add a rescue/sh sanity check before installworld on the running system

FreeBSD does not guarantee kernel forward compatibility (that is,
running a newer userland on an older kernel).  The documented upgrade
procedure specifies that installkernel should be performed, followed by
a reboot and then installworld.  As a sanity check when installing onto
the running system (DESTDIR is / or unset), attempt to run "sh echo OK"
using rescue from the objdir.  If rescue fails (e.g., because the system
has not been rebooted and the "old" kernel lacks a system call required
by the to-be-installed world), abort the installation.

This should avoid ino64 foot-shooting when the proper upgrade procedure
is not followed.

Reviewed by:	allanjude, gjb, kib
MFC after:	2 weeks
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D10987
This commit is contained in:
emaste 2017-05-30 15:51:48 +00:00
parent 96a186c5ed
commit 8e0d5e00c8

View File

@ -975,6 +975,22 @@ __installcheck_UGID: .PHONY
fi
.endfor
.endif
#
# If installing over the running system (DESTDIR is / or unset) and the install
# includes rescue, try running rescue from the objdir as a sanity check. If
# rescue is not functional (e.g., because it depends on a system call not
# supported by the currently running kernel), abort the installation.
#
.if !make(distributeworld) && ${MK_RESCUE} != "no" && \
(empty(DESTDIR) || ${DESTDIR} == "/") && empty(BYPASS_INSTALLCHECK_SH)
_installcheck_world: __installcheck_sh_check
__installcheck_sh_check: .PHONY
@if [ "`${OBJTREE}${.CURDIR}/rescue/rescue/rescue sh -c 'echo OK'`" != \
OK ]; then \
echo "rescue/sh check failed, installation aborted" >&2; \
false; \
fi
.endif
#
# Required install tools to be saved in a scratch dir for safety.