On Aug 15, Simon McVittie <s...@debian.org> wrote: > Doing what usrmerge does from a maintainer script is pretty scary from a > robustness/interruptability point of view. Without my Technical Committee > hat on, one route that I think should be considered is deferring the > migration until the next boot and doing it from the initramfs, so that > nothing else will be concurrently writing to the root filesystem. In terms I have tried that in the initramfs branch of the usrmerge repository but I was never able to actually make it work, probably because I do not know initramfs-tools well enough. And I have not been motivated to spend any more time on it since the issue with systemd's sandboxing has been solved in other ways. But I had been thinking a lot about how usrmerge works when I originally wrote it and I do not think that "something else concurrently writing to the root filesystem" is an actual concern because only the package manager is supposed to modify /bin, /sbin and /lib* and at that time it is intrinsecally locked by usrmerge being installed. And just to be sure, before the old directories are deleted the program checks that they only contain symlinks.
There is a genuine race while the symlink farms directories are being replaced by the final symlink and I have described a possible race-free solution, but I do not think that the added complexity would be justified because the worst thing that could happen is that a program being run at that exact time will fail to start. BTW: the usrmerge package has been in the archive for 6 years now. -- ciao, Marco
signature.asc
Description: PGP signature
