From 4c5af5c5bf2112c301efc3e4da1cf8812051692a Mon Sep 17 00:00:00 2001
From: Craig Jennings <c@cjennings.net>
Date: Tue, 21 Apr 2026 20:11:15 -0500
Subject: fix: verify_rollback sentinel must live on the rolled-back dataset
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

/root is mounted on a separate dataset (zroot/home/root, created by
archangel:create_datasets), but verify_rollback was snapshotting
zroot/ROOT/default. The rollback was a no-op for the sentinel file,
so the post-rollback existence check failed — the visible symptom
was a PASSED test with a soft-failure warning
("Rollback failed - test file not restored" →
"Rollback verification had issues") that persisted across ZFS
configs for weeks.

Move the sentinel to /etc/archangel-rollback-test. /etc has no child
dataset mounted there, so the file lives on zroot/ROOT/default —
the dataset actually being snapshotted and rolled back.

Defensively single-quote $test_file at the five ssh_cmd call-sites
so future path changes (whitespace, special chars) stay correct
without touching each call again.

The 2026-04-21 VM run logged "Rollback verified - test file restored"
on zfs-mirror-encrypt, confirming the fix.
---
 scripts/test-install.sh | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

(limited to 'scripts')

diff --git a/scripts/test-install.sh b/scripts/test-install.sh
index dc2d304..3cca526 100755
--- a/scripts/test-install.sh
+++ b/scripts/test-install.sh
@@ -574,9 +574,15 @@ verify_rollback() {
 
     step "Verifying rollback functionality..."
 
+    # Sentinel lives on zroot/ROOT/default so the rollback we issue below
+    # actually affects it. /root is a separate dataset (zroot/home/root,
+    # see archangel:create_datasets), so writing the sentinel there would
+    # make the rollback a no-op for our check.
+    local test_file="/etc/archangel-rollback-test"
+
     # Create a test file
-    ssh_cmd "echo 'test-marker-$(date +%s)' > /root/rollback-test-file"
-    if ! ssh_cmd "test -f /root/rollback-test-file"; then
+    ssh_cmd "echo 'test-marker-$(date +%s)' > '$test_file'"
+    if ! ssh_cmd "test -f '$test_file'"; then
         error "Failed to create test file"
         return 1
     fi
@@ -599,7 +605,7 @@ verify_rollback() {
         fi
 
         # Delete the test file (change to rollback)
-        ssh_cmd "rm -f /root/rollback-test-file"
+        ssh_cmd "rm -f '$test_file'"
 
         # Rollback
         if ! ssh_cmd "snapper -c root rollback $snap_num"; then
@@ -616,7 +622,7 @@ verify_rollback() {
         info "ZFS snapshot created"
 
         # Delete the test file
-        ssh_cmd "rm -f /root/rollback-test-file"
+        ssh_cmd "rm -f '$test_file'"
 
         # Rollback
         if ! ssh_cmd "zfs rollback zroot/ROOT/default@rollback-test"; then
@@ -628,7 +634,7 @@ verify_rollback() {
 
     # Verify file is back (for ZFS, immediate; for btrfs, needs reboot)
     if [[ "$filesystem" == "zfs" ]]; then
-        if ssh_cmd "test -f /root/rollback-test-file"; then
+        if ssh_cmd "test -f '$test_file'"; then
             info "Rollback verified - test file restored"
         else
             error "Rollback failed - test file not restored"
-- 
cgit v1.2.3