[Bug 1233521] [NEW] system-image cannot recover from a partial download without rebooting

[Steve Langasek]

Public bug reported:

In response to bug #1228254, u-d-m now throws a dbus error if it's asked
in unconfined mode for a file that already exists.  This combines with
system-image behavior to make it impossible to recover from a failed
download without rebooting the device. I think system-image needs to
check for already-downloaded files on the system in the expected path,
and either remove them unconditionally for redownload, or spot-verify
their sums and omit any correctly-downloaded files from the request to
u-d-m.

Relatedly, system-image needs to stop using a well-known path under /tmp
for these files.  This needs to move to a root-only directory instead.
(While s-i could use proper tmpdir handling to create a private
directory under /tmp without risking a DoS or symlink attack, this would
have undesirable semantics wrt retries, because subsequent s-i processes
would necessarily be asking u-d-m to download files to different
directories each time.)  From an FHS standpoint, I think the correct
location for these downloads is /var/cache/system-image.  That would
need to be coordinated with lxc-android-config to get this directory
made writable.  Alternatively, the files should just be downloaded
directly to /android/cache/recovery (under an appropriate tmp/"in-
progress" directory name), which would save having to do a cross-
filesystem copy after download.

** Affects: system-image (Ubuntu)
     Importance: High
     Assignee: Barry Warsaw (barry)
         Status: Triaged

** Affects: system-image (Ubuntu Saucy)
     Importance: High
     Assignee: Barry Warsaw (barry)
         Status: Triaged

** Changed in: system-image (Ubuntu)
   Importance: Undecided => High

** Changed in: system-image (Ubuntu)
       Status: New => Triaged

** Also affects: system-image (Ubuntu Saucy)
   Importance: High
       Status: Triaged

** Changed in: system-image (Ubuntu Saucy)
     Assignee: (unassigned) => Barry Warsaw (barry)

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to system-image in Ubuntu.
https://bugs.launchpad.net/bugs/1233521

Title:
  system-image cannot recover from a partial download without rebooting

Status in “system-image” package in Ubuntu:
  Triaged
Status in “system-image” source package in Saucy:
  Triaged

Bug description:
  In response to bug #1228254, u-d-m now throws a dbus error if it's
  asked in unconfined mode for a file that already exists.  This
  combines with system-image behavior to make it impossible to recover
  from a failed download without rebooting the device. I think system-
  image needs to check for already-downloaded files on the system in the
  expected path, and either remove them unconditionally for redownload,
  or spot-verify their sums and omit any correctly-downloaded files from
  the request to u-d-m.

  Relatedly, system-image needs to stop using a well-known path under
  /tmp for these files.  This needs to move to a root-only directory
  instead.  (While s-i could use proper tmpdir handling to create a
  private directory under /tmp without risking a DoS or symlink attack,
  this would have undesirable semantics wrt retries, because subsequent
  s-i processes would necessarily be asking u-d-m to download files to
  different directories each time.)  From an FHS standpoint, I think the
  correct location for these downloads is /var/cache/system-image.  That
  would need to be coordinated with lxc-android-config to get this
  directory made writable.  Alternatively, the files should just be
  downloaded directly to /android/cache/recovery (under an appropriate
  tmp/"in-progress" directory name), which would save having to do a
  cross-filesystem copy after download.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/system-image/+bug/1233521/+subscriptions