On Mon, Nov 14, 2022 at 05:45:33AM -0700, Theo de Raadt wrote:
> Mark Kettenis <[email protected]> wrote:
>
> > > > The installer considers a disk a root disk if 'a' is FFS and contains
> > > > expected files.
> > > >
> > > > Furthermore, unattended upgrades will always install to the first root
> > > > disk that is found.
> > > >
> > > > This works fine on machines with only one root disk, but it quickly
> > > > behaves unexpectedly when having multiple disks/installations in one
> > > > machine.
> > > >
> > > > I run such machines, esp. since fiddling with softraid and installboot.
>
>
> I don't understand the situation.
>
> I suspect you are intentionally creating very weird setups, and now you
> want install script to help people create such weird setups. Then it
> becomes an additional weird thing we must anticipate in the future.
>
> Please show a valid reason why boot are different. It is very hard to
> reason about this when the rest of your email shows an example where
> they are the same.
>
> > > > The installer/sysupgrade experience can definitely be improved here, but
> > > > that takes some consideration.
> > > >
> > > > One requirement, imho, is knowing
> > > > 1. which disk we booted from, i.e.
> > > > from which disk the kernel (/bsd.rd or /bsd.upgrade) was loaded
> > > > 2. which disk the root filesystem is on, i.e.
> > > > likely the same disk holding /home where sysupgrade put the sets
>
> Prove it.
>
Take a machine with multiple disks like this one:
$ sysctl -n hw.product
SolidRun CEX7 Platform
$ dmesg | grep -e ^sd -e ^root
sd0 at scsibus0 targ 1 lun 0: <NVMe, Samsung SSD 970, 2B2Q>
sd0: 238475MB, 512 bytes/sector, 488397168 sectors
sd1 at scsibus1 targ 0 lun 0: <ATA, ST9160511NS, SN04>
naa.5000c5002039b4e8
sd1: 152627MB, 512 bytes/sector, 312581808 sectors
sd2 at scsibus2 targ 0 lun 0: <ATA, ST9160511NS, SN04>
naa.5000c5002070e824
sd2: 152627MB, 512 bytes/sector, 312581808 sectors
sd3 at scsibus3 targ 0 lun 0: <ATA, ST9160511NS, SN04>
naa.5000c500204ada8c
sd3: 152627MB, 512 bytes/sector, 312581808 sectors
root on sd0a (8ae6b6fd29b37541.a) swap on sd0b dump on sd0b
Runnin sysupgrade(8) from sd0 upgrades sd0, as expected.
sd1-3 are softraid chunks hosting a separate installation for testing.
Booting into this
XXX
and sysupgrade'ing from there, however, upgrades sd0, not sd4.
This is because the installer always considers the first root disk it
finds as the one to upgrade, which is certainly not what I intend or
expect when booting/upgrading the softraid installation on sd1-3.
It is probably not that common to have multiple installations/root disks
in one machine, but it isn't "weird" to me, either.
Overwriting the wrong system during an upgrade because the installer
makes too big of an assumption about the first disk is weird to me.
I can post console logs later showing how the installer picks the wrong
disk, if you want.
