From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id 7293D1FF137
	for <inbox@lore.proxmox.com>; Tue, 03 Feb 2026 17:05:08 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 0CEAF264DE;
	Tue,  3 Feb 2026 17:04:03 +0100 (CET)
From: Gabriel Goller <g.goller@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [PATCH pve-network 08/10] debian: handle user modifications to FRR
 templates via ucf
Date: Tue,  3 Feb 2026 17:01:26 +0100
Message-ID: <20260203160246.353351-20-g.goller@proxmox.com>
X-Mailer: git-send-email 2.47.3
In-Reply-To: <20260203160246.353351-1-g.goller@proxmox.com>
References: <20260203160246.353351-1-g.goller@proxmox.com>
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1770134497711
X-SPAM-LEVEL: Spam detection results:  0
	AWL                    -0.003 Adjusted score from AWL reputation of From:
 address
	BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
	DMARC_MISSING             0.1 Missing DMARC policy
	KAM_DMARC_STATUS         0.01 Test Rule for DKIM or SPF Failure with Strict
 Alignment
	SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
	SPF_PASS               -0.001 SPF: sender matches SPF record
Message-ID-Hash: MD4IWDJ5FYMH3O5VIMTVUNMMIOQTF6VK
X-Message-ID-Hash: MD4IWDJ5FYMH3O5VIMTVUNMMIOQTF6VK
X-MailFrom: g.goller@proxmox.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; loop;
 banned-address; emergency; member-moderation; nonmember-moderation;
 administrivia; implicit-dest; max-recipients; max-size; news-moderation;
 no-subject; digests; suspicious-header
X-Mailman-Version: 3.3.10
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Owner: <mailto:pve-devel-owner@lists.proxmox.com>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Subscribe: <mailto:pve-devel-join@lists.proxmox.com>
List-Unsubscribe: <mailto:pve-devel-leave@lists.proxmox.com>

This ensures that user customizations to frr jinja templates in
/etc/proxmox-frr/templates/ are preserved across package updates through
ucf's three-way merge, preventing silent overwrites of local changes.
When a user has customized a template and updates this package which
ships a new template version, ucf shows a three-way merge dialog
(ncurses) allowing them to view the differences and choose between the
maintainer's version, their version, or manually edit the merge result.

Signed-off-by: Gabriel Goller <g.goller@proxmox.com>
---
 debian/control                      |  1 +
 debian/libpve-network-perl.postinst | 34 ++++++++++++++++++++++++++++-
 debian/libpve-network-perl.postrm   | 33 ++++++++++++++++++++++++++++
 3 files changed, 67 insertions(+), 1 deletion(-)
 create mode 100644 debian/libpve-network-perl.postrm

diff --git a/debian/control b/debian/control
index 6fe98822e64c..83ddfc053048 100644
--- a/debian/control
+++ b/debian/control
@@ -29,6 +29,7 @@ Depends: libpve-common-perl (>= 9.1.1),
          libnetaddr-ip-perl,
          libpve-rs-perl (>= 0.11.1),
          libuuid-perl,
+         ucf,
          ${misc:Depends},
          ${perl:Depends},
 Recommends: frr-pythontools (>= 10.3.1-1+pve2~),
diff --git a/debian/libpve-network-perl.postinst b/debian/libpve-network-perl.postinst
index 99faedf48f56..629c5bdc9e18 100644
--- a/debian/libpve-network-perl.postinst
+++ b/debian/libpve-network-perl.postinst
@@ -2,6 +2,36 @@
 
 set -e
 
+TEMPLATE_OVERRIDE_DIR="/etc/proxmox-frr/templates"
+
+update_override_frr_templates() {
+  for override_file in "$TEMPLATE_OVERRIDE_DIR"/*; do
+    # only consider files ending in .jinja. we often have .ucf-old files as
+    # well storing the previous ucf decision.
+    case "$override_file" in
+      *.jinja)
+        ;;
+      *)
+        continue
+        ;;
+    esac
+
+    filename=$(basename "$override_file")
+
+    temp_packaged_file=$(mktemp)
+
+    # we want to embed the variable now, not when the trap is executed
+    # shellcheck disable=SC2064
+    trap "rm -f -- '$temp_packaged_file'" EXIT
+
+    if pvesdn template show "$filename" > "$temp_packaged_file"; then
+      ucf --three-way --debconf-ok "$temp_packaged_file" "$override_file"
+    fi
+
+    ucfr libpve-network-perl "$override_file"
+  done
+}
+
 migrate_ipam_db() {
   LEGACY_IPAM_DB_FILE="/etc/pve/priv/ipam.db"
   IPAM_DB_FILE="/etc/pve/sdn/pve-ipam-state.json"
@@ -29,7 +59,9 @@ case "$1" in
       migrate_ipam_db
       migrate_mac_cache
     fi
-  ;;
+
+    update_override_frr_templates
+    ;;
 esac
 
 exit 0
diff --git a/debian/libpve-network-perl.postrm b/debian/libpve-network-perl.postrm
new file mode 100644
index 000000000000..5a1c6834111b
--- /dev/null
+++ b/debian/libpve-network-perl.postrm
@@ -0,0 +1,33 @@
+#!/bin/bash
+set -e
+
+TEMPLATE_OVERRIDE_DIR="/etc/proxmox-frr/templates"
+
+case "$1" in
+    purge)
+        # Remove ucf registrations on purge
+        if [ -d "$TEMPLATE_OVERRIDE_DIR" ]; then
+            for package_file in "$TEMPLATE_OVERRIDE_DIR"/*; do
+                [ -e "$package_file" ] || continue
+
+                filename=$(basename "$package_file")
+                target_file="$TEMPLATE_OVERRIDE_DIR/$filename"
+
+                ucf --purge "$target_file" 2>/dev/null || true
+                ucfr --purge libpve-network-perl "$target_file" 2>/dev/null || true
+            done
+        fi
+        ;;
+
+    remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
+        ;;
+
+    *)
+        echo "postrm called with unknown argument \`$1'" >&2
+        exit 1
+        ;;
+esac
+
+#DEBHELPER#
+
+exit 0
-- 
2.47.3