The branch main has been updated by ivy: URL: https://cgit.FreeBSD.org/src/commit/?id=89c017d068704c2bc3da9cb22f43da17a9ce8c24
commit 89c017d068704c2bc3da9cb22f43da17a9ce8c24 Author: Lexi Winter <[email protected]> AuthorDate: 2026-01-05 17:39:47 +0000 Commit: Lexi Winter <[email protected]> CommitDate: 2026-01-05 17:39:47 +0000 Makefile.inc1: Allow safe installkernel with pkgbase Commit 74a6bb524e5b added a check to install{world,kernel} to avoid people accidentally running this on pkgbase systems and leaving their system broken. This had two issues: (1) The warning was not sufficiently scary, leading people to think this was safe to do as long as they set DESTDIR=/. (2) The installkernel check was too strict, and prevented installing kernels that don't conflict with packaged kernels. Fix (1) by rewording the warning to be scarier, and while here, add two new variables (ALLOW_PKGBASE_INSTALL{WORLD,KERNEL}) which could be set in /etc/make.conf for people who want to break their systems by default. Fix (2) by improving the installkernel check to see if the kernel(s) we're actually installing are packaged. This means a new kernel can be installed to /boot/kernel as long as there's no packaged kernel installed there. This check understands INSTKERNNAME, so if there is a packaged kernel in /boot/kernel, the new kernel can still be installed using INSTKERNNAME=testkernel (or whatever). MFC after: 2 weeks Reported by: christos, jhb, others Reviewed by: emaste, christos (previous version) Sponsored by: https://www.patreon.com/bsdivy Differential Revision: https://reviews.freebsd.org/D54346 --- Makefile.inc1 | 83 +++++++++++++++++++++++++++++++++++++++++++---------------- 1 file changed, 61 insertions(+), 22 deletions(-) diff --git a/Makefile.inc1 b/Makefile.inc1 index a6181b78125b..b8f59686784d 100644 --- a/Makefile.inc1 +++ b/Makefile.inc1 @@ -1356,28 +1356,6 @@ __installcheck_DESTDIR: .PHONY .endif .endif -# -# Don't allow installworld or installkernel on a pkgbase system. This avoids -# accidentally updating a pkgbase system with install{world,kernel}, causing -# the installed system to become out of date with the package database. -# -# Skip the check if DESTDIR is defined on the assumption the user knows what -# they're doing. This means the check can be disabled for the running system -# using DESTDIR=/. -# -.if !make(distributeworld) && !defined(DESTDIR) -_installcheck_world: __installcheck_PKG -_installcheck_kernel: __installcheck_PKG -__installcheck_PKG: .PHONY -.if exists(${LOCALBASE}/sbin/pkg-static) - @if ${LOCALBASE}/sbin/pkg-static info -e ${PKG_NAME_PREFIX}-runtime; then \ - echo >&2 "ERROR: This target should not be used on a system installed from packages." ; \ - echo >&2 " To override this check, set DESTDIR=/."; \ - false; \ - fi -.endif -.endif - .if !defined(DB_FROM_SRC) # # Check for missing UIDs/GIDs. @@ -1873,6 +1851,67 @@ INSTALLEXTRAKERNELS= ${BUILDKERNELS:[2..-1]} .endif .endif +# +# Don't allow installworld or installkernel on a pkgbase system. This avoids +# accidentally updating a pkgbase system with install{world,kernel}, causing +# the installed system to become out of date with the package database. +# +# Skip the check if DESTDIR is defined on the assumption the user knows what +# they're doing. This means the check can be disabled for the running system +# using DESTDIR=/. +# +# People who want to disable this check permanently may set two variables in +# /etc/make.conf, ALLOW_PKGBASE_INSTALLKERNEL and ALLOW_PKGBASE_INSTALLWORLD, +# to disable these checks. That doesn't stop this from breaking your system, +# it just stops make from warning about it. +# +.if !make(distributeworld) && !defined(DESTDIR) + +. if !defined(ALLOW_PKGBASE_INSTALLKERNEL) && exists(${LOCALBASE}/sbin/pkg-static) +# For installkernel, we check if this specific kernel was installed by pkg. +# This means people can continue to use installkernel for non-packaged +# kernels, which is useful for development. + +_installcheck_kernel: __installcheck_kernel_pkgbase +__installcheck_kernel_pkgbase: .PHONY +. for _kernel in ${NO_INSTALLKERNEL:D:U${INSTKERNNAME}} \ + ${INSTALLEXTRAKERNELS:S/^/${INSTKERNNAME}./} + @if ${LOCALBASE}/sbin/pkg-static which /boot/${_kernel}/kernel \ + >/dev/null 2>&1; then \ + echo >&2 "ERROR: The kernel at /boot/${_kernel} was installed from packages." ; \ + echo >&2 " A packaged kernel should never be updated using installkernel;" ; \ + echo >&2 " this will cause the package database to become out of sync with" ; \ + echo >&2 " the live system state. Either uninstall the packaged kernel," ; \ + echo >&2 " or install this kernel to a different path using INSTKERNNAME." ; \ + echo >&2 "" ; \ + echo >&2 " If you understand the risks and wish to proceed anyway, you may" ; \ + echo >&2 " set ALLOW_PKGBASE_INSTALLKERNEL=yes to override this safety check." ; \ + echo >&2 " After doing so, you should not use the pkg(8) utility until you" ; \ + echo >&2 " have resolved the inconsistency between the installed system and" ; \ + echo >&2 " the package database." ; \ + false; \ + fi +. endfor +. endif # !defined(ALLOW_PKGBASE_INSTALLKERNEL) && exists(pkg-static) + +. if !defined(ALLOW_PKGBASE_INSTALLWORLD) && exists(${LOCALBASE}/sbin/pkg-static) +_installcheck_world: __installcheck_world_pkgbase +__installcheck_world_pkgbase: .PHONY + @if ${LOCALBASE}/sbin/pkg-static info -e ${PKG_NAME_PREFIX}-runtime; then \ + echo >&2 "ERROR: This target should never be used on a system installed from packages;" ; \ + echo >&2 " doing so will cause the package database to become out of sync with" ; \ + echo >&2 " the live system state." ; \ + echo >&2 "" ; \ + echo >&2 " If you understand the risks and wish to proceed anyway, you may" ; \ + echo >&2 " set ALLOW_PKGBASE_INSTALLWORLD=yes to override this safety check." ; \ + echo >&2 " After doing so, you should not use the pkg(8) utility until you" ; \ + echo >&2 " have resolved the inconsistency between the installed system and" ; \ + echo >&2 " the package database." ; \ + false; \ + fi +. endif # !defined(ALLOW_PKGBASE_INSTALLWORLD) && exists(pkg-static) +.endif # !make(distributeworld) && !defined(DESTDIR) + # # installkernel, etc. #
