From owner-svn-src-head@freebsd.org Tue May 30 15:51:50 2017 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 13109B821FA; Tue, 30 May 2017 15:51:50 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 6565D68497; Tue, 30 May 2017 15:51:49 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id v4UFpmws099489; Tue, 30 May 2017 15:51:48 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id v4UFpmMb099488; Tue, 30 May 2017 15:51:48 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201705301551.v4UFpmMb099488@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Tue, 30 May 2017 15:51:48 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r319219 - head X-SVN-Group: head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 30 May 2017 15:51:50 -0000 Author: emaste Date: Tue May 30 15:51:48 2017 New Revision: 319219 URL: https://svnweb.freebsd.org/changeset/base/319219 Log: add a rescue/sh sanity check before installworld on the running system FreeBSD does not guarantee kernel forward compatibility (that is, running a newer userland on an older kernel). The documented upgrade procedure specifies that installkernel should be performed, followed by a reboot and then installworld. As a sanity check when installing onto the running system (DESTDIR is / or unset), attempt to run "sh echo OK" using rescue from the objdir. If rescue fails (e.g., because the system has not been rebooted and the "old" kernel lacks a system call required by the to-be-installed world), abort the installation. This should avoid ino64 foot-shooting when the proper upgrade procedure is not followed. Reviewed by: allanjude, gjb, kib MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D10987 Modified: head/Makefile.inc1 Modified: head/Makefile.inc1 ============================================================================== --- head/Makefile.inc1 Tue May 30 15:33:27 2017 (r319218) +++ head/Makefile.inc1 Tue May 30 15:51:48 2017 (r319219) @@ -975,6 +975,22 @@ __installcheck_UGID: .PHONY fi .endfor .endif +# +# If installing over the running system (DESTDIR is / or unset) and the install +# includes rescue, try running rescue from the objdir as a sanity check. If +# rescue is not functional (e.g., because it depends on a system call not +# supported by the currently running kernel), abort the installation. +# +.if !make(distributeworld) && ${MK_RESCUE} != "no" && \ + (empty(DESTDIR) || ${DESTDIR} == "/") && empty(BYPASS_INSTALLCHECK_SH) +_installcheck_world: __installcheck_sh_check +__installcheck_sh_check: .PHONY + @if [ "`${OBJTREE}${.CURDIR}/rescue/rescue/rescue sh -c 'echo OK'`" != \ + OK ]; then \ + echo "rescue/sh check failed, installation aborted" >&2; \ + false; \ + fi +.endif # # Required install tools to be saved in a scratch dir for safety.