Use rename of directories instead of symbolic links in boot partition. by valentindavid · Pull Request #1967 · ostreedev/ostree

valentindavid · 2019-11-03T12:21:22Z

This implements @AdrianVovk idea from #1719 (comment) to solve issue #1719.

This uses renameat2 to do atomic swap of the loader directory in the
boot partition. It fallsback to non-atomic rename. This stays atomic
on filesystems supporting links but also provide a non-atomic behavior
when filesystem does not provide any atomic alternative.

This is working with SystemD boot on EFI using boot loader
specifications.

There is still the issue of losing /loader/loader.conf with SystemD
boot. Maybe we should think about copying other files from previous loader directories.

openshift-ci-robot · 2019-11-03T12:21:27Z

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by: valentindavid
To complete the pull request process, please assign cgwalters
You can assign the PR to them by writing /assign @cgwalters in a comment when ready.

The full list of commands accepted by this bot can be found here.

Details

Needs approval from an approver in each of these files:

OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

openshift-ci-robot · 2019-11-03T12:21:37Z

Hi @valentindavid. Thanks for your PR.

I'm waiting for a ostreedev member to verify that this patch is reasonable to test. If it is, they should reply with /ok-to-test on its own line. Until that is done, I will not automatically test new commits in this PR, but the usual testing commands by org members will still work. Regular contributors should join the org to skip this step.

Once the patch is verified, the new status will be reflected by the ok-to-test label.

I understand the commands that are listed here.

Details

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

rh-atomic-bot · 2019-11-03T12:22:28Z

Can one of the admins verify this patch?
I understand the following commands:

bot, add author to whitelist
bot, test pull request
bot, test pull request once

AdrianVovk · 2019-11-03T16:25:39Z

The challenge with this is that the ESP is vfat, and therefore rename will always be non-atomic. It's still better than what I'm doing now (manually copying files into /efi)

#1951
^ here's a proposed solution that I think could solve this same problem without needing the renameat2 call.

rh-atomic-bot · 2019-12-11T20:35:33Z

☔ The latest upstream changes (presumably #1767) made this pull request unmergeable. Please resolve the merge conflicts.

Systemd boot requires the boot partition to be the EFI partition which means FAT is required. OSTree uses symlinking as a way to do atomic update. There is no solution yet for atomic update of FAT partitions. THis patch however changes symlinking by doing directory move which can be atomic in conditions. In practice filesystems with symbolic link support usually also support atomic rename of directories. But this allows to also work when no atomic update is working. Patch was submitted upstream as ostreedev/ostree#1967

bam80 · 2020-02-21T21:36:45Z

Is this PR still proposed or abandoned?

valentindavid · 2020-02-21T22:26:20Z

Is this PR still proposed or abandoned?

I can rebase and take care of it a bit. But since there was no interaction from maintainers, then I am not sure whether they are considering it.

bam80 · 2020-03-23T22:45:22Z

@valentindavid have you been able to pay some attention to this issue again? The changes are highly anticipated here, in one form or another. Thanks.

jjardon · 2020-04-07T10:48:10Z

@mwleeds @rfairley any chance to take a look to this? We currently need this to make GNOME images work, see https://gitlab.gnome.org/GNOME/gnome-build-meta/-/commit/79fb62e0d243a21ab58dc1dda439c23db5d474ab

jjardon · 2020-05-30T10:04:29Z

@cgwalters Hey! Any chance to take a look to this?

bam80 · 2020-08-06T21:15:58Z

Friendly ping.

AdrianVovk · 2020-09-27T06:30:31Z

@valentindavid This PR conflicts with upstream again. GNOME OS uses an ancient version of OSTree so they have yet to run into this issue, but on my OS I just updated to the latest version and I'm about to be downgrading again because this patch is broken.

@cgwalters Is there any chance for this patch to be reviewed or considered at all? Without this patch, I have to follow every single ostree admin deploy anywhere in the process of building, generating ISOs, installing the OS, and updating the OS with a bunch of ugly commands that mess with the contents of the ESP. With this patch, it just works. OSTree operates on BLS files, but has yet to support the bootloader that was actually built for the standard 🤷

damianatorrpm · 2020-10-24T22:55:11Z

updated.txt
Rebased patch file.

kowalski7cc · 2020-11-25T23:18:39Z

Any news on this?

Allow manipulating and updating /boot/loader entries under a normal directory, as well as using symbolic links. For directories this uses `renameat2` to do atomic swap of the loader directory in the boot partition. It fallsback to non-atomic rename. This stays atomic on filesystems supporting links but also provide a non-atomic behavior when filesystem does not provide any atomic alternative. /boot/loader as a normal directory is needed by systemd-boot support, and can be stored under the EFI ESP vfat partition. Based on the original implementation done by Valentin David [1]. [1] ostreedev#1967 Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

Allow manipulating and updating /boot/loader entries under a normal directory, as well as using symbolic links. For directories this uses `renameat2` to do atomic swap of the loader directory in the boot partition. It fallsback to non-atomic rename. This stays atomic on filesystems supporting links but also provide a non-atomic behavior when filesystem does not provide any atomic alternative. /boot/loader as a normal directory is needed by systemd-boot support, and can be stored under the EFI ESP vfat partition. Based on the original implementation done by Valentin David [1]. [1] ostreedev#1967 Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io> symlinks

Allow manipulating and updating /boot/loader entries under a normal directory, as well as using symbolic links. For directories this uses `renameat2` to do atomic swap of the loader directory in the boot partition. It fallsback to non-atomic rename. This stays atomic on filesystems supporting links but also provide a non-atomic behavior when filesystem does not provide any atomic alternative. /boot/loader as a normal directory is needed by systemd-boot support, and can be stored under the EFI ESP vfat partition. Based on the original implementation done by Valentin David [1]. [1] ostreedev#1967 Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

champtar · 2025-08-20T20:26:41Z

closing in favor of #3359

There were several attempts to include support for systemd-boot in ostree upstream, but a common solution is still pending to land, based on ostreedev/ostree#1967 and ostreedev/ostree#3359. Include the patches currently used in meta-lmp (validated and tested for a while already) based on the OSTREE_BOOTLOADER option (systemd-boot) to isolate the changes and reduce changes of regressions for systems relying on symlinks. Signed-off-by: Ricardo Salveti <ricardo@foundries.io>

Allow manipulating and updating /boot/loader entries under a normal directory, as well as using symbolic links. For directories this uses `renameat2` to do atomic swap of the loader directory in the boot partition. It fallsback to non-atomic rename. This stays atomic on filesystems supporting links but also provide a non-atomic behavior when filesystem does not provide any atomic alternative. /boot/loader as a normal directory is needed by systemd-boot support, and can be stored under the EFI ESP vfat partition. Based on the original implementation done by Valentin David [1]. [1] ostreedev#1967 Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

Allow manipulating and updating /boot/loader entries under a normal directory, as well as using symbolic links. In directory mode, a fixed staging directory loader.tmp is used instead of alternating between loader.0 and loader.1. The atomic swap is done via renameat2(RENAME_EXCHANGE) between loader.tmp and the live loader directory. After the exchange the stale loader.tmp is removed. This avoids the need to track which numbered directory is active via an ostree_bootversion file. The current bootversion is derived from the ostree= kernel argument found in the live loader/entries/*.conf files rather than from a dedicated tracking file. During deployment, _ostree_sysroot_read_boot_loader_configs() prefers loader.tmp/entries when it exists (i.e. while staging is in progress) so that bootloader write_config callbacks read the new BLS entries rather than the stale live ones. Non-ostree BLS entries (e.g. from a dual-boot setup) are copied from the live loader/entries/ into the staging loader.tmp/entries/ so they are preserved across each atomic swap. loader.conf is also copied from the live loader/ into loader.tmp/ so bootloaders like systemd-boot that rely on it continue to work after each swap. /boot/loader as a normal directory is needed by systemd-boot support, and can be stored under the EFI ESP vfat partition. Based on the original implementation done by Valentin David [1]. [1] ostreedev#1967 Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Igor Opaniuk <igor.opaniuk@foundries.io>

Allow manipulating and updating /boot/loader entries under a normal directory, as well as using symbolic links. For directories this uses `renameat2` to do atomic swap of the loader directory in the boot partition. It fallsback to non-atomic rename. This stays atomic on filesystems supporting links but also provide a non-atomic behavior when filesystem does not provide any atomic alternative. /boot/loader as a normal directory is needed by systemd-boot support, and can be stored under the EFI ESP vfat partition. Based on the original implementation done by Valentin David at ostreedev#1967. Tests were duplicated for simplicity reasons. Upstream-Status: Pending Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io>

Allow manipulating and updating /boot/loader entries under a normal directory, as well as using symbolic links. For directories this uses `renameat2` to do atomic swap of the loader directory in the boot partition. It fallsback to non-atomic rename. This stays atomic on filesystems supporting links but also provide a non-atomic behavior when filesystem does not provide any atomic alternative. /boot/loader as a normal directory is needed by systemd-boot support, and can be stored under the EFI ESP vfat partition. Based on the original implementation done by Valentin David at ostreedev#1967. Tests were duplicated for simplicity reasons. Upstream-Status: Pending Signed-off-by: Ricardo Salveti <ricardo@foundries.io> Signed-off-by: Jose Quaresma <jose.quaresma@foundries.io> Signed-off-by: Ricardo Salveti <ricardo.salveti@oss.qualcomm.com>

openshift-ci-robot requested review from mwleeds and rfairley November 3, 2019 12:21

openshift-ci-robot added the size/L label Nov 3, 2019

openshift-ci-robot added the needs-ok-to-test label Nov 3, 2019

valentindavid force-pushed the support-vfat branch from c3d34fb to c36ee32 Compare November 3, 2019 15:13

openshift-ci-robot added the needs-rebase label Dec 11, 2019

valentindavid force-pushed the support-vfat branch from c36ee32 to 861306d Compare April 13, 2020 13:53

openshift-ci-robot removed the needs-rebase label Apr 13, 2020

cgwalters mentioned this pull request May 12, 2020

Lenovo T470s - "Secure boot is enabled, but shim isn't installed to the EFI system partition" fwupd/fwupd#2084

Closed

damianatorrpm mentioned this pull request Oct 23, 2020

[option] to skip ostree-finalize-stage coreos/rpm-ostree#2281

Open

champtar closed this Aug 20, 2025

andrewdunndev mentioned this pull request Mar 26, 2026

feat: enable systemd-boot for ostree backend via BLS translation to ESP bootc-dev/bootc#2098

Open

Conversation

valentindavid commented Nov 3, 2019

Uh oh!

openshift-ci-robot commented Nov 3, 2019

Uh oh!

openshift-ci-robot commented Nov 3, 2019

Uh oh!

rh-atomic-bot commented Nov 3, 2019

Uh oh!

AdrianVovk commented Nov 3, 2019

Uh oh!

rh-atomic-bot commented Dec 11, 2019

Uh oh!

bam80 commented Feb 21, 2020

Uh oh!

valentindavid commented Feb 21, 2020

Uh oh!

bam80 commented Mar 23, 2020

Uh oh!

jjardon commented Apr 7, 2020

Uh oh!

jjardon commented May 30, 2020

Uh oh!

bam80 commented Aug 6, 2020

Uh oh!

AdrianVovk commented Sep 27, 2020

Uh oh!

damianatorrpm commented Oct 24, 2020

Uh oh!

kowalski7cc commented Nov 25, 2020

Uh oh!

champtar commented Aug 20, 2025

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

15 participants