Add grub entry to boot without overrides (Safe Mode)

[jntesteves]

Is your feature request related to a problem? Please describe. After installing extra software via rpm-ostree overrides, or after an update to these extra packages, things can go wrong, and the user might end up with a broken or unbootable system. Proprietary drivers like that from NVIDIA can easily cause this problem. Fixing the system can be hard for most users, and by trying they can end up creating new broken deployments, at which point no more usable deployments are left, the system is broken almost beyond repair for a normal user.

Describe the solution you'd like Having a "Safe Mode" option on grub that has no overrides would allow a user to get back to a pristine OS version. Users could get back to a working OS no matter how bad they have messed up their system.

This can also facilitate debugging other problems that might arise from overrides or not, since it will be much easier to compare the same system running with and without overrides. For example: NVIDIA users would be able to provide valid kernel bug reports since they would also have an untainted kernel to prove the bug is not NVIDIA's fault (some context: currently, kernel bug reports from tainted kernels are ignored).

Describe alternatives you've considered For most users, the current alternative solution is to reinstall the OS.

Additional context This suggestion came up on a discussion on Reddit (it is a long read, this feature request is only a very small part of it, but I'll post a link to the full text for completion’s sake): https://www.reddit.com/r/Fedora/comments/vr9x1q/dear_silverblue_i_dont_hate_you_but_its_better/

[jlebon]

Interesting idea. The additional GRUB entry should actually be mostly "free" because unless the user is regenerating the initramfs locally or overriding the kernel, the kernel and initramfs will be shared with the default boot option.

Note there is rpm-ostree reset which was intended to address this use case as well. (But yes, it requires a sane deployment to work from).

Another thing we could do is support rpm-ostree being executed from a single-booted system (e.g. https://github.com/coreos/rpm-ostree/pull/3006). Then "recovery" could be:

• boot into single mode
• run rpm-ostree reset --sysroot /sysroot (or anything else you want to try to unbreak)
• reboot

Booting into single mode is documented for FCOS: https://docs.fedoraproject.org/en-US/fedora-coreos/access-recovery/.

[kuba3351]

I think it is not necessary because rpm-ostree is already handling it very well. You can of course install somwthing that will break the system or it can happen when you execute rpm-ostree update and install a bad compose but.. you are executing that from a wotking system and it will be kept as a rollback deployment and you can still easily boot into it. So if uou don't execute things like rpm-ostree cleanup you will have at least one working deployment all the timw by default. So i think it is not nwcessary to implement this.