Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] upgrade and update commands rely on broken semantics of freebsd-update which might lead to broken jails #658

Open
michael-o opened this issue Jan 3, 2024 · 3 comments
Open

[BUG] upgrade and update commands rely on broken semantics of freebsd-update which might lead to broken jails #658

michael-o opened this issue Jan 3, 2024 · 3 comments
Labels
bug Something isn't working

Comments

@michael-o
Copy link

michael-o commented Jan 3, 2024
edited

Describe the bug
Both commands ugprade and update use freebsd-update(8) to update releases and thick jails. Unfortunately, they assume that freebsd-update will rebase all commands on top of the basedir passed, thus fully isolate all operations. It does not. The command is broken in this regard.

See:

It pollutes the jailhost and uses potentially wrong config.

Sources:

Bastille and FreeBSD version (paste bastille -v && freebsd-version -kru output)
0.10.20231013
13.2-STABLE
13.2-STABLE
13.2-STABLE

How did you install bastille? (port/pkg/git)
port

Expected behavior
For release updates/upgrades:

  • pass -f from the release root
  • pass -d outside of release root, but independent of the jailhost, e.g., /var/db/bastille/releases/{release}/freebsd-update/

For thick jail updates/upgrades:

  • pass -j to reduce params
  • pass -f from the jail root
  • pass -d from the jail root (thus the update dir will remain completely inside the jail)

Additional context
Gladly, I have tested the upgrade in a separate host where the jails were shredded. I will refrain from using bastille update/upgrade for now. If desired, I can provide a PR for this.
@michael-o michael-o added the bug Something isn't working label Jan 3, 2024
@michael-o
Copy link
Author

michael-o commented Jan 3, 2024
edited

These worked for me instead:

  • Thick jail upgrade:
freebsd-update -j deblndw013x4v1j -d $(jls -j deblndw013x4v1j -h path | tail -1)/var/db/freebsd-update -f $(jls -j deblndw013x4v1j -h path | tail -1)/etc/freebsd-update.conf -r 13.2-RELEASE upgrade
freebsd-update -j deblndw013x4v1j -d $(jls -j deblndw013x4v1j -h path | tail -1)/var/db/freebsd-update -f $(jls -j deblndw013x4v1j -h path | tail -1)/etc/freebsd-update.conf install
  • Release update:
mkdir -p /var/db/bastille/releases/13.2-RELEASE/freebsd-update
freebsd-update -d /var/db/bastille/releases/13.2-RELEASE/freebsd-update -f /usr/local/bastille/releases/13.2-RELEASE/etc/freebsd-update.conf -b /usr/local/bastille/releases/13.2-RELEASE --currently-running 13.2-RELEASE fetch install
  • Thick jail update:
freebsd-update -j deblndw013x1j -d $(jls -j deblndw013x1j -h path | tail -1)/var/db/freebsd-update -f $(jls -j deblndw013x1j -h path | tail -1)/etc/freebsd-update.conf fetch install

@michael-o
Copy link
Author

FTR: Poudriere properly isolates jail updates: https://github.com/freebsd/poudriere/blob/f2d23984f54b56cb8377302e2deb6ee357d725a2/src/share/poudriere/jail.sh#L293-L303

@michael-o
Copy link
Author

Improvement upstream: https://reviews.freebsd.org/D43700

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@michael-o