add a rescue/sh sanity check before installworld on the running system

FreeBSD does not guarantee kernel forward compatibility (that is, running a newer userland on an older kernel). The documented upgrade procedure specifies that installkernel should be performed, followed by a reboot and then installworld. As a sanity check when installing onto the running system (DESTDIR is / or unset), attempt to run "sh echo OK" using rescue from the objdir. If rescue fails (e.g., because the system has not been rebooted and the "old" kernel lacks a system call required by the to-be-installed world), abort the installation. This should avoid ino64 foot-shooting when the proper upgrade procedure is not followed. Reviewed by: allanjude, gjb, kib MFC after: 2 weeks Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D10987
2017-05-30 15:51:48 +00:00 · 2017-05-30 15:51:48 +00:00 · bd1c3bad76
commit bd1c3bad76
parent 8b07e00e99
1 changed files with 16 additions and 0 deletions
--- a/Makefile.inc1
+++ b/Makefile.inc1
@ -975,6 +975,22 @@ __installcheck_UGID: .PHONY
 	fi
 .endfor
 .endif
+#
+# If installing over the running system (DESTDIR is / or unset) and the install
+# includes rescue, try running rescue from the objdir as a sanity check.  If
+# rescue is not functional (e.g., because it depends on a system call not
+# supported by the currently running kernel), abort the installation.
+#
+.if !make(distributeworld) && ${MK_RESCUE} != "no" && \
+    (empty(DESTDIR) || ${DESTDIR} == "/") && empty(BYPASS_INSTALLCHECK_SH)
+_installcheck_world: __installcheck_sh_check
+__installcheck_sh_check: .PHONY
+	@if [ "`${OBJTREE}${.CURDIR}/rescue/rescue/rescue sh -c 'echo OK'`" != \
+	    OK ]; then \
+		echo "rescue/sh check failed, installation aborted" >&2; \
+		false; \
+	fi
+.endif

 #
 # Required install tools to be saved in a scratch dir for safety.