Darren J Moffat wrote: > We need to stop "patching" and "hacking" around this issue and solve the > issue with the boot archive inconsistency once and for all. Either by > removing the use of the boot archive completely when booting from disk > (assuming doing so doesn't introduce a boot time regression) or by > ensuring that it is never out of date. The solution to this should > assume that at the time of uadmin we can't write to the root filesystem.
This means either we cannot use a boot archive, or that we need to eliminate the existence of the uadmin command. The former means we need to invent and maintain two separate ways of booting (one for network boot, one for disk based boot), and the later means a rather incompatible change, and still it doesn't take care of the panic during patching problem we have in S10 today. The problem with the boot archive being out of date is inevitable if you allow in-situ modification of any components needed for booting on the live system; this is the way most of our customers patch their S10 systems and there is an unavoidable window of vulnerability here. Note that the "panic during patching problem" isn't solved by getting rid of boot archives, since the components in the filesystem may not form a coherent bootable set anyway. The boot archive merely expands the WoV, and according to Roger, such windows are either open or closed. If you're going to stand on architectural principle, then fix the entire underlying problem, rather than going off on boot archives. Otherwise you're just arguing about what constitutes a more serious problem for the customer - interesting and useful perhaps, but not really architectural. - Bart -- Bart Smaalders Solaris Kernel Performance barts at cyber.eng.sun.com http://blogs.sun.com/barts "You will contribute more with mercurial than with thunderbird."
