Bug 235318 - when updating jails using -b, freebsd-update is reusing host's /var/db/freebsd-update without indication of doing so, unless explicit -d as well
Summary: when updating jails using -b, freebsd-update is reusing host's /var/db/freebs...
Status: New
Alias: None
Product: Base System
Classification: Unclassified
Component: bin (show other bugs)
Version: 12.0-RELEASE
Hardware: Any Any
: --- Affects Many People
Assignee: freebsd-bugs mailing list
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-01-30 13:35 UTC by Martin eto Misuth
Modified: 2019-01-30 13:35 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Martin eto Misuth 2019-01-30 13:35:01 UTC
When updating jails from 11.2 to 12.0 I discovered following glitch:

 It seems that freebsd-update without workdir (-d) specified explicitly,
 is using host's /var/db/freebsd-update to fetch and store metadata 
 about given jail update.

Although this makes perfect logical sense (from certain point of view), I think this breaks a POLA a tiny bit.

I was invoking freebsd-update concurrently per two jails like this:

01 sudo \
02   jname=${jname}              \
03   from_version=11.1-RELEASE   \
04   to_version=12.0-RELEASE     \
05   \
06   sh -c 'exec freebsd-update \
07     -b /jails.roots/${jname} \
08     -f /jails.roots/${jname}/etc/freebsd-update.conf \
09     --currently-running ${from_version} \
10     -r ${to_version} upgrade'

Both updates failed spectacularly breaking roots of both jail and emitting spurious errors during install phase.

I reverted jail roots from zfs snapshots and tried again several times until I discovered that each jail:/var/db/freebsd-update is empty. 

rming host:/var/db/freebsd-update and running jail updates again seemed to populate only host:/var/db/freebsd-update, jail:/var/db/freebsd-update seemed to be left intact (eg. empty).

My guess became that both runs of freebsd-update write to same host:/var/db/freebsd-update trampling each other's progress, ignoring jail's data dir.

Re-reading manual page very carefully, I finally realized why there is -d. 

It would be nice if during invocation with custom basedir, -b, (and perhaps -d ,or even without -d) freebsd-update detected this invocation and emitted short summary akin to:
> using basedir (-b) : /bla/bla/bla
> using workdir (-d) : /ble/ble/ble
> notice: workdir is not subdir of basedir !

This would lessen any surprises. 

One might argue that explicit basedir specification should offset workdir as well, unless workdir is explicitly set, but that lies in the eye of beholder.

Short notice would at least make operator aware what is freebsd-update going to do.

Once root cause was found, fix was easy:

01 sudo \
02   jname=${jname}              \
03   from_version=11.1-RELEASE   \
04   to_version=12.0-RELEASE     \
05   \
06   sh -c 'exec freebsd-update \
07     -b /jails.roots/${jname} \
08     -d /jails.roots/${jname}/var/db/freebsd-update \
09     -f /jails.roots/${jname}/etc/freebsd-update.conf \
10     --currently-running ${from_version} \
11     -r ${to_version} upgrade'

Still, it would be nice, if freebsd-update was more friendly in this regard.