1 |
Michael Mol posted on Wed, 18 Jul 2012 15:18:35 -0400 as excerpted: |
2 |
|
3 |
> On Wed, Jul 18, 2012 at 3:05 PM, Rich Freeman <rich0@g.o> wrote: |
4 |
>> On Wed, Jul 18, 2012 at 2:53 PM, Michael Mol <mikemol@×××××.com> wrote: |
5 |
>>> AFAIK, neither genkernel nor dracut were expected to get tied to the |
6 |
>>> Gentoo update process. Has that changed? |
7 |
>> |
8 |
>> We don't even update kernels as part of the regular update process, let |
9 |
>> alone initramfs systems. |
10 |
>> |
11 |
>> In general you update them together. |
12 |
>> |
13 |
>> The only issue I could see is if problems arise if you have a different |
14 |
>> version of udev in your initramfs than on your system. I don't know if |
15 |
>> that actually causes problems. For the most part after the system is |
16 |
>> booted the initramfs is done its job. |
17 |
> |
18 |
> The most widely touted benefit I've heard for initramfs is its |
19 |
> capability to ease system recovery in case, e.g. a critical filesystem |
20 |
> refuses to mount. With recovery roles come recovery tools, which quickly |
21 |
> extends network-aware tools and a security attack surface. |
22 |
> |
23 |
> Hence why I tend to feel that if an initramfs is going to become the |
24 |
> go-to solution for bootstrapping userland, it's important to consider |
25 |
> the difficulties of keeping the packed tools up-to-date; it's not just a |
26 |
> bootstrap tool, it's also the first recovery option a sysadmin faces. |
27 |
|
28 |
As others have stated, that might be /a/ widely touted benefit, but the |
29 |
reason for initr* being there in the first place, is to solve the |
30 |
otherwise chicken/egg issue of having the tools/modules necessary to |
31 |
mount a filesystem, /on/ that filesystem, since now they're on the initr* |
32 |
as well, and that is maintained with the kernel. |
33 |
|
34 |
But meanwhile, recovery /is/ /a/ widely touted benefit, which really |
35 |
presents its own problem, in the form of a choice: |
36 |
|
37 |
a) automatically update the initr* and get the security benefits but risk |
38 |
breaking the recovery tools when they break with an update to the main |
39 |
system, |
40 |
|
41 |
OR: |
42 |
|
43 |
b) don't automatically update the initr* in ordered to keep a known/ |
44 |
tested-working first recovery mechanism, but at the cost of potentially |
45 |
unfixed security-vulns in the initr* that were already fixed on the main |
46 |
system. |
47 |
|
48 |
Of course (b) is the usual case on an initr* (unless it's one-size-fits- |
49 |
all automatically updated by the distro), due to static linking. So |
50 |
security is already taking second priority to a known-working recovery |
51 |
mechanism, and updating the initr* on a user-configured/managed distro |
52 |
like gentoo pretty much must remain in that user-admin domain. There's |
53 |
simply no way around it, without going the one-size-fits-all-distro- |
54 |
configured route, which by accepted definition isn't palatable to |
55 |
gentooers, or they'd be using something else. |
56 |
|
57 |
So IMO, updating the initr* is and must remain user-admin domain, not |
58 |
something gentoo really can worry about, other than to the extent of |
59 |
making those updates as easy and stupid-mistake-proof as can reasonably |
60 |
be done while still placing the responsibility of actually configuring |
61 |
and maintaining the initr* with the user-admin. |
62 |
|
63 |
-- |
64 |
Duncan - List replies preferred. No HTML msgs. |
65 |
"Every nonfree program has a lord, a master -- |
66 |
and if you use the program, he is your master." Richard Stallman |