Decouple the install tools from the main system as much as possible.

I.e., not only copy them to a scratch dir, but also make them use saved
copies of libraries and locale files.  That gives us several benefits:

1) ABI breakages should no longer affect installworld over the live system.

2) It becomes safe to run installworld while still running the old kernel.
   However, it can be reasonable to save the old /rescue before that to be
   able to run the old reboot(8), as the new binaries are rather likely to
   fail with the old kernel.  Anyhow, it's now possible to upgrade a system
   in a single reboot _reliably_.

3) With a bit of hackery around rtld(8), it becomes possible to do destructive
   cross-installs, e.g., i386->amd64 over the live system.

The only shared item left between the old and new systems is rtld(8),
which cannot be run from a saved copy easily because its full
pathname is stored in the respective field of each ELF executable.
(In theory, that field could be overridden, e.g., from the environment,
but this can lead to security issues.)  That's why a destructive
cross-install isn't possible w/o hackery yet.

Fruitful ideas by:	ru
Reviewed by:		ru
Tested with:		audit(4)
This commit is contained in:
Yaroslav Tykhiy 2007-10-31 09:26:42 +00:00
parent 7773f5ddf9
commit 519bc416ca

View File

@ -159,7 +159,14 @@ XPATH= ${WORLDTMP}/usr/sbin:${WORLDTMP}/usr/bin:${WORLDTMP}/usr/games
STRICTTMPPATH= ${BPATH}:${XPATH} STRICTTMPPATH= ${BPATH}:${XPATH}
TMPPATH= ${STRICTTMPPATH}:${PATH} TMPPATH= ${STRICTTMPPATH}:${PATH}
#
# Avoid running mktemp(1) unless actually needed.
# It may not be functional, e.g., due to new ABI
# when in the middle of installing over this system.
#
.if make(distributeworld) || make(installworld)
INSTALLTMP!= /usr/bin/mktemp -d -u -t install INSTALLTMP!= /usr/bin/mktemp -d -u -t install
.endif
# #
# Building a world goes through the following stages # Building a world goes through the following stages
@ -265,14 +272,16 @@ LIB32IMAKE= ${LIB32WMAKE:NINSTALL=*:NDESTDIR=*} -DNO_INCS
.endif .endif
# install stage # install stage
.if empty(.MAKEFLAGS:M-n) IMAKEENV= ${CROSSENV}
IMAKEENV= ${CROSSENV} \
PATH=${STRICTTMPPATH}:${INSTALLTMP}
.else
IMAKEENV= ${CROSSENV} \
PATH=${TMPPATH}:${INSTALLTMP}
.endif
IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1 IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1
.if empty(.MAKEFLAGS:M-n)
IMAKEENV+= PATH=${STRICTTMPPATH}:${INSTALLTMP} \
LD_LIBRARY_PATH=${INSTALLTMP} \
PATH_LOCALE=${INSTALLTMP}/locale
IMAKE+= __MAKE_SHELL=${INSTALLTMP}/sh
.else
IMAKEENV+= PATH=${TMPPATH}:${INSTALLTMP}
.endif
# kernel stage # kernel stage
KMAKEENV= ${WMAKEENV} KMAKEENV= ${WMAKEENV}
@ -563,6 +572,14 @@ installcheck_UGID:
fi fi
.endfor .endfor
#
# Required install tools to be saved in a scratch dir for safety.
#
ITOOLS= [ awk cap_mkdb cat chflags chmod chown \
date echo egrep find grep install-info \
ln lockf make mkdir mtree mv pwd_mkdb rm sed sh sysctl \
test true uname wc zic
# #
# distributeworld # distributeworld
# #
@ -574,19 +591,20 @@ installcheck_UGID:
# #
distributeworld installworld: installcheck distributeworld installworld: installcheck
mkdir -p ${INSTALLTMP} mkdir -p ${INSTALLTMP}
for prog in [ awk cap_mkdb cat chflags chmod chown \ for prog in ${ITOOLS}; do \
date echo egrep find grep install-info \
ln lockf make mkdir mtree mv pwd_mkdb rm sed sh sysctl \
test true uname wc zic; do \
if progpath=`which $$prog`; then \ if progpath=`which $$prog`; then \
cp $$progpath ${INSTALLTMP}; \ progs="$$progs $$progpath"; \
else \ else \
echo "Required install tool $$prog not found" >&2; \ echo "Required tool $$prog not found in PATH." >&2; \
exit 1; \ exit 1; \
fi; \ fi; \
done done; \
${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//} cp $$progs ${INSTALLTMP}; \
rm -rf ${INSTALLTMP} cp `ldd -f "%p\n" -f "%p\n" $$progs 2>/dev/null | \
sort -u` ${INSTALLTMP}
cp -R $${PATH_LOCALE:-"/usr/share/locale"} ${INSTALLTMP}/locale
${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//}; \
${IMAKEENV} rm -rf ${INSTALLTMP}
# #
# reinstall # reinstall