From: Klemens Nanni Subject: Re: security: backup disklabel for softraid chunks To: tech@openbsd.org Date: Mon, 4 Mar 2024 23:13:30 +0000 On Thu, Feb 15, 2024 at 02:35:24PM +0000, Klemens Nanni wrote: > • Check for changes to the disklabels of mounted disks. > > That does not cover installations where the physical disk only has a > softraid chunk (plus perhaps an EFI System partition) and root is on > the softraid volume. > > Noticed after someone asked for help after dd'ing miniroot to their sd0c. > At least on UEFI/GPT, the EFI System partition sits at the front, so > # disklabel -R /var/backups/disklabel.sd0.backup > plus recreating the EFI System Parition should have undone the damage. > > Here's a try merging softraid chunk disks that produces a new > disklabel.sd0.current in my case where `df -ln' only has sd1 mounts: > > # bioctl softraid0 > Volume Status Size Device > softraid0 0 Online 536870641664 sd1 CRYPTO > 0 Online 536870641664 0:0.0 noencl > > I'm sure the perl can be better, no comment/manual tweaks, either... > Thoughts? Anyone? > Index: security > =================================================================== > RCS file: /cvs/src/libexec/security/security,v > diff -u -p -r1.41 security > --- security 11 Oct 2020 18:28:17 -0000 1.41 > +++ security 15 Feb 2024 13:51:13 -0000 > @@ -886,6 +886,13 @@ sub check_disklabels { > my @disks = sort map m{^/dev/(\w*\d*)[a-p]}, <$fh>; > close_or_nag $fh, "df"; > > + unless (nag !(open my $fh, '-|', qw(bioctl softraid0)), > + "cannot spawn bioctl $!") { > + my @chunks = sort map m{<(\w*\d*)[a-p]>}, <$fh>; > + close_or_nag $fh, "bioctl"; > + @disks = sort (@disks, @chunks); > + } > + > foreach my $disk (@disks) { > $check_title = "======\n$disk diffs (-OLD +NEW)\n======"; > my $filename = BACKUP_DIR . "disklabel.$disk"; >