backup disklabel for softraid(4) chunks

Extend "Check for changes to the disklabels of mounted disks" to those that
host online softraid volumes, e.g installations with root inside CRYPTO sd0a
(and EFI System partition on sd0i).

That produces /var/backup/disklabel.sd0.current, previously missing in such
setups;  noticed after someone dd(1)ed miniroot onto sd0 by accident and had
no disklabel(8) backup to restore.

Feedback OK bluhm

diff --git a/libexec/security/security b/libexec/security/security
index 4eb3fb9..12ae7d6 100644 (file)
--- a/libexec/security/security
+++ b/libexec/security/security
@@ -1,6 +1,6 @@
 #!/usr/bin/perl -T
 
-# $OpenBSD: security,v 1.41 2020/10/11 18:28:17 millert Exp $
+# $OpenBSD: security,v 1.42 2024/03/05 18:54:29 kn Exp $
 #
 # Copyright (c) 2011, 2012, 2014, 2015 Ingo Schwarze <schwarze@openbsd.org>
 # Copyright (c) 2011 Andrew Fresh <andrew@afresh1.com>
@@ -883,10 +883,17 @@ sub check_disklabels {
        nag !(open my $fh, '-|', qw(df -ln)),
            "cannot spawn df: $!"
            and return;
-       my @disks = sort map m{^/dev/(\w*\d*)[a-p]}, <$fh>;
+       my %disks;
+       @disks{map m{^/dev/(\w*\d*)[a-p]}, <$fh>} = ();
        close_or_nag $fh, "df";
 
-       foreach my $disk (@disks) {
+       unless (nag !(open my $fh, '-|', qw(bioctl softraid0)),
+           "cannot spawn bioctl: $!") {
+               @disks{map m{<(\w*\d*)[a-p]>}, <$fh>} = ();
+               close_or_nag $fh, "bioctl";
+       }
+
+       foreach my $disk (sort keys %disks) {
                $check_title = "======\n$disk diffs (-OLD  +NEW)\n======";
                my $filename = BACKUP_DIR . "disklabel.$disk";
                system "disklabel $disk > $filename";