Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

update: set -d and -f for release updates and thick jail updates #810

Merged
merged 4 commits into from
Jan 20, 2025
Merged

update: set -d and -f for release updates and thick jail updates #810

Changes from 3 commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
b22d68d
update: set -d and -f for release updates and think jail updates
tschettervictor Jan 14, 2025
2f7120a
update: add debug, code cleanup
tschettervictor Jan 14, 2025
a74f871
update: Use -j jailpath and _release path as vars
tschettervictor Jan 16, 2025
6eaa16e
update: use “workdir”
tschettervictor Jan 17, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
136 changes: 89 additions & 47 deletions usr/local/share/bastille/update.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -34,39 +34,62 @@
. /usr/local/etc/bastille/bastille.conf

usage() {
error_exit "Usage: bastille update [release|container|template] | [force]"
}
error_notify "Usage: bastille update [option(s)] TARGET"
cat << EOF
Options:

# Handle special-case commands first.
case "$1" in
help|-h|--help)
usage
;;
esac
-a | --auto Auto mode. Start/stop jail(s) if required.
-f | --force Force update a release.
-x | --debug Enable debug mode.

EOF
exit 1
}

if [ $# -gt 2 ] || [ $# -lt 1 ]; then
usage
fi

bastille_root_check
# Handle options.
OPTION=""
AUTO=0
while [ "$#" -gt 0 ]; do
case "${1}" in
-h|--help|help)
usage
;;
-a|--auto)
AUTO=1
shift
;;
-f|--force)
OPTION="-F"
shift
;;
-x|--debug)
enable_debug
shift
;;
-*)
for _opt in $(echo ${1} | sed 's/-//g' | fold -w1); do
case ${_opt} in
a) AUTO=1 ;;
f) OPTION="-F" ;;
x) enable_debug ;;
*) error_exit "Unknown Option: \"${1}\"" ;;
esac
done
shift
;;
*)
break
;;
esac
done

TARGET="${1}"
OPTION="${2}"

# Handle options
case "${OPTION}" in
-f|--force)
OPTION="-F"
;;
*)
OPTION=
;;
esac

# Check for unsupported actions
if [ "${TARGET}" = "ALL" ]; then
error_exit "Batch upgrade is unsupported."
fi

bastille_root_check

if [ -f "/bin/midnightbsd-version" ]; then
echo -e "${COLOR_RED}Not yet supported on MidnightBSD.${COLOR_RESET}"
Expand All @@ -86,45 +109,63 @@ arch_check() {

jail_check() {
# Check if the jail is thick and is running
if [ ! "$(/usr/sbin/jls name | awk "/^${TARGET}$/")" ]; then
error_exit "[${TARGET}]: Not started. See 'bastille start ${TARGET}'."
else
if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_exit "${TARGET} is not a thick container."
fi
set_target_single "${TARGET}"
check_target_is_running "${TARGET}" || if [ "${AUTO}" -eq 1 ]; then
bastille start "${TARGET}"
else
error_notify "Jail is not running."
error_continue "Use [-a|--auto] to auto-start the jail."
fi
if grep -qw "${bastille_jailsdir}/${TARGET}/root/.bastille" "${bastille_jailsdir}/${TARGET}/fstab"; then
error_notify "${TARGET} is not a thick container."
error_exit "See 'bastille update RELEASE' to update thin jails."
fi
}

jail_update() {
local _jailname="${1}"
local _jailpath="${bastille_jailsdir}/${TARGET}/root"
local _freebsd_update_conf="${_jailpath}/etc/freebsd-update.conf"
local _workdir="${_jailpath}/var/db/freebsd-update"
# Update a thick container
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
jail_check
if [ -d "${bastille_jailsdir}/${TARGET}" ]; then
CURRENT_VERSION=$(/usr/sbin/jexec -l "${TARGET}" freebsd-version 2>/dev/null)
if [ -z "${CURRENT_VERSION}" ]; then
error_exit "Can't determine '${TARGET}' version."
else
env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron -b "${bastille_jailsdir}/${TARGET}/root" \
fetch install --currently-running "${CURRENT_VERSION}"
env PAGER="/bin/cat" freebsd-update ${OPTION} \
--not-running-from-cron \
-j "${_jailname}" \
-d "${_workdir}" \
-f "${_freebsd_update_conf}" \
fetch install
fi
else
error_exit "${TARGET} not found. See 'bastille bootstrap'."
fi
}

release_update() {
local _releasepath="${bastille_releasesdir}/${TARGET}"
local _freebsd_update_conf="${_releasepath}/etc/freebsd-update.conf"
# Update a release base(affects child containers)
if [ -d "${bastille_releasesdir}/${TARGET}" ]; then
if [ -d "${_releasepath}" ]; then
TARGET_TRIM="${TARGET}"
if [ -n "${ARCH_I386}" ]; then
TARGET_TRIM=$(echo "${TARGET}" | sed 's/-i386//')
fi

env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron -b "${bastille_releasesdir}/${TARGET}" \
env PAGER="/bin/cat" freebsd-update ${OPTION} \
--not-running-from-cron \
-b "${_releasepath}" \
-d "${_releasepath}/var/db/freebsd-update" \
-f "${_freebsd_update_conf}" \
fetch --currently-running "${TARGET_TRIM}"
env PAGER="/bin/cat" freebsd-update ${OPTION} --not-running-from-cron -b "${bastille_releasesdir}/${TARGET}" \
env PAGER="/bin/cat" freebsd-update ${OPTION} \
--not-running-from-cron \
-b "${_releasepath}" \
-d "${_releasepath}/var/db/freebsd-update" \
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Do you really the update database be part of the release? It is not a jail after all?!

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It's the working directory. I figured best to keep it all consigned to the jail.

Not?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, it is not a jail, is it? You are updating a release which is used for bootstrapping and thin jails. Update management should be out of band. I'd like to know what others think here. @bmac2 @jdhg-orbiware

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Oh sorry, that is the release we are talking about here. I thought it was the jail.

Still, we are updating the release, and I'm not sure if the database is touched in there or not.

Copy link
Collaborator Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michael-o I closed our other 2 conversations here about the -b option. We can discuss here.

Because this is a release, we do need the -b option. Unlike jails, where you can specify the -j option, we need to tell freebsd to use the release as a base directory, and also where the workdir should be.

Don't you think?

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@michael-o I closed our other 2 conversations here about the -b option. We can discuss here.

Because this is a release, we do need the -b option. Unlike jails, where you can specify the -j option, we need to tell freebsd to use the release as a base directory, and also where the workdir should be.

Don't you think?

Yes, nothing is wrong that, what I wanted to point out is that a release is not a jail, you must use -b, and not -j.

-f "${_freebsd_update_conf}" \
install --currently-running "${TARGET_TRIM}"
else
error_exit "${TARGET} not found. See 'bastille bootstrap'."
error_exit "${TARGET} not found. See 'bastille bootstrap RELEASE'."
fi
}

Expand All @@ -145,10 +186,10 @@ template_update() {
templates_update() {
# Update all templates
_updated_templates=0
if [ -d "${bastille_templatesdir}" ]; then
# shellcheck disable=SC2045
for _template_path in $(ls -d "${bastille_templatesdir}"/*/*); do
if [ -d "$_template_path"/.git ]; then
if [ -d ${bastille_templatesdir} ]; then
# shellcheck disable=SC2045
for _template_path in $(ls -d ${bastille_templatesdir}/*/*); do
if [ -d $_template_path/.git ]; then
BASTILLE_TEMPLATE=$(echo "$_template_path" | awk -F / '{ print $(NF-1) "/" $NF }')
template_update

Expand All @@ -174,5 +215,6 @@ elif echo "${TARGET}" | grep -q "[0-9]\{2\}.[0-9]-RELEASE"; then
arch_check
release_update
else
jail_update
jail_check
jail_update "${TARGET}"
fi