From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68]) by lore.proxmox.com (Postfix) with ESMTPS id 1E8551FF15F for ; Mon, 9 Sep 2024 12:20:51 +0200 (CEST) Received: from firstgate.proxmox.com (localhost [127.0.0.1]) by firstgate.proxmox.com (Proxmox) with ESMTP id B185710E38; Mon, 9 Sep 2024 12:21:28 +0200 (CEST) From: Fiona Ebner To: pve-devel@lists.proxmox.com Date: Mon, 9 Sep 2024 12:20:50 +0200 Message-Id: <20240909102050.40220-1-f.ebner@proxmox.com> X-Mailer: git-send-email 2.39.2 MIME-Version: 1.0 X-SPAM-LEVEL: Spam detection results: 0 AWL -0.059 Adjusted score from AWL reputation of From: address BAYES_00 -1.9 Bayes spam probability is 0 to 1% DMARC_MISSING 0.1 Missing DMARC policy KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. SPF_HELO_NONE 0.001 SPF: HELO does not publish an SPF Record SPF_PASS -0.001 SPF: sender matches SPF record Subject: [pve-devel] [PATCH v2 proxmox-apt-hook] initial commit X-BeenThere: pve-devel@lists.proxmox.com X-Mailman-Version: 2.1.29 Precedence: list List-Id: Proxmox VE development discussion List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Reply-To: Proxmox VE development discussion Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: pve-devel-bounces@lists.proxmox.com Sender: "pve-devel" Many people will use 'upgrade' instead of 'full-upgrade' or 'dist-upgrade' (e.g. [0][1]) despite the documentation explicitly mentioning 'dist-upgrade' [3]. Proxmox projects use different packaging guarantees than Debian (necessary for a rolling release model) and using 'upgrade' can lead to the system being stuck on outdated versions, or in rare cases, even break the system [2]. The match is kept simple, to not accidentally catch things like > -o 'foo=bar upgrade baz' and trip up advanced users. It does not catch invocations with '-y' either, making it less likely to break automated user scripts. Although they should not use 'upgrade' either, it still would be bad to break them. If the risk is still considered too high, this change should wait until a major or at least point release. To avoid false positives, it would be necessary to properly parse options, which is likely not worth the effort. A downside is that the hook is only invoked after the user confirms the upgrade and fetching the packages, but there doesn't seem to be an early enough hook entry that provides access to the command line. Since this is just an additional safety warning to guide new users, it should still be good enough. It is intended that meta-packages for Proxmox projects recommend this package. The same postinst/postrm logic for the hook like in proxmox-ve and apt-listchanges is used to not have disable/re-enable the hook upon removal/re-install of the package. [0]: https://forum.proxmox.com/threads/150217/post-680158 [1]: https://forum.proxmox.com/threads/140580/post-630419 [2]: https://www.reddit.com/r/Proxmox/comments/ujqig9/use_apt_distupgrade_or_the_gui_not_apt_upgrade/ [3]: https://pve.proxmox.com/pve-docs/chapter-sysadmin.html#system_software_updates Signed-off-by: Fiona Ebner --- Changes in v2: * Mention that actual breakage is rare, being stuck on outdated versions is much more common. * Do not ask for confirmation, only log the warning. * Split into own package, so it can be re-used by different products. .gitignore | 7 ++++ Makefile | 47 +++++++++++++++++++++++++++ debian/apt-hook/10proxmox-apt-hook | 4 +++ debian/apt-hook/proxmox-apt-hook | 52 ++++++++++++++++++++++++++++++ debian/changelog | 5 +++ debian/control | 17 ++++++++++ debian/copyright | 14 ++++++++ debian/docs | 1 + debian/install | 2 ++ debian/postrm | 35 ++++++++++++++++++++ debian/preinst | 13 ++++++++ debian/rules | 8 +++++ debian/source/format | 1 + 13 files changed, 206 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100644 debian/apt-hook/10proxmox-apt-hook create mode 100755 debian/apt-hook/proxmox-apt-hook create mode 100644 debian/changelog create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/docs create mode 100644 debian/install create mode 100644 debian/postrm create mode 100644 debian/preinst create mode 100755 debian/rules create mode 100644 debian/source/format diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..5e6053d --- /dev/null +++ b/.gitignore @@ -0,0 +1,7 @@ +/*.build +/*.buildinfo +/*.changes +/*.deb +/*.dsc +/*.tar* +/proxmox-apt-hook-*/ diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..e0cd704 --- /dev/null +++ b/Makefile @@ -0,0 +1,47 @@ +include /usr/share/dpkg/default.mk + +PACKAGE=proxmox-apt-hook + +GITVERSION:=$(shell git rev-parse HEAD) + +BUILDDIR ?= $(PACKAGE)-$(DEB_VERSION) +DSC=$(PACKAGE)_$(DEB_VERSION).dsc + +DEB=$(PACKAGE)_$(DEB_VERSION_UPSTREAM_REVISION)_all.deb + +all: $(DEB) + +$(BUILDDIR): debian + rm -rf $@ $@.tmp + mkdir -p $@.tmp/debian + cp -a debian/ $@.tmp/ + echo "git clone git://git.proxmox.com/git/proxmox-apt-hook.git\\ngit checkout $(GITVERSION)" > $@.tmp/debian/SOURCE + mv $@.tmp $@ + +.PHONY: deb +deb: $(DEB) +$(DEB): $(BUILDDIR) + cd $(BUILDDIR); dpkg-buildpackage -b -us -uc + lintian $(DEB) + +.PHONY: dsc +dsc: $(DSC) +$(DSC): $(BUILDDIR) + cd $(BUILDDIR); dpkg-buildpackage -S -us -uc -d + lintian $(DSC) + +.PHONY: sbuild +sbuild: $(DSC) + sbuild $(DSC) + +.PHONY: upload +upload: UPLOAD_DIST ?= $(DEB_DISTRIBUTION) +upload: $(DEB) + tar cf - $(DEB)|ssh repoman@repo.proxmox.com -- upload --product pve --dist $(UPLOAD_DIST) + +.PHONY: distclean +distclean: clean + +.PHONY: clean +clean: + rm -rf *~ $(PACKAGE)-[0-9]*/ $(PACKAGE)*.tar.* *.deb *.dsc *.changes *.build *.buildinfo diff --git a/debian/apt-hook/10proxmox-apt-hook b/debian/apt-hook/10proxmox-apt-hook new file mode 100644 index 0000000..c4e6978 --- /dev/null +++ b/debian/apt-hook/10proxmox-apt-hook @@ -0,0 +1,4 @@ +DPkg::Pre-Install-Pkgs { "/usr/share/proxmox/proxmox-apt-hook"; }; +DPkg::Tools::Options::/usr/share/proxmox/proxmox-apt-hook ""; +DPkg::Tools::Options::/usr/share/proxmox/proxmox-apt-hook::Version "2"; +DPkg::Tools::Options::/usr/share/proxmox/proxmox-apt-hook::InfoFD "20"; diff --git a/debian/apt-hook/proxmox-apt-hook b/debian/apt-hook/proxmox-apt-hook new file mode 100755 index 0000000..5e4f33f --- /dev/null +++ b/debian/apt-hook/proxmox-apt-hook @@ -0,0 +1,52 @@ +#!/usr/bin/perl + +use strict; +use warnings; + +use File::Basename; + +my $fd = $ENV{APT_HOOK_INFO_FD}; +my $hook_name = basename($0); + +my sub log_line { + my ($line) = @_; + chomp($line); + print "W: ($hook_name) $line\n"; +} + +if (!defined $fd || $fd == 0 || $fd !~ /^\d+$/) { + log_line("APT_HOOK_INFO_FD not correctly defined, skipping proxmox-apt-hook checks"); + exit 0; +} + +open(my $fh, "<&=", $fd) or die "E: could not open APT_HOOK_INFO_FD (${fd}) - $!\n"; + +my sub cleanup { + close($fh); + exit 0; +} + +chomp (my $ver = <$fh>); +if ($ver ne "VERSION 2") { + log_line("proxmox-apt-hook misconfigured, expecting hook protocol version 2"); + cleanup(); +} + +while (my $line = <$fh>) { + if (!$line) { # finished reading the APT configuration dump + cleanup(); + } + + if ($line =~ m/^CommandLine::AsString=apt(-get)?%20upgrade$/) { + log_line(""); + log_line( + "NOTE: Proxmox projects follow a rolling release model, so using 'upgrade' can lead to" + ." a system being stuck on outdated versions, or in rare cases, break upon upgrading. " + ." Use 'dist-upgrade' or 'full-upgrade' instead.", + ); + log_line(""); + cleanup(); + } +} + +cleanup(); diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..19bd26c --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +proxmox-apt-hook (0.1) bookworm; urgency=medium + + * Initial release. + + -- Proxmox Support Team Mon, 09 Sep 2024 10:49:30 +0200 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..77eecba --- /dev/null +++ b/debian/control @@ -0,0 +1,17 @@ +Source: proxmox-apt-hook +Section: admin +Priority: optional +Maintainer: Proxmox Support Team +Build-Depends: debhelper-compat (= 13), + lintian, +Standards-Version: 4.6.2 +Homepage: https://www.proxmox.com + +Package: proxmox-apt-hook +Architecture: all +Depends: apt, + ${misc:Depends}, + ${perl:Depends}, +Description: Proxmox hook for APT + Hook for APT to inform users about Proxmox-specific considerations + when using APT. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..046356b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,14 @@ +Copyright (C) 2016 - 2024 Proxmox Server Solutions GmbH + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as + published by the Free Software Foundation, either version 3 of the + License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . diff --git a/debian/docs b/debian/docs new file mode 100644 index 0000000..8696672 --- /dev/null +++ b/debian/docs @@ -0,0 +1 @@ +debian/SOURCE diff --git a/debian/install b/debian/install new file mode 100644 index 0000000..e0c8de6 --- /dev/null +++ b/debian/install @@ -0,0 +1,2 @@ +debian/apt-hook/10proxmox-apt-hook etc/apt/apt.conf.d/ +debian/apt-hook/proxmox-apt-hook usr/share/proxmox/ diff --git a/debian/postrm b/debian/postrm new file mode 100644 index 0000000..0c9e4f6 --- /dev/null +++ b/debian/postrm @@ -0,0 +1,35 @@ +#! /bin/sh +set -e + +hook=/etc/apt/apt.conf.d/10proxmox-apt-hook + +case "$1" in + purge) + rm -f $hook.disabled + ;; + + remove) + if test -f $hook; then + mv $hook $hook.disabled + fi + ;; + + abort-install) + if test "x$2" != "x" && test -f $hook + then + mv $hook $hook.disabled + fi + ;; + + upgrade|failed-upgrade|abort-upgrade|disappear) + ;; + + *) + echo "postrm called with unknown argument \`$1'" >&2 + exit 1 + +esac + +#DEBHELPER# + +exit 0 diff --git a/debian/preinst b/debian/preinst new file mode 100644 index 0000000..a6f6b5e --- /dev/null +++ b/debian/preinst @@ -0,0 +1,13 @@ +#!/bin/sh + +set -e + +hook=/etc/apt/apt.conf.d/10proxmox-apt-hook +if test -f $hook.disabled +then + mv $hook.disabled $hook +fi + +#DEBHELPER# + +exit 0 diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..218df65 --- /dev/null +++ b/debian/rules @@ -0,0 +1,8 @@ +#!/usr/bin/make -f +# -*- makefile -*- + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +%: + dh $@ diff --git a/debian/source/format b/debian/source/format new file mode 100644 index 0000000..89ae9db --- /dev/null +++ b/debian/source/format @@ -0,0 +1 @@ +3.0 (native) -- 2.39.2 _______________________________________________ pve-devel mailing list pve-devel@lists.proxmox.com https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel