cmd/snap-bootstrap: mount base directly on /sysroot

[alfonsosanchezbeato]

Mount the base directly on /sysroot in all UC modes, while for hybrid
we mount /run/mnt/data instead of the /run/mnt/sysroot symlink that
was pointing to the former. With this change we do not need to have
the /run/mnt/base mount anymore.

[alfonsosanchezbeato]

Opening as draft as we will need canonical/core-initrd#265 landed first. As a side note, we should discuss how to handle this initramfs/snap-bootstrap interlocks in an easier way.

[codecov]

Codecov Report

Attention: Patch coverage is 45.87156% with 59 lines in your changes missing coverage. Please review.

Please upload report for BASE (master@6fa2df6). Learn more about missing BASE report.
Report is 59 commits behind head on master.

Files with missing lines	Patch %	Lines
cmd/snap-bootstrap/cmd_initramfs_mounts.go	45.00%	37 Missing and 7 partials ⚠️
cmd/snap-bootstrap/initramfs_systemd_mount.go	48.27%	10 Missing and 5 partials ⚠️

Additional details and impacted files

@@            Coverage Diff            @@
##             master   #14537   +/-   ##
=========================================
  Coverage          ?   78.20%           
=========================================
  Files             ?     1162           
  Lines             ?   154334           
  Branches          ?        0           
=========================================
  Hits              ?   120692           
  Misses            ?    26199           
  Partials          ?     7443           

Flag	Coverage Δ
unittests	78.20% <45.87%> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[pedronis]

will it also perform the mount then?

[alfonsosanchezbeato]

Not really, as the new mount unit has an After=snap-initramfs-mounts.service dependency

[valentindavid]

Will will always have units that need loading? daemon-reload is costly. If we could try to not do it if we did not call writeSysrootMountUnit, then it would be very good.

[alfonsosanchezbeato]

Right, but note that we are always creating the unit in this case (the base is always in the essSnaps slice).

[alfonsosanchezbeato]

I have rebased this PR and added the changes to the initramfs that were previously in a PR in the core-initrd repo.

The changes in snap-bootstrap could need to check for the UC release. It depends on whether we want the initramfs changes to be backported to UC20/22.

[alfonsosanchezbeato]

Right, but note that we are always creating the unit in this case (the base is always in the essSnaps slice).

[alfonsosanchezbeato]

@valentindavid @pedronis this is ready now for review.

[github-actions]

Tue Feb 4 18:30:20 UTC 2025
The following results are from: https://github.com/canonical/snapd/actions/runs/13125002142

Failures:

Preparing:

• google-nested:ubuntu-24.04-64:tests/nested/manual/remodel-min-size

Executing:

• openstack:debian-sid-64:tests/main/microk8s-smoke:edge
• google-nested:ubuntu-24.04-64:tests/nested/manual/recovery-system-reboot:factory_reset
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-pre-download:restart
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-pre-download:close_mid_restart
• openstack:opensuse-tumbleweed-64:tests/main/snap-refresh-hold
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-pre-download:close
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-gating
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-pre-download:ignore
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-backoff
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh:parallel
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh:regular
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-gating-from-snap
• openstack:opensuse-tumbleweed-64:tests/main/auto-refresh-retry
• openstack:opensuse-tumbleweed-64:tests/main/microk8s-smoke:edge
• openstack:opensuse-15.6-64:tests/main/microk8s-smoke:edge
• openstack:opensuse-tumbleweed-64:tests/main/refresh-app-awareness-notify
• google:ubuntu-25.04-64:tests/main/security-device-cgroups:kmsg
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-serial-port
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-required-or-optional
• google:ubuntu-25.04-64:tests/main/cgroup-devices-v2
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-strict-enforced
• google:ubuntu-25.04-64:tests/main/security-device-cgroups:uinput
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-self-manage
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-helper

Restoring:

• openstack:opensuse-tumbleweed-64:tests/main/refresh-app-awareness-notify
• google:ubuntu-25.04-64:tests/main/security-device-cgroups-strict-enforced

[pedronis]

thanks

[pedronis]

is this a spurious left over?

[alfonsosanchezbeato]

It is indeed, removed now, thanks

[alfonsosanchezbeato]

Some debugging has revealed that this was not working anymore because I had removed the static sysroot.mount unit, we have to keep it as daemon-reload does not trigger a full recalculation of dependencies (see systemd/systemd#23034).

[alfonsosanchezbeato]

I have now also restricted the change to systems based on 24.04 or latter - otherwise we would need to wait for changes in the UC20/22 initramfs before releasing a new snapd and that can take some time.

[pedronis]

thanks