storage: Confirmation before erasing non-empty filesystems #20272
Conversation
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
7 times, most recently
from
5803fbe to
1acb017
Compare
|
Here's some revised mockups that streamline things:
This is all assuming we detect data like we talked about yesterday. That is, show the warning only if:
Examples:
This would let Cockpit not get in the way when someone is adding and removing partitions, but it also would protect someone from accidentally losing data. We should use this general pattern for initializing the disk, formatting a partition, and anything else that would probably cause someone to lose data on a partition like this. Although we should rework the warning area a little with regard to the text (and probably table too). Open questions:
|
Thanks! I think we should split the parts out that are general improvements to the "Initialize disk" dialog. They might even happen as part of #19882. |
|
I think "a partition on this disk" is too specific, there are other cases like LVM2 logical volumes. What about "Important data might be deleted" as the header? |
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
from
1acb017 to
e75d76d
Compare
|
@garrett, looks like this now:
The text of the "important data" section pretty small. This is the result of using The gap between the table and the checkbox line is because the table is in the dialog body, while the checkbox line is in the footer. |
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
2 times, most recently
from
61d25c4 to
6aa6559
Compare
This has been implemented in #19882.
This has been implemented here.
This has been partly implemented here (for the "important data" table), and will be completed in #19882.
@garrett, I don't understand this, can you elaborate? |
I did this in #19882. |
I am reluctant to implement this. We would have to identify all places in Cockpit where things get created. That's of course possible, but I hope we can find a more straighforward rule to determine whether to show the warning or not, a rule that doesn't require us to gather information as the user is using Cockpit. That would be more robust. Right now the rule is:
My hope is that encrypted devices that are created by Cockpit will remain open during the installation process. The idea behind the list of recognized filesystem types is to avoid trying to mount unusual filesystems that might be supported by the kernel, but are maybe buggy. |
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
from
6aa6559 to
bcecc43
Compare
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
2 times, most recently
from
dd4eff0 to
219c595
Compare
| } | ||
| if (client.in_anaconda_mode() && !expect_single_unmount && u.block) { | ||
| if (u.block.IdUsage == "filesystem" && | ||
| ["xfs", "ext2", "ext3", "ext4", "btrfs", "vfat", "ntfs"].indexOf(u.block.IdType) >= 0) { |
There was a problem hiding this comment.
Are these all the filesystems udisks supports? If so Cockpit should already have a list of them somewhere right? Or can't we get this from udisks? Like http://storaged.org/doc/udisks2-api/latest/gdbus-org.freedesktop.UDisks2.Manager.html#gdbus-property-org-freedesktop-UDisks2-Manager.SupportedFilesystems
There was a problem hiding this comment.
Are these all the filesystems udisks supports?
No, the idea is to only mount a small number of well-known filesystems, instead of just throwing everything that we find at the kernel.
There was a problem hiding this comment.
Ok! That sounds a bit weird:
[jelle@t14s][~/projects/cockpit-project.github.io]%busctl get-property org.freedesktop.UDisks2 /org/freedesktop/UDisks2/Manager org.freedesktop.UDisks2.Manager SupportedFilesystems
as 12 "ext2" "ext3" "ext4" "xfs" "vfat" "ntfs" "f2fs" "nilfs2" "exfat" "btrfs" "udf" "swap"
This seems almost what we want imo.
| dev=$1 | ||
|
|
||
| need_unmount="" | ||
| mp=$(findmnt -no TARGET "$dev" | cat) |
There was a problem hiding this comment.
That cat seems unnecessary:
[jelle@t14s][~/projects/cockpit/main]%x=$(findmnt -no TARGET /dev/nvme0n1p1)
[jelle@t14s][~/projects/cockpit/main]%echo $x
/boot
There was a problem hiding this comment.
It protects against the exit code of findmnt. When $dev is not mounted, findmnt exits with code 1, which would stop the script because of set -e. In a pipeline, the last sub-command determines the exit code of the while pipeline, and cat always exits with 0.
| # A filesystem is empty if it only has directories in it. | ||
|
|
||
| first=$(find "$mp" -not -type d | head -1) | ||
| info=$(stat -f -c '{ "unit": %S, "free": %f, "total": %b }' "$mp") |
There was a problem hiding this comment.
Neither of these commands is allowed to fail as then we will exit and never unmount if needed. So maybe we should use a trap for that.
(I can only get find to fail when not running as root for example but maybe it can fail on broken symlinks or pipes as root?)
There was a problem hiding this comment.
So maybe we should use a trap for that.
Good point!
|
Are the screenshots up to date? They still vary wildly from the mockups in several ways. |
Yes.
Many of the changes are in #19882. I have changed some of your UI text:
Also, I left the action out of the confirmation text since the confirmation is used with more than just initializing disks: "I confirm I want to lose this data forever". |
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
from
219c595 to
70f3eb3
Compare
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
4 times, most recently
from
a8dca89 to
3c8f4ff
Compare
|
This PR causes pixel test failures in Anaconda. Not sure how we handle this situation... |
I wasn't able to push the new pixel references to rhinstaller/anaconda-webui. |
Oh, that sounds like a permission issue? I can probably push that as I am still in the rhinstaller team. |
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
from
3c8f4ff to
5951121
Compare
But only in Anaconda mode.
mvollmer
force-pushed
the
storage-extra-warning-for-non-empty-filesystems
branch
from
5951121 to
1cf9fd4
Compare
| } catch { | ||
| u.data_warning = _("Device contains unrecognized data"); |
There was a problem hiding this comment.
These 2 added lines are not executed by any test.
| @@ -68,7 +68,7 @@ export function make_legacy_vdo_page(parent, vdo, backing_block, next_card) { | |||
| } | |||
| }, | |||
| Inits: [ | |||
| init_active_usage_processes(client, usage) | |||
| init_teardown_usage(client, usage) | |||
There was a problem hiding this comment.
This added line is not executed by any test.
| @@ -130,7 +130,7 @@ | |||
| } | |||
| }, | |||
| Inits: [ | |||
| init_active_usage_processes(client, usage) | |||
| init_teardown_usage(client, usage) | |||
There was a problem hiding this comment.
This added line is not executed by any test.
|
What happened to all the changes I detailed that should happen? This shouldn't have been merged. I don't see any follow-up either. |
But only in Anaconda mode.
Demo: https://youtu.be/EYU2jzDI0gk
Storage: Extra confirmation before deleting non-empty partitions in Anaconda's Web UI
When using Cockpit to manually configure storage during installation with the Web UI version of the Anaconda installer, operations typically involve empty partitions. For instance, someone might delete and recreate a partition with a different size or filesystem type. Since no actual data is deleted in these cases, such actions are usually harmless.
However, existing partitions with valuable data or other operating systems might also be present. To prevent accidental deletion, Cockpit now checks for files within a partition before deleting it and asks for additional confirmation if files are found.