From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH proxmox-ve v3 3/3] apt-hook: add check preventing the removal of pinned kernels
Date: Fri, 11 Feb 2022 16:15:47 +0100 [thread overview]
Message-ID: <20220211151547.181259-8-s.ivanov@proxmox.com> (raw)
In-Reply-To: <20220211151547.181259-1-s.ivanov@proxmox.com>
the $file_read_firstline helper code is copied from PVE::Tools, since
we do not want to depend on pve-common being in good shape when the
apt hook is executed
Co-authored-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
---
debian/apthook/pve-apt-hook | 28 ++++++++++++++++++++++++++++
1 file changed, 28 insertions(+)
diff --git a/debian/apthook/pve-apt-hook b/debian/apthook/pve-apt-hook
index 8fa58c5..47629bc 100755
--- a/debian/apthook/pve-apt-hook
+++ b/debian/apthook/pve-apt-hook
@@ -34,6 +34,17 @@ my $cleanup = sub {
exit $rc;
};
+my $file_read_firstline = sub {
+ my ($filename) = @_;
+
+ my $fh = IO::File->new($filename, "r");
+ return undef if !$fh;
+ my $res = <$fh>;
+ chomp $res if $res;
+ $fh->close;
+ return $res;
+};
+
chomp (my $ver = <$fh>);
if ($ver ne "VERSION 2") {
$log->("apt-pve-hook misconfigured, expecting hook protocol version 2\n");
@@ -84,6 +95,23 @@ while (my $line = <$fh>) {
$cleanup->(0, 1);
}
}
+ if ($pkg =~ /^pve-kernel-/) {
+ if ($action eq '**REMOVE**') {
+ my $next_boot_ver = $file_read_firstline->("/etc/kernel/next-boot-pin");
+ my $pinned_ver = $file_read_firstline->("/etc/kernel/proxmox-boot-pin");
+ my $remove_pinned_ver = ($next_boot_ver && $pkg =~ /$next_boot_ver$/);
+ $remove_pinned_ver ||= ($pinned_ver && $pkg =~ /$pinned_ver$/);
+ if ($remove_pinned_ver) {
+ $log->("!! WARNING !!\n");
+ $log->("You are attempting to remove the currently pinned kernel '${pkg}'!\n");
+ $log->("\n");
+ $log->("If you really do not need the version anymore unpin it by running\n");
+ $log->("\tproxmox-boot-tool kernel unpin'\n");
+ $log->("and repeat your apt invocation.\n");
+ $cleanup->(1);
+ }
+ }
+ }
}
$cleanup->(0);
--
2.30.2
next prev parent reply other threads:[~2022-02-11 15:16 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2022-02-11 15:15 [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 1/4] proxmox-boot: return empty if file does not exist in get_first_line Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 2/4] proxmox-boot: fix #3671 add pin/unpin for kernel-version Stoiko Ivanov
2022-02-16 12:14 ` Oguz Bektas
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 3/4] proxmox-boot: add --next-boot option kernel pin command Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH pve-kernel-meta v3 4/4] proxmox-boot: add pin/unpin functionality for non-p-b-t systems Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH proxmox-ve v3 1/3] apt-hook: fix perlcritic warnings Stoiko Ivanov
2022-02-11 15:15 ` [pve-devel] [PATCH proxmox-ve v3 2/3] apt-hook: verify that fd is numeric Stoiko Ivanov
2022-02-11 15:15 ` Stoiko Ivanov [this message]
2022-02-16 11:29 ` [pve-devel] [PATCH pve-kernel-meta/proxmox-ve v3] proxmox-boot: add kernel pinning functionality (#3761) Fabian Grünbichler
2022-03-04 10:18 ` [pve-devel] applied-series: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20220211151547.181259-8-s.ivanov@proxmox.com \
--to=s.ivanov@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.