svn commit: r293227 - head/etc
Devin Teske
dteske at freebsd.org
Wed Jan 6 01:48:57 UTC 2016
> On Jan 5, 2016, at 5:18 PM, Ian Lepore <ian at freebsd.org> wrote:
>
> On Tue, 2016-01-05 at 16:35 -0800, Devin Teske wrote:
>>> On Jan 5, 2016, at 4:27 PM, Ian Lepore <ian at freebsd.org> wrote:
>>>
>>> On Tue, 2016-01-05 at 19:18 -0500, Allan Jude wrote:
>>>> On 2016-01-05 19:16, Devin Teske wrote:
>>>>>
>>>>>> On Jan 5, 2016, at 4:00 PM, Ian Lepore <ian at freebsd.org>
>>>>>> wrote:
>>>>>>
>>>>>> On Tue, 2016-01-05 at 21:20 +0000, Warner Losh wrote:
>>>>>>> Author: imp
>>>>>>> Date: Tue Jan 5 21:20:47 2016
>>>>>>> New Revision: 293227
>>>>>>> URL: https://svnweb.freebsd.org/changeset/base/293227
>>>>>>>
>>>>>>> Log:
>>>>>>> Use the more proper -f. Leave /bin/rm in place since
>>>>>>> that's
>>>>>>> what
>>>>>>> other rc scripts have, though it isn't strictly necessary.
>>>>>>>
>>>>>>> Modified:
>>>>>>> head/etc/rc
>>>>>>>
>>>>>>> Modified: head/etc/rc
>>>>>>> ===========================================================
>>>>>>> ====
>>>>>>> ======
>>>>>>> =========
>>>>>>> --- head/etc/rc Tue Jan 5 21:20:46 2016 (r29
>>>>>>> 3226
>>>>>>> )
>>>>>>> +++ head/etc/rc Tue Jan 5 21:20:47 2016 (r29
>>>>>>> 3227
>>>>>>> )
>>>>>>> @@ -132,9 +132,9 @@ done
>>>>>>> # Remove the firstboot sentinel, and reboot if it was
>>>>>>> requested.
>>>>>>> if [ -e ${firstboot_sentinel} ]; then
>>>>>>> [ ${root_rw_mount} = "yes" ] || mount -uw /
>>>>>>> - /bin/rm ${firstboot_sentinel}
>>>>>>> + /bin/rm -f ${firstboot_sentinel}
>>>>>>> if [ -e ${firstboot_sentinel}-reboot ]; then
>>>>>>> - /bin/rm ${firstboot_sentinel}-reboot
>>>>>>> + /bin/rm -f ${firstboot_sentinel}-reboot
>>>>>>> [ ${root_rw_mount} = "yes" ] || mount -ur /
>>>>>>> kill -INT 1
>>>>>>> fi
>>>>>>>
>>>>>>
>>>>>> Using rm -f to suppress an error message seems like a bad
>>>>>> idea
>>>>>> here --
>>>>>> if the sentinel file can't be removed that implies it's going
>>>>>> to
>>>>>> do
>>>>>> firstboot behavior every time it boots, and that's the sort
>>>>>> of
>>>>>> error
>>>>>> that should be in-your-face. Especially on the reboot one
>>>>>> because
>>>>>> you're going to be stuck in a reboot loop with no error
>>>>>> message.
>>>>>>
>>>>>
>>>>> Leaving off -f so that the user gets prompted isn't quite as
>>>>> helpful
>>>>> as, say, using -f but then testing to make sure the file is
>>>>> really
>>>>> gone
>>>>> (if it still exists after a silent "rm -f", put up an
>>>>> informative
>>>>> warning
>>>>> instead of asking the user if they would like to delete it).
>>>>>
>>>>> The end-result of having something thrown in your face seems
>>>>> desirable. Having a prompt that asks you if you'd like to
>>>>> delete it
>>>>> (even if there is an error immediately above it explaining it
>>>>> could
>>>>> not be deleted) seems nonsensical.
>>>>>
>>>>
>>>> More specifically, firstboot is most likely run in situations
>>>> where
>>>> no
>>>> one will be at the console, so an interactive prompt stopping the
>>>> system
>>>> from coming up is bad.
>>>>
>>>
>>> I couldn't possibly disagree more. If you're not paying attention
>>> to
>>> what happens the first time you boot a freshly installed system,
>>> you
>>> deserve whatever happens to you.
>>
>> What if you are in New York and the server is alone in Siberia?
>>
>> ... Got SSH? (not if your boot stopped, you don't)
>
> Unh huh. And what are you going to do when the server goes
> unresponsive because it silently failed to delete firstboot-reboot and
> now it's just in an endless reboot loop?
>
> Silent failure is only a viable option for expected errors you can
> recover from without intervention.
>
Your point is valid. However, I think it unwise to rely on this:
dteske at porridge wwwww $ rm foo
override rw-rw-r-- dteske/dteske schg,uarch for foo? y
rm: foo: Operation not permitted
As you can see above, the prompt put forth by rm really has nothing to do with "failure" but rather it has performed a cursory check and is asking you if it is OK to proceed.
The condition in which rm puts forth the prompt is _NOT_ the condition in which you want to halt the boot process.
You're absolutely right that we ought to prevent an infinite reboot-cycle.
Relying on rm to do it by not using "-f" is the wrong approach.
This is the right approach:
rm -f "${firstboot_sentinel}-reboot"
if [ -e "${firstboot_sentinel}-reboot" ]; then
read -p "Ruh roh; I smell an infinite reboot in your future!" IGNORED
fi
(if lovable Scooby Doo had coded it)
Funny error message aside, I earnestly think that's the approach we should take.
...
Quick note, should the code be updated to handle this:
$ mkdir $firstboot_sentinel
$ mkdir !$-reboot
$ reboot
This too:
$ touch $firstboot_sentinel
$ chflags schg !$
$ touch !$-reboot
$ chflags schg !$
$ reboot
Both of which would lead to infinite reboot cycle.
--
Devin
More information about the svn-src-all
mailing list