm not sure what bubblewrap actually does. Does it provide an isolated environment for running %post scripts without root privilege? I'm not sure that's relevant to this discussion.
There's also kexec: with recent kernels kexec does not work for me anymore (graphics crash). Nevertheless, kexec is something worth considering too: the state is reset quite thoroughly, and we avoid the potentially very slow POST.
2.0
I thought kexec was disabled for this purpose, at least on UEFI Secure Boot enabled computers?
My "2.0" there was meant to indicate that I'm not personally willing to investigate that at this time. I see it as more of a "2.0" feature.