Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

New script to update packages with logging and stable channel access #668

Closed
gsanchietti opened this issue Jul 23, 2024 — with Huly for GitHub · 4 comments
Closed
Assignees
Labels
verified All test cases were verified successfully

Comments

Copy link
Member

gsanchietti commented Jul 23, 2024

Overview:
Implement a new update-packages script to improve troubleshooting and provide the ability to gather updates from the stable channel regardless of subscription status.

Features:

  1. Enhanced Logging:
    • All operations are logged to syslog and stderr.
    • Useful for troubleshooting and tracking automatic updates.
  2. Force-Stable Flag:
    • Accepts the --force-stable flag to gather updates from the stable channel regardless of subscription status.
    • Useful for quickly distributing fixes.
@gsanchietti gsanchietti moved this to In progress 🛠 in NethSecurity Jul 23, 2024
@gsanchietti gsanchietti self-assigned this Jul 23, 2024
@gsanchietti gsanchietti added this to the NethSecurity 8.2 milestone Jul 23, 2024
@gsanchietti
Copy link
Member Author

Test case 1

  • Configure a machine with a subscription and enable automatic updates
  • Update an existing machine with the attached packages, upload them to a machine and install them using this command:
    opkg install --force-reinstall  ns-api_0.0.83-1_all.ipk ns-plug_0.0.11-1_all.ipk
    
  • Check the new update-packages is invoked inside /etc/crontab/root

Test case 2

  • After test case 1, try to disable the automatic updates from the UI
  • Check the update-packages is not included inside /etc/crontab/root
  • Enable the automatic updates from the UI
  • Check the update-packages is included inside /etc/crontab/root

Test case 3

  • After test case 1, execute package update from UI
  • Verify the updates are working and you can see output inside /var/log/messages. Output should look like this:
    Jul 23 09:45:50 NethSec update-packages: Downloading https://updates.nethsecurity.nethserver.org/dev/23.05.3/targets/x86/64/packages/Packages.gz
    Jul 23 09:45:52 NethSec update-packages: Updated list of available packages in /var/opkg-lists/nethsecurity_core
    Jul 23 09:45:52 NethSec update-packages: Downloading https://updates.nethsecurity.nethserver.org/dev/23.05.3/targets/x86/64/packages/Packages.sig
    Jul 23 09:45:52 NethSec update-packages: Signature check passed.
    ...
    

Test case 4

  • Execute the update-packages script from command line
  • Verify the output is sent to the console and to /var/log/messages

Test case 5

  • Force the update from command line on a subscription machine: update-packages --force-stable
  • Verify the script grabs packages from the stable channel
  • At the end of the script, verify that /etc/opkg/distfeed.conf still contains references to the subscription (grep distfeed.nethesis.it /etc/opkg/distfeed.conf)

gsanchietti added a commit that referenced this issue Jul 25, 2024
Copy link
Contributor

Testing image version: 8-23.05.3-ns.1.1.0-82-g9ca27ef

@github-actions github-actions bot added the testing Packages are available from testing repositories label Jul 25, 2024
@Tbaile
Copy link
Contributor

Tbaile commented Jul 29, 2024

Test case 1 fails (booting a stable installation, fresh from website, then registering the machine):

wget https://updates.nethsecurity.nethserver.org/dev/23.05.3/packages/x86_64/nethsecurity/ns-plug_0.0.11-1_all.ipk -O /tmp/ns-plug_0.0.11-1_all.ipk
wget https://updates.nethsecurity.nethserver.org/dev/23.05.3/packages/x86_64/nethsecurity/ns-api_0.0.83-1_all.ipk -O /tmp/ns-api_0.0.83-1_all.ipk
opkg install --force-reinstall /tmp/ns-api_0.0.83-1_all.ipk /tmp/ns-plug_0.0.11-1_all.ipk
cat /etc/crontabs/root | grep update-packages

Provides no output, /etc/crontabs/root file:

0 */4 * * * sleep $(( RANDOM % 3600 )); /etc/init.d/banip reload
0 0 * * * /etc/init.d/acme start
04 0 * * * /usr/bin/dpireport-cleanup
1 */12 * * * sleep $(( RANDOM % 3600 )); /etc/init.d/adblock reload
10 4 * * * sleep $(( RANDOM % 1800 )); /usr/sbin/send-phonehome
3 3 12 12 * /usr/bin/nginx-util 'check_ssl'
5 1 * * * /usr/sbin/logrotate /etc/logrotate.conf
5 2 * * * sleep $(( RANDOM % 18000 )); /bin/opkg list-upgradable | /usr/bin/cut -f 1 -d ' ' | /usr/bin/xargs -r opkg upgrade
8 4 * * * sleep $(( RANDOM % 3600 )); /usr/sbin/dpi-update
02 2 * * * sleep $(( RANDOM % 1800 )); /usr/sbin/send-backup
*/10 * * * * sleep $(( RANDOM % 60 )); /usr/sbin/send-heartbeat
05 3 * * * sleep $(( RANDOM % 1800 )); /usr/sbin/send-inventory

During installation i recieve from opkg the following warning:

Removing package ns-api from root...
Removing package ns-plug from root...
Not deleting modified conffile /etc/config/ns-plug.
Installing ns-api (0.0.83-1) to root...
Installing ns-plug (0.0.11-1) to root...
Configuring ns-api.
Configuring ns-plug.
//usr/lib/opkg/info/ns-plug.postinst: .: line 3: can't open '/etc/uci-defaults/20_ns-plug': No such file or directory
Collected errors:
 * resolve_conffiles: Existing conffile /etc/config/ns-plug is different from the conffile in the new package. The new conffile will be placed at /etc/config/ns-plug-opkg

As you can imagine, code 0 is returned.

@gsanchietti
Copy link
Member Author

gsanchietti commented Jul 29, 2024

During installation i recieve from opkg the following warning:

This is and indicator that you're installing the wrong package, because the code that executes that command has been removed: 681774c

I think the only way to really test those package is a local build.
Workaround: verify the test case 1 is passing using the image upgrade, it uses almost the same code

@Tbaile Tbaile added verified All test cases were verified successfully and removed testing Packages are available from testing repositories labels Jul 29, 2024
@github-project-automation github-project-automation bot moved this from In progress 🛠 to Done ✅ in NethSecurity Jul 29, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
verified All test cases were verified successfully
Projects
Archived in project
Development

No branches or pull requests

2 participants