[systemd-devel] ConditionNeedsUpdate, read-only /usr, and sysext
Valentin David
me at valentindavid.com
Wed Feb 7 19:42:29 UTC 2024
Hello everybody,
The behavior of ConditionNeedsUpdate is that if /etc/.updated is older than /usr/, then it is true.
I have some issues with this. But maybe I do not use it the right way.
First, when using a read-only /usr partition (updated through sysupdate), the time of /usr is of the build of that filesystem. In the case of GNOME OS, to ensure reproducibility bit by bit, we set all times to some time in 2011. So that does not work for us.
But now let's say we work-around that, and we make our system take a date that is reproducible, let's say the git commit of our metadata. Then we have a second issue.
Because of systemd-sysext, it might be that /usr is not anymore the time of the /usr filesystem, but the time of a directory created on the fly by systemd-sysext (or maybe it keeps the time from the / fileystem, I do not know, but for sure the time stamp is from when systemd-sysext was started). If systemd-update-done happens after systemd-sysext (and it effectively does on 254), then the date of /etc/.updated will become the time when systemd-sysext started.
Let's imagine that I do not boot that machine often. My system is booting a new version. And there is already another new version available on the sysupdate server. My system will download a build of /usr that is likely to be older than the boot time. So next reboot, the condition will be false, even though I did have an update. And it will be false until I download a version that was built after the boot time of my last successful update.
So my question is, is there plan to replace time stamp comparison for ConditionNeedsUpdate with something that works better with sysupdate and sysext? Maybe copying IMAGE_VERSION from /usr/lib/os-release into /etc/.updated for example?
Thanks,
--
Valentin David
me at valentindavid.com
More information about the systemd-devel
mailing list