Update flash update to be useable at runtime. #297
Merged
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
mdmillerii
force-pushed
the
runtime-update
branch
from
b822a56
to
7761556
Compare
mdmillerii
force-pushed
the
runtime-update
branch
from
7761556
to
6778f0b
Compare
mdmillerii
force-pushed
the
runtime-update
branch
from
6778f0b
to
b22d053
Compare
mdmillerii
force-pushed
the
runtime-update
branch
from
b22d053
to
5e538fe
Compare
mdmillerii
force-pushed
the
runtime-update
branch
from
5e538fe
to
e1e8460
Compare
The generate_flash_image step was creating a file then using dd to fill in the pieces, but missed adding the conv=notrunc flag, so each step was shortening the file to its output. Add the forgotten conversion flag to each dd command. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Because the recipe was named with trailing part init instead of initfs, the package didn't match the package name requiring PROVIDES, RPROVIDES and other bitbake workarounds. Fix the recipe name to match the package removing the overly verbose packaging. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Print an error from the shutdown script when the update fails. Update is changing to return codes when its preconditions are not met, so be more verbose about its success to provide a means to debug flash updates not occurring. We could add a sulogin or sushell but its not clear what would be desired here. If so the message should include "rmdir /oldroot to get a PID 1 shell" like /takever works in init. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
When update was written it was exec'd from the shutdown script and hence took over pid 1. Since exiting in that environment was a panic situation, the script instead started a rescue shell with its output presumably on the console. The calling convention was updated to be a simple invocation in commit dbacf10 ("obmc-initfs: run update as a sub-script") but the error handling was not updated. That error handling is now becoming a hindrance to use from additional environments so change it. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
If there were no files in the read-write overlay file system that were in the persistent file list, then the save directory will not be created and therefore not exist. Skip attempting copying the non-existent directory in that case to avoid the error message. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Make sure all error messages start with the tag ERROR and its printed to stderr by creating an echoerr function. Previously one case had the file descriptors backwards in the redirection. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Provide a way to check if update is likely to succeed without attempting actual updates. This will check the image names correspond to mtd partition names, and will be enhanced with additional checking for file size and individual partition mounts. This is not called --dry-run because it will still do file save and restore if those are enabled. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Instead of checking for any mtd device, only check mtd devices that are to be updated. Include child mtd devices when looking for mounted filesystems. If this check is suppressed flash updates are suppressed. Suppressing the check may be useful to verify a update could succeed at shutdown. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
The flashcp command will check the file size vs the partition size, so add a check when looking at images. Use stat -L -c "%s" to get the file size, and compare it to the mtd size from the sysfs size attribute. If this check is suppressed the enforcement is left to flashcp. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Now that update is intended for use at runtime and not just by the init and shutdown scripts, add a short help message listing the options so people don't have to understand how to read shell. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Allow an initrd image to include options for init while still allowing additional options to come from the kernel command line and/or u-boot environment variables. This will allow building a netboot image that can specify to run from RAM while allowing the command line to initiate debug or skip copying files from the read-write overlay file system. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Create a cpio containing the base read-only image, and create a single combined initramfs image consisting of the image-rofs and the existing initramfs. There has been a desire to have a self contained netboot image present for developer testing and experimentation. The init script already supports having the rofs layer sourced from a file packaged into the initramfs, and will use it if found. While this image will not fit in the current flash layout in the initrd space, it will load over the network. This method leaves the squashfs compressed in RAM, decompreses is invoked as needed at runtime, trading boot time and memory space for runtime decompress on demand. This will also give similar file access overheads and performance to reading the data from flash. Because the rofs is already compressed with xz compression, don't try to compress this cpio (the cpio packaging adds about 40 bytes of ascii before and after, plus some alignment padding). Because the kernel requires uncompressed cpios to appear on a 4-byte boundary with 0 byte fill between archives, place this cpio first in the combined image. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Notify the user if image wildcard expansion fails instead of printing message about failing to find partition to flash. The update script errors with the message that it can't figure out what partition to flash for /run/initramfs/image-* if there are no images pending. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Repeatedly strip trailing "/" and "/." from whitelist entries and fail if an entry includes "/../", ends with "/..", or doesn't start with a "/". Also use the entries quoted to avoid any glob. It was noticed the save code was saving directories that ended in "/" into a subdirectory of the last component name. This was traced the the code creating the directory just stripping the last "/" and then copying to the directory. Choose to sanitize the entry where possible for ease of use verses a small performance penalty. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
Remove the trailing / so that the update script doesn't have to loop. It was determined the trailing slash confused the code that makes the save subdirectory. The update script was fixed but this removes the extra work needed. Signed-off-by: Milton Miller <miltonm@us.ibm.com>
mdmillerii
force-pushed
the
runtime-update
branch
from
e1e8460
to
a6e6d0c
Compare
spinler
pushed a commit
to spinler/openbmc
that referenced
this pull request
Nov 15, 2022
ManojKiran Eda (1): Fix topology links for flett and pcie switch (openbmc#297) Reed Frandsen (1): Merge pull request openbmc#299 from sagisin/pldm_SAP_HANA Matt Derksen (2): Support BIOS control of max freq setting (for HANA) Remove hana from hb_cap_hana_freq_mhz attributes sagisin (1): PLDM:Wait on the Software Updater (openbmc#296) Change-Id: I718d9703fb2bbe0a125ca51e28a7afeac9ef8728
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
The underlying storage for a file system can not be updated when it is in use. The initial solution was to update the flash as the system was being shutdown, with output to the console.
Updates were made to the init script that allows the flash to not be used for a given boot but the update script was not enhanced to make this user friendly, and no documentation was provided to prepare the system for this mode.
This series partially addresses #293 by enhancing the update script to
Two patches in this series provide fixes #378 in different ways:
whitelistIn addition the series provides
0xffcharacters as intended.init-options-baseinto the initramfs providing options toinitwhile allowing additional sources of options like the kernel command line.initramfs-netboot.cpio.u-bootfor loading over the network.These last two are intended to ease creating and using images for alternate network based deployment and testing, using the features and option parsing already in the
initscript.This change is
This update addresses several review comments and fixes some spelling errors. The changed
lines compared to the previous version were exercised.