From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [IPv6:2a01:7e0:0:424::9])
	by lore.proxmox.com (Postfix) with ESMTPS id C1DC01FF16B
	for <inbox@lore.proxmox.com>; Fri, 12 Sep 2025 11:23:12 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id 0AEAF6C8;
	Fri, 12 Sep 2025 11:23:05 +0200 (CEST)
Message-ID: <a8a5c23b-04fd-4de9-8ffe-616013d3a974@proxmox.com>
Date: Fri, 12 Sep 2025 11:22:30 +0200
MIME-Version: 1.0
User-Agent: Mozilla Thunderbird Beta
To: Florian Paul Azim Hoberg <florian.hoberg@credativ.de>,
 "pve-devel@lists.proxmox.com" <pve-devel@lists.proxmox.com>
References: <99022DEC-C3F5-48FE-9F81-A262118D27F7@credativ.de>
Content-Language: en-US
From: Thomas Lamprecht <t.lamprecht@proxmox.com>
In-Reply-To: <99022DEC-C3F5-48FE-9F81-A262118D27F7@credativ.de>
X-Bm-Milter-Handled: 55990f41-d878-4baa-be0a-ee34c49e34d2
X-Bm-Transport-Timestamp: 1757668947034
X-SPAM-LEVEL: Spam detection results:  0
 AWL -0.030 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [apt.pm]
Subject: Re: [pve-devel] [PATCH pve-manager 1/1] close: 6799: add apt
 upgrade path to PVE API
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

Am 12.09.25 um 08:34 schrieb Florian Paul Azim Hoberg:
> Extend the PVE API by a new 'upgrade' path in the
> apt path to perform 'apt-get -y dist-upgrade' on

Blindly upgrading can be dangerous and result in broken system, that's
why the Proxmox VE API only supports the interactive upgrade through
API using a html5 based shell to keep a (human) admin in the loop.

If your org evaluated the risk of doing this and is fine with that,
then I'd recommend using a lower level automation to frequently do
upgrades this way or setup unattended upgrades [0]. Adding this to the
PVE API signals to lesser experienced users that it's safe and stable,
which in our opinion it cannot really be (for those lesser experienced
ones).

So thanks for submitting a contribution, but we cannot accept this.

[0]: https://manpages.debian.org/trixie/unattended-upgrades/unattended-upgrades.8.en.html

Still some comments inline.
> the node in a noninteractive way to avoid blocking
> the upgrade process.
> 
> Signed-off-by: Florian Paul Azim Hoberg @gyptazy <florian.hoberg@credativ.de>
> ---
> 
> PVE/API2/APT.pm | 78 +++++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 78 insertions(+)
> 
> diff --git a/PVE/API2/APT.pm b/PVE/API2/APT.pm
> index 0d07cf38..3f2d7807 100644
> --- a/PVE/API2/APT.pm
> +++ b/PVE/API2/APT.pm
> @@ -417,6 +417,84 @@ __PACKAGE__->register_method({
>     },
> });
> 
> +__PACKAGE__->register_method({
> +    name => 'upgrade_packages',
> +    path => 'upgrade',
> +    method => 'POST',
> +    description =>
> +        "This is used to upgrade the system to the latest packages (apt-get -y dist-upgrade).",
> +    permissions => {
> +        check => ['perm', '/nodes/{node}', ['Sys.Modify']],

If, this would IMO need dedicated permissions, sys.modify is rather overused
already and doing a system upgrade is certainly one of the most privileged
operations.

> +    },
> +    protected => 1,
> +    proxyto => 'node',
> +    parameters => {
> +        additionalProperties => 0,
> +        properties => {
> +            node => get_standard_option('pve-node'),
> +            command => {
> +                description => "Specify the command.",
> +                type => 'string',
> +                enum => [qw(upgrade)],

useless parameter, can always get added in the future if there would be the
need for such a property.
> +            },
> +            quiet => {
> +                type => 'boolean',
> +                description =>
> +                    "Only produces output suitable for logging, omitting progress indicators.",
> +                optional => 1,
> +                default => 0,
> +            },
> +        },
> +    },
> +    returns => {
> +        type => 'string',
> +        description => 'The task UPID.',
> +    },
> +    code => sub {
> +        my ($param) = @_;
> +
> +        my $rpcenv = PVE::RPCEnvironment::get();
> +        my $dcconf = PVE::Cluster::cfs_read_file('datacenter.cfg');
> +
> +        my $authuser = $rpcenv->get_user();
> +
> +        my $realcmd = sub {
> +            my $upid = shift;
> +
> +            # setup proxy for apt
> +
> +            my $aptconf = "// no proxy configured\n";
> +            if ($dcconf->{http_proxy}) {
> +                $aptconf = "Acquire::http::Proxy \"$dcconf->{http_proxy}\";\n";
> +            }
> +            my $aptcfn = "/etc/apt/apt.conf.d/76pveproxy";
> +            PVE::Tools::file_set_contents($aptcfn, $aptconf);
> +
> +            # Run apt as noninteractive
> +            my $cmd = [
> +                'env', 'DEBIAN_FRONTEND=noninteractive',
> +                'apt-get', '-q', '-y',

making this be quiet can make debugging errors after the fact much
harder.

> +                '-o', 'Dpkg::Options::=--force-confdef',
> +                '-o', 'Dpkg::Options::=--force-confold',

This is not always guaranteed to be safe.

> +                'dist-upgrade'
> +            ];
> +
> +            print "starting apt-get -y dist-upgrade\n" if !$param->{quiet};
> +
> +            if ($param->{quiet}) {

It happens in a worker task, what benefit has one silencing even more
output?

> +                PVE::Tools::run_command($cmd, outfunc => sub { }, errfunc => sub { });
> +            } else {
> +                PVE::Tools::run_command($cmd);
> +            }
> +
> +            return;
> +        };
> +
> +        return $rpcenv->fork_worker('aptupgrade', undef, $authuser, $realcmd);
> +
> +    },
> +});
> +
> __PACKAGE__->register_method({
>     name => 'changelog',
>     path => 'changelog',
> --
> 2.50.1



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel