Update the ESP by creating a tmpdir and RENAME_EXCHANGE

[martinezjavier]

Since Linux v6.0 the vfat filesystem has support for renameat2(..., RENAME_EXCHANGE):

https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=da87e1725ae2

So bootupd could instead of applying the diff files one by one to the destination dir, it could create a temporary dir that is a copy of the existing ESP, apply the diff to that temp dir and finally do an atomic rename exchange of the two directories.

That way, the update mechanism will be safer since it would only require a single renameat2() system call.

[martinezjavier]

openat::Dir already has a local_rename that seems to support this: https://docs.rs/openat/latest/openat/struct.Dir.html#method.local_rename

[cgwalters]

The cost here is write amplification; because FAT doesn't have reflinks, every update to the ESP would require rewriting every file, and a transient doubling of disk space.

[travier]

It looks like local_exchange does what we want in Rust:

• https://docs.rs/openat/latest/src/openat/dir.rs.html#366-377
• https://docs.rs/openat/latest/src/openat/dir.rs.html#540-573

It calls renameat2 with RENAME_EXCHANGE.

[travier]

So the logic would be:

• cp -a fedora .fedora.tmp
  • We start with a copy to make sure to keep all other files that we do not explicitly track in bootupd
• Update the content of .fedora.tmp with the new binaries
• Exchange .fedora.tmp -> fedora
• Remove now "old" .fedora.tmp