Decouple the install tools from the main system as much as possible.
I.e., not only copy them to a scratch dir, but also make them use saved copies of libraries and locale files. That gives us several benefits: 1) ABI breakages should no longer affect installworld over the live system. 2) It becomes safe to run installworld while still running the old kernel. However, it can be reasonable to save the old /rescue before that to be able to run the old reboot(8), as the new binaries are rather likely to fail with the old kernel. Anyhow, it's now possible to upgrade a system in a single reboot _reliably_. 3) With a bit of hackery around rtld(8), it becomes possible to do destructive cross-installs, e.g., i386->amd64 over the live system. The only shared item left between the old and new systems is rtld(8), which cannot be run from a saved copy easily because its full pathname is stored in the respective field of each ELF executable. (In theory, that field could be overridden, e.g., from the environment, but this can lead to security issues.) That's why a destructive cross-install isn't possible w/o hackery yet. Fruitful ideas by: ru Reviewed by: ru Tested with: audit(4)
This commit is contained in:
parent
7773f5ddf9
commit
519bc416ca
@ -159,7 +159,14 @@ XPATH= ${WORLDTMP}/usr/sbin:${WORLDTMP}/usr/bin:${WORLDTMP}/usr/games
|
|||||||
STRICTTMPPATH= ${BPATH}:${XPATH}
|
STRICTTMPPATH= ${BPATH}:${XPATH}
|
||||||
TMPPATH= ${STRICTTMPPATH}:${PATH}
|
TMPPATH= ${STRICTTMPPATH}:${PATH}
|
||||||
|
|
||||||
|
#
|
||||||
|
# Avoid running mktemp(1) unless actually needed.
|
||||||
|
# It may not be functional, e.g., due to new ABI
|
||||||
|
# when in the middle of installing over this system.
|
||||||
|
#
|
||||||
|
.if make(distributeworld) || make(installworld)
|
||||||
INSTALLTMP!= /usr/bin/mktemp -d -u -t install
|
INSTALLTMP!= /usr/bin/mktemp -d -u -t install
|
||||||
|
.endif
|
||||||
|
|
||||||
#
|
#
|
||||||
# Building a world goes through the following stages
|
# Building a world goes through the following stages
|
||||||
@ -265,14 +272,16 @@ LIB32IMAKE= ${LIB32WMAKE:NINSTALL=*:NDESTDIR=*} -DNO_INCS
|
|||||||
.endif
|
.endif
|
||||||
|
|
||||||
# install stage
|
# install stage
|
||||||
.if empty(.MAKEFLAGS:M-n)
|
IMAKEENV= ${CROSSENV}
|
||||||
IMAKEENV= ${CROSSENV} \
|
|
||||||
PATH=${STRICTTMPPATH}:${INSTALLTMP}
|
|
||||||
.else
|
|
||||||
IMAKEENV= ${CROSSENV} \
|
|
||||||
PATH=${TMPPATH}:${INSTALLTMP}
|
|
||||||
.endif
|
|
||||||
IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1
|
IMAKE= ${IMAKEENV} ${MAKE} -f Makefile.inc1
|
||||||
|
.if empty(.MAKEFLAGS:M-n)
|
||||||
|
IMAKEENV+= PATH=${STRICTTMPPATH}:${INSTALLTMP} \
|
||||||
|
LD_LIBRARY_PATH=${INSTALLTMP} \
|
||||||
|
PATH_LOCALE=${INSTALLTMP}/locale
|
||||||
|
IMAKE+= __MAKE_SHELL=${INSTALLTMP}/sh
|
||||||
|
.else
|
||||||
|
IMAKEENV+= PATH=${TMPPATH}:${INSTALLTMP}
|
||||||
|
.endif
|
||||||
|
|
||||||
# kernel stage
|
# kernel stage
|
||||||
KMAKEENV= ${WMAKEENV}
|
KMAKEENV= ${WMAKEENV}
|
||||||
@ -563,6 +572,14 @@ installcheck_UGID:
|
|||||||
fi
|
fi
|
||||||
.endfor
|
.endfor
|
||||||
|
|
||||||
|
#
|
||||||
|
# Required install tools to be saved in a scratch dir for safety.
|
||||||
|
#
|
||||||
|
ITOOLS= [ awk cap_mkdb cat chflags chmod chown \
|
||||||
|
date echo egrep find grep install-info \
|
||||||
|
ln lockf make mkdir mtree mv pwd_mkdb rm sed sh sysctl \
|
||||||
|
test true uname wc zic
|
||||||
|
|
||||||
#
|
#
|
||||||
# distributeworld
|
# distributeworld
|
||||||
#
|
#
|
||||||
@ -574,19 +591,20 @@ installcheck_UGID:
|
|||||||
#
|
#
|
||||||
distributeworld installworld: installcheck
|
distributeworld installworld: installcheck
|
||||||
mkdir -p ${INSTALLTMP}
|
mkdir -p ${INSTALLTMP}
|
||||||
for prog in [ awk cap_mkdb cat chflags chmod chown \
|
for prog in ${ITOOLS}; do \
|
||||||
date echo egrep find grep install-info \
|
|
||||||
ln lockf make mkdir mtree mv pwd_mkdb rm sed sh sysctl \
|
|
||||||
test true uname wc zic; do \
|
|
||||||
if progpath=`which $$prog`; then \
|
if progpath=`which $$prog`; then \
|
||||||
cp $$progpath ${INSTALLTMP}; \
|
progs="$$progs $$progpath"; \
|
||||||
else \
|
else \
|
||||||
echo "Required install tool $$prog not found" >&2; \
|
echo "Required tool $$prog not found in PATH." >&2; \
|
||||||
exit 1; \
|
exit 1; \
|
||||||
fi; \
|
fi; \
|
||||||
done
|
done; \
|
||||||
${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//}
|
cp $$progs ${INSTALLTMP}; \
|
||||||
rm -rf ${INSTALLTMP}
|
cp `ldd -f "%p\n" -f "%p\n" $$progs 2>/dev/null | \
|
||||||
|
sort -u` ${INSTALLTMP}
|
||||||
|
cp -R $${PATH_LOCALE:-"/usr/share/locale"} ${INSTALLTMP}/locale
|
||||||
|
${_+_}cd ${.CURDIR}; ${IMAKE} re${.TARGET:S/world$//}; \
|
||||||
|
${IMAKEENV} rm -rf ${INSTALLTMP}
|
||||||
|
|
||||||
#
|
#
|
||||||
# reinstall
|
# reinstall
|
||||||
|
Loading…
Reference in New Issue
Block a user