There are several ways to reduce the amount of hard drive corruption
during a power failure.
Avoiding writing to a file in the hard drive as
much as possible or mounting a partition read-only is obviously the
best way to prevent any corruption.
However if writing to a hard disk
can't be avoided, there are a few guidelines that will help reduce (but
not completely eliminate) catastrophic corruption:
- Use hard drives that offer an atomic sector update guarantee.
- The filesystem layout on the target systems should be designed
to make sure that the root block and the first block of the root
directory are never written, so that the system can always boot.
The root block holds the inodes for the special filesystem structures
(root directory, .bitmap, .inodes,
.boot and .altboot).
The root directory holds links back to this block.
- Don't store any "working" (i.e. writable) files in the root
directory of any partition.
Use subdirectories one level below the root directory to store
writable/readable "working" files and directories.
- Refrain from creating long filenames (longer than 16 characters),
to avoid writing to the .inodes file.
(This might not always be possible: someone might insert a USB stick
containing MP3 files with long names.)
- Don't update the file's directory entry if the only change is
the access time, by using
io-blk's
noatime option.
- As a general rule, files should be closed, the disk cache should be
flushed, and partitions umounted before shutting down the target
(slay devb-xxx will perform all this).
- Use io-blk's marking=none option on the
block driver to
stop the initial mounting of the partitions from writing to the root
block (i.e. the dirty bit).
This means that it is left up to the customer
to determine if power was lost and the filesystems weren't shut down
correctly.
You can't rely on the dirty bit for this purpose if you use this option.
So you'd need to check the filesystem at the next boot time.