On Thu, Feb 15, 2024 at 02:35:24PM +0000, Klemens Nanni wrote:
>      •   Check for changes to the disklabels of mounted disks.
> 
> That does not cover installations where the physical disk only has a
> softraid chunk (plus perhaps an EFI System partition) and root is on
> the softraid volume.
> 
> Noticed after someone asked for help after dd'ing miniroot to their sd0c.
> At least on UEFI/GPT, the EFI System partition sits at the front, so
> 	# disklabel -R /var/backups/disklabel.sd0.backup
> plus recreating the EFI System Parition should have undone the damage.
> 
> Here's a try merging softraid chunk disks that produces a new
> disklabel.sd0.current in my case where `df -ln' only has sd1 mounts:
> 
> 	# bioctl softraid0
> 	Volume      Status               Size Device
> 	softraid0 0 Online       536870641664 sd1     CRYPTO
> 		  0 Online       536870641664 0:0.0   noencl <sd0a>
> 
> I'm sure the perl can be better, no comment/manual tweaks, either...
> Thoughts?

Anyone? 

> Index: security
> ===================================================================
> RCS file: /cvs/src/libexec/security/security,v
> diff -u -p -r1.41 security
> --- security	11 Oct 2020 18:28:17 -0000	1.41
> +++ security	15 Feb 2024 13:51:13 -0000
> @@ -886,6 +886,13 @@ sub check_disklabels {
>  	my @disks = sort map m{^/dev/(\w*\d*)[a-p]}, <$fh>;
>  	close_or_nag $fh, "df";
>  
> +	unless (nag !(open my $fh, '-|', qw(bioctl softraid0)),
> +	    "cannot spawn bioctl $!") {
> +		my @chunks = sort map m{<(\w*\d*)[a-p]>}, <$fh>;
> +		close_or_nag $fh, "bioctl";
> +		@disks = sort (@disks, @chunks);
> +	}
> +
>  	foreach my $disk (@disks) {
>  		$check_title = "======\n$disk diffs (-OLD  +NEW)\n======";
>  		my $filename = BACKUP_DIR . "disklabel.$disk";
>