| 1 |
Michael Mol posted on Wed, 18 Jul 2012 15:18:35 -0400 as excerpted: |
| 2 |
|
| 3 |
> On Wed, Jul 18, 2012 at 3:05 PM, Rich Freeman <rich0@g.o> wrote: |
| 4 |
>> On Wed, Jul 18, 2012 at 2:53 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 5 |
>>> AFAIK, neither genkernel nor dracut were expected to get tied to the |
| 6 |
>>> Gentoo update process. Has that changed? |
| 7 |
>> |
| 8 |
>> We don't even update kernels as part of the regular update process, let |
| 9 |
>> alone initramfs systems. |
| 10 |
>> |
| 11 |
>> In general you update them together. |
| 12 |
>> |
| 13 |
>> The only issue I could see is if problems arise if you have a different |
| 14 |
>> version of udev in your initramfs than on your system. I don't know if |
| 15 |
>> that actually causes problems. For the most part after the system is |
| 16 |
>> booted the initramfs is done its job. |
| 17 |
> |
| 18 |
> The most widely touted benefit I've heard for initramfs is its |
| 19 |
> capability to ease system recovery in case, e.g. a critical filesystem |
| 20 |
> refuses to mount. With recovery roles come recovery tools, which quickly |
| 21 |
> extends network-aware tools and a security attack surface. |
| 22 |
> |
| 23 |
> Hence why I tend to feel that if an initramfs is going to become the |
| 24 |
> go-to solution for bootstrapping userland, it's important to consider |
| 25 |
> the difficulties of keeping the packed tools up-to-date; it's not just a |
| 26 |
> bootstrap tool, it's also the first recovery option a sysadmin faces. |
| 27 |
|
| 28 |
As others have stated, that might be /a/ widely touted benefit, but the |
| 29 |
reason for initr* being there in the first place, is to solve the |
| 30 |
otherwise chicken/egg issue of having the tools/modules necessary to |
| 31 |
mount a filesystem, /on/ that filesystem, since now they're on the initr* |
| 32 |
as well, and that is maintained with the kernel. |
| 33 |
|
| 34 |
But meanwhile, recovery /is/ /a/ widely touted benefit, which really |
| 35 |
presents its own problem, in the form of a choice: |
| 36 |
|
| 37 |
a) automatically update the initr* and get the security benefits but risk |
| 38 |
breaking the recovery tools when they break with an update to the main |
| 39 |
system, |
| 40 |
|
| 41 |
OR: |
| 42 |
|
| 43 |
b) don't automatically update the initr* in ordered to keep a known/ |
| 44 |
tested-working first recovery mechanism, but at the cost of potentially |
| 45 |
unfixed security-vulns in the initr* that were already fixed on the main |
| 46 |
system. |
| 47 |
|
| 48 |
Of course (b) is the usual case on an initr* (unless it's one-size-fits- |
| 49 |
all automatically updated by the distro), due to static linking. So |
| 50 |
security is already taking second priority to a known-working recovery |
| 51 |
mechanism, and updating the initr* on a user-configured/managed distro |
| 52 |
like gentoo pretty much must remain in that user-admin domain. There's |
| 53 |
simply no way around it, without going the one-size-fits-all-distro- |
| 54 |
configured route, which by accepted definition isn't palatable to |
| 55 |
gentooers, or they'd be using something else. |
| 56 |
|
| 57 |
So IMO, updating the initr* is and must remain user-admin domain, not |
| 58 |
something gentoo really can worry about, other than to the extent of |
| 59 |
making those updates as easy and stupid-mistake-proof as can reasonably |
| 60 |
be done while still placing the responsibility of actually configuring |
| 61 |
and maintaining the initr* with the user-admin. |
| 62 |
|
| 63 |
-- |
| 64 |
Duncan - List replies preferred. No HTML msgs. |
| 65 |
"Every nonfree program has a lord, a master -- |
| 66 |
and if you use the program, he is your master." Richard Stallman |
Archives