2 Oct 2024 |
ElvishJerricco | for non-EFI | 16:51:37 |
ElvishJerricco | oh | 16:51:43 |
ElvishJerricco | no my brain is mush | 16:51:52 |
ElvishJerricco | you said kexec, not hibernate | 16:51:56 |
ElvishJerricco | We should figure out what's up with kexec then. I know it can try to be a user-space systemd-boot implementation for kexec; i.e. reading your ESP and trying to kexec a kernel like systemd-boot / systemd-stub would boot it | 16:53:45 |
ElvishJerricco | But I think it still has other code paths? | 16:54:03 |
aloisw | In reply to @arianvp:matrix.org We document in the manual that it works. But it doesn't. I wonder why this isn't caught by nixos test Unsure if that's what makes it work, but the test does an explicit kexec --load before systemctl kexec . | 16:59:38 |
Arian | Oh yeh that's cheating | 17:01:07 |
Arian | That's what prepare-kexec.service is supposed to do | 17:01:18 |
Arian | (originally) | 17:01:21 |
aloisw | Comes from:
commit c9fbe0d98bd5fb47c15a3d7556b722cf47d42305
Author: Maximilian Bosch <maximilian@mbosch.me>
Date: Mon Oct 25 00:15:56 2021 +0200
nixos/kexec: fix test
So it looks to have been broken for quite some time. | 17:02:43 |
aloisw | Noticed to be broken here:
commit 12e35035f66033cee6ac37a2141f62d80cc9ef8d
Author: Niklas Hambüchen <mail@nh2.me>
Date: Tue Dec 24 16:17:39 2019 +0100
nixosTests.kexec: port to python.
The test did not succeed for me before this commit
(the Perl test hung forever), and this translation exhibits
the same problem.
| 17:03:41 |
Arian | I think I just update the docs instead perhaps. | 17:19:28 |
ElvishJerricco | Arian: Yea, it looks like systemd just unconditionally does it's systemd-boot based kexec with systemctl kexec , but if you use --force that is allowed to fail and then prepare-kexec.service can load the kernel. Or you can just systemctl start kexec.target --job-mode=replace-irreversibly --no-block. | 18:18:00 |
cleverca22 | In reply to @elvishjerricco:matrix.org We should figure out what's up with kexec then. I know it can try to be a user-space systemd-boot implementation for kexec; i.e. reading your ESP and trying to kexec a kernel like systemd-boot / systemd-stub would boot it i also have a nixos installer that goes thru kexec | 19:10:26 |
cleverca22 | its not supposed to respect your /boot/ | 19:10:32 |
cleverca22 | https://github.com/cleverca22/nix-tests/blob/master/kexec/session.md | 19:10:53 |
cleverca22 | the idea, is that you use kexec to jump into a kernel+initrd, where the entire nixos closure is contained within the initrd | 19:11:13 |
cleverca22 | knowing how to play nice with systemd kexec would be handy, but i just whack the "do it now, i dont care about the fs" button currently | 19:11:36 |
cleverca22 | because 90% of the time, your 2 minutes from a total format | 19:11:51 |
ElvishJerricco | cleverca22: Well, you can use systemctl kexec and skip its kernel loading if you load one yourself before running it. Might be slightly practically better, if only to shutdown non disk things better or something | 19:31:10 |
cleverca22 | i'll have to give that a try next time i can | 19:59:55 |
3 Oct 2024 |
Jared Baur | Arian are you able to put together a minimal config that reproduces the issue? | 04:47:25 |
Arian | Yes | 07:43:49 |
| midirhee12 joined the room. | 13:02:05 |
ElvishJerricco | mj: Btw, if you try out the bcachefs unlock generator, I have an idea for it that might make clevis stuff way better, if you want to keep using clevis. Systemd credentials support loading them from sockets; i.e. systemd will talk to a service over a socket to get the secret. I think we could rip out all the clevis stuff and switch to credentials for everything, using systemd-ask-password --credential for password prompting things, and then make a clevis service with sockets for the credentials. Then clevis support wouldn't have to be all entangled with the other modules | 17:12:01 |
ElvishJerricco | whoops, meant to tag mjm. Sorry! | 17:12:14 |
mjm | i like that idea a lot tbh. i probably won't keep using clevis myself once i can use TPM-encrypted systemd credentials for this, but if someone wants to use clevis with tang for this, that seems like a way better way to do it | 17:14:02 |
ElvishJerricco | Yea. I hate to remove clevis support from bcachefs in this PR, so I may end up implementing that before merging this. | 17:14:36 |
ElvishJerricco | I'd really like to eliminate the clevis entanglement | 17:14:49 |