Subject: Re: /rescue, crunchgen'ed?
To: Andrew Brown <>
From: John Franklin <>
List: current-users
Date: 08/31/2002 09:25:51
On Fri, Aug 30, 2002 at 10:16:56AM -0400, Andrew Brown wrote:
> >My netwinder has a completely separate 'rescue' partition, that has a 
> >kernel and a minimal set of tools.  The idea is that you *never* update 
> >that (or only very rarely); you never mount it normally either.  Then when 
> >things really go pear shaped you tell the BIOS to boot from that instead 
> >of the normal partition and mount your screwed up world on that so that 
> >you can fix it all up.
> >
> >The main advantage of that approach is that it avoids some of the cases 
> >where you've screwed up /dev, say, and can nolonger boot from your main 
> >partition at all.  But the cost is more disk space since you need a 
> >kernel, /etc, and other bits and bobs on it.
> >
> >It's sort of like a 'floppy on the hard disk'.
> sorta like keeping a copy of the install kernel with the md filesystem
> and the crunchgen'ed binary install tools in the root of each
> partition so that you can boot from anywhere and have a toolset to fix
> stuff...

As a matter of policy on mission critical systems, I fully endorse a
root-a/root-b scheme where one is active and the other is in case of
failure.  Updates can be installed to the inactive partition, leaving
the existing active partition if things go poorly.  This is,
incidentally, how TiVo performs updates.

On home-user machines, this is probably overkill.  But I don't like the
idea of a single crunchgen'd rescue either.  While this may seem
hypocritical, I *would* endorse a rescue kernel with md image.  

The reasons I support this are:

1. It can live in /kernels, which we should probably have anyway.
NetBSD can boot from /netbsd as a hardlink to the default kernel on all
systems, and as a symlink on most, if not all.

2. Booting the rescue kernel has the same general procedure on all
ports: follow the existing port-specific boot procedure to boot the
alternate kernel.

3. The rescue kernel can be put on removable media.  It doesn't have to
live on your drive.  It can be a standard release kernel with a
verifiable MD5 signature.

4. It doesn't matter if the binaries are dynamic or static: the
libraries are in the md image.

5. It's a cleaner solution.

John Franklin
ICBM: 3543'56"N 7853'27"W