freebsd-update assumes that the system is using a "shallow" boot environment as created by the Auto ZFS option to bsdinstall(8). However, the zfsbe rc(8) script also supports a "deep" boot environment in which the boot environment is divided into subordinate datasets. (I am using the terms defined in bectl(8) at "Boot Environment Structures.") In deep boot environments, The action taken by freebsd-update (bectl create) results in an empty copy of the ROOT dataset that holds the subordinate datasets. In other words, freebsd-update is backing up the wrong thing, and therefore there is no backup of the real boot environment, contrary to expectations. This is unhelpful at best, and at worst provides a false sense of security should a restore be necessary. What should happen is that freebsd-update should determine if this is a shallow or deep boot environment. In the latter case, it should instead run "bectl create -r" to correctly back up the deep boot environment. Thank you for a useful utility.
(In reply to cmh from comment #0) Correction to paragraph 2 of original report (apologies hit send too quickly): In deep boot environments, the action taken by freebsd-update (bectl create) results in >>>>a copy of the ROOT dataset without the subordinate datasets. In other words, freebsd-update is creating a partial backup, and there is no full backup of the boot environment, contrary to expectations.<<<<< This is unhelpful at best, and at worst provides a false sense of security should a restore be necessary.
I am suffering from this issue as well. I have extra issue on bectl side due to "sparse" deep boot environment I have: "bectl mount does not recognize intermediate canmount=off partionss for deep boot environment" https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=274421 but, I see that both problems can be solved independently. Moreover, if the behavior of bectl is updated as the man page says at the very end, I think freebsd-update side can be left untouched; am I correct? --------- bectl subcommands that have their own -r operate on this second, deep style of boot environment, when the -r flag is set. A future version of bectl may default to handling both styles and deprecate the various -r flags. ---------
*insert gripe about bugzilla here*
A commit in branch main references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=989c5f6da99081b1f2b76ec09e91078e531e1250 commit 989c5f6da99081b1f2b76ec09e91078e531e1250 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2023-10-12 02:51:07 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2023-10-12 02:54:03 +0000 freebsd-update: create deep BEs by default The -r flag to bectl needs to go away, and we need to just do the right thing. In the meantime, we can apply an -r in freebsd-update as a minimal fix to stop creating partial backups in these (non-default) deep BE setups. PR: 267535 usr.sbin/freebsd-update/freebsd-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
A commit in branch stable/14 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=5c2a559876d123ba386612319bf42e7b32dee590 commit 5c2a559876d123ba386612319bf42e7b32dee590 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2023-10-12 02:51:07 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2023-10-24 00:04:14 +0000 freebsd-update: create deep BEs by default The -r flag to bectl needs to go away, and we need to just do the right thing. In the meantime, we can apply an -r in freebsd-update as a minimal fix to stop creating partial backups in these (non-default) deep BE setups. PR: 267535 (cherry picked from commit 989c5f6da99081b1f2b76ec09e91078e531e1250) usr.sbin/freebsd-update/freebsd-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
A commit in branch stable/12 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=c1c0873c9d3f6c05168303d0b95f9363c1e6c371 commit c1c0873c9d3f6c05168303d0b95f9363c1e6c371 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2023-10-12 02:51:07 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2023-10-24 00:04:42 +0000 freebsd-update: create deep BEs by default The -r flag to bectl needs to go away, and we need to just do the right thing. In the meantime, we can apply an -r in freebsd-update as a minimal fix to stop creating partial backups in these (non-default) deep BE setups. PR: 267535 (cherry picked from commit 989c5f6da99081b1f2b76ec09e91078e531e1250) usr.sbin/freebsd-update/freebsd-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
A commit in branch stable/13 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=80f747781f125576de40ab8b3d8d70b351ef0518 commit 80f747781f125576de40ab8b3d8d70b351ef0518 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2023-10-12 02:51:07 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2023-10-24 00:04:18 +0000 freebsd-update: create deep BEs by default The -r flag to bectl needs to go away, and we need to just do the right thing. In the meantime, we can apply an -r in freebsd-update as a minimal fix to stop creating partial backups in these (non-default) deep BE setups. PR: 267535 (cherry picked from commit 989c5f6da99081b1f2b76ec09e91078e531e1250) usr.sbin/freebsd-update/freebsd-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Will EN. Sorry for the hassle. Thanks!
A commit in branch releng/14.0 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=e34fdb7c119e2913d0910033e6a26fd6c08b9503 commit e34fdb7c119e2913d0910033e6a26fd6c08b9503 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2023-10-12 02:51:07 +0000 Commit: Kyle Evans <kevans@FreeBSD.org> CommitDate: 2023-10-24 16:12:01 +0000 freebsd-update: create deep BEs by default The -r flag to bectl needs to go away, and we need to just do the right thing. In the meantime, we can apply an -r in freebsd-update as a minimal fix to stop creating partial backups in these (non-default) deep BE setups. PR: 267535 Approved by: re (gjb) (cherry picked from commit 989c5f6da99081b1f2b76ec09e91078e531e1250) (cherry picked from commit 5c2a559876d123ba386612319bf42e7b32dee590) usr.sbin/freebsd-update/freebsd-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
Thank you for pushing this into FreeBSD 14.0-RELEASE! It is very helpful. I've tested it with RC3.
A commit in branch releng/13.2 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=e79edfaf68c542c8545670e911ae83ca0e3493b5 commit e79edfaf68c542c8545670e911ae83ca0e3493b5 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2023-10-12 02:51:07 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-11-08 00:59:45 +0000 freebsd-update: create deep BEs by default The -r flag to bectl needs to go away, and we need to just do the right thing. In the meantime, we can apply an -r in freebsd-update as a minimal fix to stop creating partial backups in these (non-default) deep BE setups. PR: 267535 (cherry picked from commit 989c5f6da99081b1f2b76ec09e91078e531e1250) (cherry picked from commit 80f747781f125576de40ab8b3d8d70b351ef0518) Approved by: so Security: FreeBSD-EN-23:13 usr.sbin/freebsd-update/freebsd-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
A commit in branch releng/12.4 references this bug: URL: https://cgit.FreeBSD.org/src/commit/?id=e648a628a66a09973154b442ac1266316be20506 commit e648a628a66a09973154b442ac1266316be20506 Author: Kyle Evans <kevans@FreeBSD.org> AuthorDate: 2023-10-12 02:51:07 +0000 Commit: Ed Maste <emaste@FreeBSD.org> CommitDate: 2023-11-08 01:01:37 +0000 freebsd-update: create deep BEs by default The -r flag to bectl needs to go away, and we need to just do the right thing. In the meantime, we can apply an -r in freebsd-update as a minimal fix to stop creating partial backups in these (non-default) deep BE setups. PR: 267535 (cherry picked from commit 989c5f6da99081b1f2b76ec09e91078e531e1250) (cherry picked from commit 5c2a559876d123ba386612319bf42e7b32dee590) Approved by: so Security: FreeBSD-EN-23:13 usr.sbin/freebsd-update/freebsd-update.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-)
(In reply to tamaru from comment #10) Excellent, thanks for testing! As noted by the last comments, secteam was kind enough to take it all the way back to 12.4; so while we'll still create broken backups for people up until they're at the tip of the branch, at least they have a chance to get to the tip of the branch (which likely won't be that risky of an update).
Thanks Kyle for this fix and Tamaru for the testing. Was great to see this in the update emails today. Most successful bug report ever! Looking forward to smoother updates.