Page MenuHomeFreeBSD
Differential D10987

add a rescue/sh sanity check for installing on the running system
ClosedPublic
Actions

Authored by emaste on May 30 2017, 2:08 AM.
Tags
None
Referenced Files
Unknown Object (File)
Tue, Apr 2, 12:45 AM
Unknown Object (File)
Mar 7 2024, 10:15 AM
Unknown Object (File)
Dec 23 2023, 2:56 AM
Unknown Object (File)
Nov 15 2023, 9:35 PM
Unknown Object (File)
Nov 10 2023, 4:40 PM
Unknown Object (File)
Nov 10 2023, 12:09 PM
Unknown Object (File)
Nov 8 2023, 4:46 PM
Unknown Object (File)
Nov 8 2023, 12:13 PM
View All 27 Files
Subscribers
peter

Details

Reviewers
bdrewery
imp
jhb
kib
allanjude
gjb
Commits
rS319219: add a rescue/sh sanity check before installworld on the running system
Summary

FreeBSD does not guarantee kernel forward compatibility (that is, running a newer userland on an older kernel). The documented upgrade procedure specifies that installkernel should be performed, followed by a reboot and then installworld. As a sanity check when installing onto the running system (DESTDIR is / or unset), attempt to run the objdir rescue "sh echo OK" as a sanity check before proceeding with installworld. If rescue fails (e.g., because the system has not been rebooted and the "old" kernel lacks a system call required by the to-be-installed world), abort the installation.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

emaste created this revision.May 30 2017, 2:08 AM
emaste updated this revision to Diff 28996.May 30 2017, 2:20 AM
  • correct make target (_installcheck_world with only one leading _)
  • use false instead of exit 1 as elsewhere
allanjude accepted this revision.May 30 2017, 2:29 AM

Seems like a reasonable approach, I like this idea.

This revision is now accepted and ready to land.May 30 2017, 2:29 AM
emaste added a subscriber: peter.May 30 2017, 2:52 AM
kib edited edge metadata.EditedMay 30 2017, 8:42 AM

Checking rescue is a good idea. But with the direct exec mode in ld-elf.so.1 it is easy to run real sh with real libraries from the target environment, activated by real dynamic linker. Since ld-elf.so.1 is involved into the test, the check is even more useful for safety insurance.

Also, I think that there are some minor but important cases where a knob to disable the checks would be useful. Like -DI_KNOW_WHAT_I_DO_THANKS.

emaste updated this revision to Diff 29003.May 30 2017, 10:44 AM
emaste edited edge metadata.

Add a bypass knob as requested by kib

This revision now requires review to proceed.May 30 2017, 10:44 AM
emaste added a comment.May 30 2017, 10:48 AM

But with the direct exec mode in ld-elf.so.1 it is easy to run real sh with real libraries from the target environment, activated by real dynamic linker.

Oh, a really good point. I'd like to get this simple change in as soon as possible to prevent foot-shooting as folks continue to upgrade past ino64, and then revisit this to introduce a more extensive test like that.

emaste added a comment.May 30 2017, 1:20 PM

ktrace /usr/obj/usr/src/rescue/rescue/rescue sh -c 'echo OK' shows invocations of the new fstatat syscall.

gjb accepted this revision.May 30 2017, 3:31 PM
This revision is now accepted and ready to land.May 30 2017, 3:31 PM
kib accepted this revision.May 30 2017, 3:37 PM
Closed by commit rS319219: add a rescue/sh sanity check before installworld on the running system (authored by emaste). · Explain WhyMay 30 2017, 3:51 PM
This revision was automatically updated to reflect the committed changes.
bdrewery edited edge metadata.Jun 1 2017, 8:58 PM

Very nice.

Revision Contents
Changeset List

PathSize
head/
16 lines

Diff 29018

View Options

head/Makefile.inc1

Loading...