1.\" 2.\" SPDX-License-Identifier: BSD-2-Clause 3.\" 4.\" Copyright (c) 2017 Kyle Kneitinger 5.\" Copyright (c) 2018 Kyle Evans <kevans@FreeBSD.org> 6.\" 7.\" Redistribution and use in source and binary forms, with or without 8.\" modification, are permitted provided that the following conditions 9.\" are met: 10.\" 1. Redistributions of source code must retain the above copyright 11.\" notice, this list of conditions and the following disclaimer. 12.\" 2. Redistributions in binary form must reproduce the above copyright 13.\" notice, this list of conditions and the following disclaimer in the 14.\" documentation and/or other materials provided with the distribution. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd April 9, 2024 29.Dt LIBBE 3 30.Os 31.Sh NAME 32.Nm libbe 33.Nd library for creating, destroying and modifying ZFS boot environments 34.Sh LIBRARY 35.Lb libbe 36.Sh SYNOPSIS 37.In be.h 38.Ft "libbe_handle_t *hdl" Ns 39.Fn libbe_init "const char *be_root" 40.Pp 41.Ft void 42.Fn libbe_close "libbe_handle_t *hdl" 43.Pp 44.Ft const char * Ns 45.Fn be_active_name "libbe_handle_t *hdl" 46.Pp 47.Ft const char * Ns 48.Fn be_active_path "libbe_handle_t *hdl" 49.Pp 50.Ft const char * Ns 51.Fn be_nextboot_name "libbe_handle_t *hdl" 52.Pp 53.Ft const char * Ns 54.Fn be_nextboot_path "libbe_handle_t *hdl" 55.Pp 56.Ft const char * Ns 57.Fn be_root_path "libbe_handle_t *hdl" 58.Pp 59.Ft int Ns 60.Fn be_snapshot "libbe_handle_t *hdl" "const char *be_name" "const char *snap_name" "bool recursive" "char *result" 61.Pp 62.Ft bool Ns 63.Fn be_is_auto_snapshot_name "libbe_handle_t *hdl" "const char *snap" 64.Pp 65.Ft int 66.Fn be_create "libbe_handle_t *hdl" "const char *be_name" 67.Pp 68.Ft int 69.Fn be_create_depth "libbe_handle_t *hdl" "const char *be_name" "const char *snap" "int depth" 70.Pp 71.Ft int 72.Fn be_create_from_existing "libbe_handle_t *hdl" "const char *be_name" "const char *be_origin" 73.Pp 74.Ft int 75.Fn be_create_from_existing_snap "libbe_handle_t *hdl" "const char *be_name" "const char *snap" 76.Pp 77.Ft int 78.Fn be_rename "libbe_handle_t *hdl" "const char *be_old" "const char *be_new" 79.Pp 80.Ft int 81.Fn be_activate "libbe_handle_t *hdl" "const char *be_name" "bool temporary" 82.Pp 83.Ft int 84.Fn be_deactivate "libbe_handle_t *hdl" "const char *be_name" "bool temporary" 85.Pp 86.Ft int 87.Fn be_destroy "libbe_handle_t *hdl" "const char *be_name" "int options" 88.Pp 89.Ft void 90.Fn be_nicenum "uint64_t num" "char *buf" "size_t bufsz" 91.Pp 92.\" TODO: Write up of mount options 93.\" typedef enum { 94.\" BE_MNT_FORCE = 1 << 0, 95.\" BE_MNT_DEEP = 1 << 1, 96.\" } be_mount_opt_t 97.Ft int 98.Fn be_mount "libbe_handle_t *hdl" "const char *be_name" "const char *mntpoint" "int flags" "char *result" 99.Pp 100.Ft int 101.Fn be_mounted_at "libbe_handle_t *hdl" "const char *path" "nvlist_t *details" 102.Pp 103.Ft int 104.Fn be_unmount "libbe_handle_t *hdl" "const char *be_name" "int flags" 105.Pp 106.Ft int 107.Fn libbe_errno "libbe_handle_t *hdl" 108.Pp 109.Ft const char * Ns 110.Fn libbe_error_description "libbe_handle_t *hdl" 111.Pp 112.Ft void 113.Fn libbe_print_on_error "libbe_handle_t *hdl" "bool doprint" 114.Pp 115.Ft int 116.Fn be_root_concat "libbe_handle_t *hdl" "const char *be_name" "char *result" 117.Pp 118.Ft int 119.Fn be_validate_name "libbe_handle_t *hdl" "const char *be_name" 120.Pp 121.Ft int 122.Fn be_validate_snap "libbe_handle_t *hdl" "const char *snap" 123.Pp 124.Ft int 125.Fn be_exists "libbe_handle_t *hdl" "const char *be_name" 126.Pp 127.Ft int 128.Fn be_export "libbe_handle_t *hdl" "const char *be_name" "int fd" 129.Pp 130.Ft int 131.Fn be_import "libbe_handle_t *hdl" "const char *be_name" "int fd" 132.Pp 133.Ft int 134.Fn be_prop_list_alloc "nvlist_t **prop_list" 135.Pp 136.Ft int 137.Fn be_get_bootenv_props "libbe_handle_t *hdl" "nvlist_t *be_list" 138.Pp 139.Ft int 140.Fn be_get_dataset_props "libbe_handle_t *hdl" "const char *ds_name" "nvlist_t *props" 141.Pp 142.Ft int 143.Fn be_get_dataset_snapshots "libbe_handle_t *hdl" "const char *ds_name" "nvlist_t *snap_list" 144.Pp 145.Ft void 146.Fn be_prop_list_free "nvlist_t *prop_list" 147.Sh DESCRIPTION 148.Nm 149interfaces with libzfs to provide a set of functions for various operations 150regarding ZFS boot environments, including "deep" boot environments in which 151a boot environment has child datasets. 152.Pp 153A context structure is passed to each function, allowing for a small amount 154of state to be retained, such as errors from previous operations. 155.Nm 156may be configured to print the corresponding error message to 157.Dv stderr 158when an error is encountered with 159.Fn libbe_print_on_error . 160.Pp 161All functions returning an 162.Vt int 163return 0 on success, or a 164.Nm 165errno otherwise as described in 166.Sx DIAGNOSTICS . 167.Pp 168The 169.Fn libbe_init 170function takes an optional BE root and initializes 171.Nm , 172returning a 173.Vt "libbe_handle_t *" 174on success, or 175.Dv NULL 176on error. 177If a BE root is supplied, 178.Nm 179will only operate out of that pool and BE root. 180An error may occur if: 181.Bl -bullet 182.It 183.Pa /boot 184and 185.Pa / 186are not on the same filesystem and device, 187.It 188libzfs fails to initialize, 189.It 190The system has not been properly booted with a ZFS boot 191environment, 192.It 193.Nm 194fails to open the zpool the active boot environment resides on, or 195.It 196.Nm 197fails to locate the boot environment that is currently mounted. 198.El 199.Pp 200The 201.Fn libbe_close 202function frees all resources previously acquired in 203.Fn libbe_init , 204invalidating the handle in the process. 205.Pp 206The 207.Fn be_active_name 208function returns the name of the currently booted boot environment. 209This boot environment may not belong to the same BE root as the root libbe 210is operating on! 211.Pp 212The 213.Fn be_active_path 214function returns the full path of the currently booted boot environment. 215This boot environment may not belong to the same BE root as the root libbe 216is operating on! 217.Pp 218The 219.Fn be_nextboot_name 220function returns the name of the boot environment that will be active on reboot. 221.Pp 222The 223.Fn be_nextboot_path 224function returns the full path of the boot environment that will be 225active on reboot. 226.Pp 227The 228.Fn be_root_path 229function returns the boot environment root path. 230.Pp 231The 232.Fn be_snapshot 233function creates a snapshot of 234.Fa be_name 235named 236.Fa snap_name . 237A value of 238.Dv NULL 239may be used, indicating that 240.Fn be_snaphot 241should derive the snapshot name from the current date and time. 242If 243.Fa recursive 244is set, then 245.Fn be_snapshot 246will recursively snapshot the dataset. 247If 248.Fa result 249is not 250.Dv NULL , 251then it will be populated with the final 252.Dq Fa be_name Ns @ Ns Fa snap_name . 253.Pp 254The 255.Fn be_is_auto_snapshot_name 256function is used to determine if the given snapshot name matches the format that 257the 258.Fn be_snapshot 259function will use by default if it is not given a snapshot name to use. 260It returns 261.Dv true 262if the name matches the format, and 263.Dv false 264if it does not. 265.Pp 266The 267.Fn be_create 268function creates a boot environment with the given name. 269The new boot environment will be created from a recursive snapshot of the 270currently booted boot environment. 271.Pp 272The 273.Fn be_create_depth 274function creates a boot environment with the given name from an existing 275snapshot. 276The depth parameter specifies the depth of recursion that will be cloned from 277the existing snapshot. 278A depth of '0' is no recursion and '-1' is unlimited (i.e., a recursive boot 279environment). 280.Pp 281The 282.Fn be_create_from_existing 283function creates a boot environment with the given name from the name of an 284existing boot environment. 285A recursive snapshot will be made of the origin boot environment, and the new 286boot environment will be created from that. 287.Pp 288The 289.Fn be_create_from_existing_snap 290function creates a recursive boot environment with the given name from an 291existing snapshot. 292.Pp 293The 294.Fn be_rename 295function renames a boot environment without unmounting it, as if renamed with 296the 297.Fl u 298argument were passed to 299.Nm zfs 300.Cm rename 301.Pp 302The 303.Fn be_activate 304function makes a boot environment active on the next boot. 305If the 306.Fa temporary 307flag is set, then it will be active for the next boot only, as done by 308.Xr zfsbootcfg 8 . 309.Pp 310The 311.Fn be_deactivate 312function deactivates a boot environment. 313If the 314.Fa temporary 315flag is set, then it will cause removal of boot once configuration, set by 316.Fn be_activate 317function or by 318.Xr zfsbootcfg 8 . 319If the 320.Fa temporary 321flag is not set, 322.Fn be_deactivate 323function will set zfs 324.Dv canmount 325property to 326.Dv noauto . 327.Pp 328The 329.Fn be_destroy 330function will recursively destroy the given boot environment. 331It will not destroy a mounted boot environment unless the 332.Dv BE_DESTROY_FORCE 333option is set in 334.Fa options . 335If the 336.Dv BE_DESTROY_ORIGIN 337option is set in 338.Fa options , 339the 340.Fn be_destroy 341function will destroy the origin snapshot to this boot environment as well. 342.Pp 343The 344.Fn be_nicenum 345function will format 346.Fa name 347in a traditional ZFS humanized format, similar to 348.Xr humanize_number 3 . 349This function effectively proxies 350.Fn zfs_nicenum 351from libzfs. 352.Pp 353The 354.Fn be_mount 355function will mount the given boot environment. 356If 357.Fa mountpoint 358is 359.Dv NULL , 360a mount point will be generated in 361.Pa /tmp 362using 363.Xr mkdtemp 3 . 364If 365.Fa result 366is not 367.Dv NULL , 368it should be large enough to accommodate 369.Dv BE_MAXPATHLEN 370including the null terminator. 371the final mount point will be copied into it. 372Setting the 373.Dv BE_MNT_FORCE 374flag will pass 375.Dv MNT_FORCE 376to the underlying 377.Xr mount 2 378call. 379.Pp 380The 381.Fn be_mounted_at 382function will check if there is a boot environment mounted at the given 383.Fa path . 384If 385.Fa details 386is not 387.Dv NULL , 388it will be populated with a list of the mounted dataset's properties. 389This list of properties matches the properties collected by 390.Fn be_get_bootenv_props . 391.Pp 392The 393.Fn be_unmount 394function will unmount the given boot environment. 395If the mount point looks like it was created by 396.Fn be_mount , 397then 398.Fn be_unmount 399will attempt to 400.Xr rmdir 2 401the mountpoint after a successful unmount. 402Setting the 403.Dv BE_MNT_FORCE 404flag will pass 405.Dv MNT_FORCE 406to the underlying 407.Xr mount 2 408call. 409.Pp 410The 411.Fn libbe_errno 412function returns the 413.Nm 414errno. 415.Pp 416The 417.Fn libbe_error_description 418function returns a string description of the currently set 419.Nm 420errno. 421.Pp 422The 423.Fn libbe_print_on_error 424function will change whether or not 425.Nm 426prints the description of any encountered error to 427.Dv stderr , 428based on 429.Fa doprint . 430.Pp 431The 432.Fn be_root_concat 433function will concatenate the boot environment root and the given boot 434environment name into 435.Fa result . 436.Pp 437The 438.Fn be_validate_name 439function will validate the given boot environment name for both length 440restrictions as well as valid character restrictions. 441This function does not set the internal library error state. 442.Pp 443The 444.Fn be_validate_snap 445function will validate the given snapshot name. 446The snapshot must have a valid name, exist, and have a mountpoint of 447.Pa / . 448This function does not set the internal library error state. 449.Pp 450The 451.Fn be_exists 452function will check whether the given boot environment exists and has a 453mountpoint of 454.Pa / . 455This function does not set the internal library error state, but will return 456the appropriate error. 457.Pp 458The 459.Fn be_export 460function will export the given boot environment to the file specified by 461.Fa fd . 462A snapshot will be created of the boot environment prior to export. 463.Pp 464The 465.Fn be_import 466function will import the boot environment in the file specified by 467.Fa fd , 468and give it the name 469.Fa be_name . 470.Pp 471The 472.Fn be_prop_list_alloc 473function allocates a property list suitable for passing to 474.Fn be_get_bootenv_props , 475.Fn be_get_dataset_props , 476or 477.Fn be_get_dataset_snapshots . 478It should be freed later by 479.Fa be_prop_list_free . 480.Pp 481The 482.Fn be_get_bootenv_props 483function will populate 484.Fa be_list 485with 486.Vt nvpair_t 487of boot environment names paired with an 488.Vt nvlist_t 489of their properties. 490The following properties are currently collected as appropriate: 491.Bl -column "Returned name" 492.It Sy Returned name Ta Sy Description 493.It dataset Ta - 494.It name Ta Boot environment name 495.It mounted Ta Current mount point 496.It mountpoint Ta Do mountpoint Dc property 497.It origin Ta Do origin Dc property 498.It creation Ta Do creation Dc property 499.It active Ta Currently booted environment 500.It used Ta Literal Do used Dc property 501.It usedds Ta Literal Do usedds Dc property 502.It usedsnap Ta Literal Do usedrefreserv Dc property 503.It referenced Ta Literal Do referenced Dc property 504.It nextboot Ta Active on next boot 505.El 506.Pp 507Only the 508.Dq dataset , 509.Dq name , 510.Dq active , 511and 512.Dq nextboot 513returned values will always be present. 514All other properties may be omitted if not available. 515.Pp 516The 517.Fn be_get_dataset_props 518function will get properties of the specified dataset. 519.Fa props 520is populated directly with a list of the properties as returned by 521.Fn be_get_bootenv_props . 522.Pp 523The 524.Fn be_get_dataset_snapshots 525function will retrieve all snapshots of the given dataset. 526.Fa snap_list 527will be populated with a list of 528.Vt nvpair_t 529exactly as specified by 530.Fn be_get_bootenv_props . 531.Pp 532The 533.Fn be_prop_list_free 534function will free the property list. 535.Sh DIAGNOSTICS 536Upon error, one of the following values will be returned: 537.Bl -bullet -offset indent -compact 538.It 539BE_ERR_SUCCESS 540.It 541BE_ERR_INVALIDNAME 542.It 543BE_ERR_EXISTS 544.It 545BE_ERR_NOENT 546.It 547BE_ERR_PERMS 548.It 549BE_ERR_DESTROYACT 550.It 551BE_ERR_DESTROYMNT 552.It 553BE_ERR_BADPATH 554.It 555BE_ERR_PATHBUSY 556.It 557BE_ERR_PATHLEN 558.It 559BE_ERR_BADMOUNT 560.It 561BE_ERR_NOORIGIN 562.It 563BE_ERR_MOUNTED 564.It 565BE_ERR_NOMOUNT 566.It 567BE_ERR_ZFSOPEN 568.It 569BE_ERR_ZFSCLONE 570.It 571BE_ERR_IO 572.It 573BE_ERR_NOPOOL 574.It 575BE_ERR_NOMEM 576.It 577BE_ERR_UNKNOWN 578.It 579BE_ERR_INVORIGIN 580.El 581.Sh SEE ALSO 582.Xr bectl 8 583.Sh HISTORY 584.Xr bectl 8 585and 586.Nm 587were written by 588.An Kyle Kneitinger (kneitinger) Aq Mt kyle@kneit.in 589as a 2017 Google Summer of Code project, with 590.An Allan Jude (allanjude) Aq Mt allanjude@freebsd.org 591as mentor. 592.Sh AUTHORS 593Kyle Kneitinger, mentored as above. 594.Pp 595Post-GSoC changes were written by 596.An Kyle Evans (kevans) Aq Mt kevans@freebsd.org . 597