)]}' { "commit": "35fcf0397be02883ace364e650b3e8d9a2281e24", "tree": "cb1297a2e4a34eeebb9faf09b44c3b95cf603f7f", "parents": [ "ad131883747f73e51526dd6f163df23b913f69ed" ], "author": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jun 29 04:15:58 2023 +0200" }, "committer": { "name": "Lorenz Brun", "email": "lorenz@monogon.tech", "time": "Thu Jul 27 13:58:35 2023 +0000" }, "message": "metropolis: implement A/B updates\n\nThis implements an A/B update mechanism using two slots, A and B.\nThis is realized with two system partitions as well as two EFI\nloaders/kernels.\n\nThe A/B system relies on two EFI loader entries. This has the advantage\nthat there is no preloader required, which makes the system more\nreliable as well as avoiding the complexity of having an un-updatable\npreloader (CoreOS has this issue where their GRUB2 crashed booting newer\nkernels, sadly the issue seems lost with the migration to Fedora\nCoreOS). It also means that the operator can easily override the slot\nbeing booted via the boot loader entries. Primary disadvantage is that\nit relies on EFI working somewhat to spec.\n\nNew versions are booted into only once by setting NextBoot, if the\nbootup doesn\u0027t succeed, i.e. if the boot doesn\u0027t get to a cluster rejoin\nthe next boot will be the old slot. Once it gets to this stage the\npermanent BootOrder is changed.\n\nThe EFI loaders don\u0027t know if they are slot A or B because they are\nidentical and relying on OptionalData in the boot entry to indicate the\nslot means that if the EFI boot entries go away, recovering is very hard.\nThus the loaders look at their own file name to determine what slot they\nare in. If no slot could be determined, they default to booting slot A.\nIt is planned to eventually use Authenticode Stamping (passing data in\nfake certificates) to stamp the slot into the loader without affecting\nthe TPM hash logged.\n\nChange-Id: I40de2df8ff7ff660c17d2c97f3d9eb1bd4ddf5bc\nReviewed-on: https://review.monogon.dev/c/monogon/+/1874\nTested-by: Jenkins CI\nReviewed-by: Serge Bazanski \u003cserge@monogon.tech\u003e\n", "tree_diff": [ { "type": "modify", "old_id": "100553ebb9dfc69eff14733a39aac77f40b30db7", "old_mode": 33188, "old_path": "cloud/agent/e2e/main_test.go", "new_id": "27bcd03938c3682a968231f6624800fb656651d8", "new_mode": 33188, "new_path": "cloud/agent/e2e/main_test.go" }, { "type": "modify", "old_id": "3468cc95669f777be6b1b7fe45c94a5eb87751f3", "old_mode": 33188, "old_path": "cloud/agent/install.go", "new_id": "c8583ac3fd53f68b8937bc1a67424ad37e3cd343", "new_mode": 33188, "new_path": "cloud/agent/install.go" }, { "type": "modify", "old_id": "6d3fc6d6ea9bf37c67d8fda328007f1a1a42ac23", "old_mode": 33188, "old_path": "metropolis/installer/main.go", "new_id": "5481c3ff524effa1fe0ad21b0669732e69f3d6dd", "new_mode": 33188, "new_path": "metropolis/installer/main.go" }, { "type": "modify", "old_id": "36366584504d1d748d2303f6a9f84fe89f0c8b83", "old_mode": 33188, "old_path": "metropolis/installer/test/main.go", "new_id": "ec4f736c62c99618a0ea9781e22aa18ac9dd96b6", "new_mode": 33188, "new_path": "metropolis/installer/test/main.go" }, { "type": "modify", "old_id": "e0aa548ccf50e331f046a102d82013281872525b", "old_mode": 33188, "old_path": "metropolis/node/build/def.bzl", "new_id": "7baa16b82e263126a1ff8a32622d8b13cccc5cc8", "new_mode": 33188, "new_path": "metropolis/node/build/def.bzl" }, { "type": "modify", "old_id": "709843960b234121d4953232683350de578e0505", "old_mode": 33188, "old_path": "metropolis/node/build/mkimage/osimage/osimage.go", "new_id": "01c13ac3f024309a9821acb581dbead8603d2ef7", "new_mode": 33188, "new_path": "metropolis/node/build/mkimage/osimage/osimage.go" }, { "type": "modify", "old_id": "faf7908655f9206bec9d50f87892461667d33be7", "old_mode": 33188, "old_path": "metropolis/node/build/mkverity/BUILD.bazel", "new_id": "caabc266ab460fb70f1a3ff9e79577e642b4e5d6", "new_mode": 33188, "new_path": "metropolis/node/build/mkverity/BUILD.bazel" }, { "type": "modify", "old_id": "09f99a7f2f4d3d22d013a3885528f7d41046fc37", "old_mode": 33188, "old_path": "metropolis/node/core/BUILD.bazel", "new_id": "e8367f9d19e37950eca7ddb6bda92e363f723fb6", "new_mode": 33188, "new_path": "metropolis/node/core/BUILD.bazel" }, { "type": "modify", "old_id": "93cad93f6cb7862f9225b15d7992893ba362e82d", "old_mode": 33188, "old_path": "metropolis/node/core/cluster/BUILD.bazel", "new_id": "e002a311c6836420b48718d1da88ab7f26088347", "new_mode": 33188, "new_path": "metropolis/node/core/cluster/BUILD.bazel" }, { "type": "modify", "old_id": "6049c17be04e0193b1ca0bae1b7c1861d74640bf", "old_mode": 33188, "old_path": "metropolis/node/core/cluster/cluster.go", "new_id": "323c8ca1133f16ef555663e31fd53cf34f37187f", "new_mode": 33188, "new_path": "metropolis/node/core/cluster/cluster.go" }, { "type": "modify", "old_id": "ac226c16222da72ed060c9c909e945154e7acbf9", "old_mode": 33188, "old_path": "metropolis/node/core/cluster/cluster_join.go", "new_id": "9a940a2b7459135819f424cea37ebd9bf7e96564", "new_mode": 33188, "new_path": "metropolis/node/core/cluster/cluster_join.go" }, { "type": "modify", "old_id": "3d4b35278b3d087fac3d7de68bbdf7213bb49bae", "old_mode": 33188, "old_path": "metropolis/node/core/localstorage/BUILD.bazel", "new_id": "075a07c9c75aabccbd484df9ae6549b3da0fa9b5", "new_mode": 33188, "new_path": "metropolis/node/core/localstorage/BUILD.bazel" }, { "type": "modify", "old_id": "44188d1e2ad1cc9007bcef3aad4c1b55c16d0cb6", "old_mode": 33188, "old_path": "metropolis/node/core/localstorage/crypt/BUILD.bazel", "new_id": "d8e9881f8b93ce16fa4ac154024e62f423f79c0a", "new_mode": 33188, "new_path": "metropolis/node/core/localstorage/crypt/BUILD.bazel" }, { "type": "modify", "old_id": "0dadb6d74975812886726af5ef6dc58a161bb60b", "old_mode": 33188, "old_path": "metropolis/node/core/localstorage/crypt/blockdev.go", "new_id": "532033ec088f6b042c96fab543c46d3872754596", "new_mode": 33188, "new_path": "metropolis/node/core/localstorage/crypt/blockdev.go" }, { "type": "modify", "old_id": "c385f704f970a520bc0a6f5c818c9fd74234b2cf", "old_mode": 33188, "old_path": "metropolis/node/core/localstorage/directory_root.go", "new_id": "98eede9c2e367aab43b347706a9350411793129b", "new_mode": 33188, "new_path": "metropolis/node/core/localstorage/directory_root.go" }, { "type": "modify", "old_id": "c1779e941f6e73dde3b6165ab7ed789fd3fe9968", "old_mode": 33188, "old_path": "metropolis/node/core/localstorage/storage_esp.go", "new_id": "8991359c491817635b4e55a12de81ef78c2c4371", "new_mode": 33188, "new_path": "metropolis/node/core/localstorage/storage_esp.go" }, { "type": "modify", "old_id": "d40942d43bd4af9010a7944794df5f1736a45905", "old_mode": 33188, "old_path": "metropolis/node/core/main.go", "new_id": "a3b7f0a43663710da63a80211e604f45c85b3dea", "new_mode": 33188, "new_path": "metropolis/node/core/main.go" }, { "type": "modify", "old_id": "dff5bac21edeb32df822bdf136cc18f542b6ed1b", "old_mode": 33188, "old_path": "metropolis/node/core/mgmt/BUILD.bazel", "new_id": "e683eeeff1c4ac8095177ac8a39c311f65e1d39b", "new_mode": 33188, "new_path": "metropolis/node/core/mgmt/BUILD.bazel" }, { "type": "modify", "old_id": "25727644dae0a11b1f7bc7be292dbd9022c197c5", "old_mode": 33188, "old_path": "metropolis/node/core/mgmt/mgmt.go", "new_id": "a9f597322a3d14a0e399a4321cb7ad4f725c28bd", "new_mode": 33188, "new_path": "metropolis/node/core/mgmt/mgmt.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "28a2a0a6e065576b119eae3d9f5edae2bf45a405", "new_mode": 33188, "new_path": "metropolis/node/core/mgmt/update.go" }, { "type": "modify", "old_id": "abdf8b31549c60125bb1e04e82de53d0fa6a4dc3", "old_mode": 33188, "old_path": "metropolis/node/core/roleserve/BUILD.bazel", "new_id": "ce0b5cc126c00f95f444791db02d2e10757689f2", "new_mode": 33188, "new_path": "metropolis/node/core/roleserve/BUILD.bazel" }, { "type": "modify", "old_id": "0c486d1eebe74832ef5514370f53e4d5c01b63d5", "old_mode": 33188, "old_path": "metropolis/node/core/roleserve/roleserve.go", "new_id": "3140ea8f2cdb0b1f98a2c09410076f8a498fef0b", "new_mode": 33188, "new_path": "metropolis/node/core/roleserve/roleserve.go" }, { "type": "modify", "old_id": "7516f2d359030b7f86fab217d51ff675dbfba3e3", "old_mode": 33188, "old_path": "metropolis/node/core/roleserve/worker_nodemgmt.go", "new_id": "17fd0d4fbc98c9da20772fec71d0520381963499", "new_mode": 33188, "new_path": "metropolis/node/core/roleserve/worker_nodemgmt.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "4bb79150bc8ef677da7e5c0dfc9ab7dfc2d5af46", "new_mode": 33188, "new_path": "metropolis/node/core/update/BUILD.bazel" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "3905036ad0d4b47a4ad9dec8090df2eef3594b8f", "new_mode": 33188, "new_path": "metropolis/node/core/update/e2e/BUILD.bazel" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "7524d2a76ffaf441ed7f748a2fe2c269759d6e6d", "new_mode": 33188, "new_path": "metropolis/node/core/update/e2e/e2e_test.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "79fd0f99520becd4b9b2adbcce9d351c855720ec", "new_mode": 33188, "new_path": "metropolis/node/core/update/e2e/testos/BUILD.bazel" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "b780d17de710acd21ccf8950bde9da827ff56d9c", "new_mode": 33188, "new_path": "metropolis/node/core/update/e2e/testos/main.go" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "03ec153748cdb363f0947da3ab265e54a19cc7a5", "new_mode": 33188, "new_path": "metropolis/node/core/update/e2e/testos/rootfs.fsspec" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "a123ea616894895cd2057c7db6d4169ca5ef607e", "new_mode": 33188, "new_path": "metropolis/node/core/update/e2e/testos/testos.bzl" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "92e2e88627f15cf133bdac64ca2bf1f5ed6535f1", "new_mode": 33188, "new_path": "metropolis/node/core/update/update.go" }, { "type": "modify", "old_id": "5c8905fb0c4f961ee46b1de8b3b0838cef4a6a1a", "old_mode": 33188, "old_path": "metropolis/proto/api/management.proto", "new_id": "80cb19529370700f0a4466d1880c64e2f8d10c0e", "new_mode": 33188, "new_path": "metropolis/proto/api/management.proto" }, { "type": "modify", "old_id": "12780f70372692b47e4dffcaa4a279d1db863283", "old_mode": 33188, "old_path": "metropolis/proto/ext/authorization.proto", "new_id": "208e4b6011e37ae2300ce4d908ae03f8d1c501c6", "new_mode": 33188, "new_path": "metropolis/proto/ext/authorization.proto" }, { "type": "modify", "old_id": "f5fc095c92019b62cfa213a31ac0c76ba3514fe6", "old_mode": 33188, "old_path": "third_party/efistub/external.bzl", "new_id": "ababb53b6ba9ac7cdc853cf35f0237aff797c78d", "new_mode": 33188, "new_path": "third_party/efistub/external.bzl" }, { "type": "add", "old_id": "0000000000000000000000000000000000000000", "old_mode": 0, "old_path": "/dev/null", "new_id": "0e5f369b957cf248927adf067e65694dfc4dd1ae", "new_mode": 33188, "new_path": "third_party/efistub/patches/ab-slot-handling.patch" } ] }