We currently have a bug where we when we go to try a kernel snap revision that
was booted, if it fails verification somehow in the initramfs, we decide to
mount the old kernel snap even though we are running the new kernel snap. This
is problematic for things like kernel modules and firmware which are not
guaranteed to be compatible across kernel snap revisions.
The correct thing to do, which this commit implements, is to request a reboot
from the initramfs when we encounter this situation, as this will indicate to
the bootloader that the boot of the new kernel snap failed and that it should
rollback and boot the old kernel, in which case we will make the correct and
obvious choice in the initramfs to mount/use the old kernel, which fixes the
bug.
We simulate the reboot in tests with a panic.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
We don't actually need to export IsTrySnapError, since only the boot package is
concerned with any error being a try snap error or a normal/fallback snap error.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
Specifically in revisions(). We want to be able to use revisions() from a
function called from snap-bootstrap where we want to be maximally robust, and
this necessitates being able to tell if we failed to get the try snap revision
or the current snap revision. This also means that in the error case for the try
snap revision we should return the current snap regardless.
Also update the doc comment on revisions() to make this slightly non-standard
behavior clear.
Signed-off-by: Ian Johnson <ian.johnson@canonical.com>
