From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <s.ivanov@proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits))
 (No client certificate requested)
 by lists.proxmox.com (Postfix) with ESMTPS id 647C861797
 for <pve-devel@lists.proxmox.com>; Wed,  9 Feb 2022 18:23:12 +0100 (CET)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
 by firstgate.proxmox.com (Proxmox) with ESMTP id 52A5B559C
 for <pve-devel@lists.proxmox.com>; Wed,  9 Feb 2022 18:22:42 +0100 (CET)
Received: from proxmox-new.maurer-it.com (proxmox-new.maurer-it.com
 [94.136.29.106])
 (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
 key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256)
 (No client certificate requested)
 by firstgate.proxmox.com (Proxmox) with ESMTPS id 218FA558E
 for <pve-devel@lists.proxmox.com>; Wed,  9 Feb 2022 18:22:41 +0100 (CET)
Received: from proxmox-new.maurer-it.com (localhost.localdomain [127.0.0.1])
 by proxmox-new.maurer-it.com (Proxmox) with ESMTP id E432046DB6
 for <pve-devel@lists.proxmox.com>; Wed,  9 Feb 2022 18:22:40 +0100 (CET)
Date: Wed, 9 Feb 2022 18:22:39 +0100
From: Stoiko Ivanov <s.ivanov@proxmox.com>
To: pve-devel@lists.proxmox.com
Message-ID: <20220209182239.27376cc6@rosa.proxmox.com>
In-Reply-To: <20220204184538.3139247-7-s.ivanov@proxmox.com>
References: <20220204184538.3139247-1-s.ivanov@proxmox.com>
 <20220204184538.3139247-7-s.ivanov@proxmox.com>
X-Mailer: Claws Mail 3.17.8 (GTK+ 2.24.33; x86_64-pc-linux-gnu)
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
X-SPAM-LEVEL: Spam detection results:  0
 AWL 0.246 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 T_SCC_BODY_TEXT_LINE    -0.01 -
Subject: Re: [pve-devel] [PATCH proxmox-ve v2 2/2] apt-hook: add check
 preventing the removal of pinned kernels
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
X-List-Received-Date: Wed, 09 Feb 2022 17:23:12 -0000

while talking off-list about this I realized that I forgot to mention that
file_read_firstline is copied from PVE::Tools.

The rationale was that we might end up in a situation where pve-common
might not be available and the hook might still be called.
Also we might eventually have this hook in some of our other products,
which do not depend on pve-common (PBS for now).

if the series is accepted as-is - feel free to update the commit message.
else - I'll include it in the v3

sorry for the noise

On Fri,  4 Feb 2022 19:45:38 +0100
Stoiko Ivanov <s.ivanov@proxmox.com> wrote:

> Signed-off-by: Stoiko Ivanov <s.ivanov@proxmox.com>
> ---
>  debian/apthook/pve-apt-hook | 28 ++++++++++++++++++++++++++++
>  1 file changed, 28 insertions(+)
> 
> diff --git a/debian/apthook/pve-apt-hook b/debian/apthook/pve-apt-hook
> index 50e50d1..6de56c4 100755
> --- a/debian/apthook/pve-apt-hook
> +++ b/debian/apthook/pve-apt-hook
> @@ -34,6 +34,17 @@ my $cleanup = sub {
>    exit $rc;
>  };
>  
> +my $file_read_firstline = sub {
> +    my ($filename) = @_;
> +
> +    my $fh = IO::File->new($filename, "r");
> +    return undef if !$fh;
> +    my $res = <$fh>;
> +    chomp $res if $res;
> +    $fh->close;
> +    return $res;
> +};
> +
>  chomp (my $ver = <$fh>);
>  if ($ver ne "VERSION 2") {
>    $log->("apt-pve-hook misconfigured, expecting hook protocol version 2\n");
> @@ -84,6 +95,23 @@ while (my $line = <$fh>) {
>        $cleanup->(0, 1);
>      }
>    }
> +  if ($pkg =~ /^pve-kernel-/) {
> +    if ($action eq '**REMOVE**') {
> +      my $next_boot_ver = $file_read_firstline->("/etc/kernel/next-boot-pin");
> +      my $pinned_ver = $file_read_firstline->("/etc/kernel/proxmox-boot-pin");
> +      my $remove_pinned_ver = ($next_boot_ver && $pkg =~ /$next_boot_ver/);
> +      $remove_pinned_ver ||= ($pinned_ver && $pkg =~ /$pinned_ver/);
> +      if ($remove_pinned_ver) {
> +        $log->("!! WARNING !!\n");
> +        $log->("You are attempting to remove the currently pinned kernel '${pkg}'!\n");
> +        $log->("\n");
> +        $log->("If you really do not need the version anymore unpin it by running\n");
> +        $log->("\tproxmox-boot-tool kernel unpin'\n");
> +        $log->("and repeat your apt invocation.\n");
> +        $cleanup->(1);
> +      }
> +    }
> +  }
>  }
>  
>  $cleanup->(0);