From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH v2 proxmox-apt-hook] initial commit
Date: Mon, 9 Sep 2024 12:20:50 +0200 [thread overview]
Message-ID: <20240909102050.40220-1-f.ebner@proxmox.com> (raw)
Many people will use 'upgrade' instead of 'full-upgrade' or
'dist-upgrade' (e.g. [0][1]) despite the documentation explicitly
mentioning 'dist-upgrade' [3]. Proxmox projects use different
packaging guarantees than Debian (necessary for a rolling release
model) and using 'upgrade' can lead to the system being stuck on
outdated versions, or in rare cases, even break the system [2].
The match is kept simple, to not accidentally catch things like
> -o 'foo=bar upgrade baz'
and trip up advanced users.
It does not catch invocations with '-y' either, making it less likely
to break automated user scripts. Although they should not use
'upgrade' either, it still would be bad to break them. If the risk is
still considered too high, this change should wait until a major or
at least point release.
To avoid false positives, it would be necessary to properly parse
options, which is likely not worth the effort.
A downside is that the hook is only invoked after the user confirms
the upgrade and fetching the packages, but there doesn't seem to be an
early enough hook entry that provides access to the command line.
Since this is just an additional safety warning to guide new users, it
should still be good enough.
It is intended that meta-packages for Proxmox projects recommend this
package.
The same postinst/postrm logic for the hook like in proxmox-ve and
apt-listchanges is used to not have disable/re-enable the hook upon
removal/re-install of the package.
[0]: https://forum.proxmox.com/threads/150217/post-680158
[1]: https://forum.proxmox.com/threads/140580/post-630419
[2]: https://www.reddit.com/r/Proxmox/comments/ujqig9/use_apt_distupgrade_or_the_gui_not_apt_upgrade/
[3]: https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#system_software_updates
Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---
Changes in v2:
* Mention that actual breakage is rare, being stuck on outdated
versions is much more common.
* Do not ask for confirmation, only log the warning.
* Split into own package, so it can be re-used by different products.
.gitignore | 7 ++++
Makefile | 47 +++++++++++++++++++++++++++
debian/apt-hook/10proxmox-apt-hook | 4 +++
debian/apt-hook/proxmox-apt-hook | 52 ++++++++++++++++++++++++++++++
debian/changelog | 5 +++
debian/control | 17 ++++++++++
debian/copyright | 14 ++++++++
debian/docs | 1 +
debian/install | 2 ++
debian/postrm | 35 ++++++++++++++++++++
debian/preinst | 13 ++++++++
debian/rules | 8 +++++
debian/source/format | 1 +
13 files changed, 206 insertions(+)
create mode 100644 .gitignore
create mode 100644 Makefile
create mode 100644 debian/apt-hook/10proxmox-apt-hook
create mode 100755 debian/apt-hook/proxmox-apt-hook
create mode 100644 debian/changelog
create mode 100644 debian/control
create mode 100644 debian/copyright
create mode 100644 debian/docs
create mode 100644 debian/install
create mode 100644 debian/postrm
create mode 100644 debian/preinst
create mode 100755 debian/rules
create mode 100644 debian/source/format
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..5e6053d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,7 @@
+/*.build
+/*.buildinfo
+/*.changes
+/*.deb
+/*.dsc
+/*.tar*
+/proxmox-apt-hook-*/
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..e0cd704
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,47 @@
+include /usr/share/dpkg/default.mk
+
+PACKAGE=proxmox-apt-hook
+
+GITVERSION:=$(shell git rev-parse HEAD)
+
+BUILDDIR ?= $(PACKAGE)-$(DEB_VERSION)
+DSC=$(PACKAGE)_$(DEB_VERSION).dsc
+
+DEB=$(PACKAGE)_$(DEB_VERSION_UPSTREAM_REVISION)_all.deb
+
+all: $(DEB)
+
+$(BUILDDIR): debian
+ rm -rf $@ $@.tmp
+ mkdir -p $@.tmp/debian
+ cp -a debian/ $@.tmp/
+ echo "git clone git://git.proxmox.com/git/proxmox-apt-hook.git\\ngit checkout $(GITVERSION)" > $@.tmp/debian/SOURCE
+ mv $@.tmp $@
+
+.PHONY: deb
+deb: $(DEB)
+$(DEB): $(BUILDDIR)
+ cd $(BUILDDIR); dpkg-buildpackage -b -us -uc
+ lintian $(DEB)
+
+.PHONY: dsc
+dsc: $(DSC)
+$(DSC): $(BUILDDIR)
+ cd $(BUILDDIR); dpkg-buildpackage -S -us -uc -d
+ lintian $(DSC)
+
+.PHONY: sbuild
+sbuild: $(DSC)
+ sbuild $(DSC)
+
+.PHONY: upload
+upload: UPLOAD_DIST ?= $(DEB_DISTRIBUTION)
+upload: $(DEB)
+ tar cf - $(DEB)|ssh repoman@repo.proxmox.com -- upload --product pve --dist $(UPLOAD_DIST)
+
+.PHONY: distclean
+distclean: clean
+
+.PHONY: clean
+clean:
+ rm -rf *~ $(PACKAGE)-[0-9]*/ $(PACKAGE)*.tar.* *.deb *.dsc *.changes *.build *.buildinfo
diff --git a/debian/apt-hook/10proxmox-apt-hook b/debian/apt-hook/10proxmox-apt-hook
new file mode 100644
index 0000000..c4e6978
--- /dev/null
+++ b/debian/apt-hook/10proxmox-apt-hook
@@ -0,0 +1,4 @@
+DPkg::Pre-Install-Pkgs { "/usr/share/proxmox/proxmox-apt-hook"; };
+DPkg::Tools::Options::/usr/share/proxmox/proxmox-apt-hook "";
+DPkg::Tools::Options::/usr/share/proxmox/proxmox-apt-hook::Version "2";
+DPkg::Tools::Options::/usr/share/proxmox/proxmox-apt-hook::InfoFD "20";
diff --git a/debian/apt-hook/proxmox-apt-hook b/debian/apt-hook/proxmox-apt-hook
new file mode 100755
index 0000000..5e4f33f
--- /dev/null
+++ b/debian/apt-hook/proxmox-apt-hook
@@ -0,0 +1,52 @@
+#!/usr/bin/perl
+
+use strict;
+use warnings;
+
+use File::Basename;
+
+my $fd = $ENV{APT_HOOK_INFO_FD};
+my $hook_name = basename($0);
+
+my sub log_line {
+ my ($line) = @_;
+ chomp($line);
+ print "W: ($hook_name) $line\n";
+}
+
+if (!defined $fd || $fd == 0 || $fd !~ /^\d+$/) {
+ log_line("APT_HOOK_INFO_FD not correctly defined, skipping proxmox-apt-hook checks");
+ exit 0;
+}
+
+open(my $fh, "<&=", $fd) or die "E: could not open APT_HOOK_INFO_FD (${fd}) - $!\n";
+
+my sub cleanup {
+ close($fh);
+ exit 0;
+}
+
+chomp (my $ver = <$fh>);
+if ($ver ne "VERSION 2") {
+ log_line("proxmox-apt-hook misconfigured, expecting hook protocol version 2");
+ cleanup();
+}
+
+while (my $line = <$fh>) {
+ if (!$line) { # finished reading the APT configuration dump
+ cleanup();
+ }
+
+ if ($line =~ m/^CommandLine::AsString=apt(-get)?%20upgrade$/) {
+ log_line("");
+ log_line(
+ "NOTE: Proxmox projects follow a rolling release model, so using 'upgrade' can lead to"
+ ." a system being stuck on outdated versions, or in rare cases, break upon upgrading. "
+ ." Use 'dist-upgrade' or 'full-upgrade' instead.",
+ );
+ log_line("");
+ cleanup();
+ }
+}
+
+cleanup();
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..19bd26c
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+proxmox-apt-hook (0.1) bookworm; urgency=medium
+
+ * Initial release.
+
+ -- Proxmox Support Team <support@proxmox.com> Mon, 09 Sep 2024 10:49:30 +0200
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..77eecba
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,17 @@
+Source: proxmox-apt-hook
+Section: admin
+Priority: optional
+Maintainer: Proxmox Support Team <support@proxmox.com>
+Build-Depends: debhelper-compat (= 13),
+ lintian,
+Standards-Version: 4.6.2
+Homepage: https://www.proxmox.com
+
+Package: proxmox-apt-hook
+Architecture: all
+Depends: apt,
+ ${misc:Depends},
+ ${perl:Depends},
+Description: Proxmox hook for APT
+ Hook for APT to inform users about Proxmox-specific considerations
+ when using APT.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..046356b
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,14 @@
+Copyright (C) 2016 - 2024 Proxmox Server Solutions GmbH <support@proxmox.com>
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU Affero General Public License as
+ published by the Free Software Foundation, either version 3 of the
+ License, or (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU Affero General Public License for more details.
+
+ You should have received a copy of the GNU Affero General Public License
+ along with this program. If not, see <https://www.gnu.org/licenses/>.
diff --git a/debian/docs b/debian/docs
new file mode 100644
index 0000000..8696672
--- /dev/null
+++ b/debian/docs
@@ -0,0 +1 @@
+debian/SOURCE
diff --git a/debian/install b/debian/install
new file mode 100644
index 0000000..e0c8de6
--- /dev/null
+++ b/debian/install
@@ -0,0 +1,2 @@
+debian/apt-hook/10proxmox-apt-hook etc/apt/apt.conf.d/
+debian/apt-hook/proxmox-apt-hook usr/share/proxmox/
diff --git a/debian/postrm b/debian/postrm
new file mode 100644
index 0000000..0c9e4f6
--- /dev/null
+++ b/debian/postrm
@@ -0,0 +1,35 @@
+#! /bin/sh
+set -e
+
+hook=/etc/apt/apt.conf.d/10proxmox-apt-hook
+
+case "$1" in
+ purge)
+ rm -f $hook.disabled
+ ;;
+
+ remove)
+ if test -f $hook; then
+ mv $hook $hook.disabled
+ fi
+ ;;
+
+ abort-install)
+ if test "x$2" != "x" && test -f $hook
+ then
+ mv $hook $hook.disabled
+ fi
+ ;;
+
+ upgrade|failed-upgrade|abort-upgrade|disappear)
+ ;;
+
+ *)
+ echo "postrm called with unknown argument \`$1'" >&2
+ exit 1
+
+esac
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/preinst b/debian/preinst
new file mode 100644
index 0000000..a6f6b5e
--- /dev/null
+++ b/debian/preinst
@@ -0,0 +1,13 @@
+#!/bin/sh
+
+set -e
+
+hook=/etc/apt/apt.conf.d/10proxmox-apt-hook
+if test -f $hook.disabled
+then
+ mv $hook.disabled $hook
+fi
+
+#DEBHELPER#
+
+exit 0
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..218df65
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,8 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+%:
+ dh $@
diff --git a/debian/source/format b/debian/source/format
new file mode 100644
index 0000000..89ae9db
--- /dev/null
+++ b/debian/source/format
@@ -0,0 +1 @@
+3.0 (native)
--
2.39.2
_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel
next reply other threads:[~2024-09-09 10:20 UTC|newest]
Thread overview: 3+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-09-09 10:20 Fiona Ebner [this message]
2024-11-29 14:29 ` Fiona Ebner
2025-03-07 9:55 ` Fiona Ebner
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240909102050.40220-1-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal