Greenboot, the health check tool originally written in bash, is getting a rewrite in Rust, courtesy of engineers at Red Hat. This useful tool started in mid‑2018 as a Google Summer of Code project for Fedora IoT, designed to keep atomically updated systems from self-destructing after a bad update.
At its heart, Greenboot is a framework that hooks into systemd to run health checks every time a machine boots. It looks for scripts in specific directories; anything in /etc/greenboot/check/required.d/ absolutely must pass. If a required script fails, Greenboot triggers a reboot to retry.
After a few failed attempts, it executes scripts in /etc/greenboot/red.d/ and initiates a system rollback to the last known-good deployment, preventing an update from bricking your system. When all required checks succeed, it runs scripts from /etc/greenboot/green.d/ and marks the boot as successful by setting a GRUB environment variable. This whole process is kicked off by the greenboot-healthcheck.service before systemd's normal boot-complete.target is reached.
As for why Red Hat is choosing this rewrite, it comes down to creating a more robust and secure utility. This is definitely not the only *-rs tool rewrite we have seen lately; you have probably heard about sudo-rs, which is a project to build a memory-safe replacement for the classic sudo utility. Building these fundamental system components in a memory-safe language like Rust helps eliminate entire categories of security vulnerabilities.
According to the official Fedora change proposal, the rewrite expands support for both bootc and rpm-ostree based systems, whereas the original Bash version was built only for rpm-ostree. Red Hat developers have submitted a proposal to ship this new Rust version in Fedora 43. According to Phoronix, while the plan still needs a final vote from the Fedora Engineering and Steering Committee, it looks very likely to be approved. For current Fedora IoT users, the change promises to be a simple, seamless upgrade.
0 Comments
Load the comments and join the conversation!
Read the comments, ask the editors questions, show respect and join the conversation.