From: Klemens Nanni Subject: security: backup disklabel for softraid chunks To: tech@openbsd.org Date: Thu, 15 Feb 2024 14:35:24 +0000 • Check for changes to the disklabels of mounted disks. That does not cover installations where the physical disk only has a softraid chunk (plus perhaps an EFI System partition) and root is on the softraid volume. Noticed after someone asked for help after dd'ing miniroot to their sd0c. At least on UEFI/GPT, the EFI System partition sits at the front, so # disklabel -R /var/backups/disklabel.sd0.backup plus recreating the EFI System Parition should have undone the damage. Here's a try merging softraid chunk disks that produces a new disklabel.sd0.current in my case where `df -ln' only has sd1 mounts: # bioctl softraid0 Volume Status Size Device softraid0 0 Online 536870641664 sd1 CRYPTO 0 Online 536870641664 0:0.0 noencl I'm sure the perl can be better, no comment/manual tweaks, either... Thoughts? Index: security =================================================================== RCS file: /cvs/src/libexec/security/security,v diff -u -p -r1.41 security --- security 11 Oct 2020 18:28:17 -0000 1.41 +++ security 15 Feb 2024 13:51:13 -0000 @@ -886,6 +886,13 @@ sub check_disklabels { my @disks = sort map m{^/dev/(\w*\d*)[a-p]}, <$fh>; close_or_nag $fh, "df"; + unless (nag !(open my $fh, '-|', qw(bioctl softraid0)), + "cannot spawn bioctl $!") { + my @chunks = sort map m{<(\w*\d*)[a-p]>}, <$fh>; + close_or_nag $fh, "bioctl"; + @disks = sort (@disks, @chunks); + } + foreach my $disk (@disks) { $check_title = "======\n$disk diffs (-OLD +NEW)\n======"; my $filename = BACKUP_DIR . "disklabel.$disk";