[Replicant] Enable key-migration.sh to run more than once

Denis 'GNUtoo' Carikli GNUtoo at cyberdimension.org
Sun Oct 11 19:17:57 UTC 2020 

On Sun, 11 Oct 2020 20:07:45 +0200
Denis 'GNUtoo' Carikli <GNUtoo at cyberdimension.org> wrote:

> While this is not strictly needed for the release, it's still good to
> have them as it enables to do more than one key migration.
> 
> The caveat is that if a newly generated script is identical to a
> script that already run, it will not run.
> 
> This is done by computing a checksum of the script and creating
> a file with this checksum the first time that this script runs.
> This way the subsequent times it runs it just exit if that file
> is found, which avoid any unnecessary writes on the data filesystem.
> 
> I don't know if there is a better way to do it that is still somehow
> automatic:
> - Running a script like that at each boot is not great: for instance
>   if the battery runs out at that moment it could corrupt data.
> - Having to manually handle revisions would be a pain to manage as
>   well.
> 
> Note that this script is not only run at each boot but it is also
> expected to be run manually in a recovery.
> 
> Does someone has a better idea? Maybe it's better to run it each
> time? What do you think?
When thinking more about it, removing that check completely probably
makes more sense here.

I finally managed to find people in #lineageos on Freenode that knew
about data/ migration, and I discussed a bit to understand how they
tackle that issue, and during the conversation I realized that sed
wouldn't do any writes if the keys aren't found in the first place.

If we remove the check, running the script manually has almost no risk.
As for running it at each boot, the only issue that could be left would
be that we want to run an application with an old signature. That could
be useful for bisecting issues.

But given that otherwise we cannot run the same script twice, and that
there are very valid uses cases for that like
upgrade->downgrade->upgrade, removing the check completely looks way
better here.

I'll send a v2 for that.

How LineageOS does it:
----------------------
LineageOS has an unofficial signed zip file that has a script that does
almost the same thing: it seds keys but doesn't check if it has already
run.

So users using that are supposed to sideload that zip, which is manual.

As I was told on IRC, with major upgrades (LineageOS 16 -> LineageOS
17) users need to reinstall some applications (or wipe the data/
partition) as the migration script doesn't take care of everything.

References:
-----------
[1]https://blunden.se/migration

Denis.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://lists.osuosl.org/pipermail/replicant/attachments/20201011/82d0114d/attachment-0001.asc>

More information about the Replicant mailing list