From: Ville Ilvonen <ville.ilvonen@unikie.com>
To: Alyssa Ross <hi@alyssa.is>
Cc: discuss@spectrum-os.org
Subject: Re: Development on the Spectrum host
Date: Fri, 19 Aug 2022 09:26:21 +0300 [thread overview]
Message-ID: <5b6a2db2-78cc-ab4a-257c-6695f56f5cd8@unikie.com> (raw)
In-Reply-To: <20220818101713.ls23kzatcfbcbeau@eve>
On 18.8.2022 13.17, Alyssa Ross wrote:
> Okay. Obviously we can support booting with the filesystem mounted
> read-write and no dm-verity. But the problem with that is that then
> changes have to be manually copied back to the source tree. We could
One way to handle this is so that people git clone to the target and
build small incremental changes there.
> try to add some conveniences for that (e.g. a facility to diff the
> modified root filesystem with the orginal version). It still means
> making changes to the compiled system, rather than working on the
> source, but for the kind of changes you're talking about, maybe doing
> it that way and then integrating the changes into the Spectrum source
> at the end wouldn't be too bad?
When installation of development tools to the target is limited,
remotely mounting filesystem (e.g. sshfs) from the development host works.
> Ideally it would be nice to have something like nixos-rebuild switch,
> that can build a new system and then switch into it. But the problem
> is, you have to figure out how to *automatically* take the runtime state
> of the system (the processes and services that are running), and somehow
> carry that over into the new system, where anything could have changed.
> So I'm not sure how we'd do that. NixOS's implementation of this is
> massive, tightly coupled to both NixOS and systemd, and still it's not
> very difficult to get it into a weird state where you need to reboot
> anyway to get an accurate idea of what the change does (or, if you
> don't realise you need to do that, you just think the change hasn't
> worked). If a kernel module has changed, do you try to unload an > reload it? That's pretty complicated to implement, because you have to
> unbind the devices from it, unload the module, then rebind them, and
> even then the module might have had important state that's been lost.
Good examples but there's no one answer to these scenarios. Depends
really much on the case and developer preferences. Often services
restarting is enough, sometimes system reboot is required. Also, people
doing kernel development are usually fairly seasoned and consider which
makes sense to themselves. E.g. kernel modules run reset for the
hardware in init() and scripts/tests can be used to handle
unbind-unload-rebind in driver development. Managing state persistence
over resets or SW updates is an eternity problem. It's an interesting
problem - I studied dynamic software updates and state migration is one
key challenge there. DSU has not taken traction, though. It's tough to
update both code and the runtime state. We have legacy and culture of
restarts.
In critical systems it's designed and handled with hardware, even system
redundancy - not at single component level.
> If the developer is working on that kernel module it's probably okay,
> but what if they're working on something else and just pulled a bunch of
> changes that happened to include a kernel module change? Same with if
> e.g. the Weston service changes, except in that case we have no way to
> restore the previous state. So either we choose not to automatically
> restart Weston, in which case we're not really running the new system,
> but a weird hybrid that may have bugs not present in either the old or
> new system, or we do restart Weston, and risk an unsuspecting user
> losing their whole windowing session.
True. In these scenarios I've learned not to try to cover every possible
scenario on behalf of other people. Developers are smart and they
understand and learn constraints of system changes.
> If there's a way we could make this work well, I'm open to it, but it's
> not at all obvious to me what that would look like.
Given above, I try to keep this at high level design.
Two configurations:
a. development - enables development, testing and debugging with caveats
b. user - immutable, hardened, strong security promises
Now we have b. which makes a. by design impossible *on target*, making
development iterations slow. The question is if we want to generally
enable a. and then say - "there it is for anyone who needs it".
Best, -Ville
prev parent reply other threads:[~2022-08-19 6:26 UTC|newest]
Thread overview: 7+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-08-16 15:50 HW identification and configuration on Spectrum Ville Ilvonen
2022-08-17 7:52 ` Alyssa Ross
2022-08-17 13:25 ` Ville Ilvonen
2022-08-17 13:39 ` Alyssa Ross
2022-08-18 9:15 ` Ville Ilvonen
2022-08-18 10:17 ` Development on the Spectrum host Alyssa Ross
2022-08-19 6:26 ` Ville Ilvonen [this message]
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=5b6a2db2-78cc-ab4a-257c-6695f56f5cd8@unikie.com \
--to=ville.ilvonen@unikie.com \
--cc=discuss@spectrum-os.org \
--cc=hi@alyssa.is \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).