[25513] in Source-Commits
/svn/athena r25043 - trunk/debathena/config/auto-update/debian
daemon@ATHENA.MIT.EDU (Jonathan D Reed)
Tue Mar 15 22:08:39 2011
Date: Tue, 15 Mar 2011 22:08:33 -0400
From: Jonathan D Reed <jdreed@MIT.EDU>
Message-Id: <201103160208.p2G28Xa8008538@drugstore.mit.edu>
To: source-commits@mit.edu
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Author: jdreed
Date: 2011-03-15 22:08:33 -0400 (Tue, 15 Mar 2011)
New Revision: 25043
Added:
trunk/debathena/config/auto-update/debian/mitCA.crt
Modified:
trunk/debathena/config/auto-update/debian/athena-auto-update
trunk/debathena/config/auto-update/debian/changelog
trunk/debathena/config/auto-update/debian/debathena-auto-update.default
trunk/debathena/config/auto-update/debian/debathena-auto-update.install
Log:
In auto-update:
* Download and verify a recovery script (Trac #783)
* Add new command-line options to auto-update
Modified: trunk/debathena/config/auto-update/debian/athena-auto-update
===================================================================
--- trunk/debathena/config/auto-update/debian/athena-auto-update 2011-03-15 19:34:16 UTC (rev 25042)
+++ trunk/debathena/config/auto-update/debian/athena-auto-update 2011-03-16 02:08:33 UTC (rev 25043)
@@ -6,9 +6,25 @@
updmsg="$*"
}
+warn() {
+ # If we've already had a warning once, then fail
+ if [ "$updstatus" = "warning" ]; then
+ complain "$*"
+ else
+ updstatus="warning"
+ updmsg="$*"
+ fi
+}
+
save_success() {
- updstatus="ok"
- updmsg=$1
+ # Warnings which don't terminate the update should get saved,
+ # along with the final success message.
+ if [ "$updstatus" = "warning" ]; then
+ updmsg="$* ($updmsg)"
+ else
+ updstatus="ok"
+ updmsg="$*"
+ fi
}
save_state() {
@@ -17,7 +33,7 @@
}
maybe_reboot() {
- if [ "$SHOULD_REBOOT" = "no" ]; then
+ if [ $SKIP_REBOOT ]; then
return
fi
if [ -f /var/run/reboot-required ]; then
@@ -41,18 +57,30 @@
fi
}
-SHOULD_REBOOT="yes"
-if [ "$1" = "-n" ]; then
- SHOULD_REBOOT="no"
-fi
+SKIP_REBOOT="n"
+DEBUG="n"
+VERBOSE="n"
+while getopts "nvd" opt; do
+ case "$opt" in
+ d) DEBUG="y";;
+ v) VERBOSE="y";;
+ n) SKIP_REBOOT="y";;
+ \?)
+ echo "Usage: $0 [ -d ] [ -n ] [ -v ]"
+ ;;
+ esac
+done
+[ "$DEBUG" = "y" ] && VERBOSE="y"
+
if [ 0 != "$(id -u)" ]; then
echo "This script must be run as root." >&2
exit 1
fi
# Don't run updates during a cluster login.
-if [ -e /var/run/athena-login ]; then
+# Unless forced
+if [ -e /var/run/athena-login ] && [ "$DEBUG" != "y" ]; then
exit 0
fi
@@ -75,11 +103,15 @@
# Get the last successful update
if [ -f $statfile ]; then
updlast=$(awk -F\| '{print $1;}' $statfile)
+ updstatus=$(awk -F\| '{print $3;}' $statfile)
fi
# Make sure nothing expects input on stdin.
exec </dev/null
+# Save a reference to STDOUT
+exec 3>&1
+
# Redirect further output to a log file.
exec >>/var/log/athena-update 2>&1
@@ -105,6 +137,7 @@
trap finish EXIT
v() {
+ [ "$VERBOSE" = "y" ] && echo "Running" "$@" >&3
echo "** Running:" "$@"
"$@"
}
@@ -142,6 +175,53 @@
# Tell apt not to expect user input during package installation.
export DEBIAN_FRONTEND=noninteractive
+# Set conservative defaults in case file is missing
+UPDATE_FORCE_CONFFILE=old
+RUN_UPDATE_HOOK=no
+# Process defaults file
+[ -f /etc/default/debathena-auto-update ] && . /etc/default/debathena-auto-update
+# On cluster machines, force our desired settings
+# Ignore /etc/default/debathena-auto-update
+if dpkg-query --showformat '${Status}\n' -W "debathena-cluster" 2>/dev/null | grep -q ' installed$'; then
+ UPDATE_FORCE_CONFFILE=new
+ RUN_UPDATE_HOOK=yes
+fi
+
+UPDATE_HOOK_URL=https://athena10.mit.edu/debathena-update-hook.sh
+UPDATE_HOOK_SUM=https://athena10.mit.edu/debatshena-update-hook-sha256sum
+MITCA=/usr/share/debathena-auto-update/mitCA.crt
+UPDATE_HOOK=/var/run/debathena-update-hook.sh
+
+rm -f $UPDATE_HOOK
+if [ $RUN_UPDATE_HOOK = "yes" ] && \
+ curl -sf -o $UPDATE_HOOK --cacert $MITCA $UPDATE_HOOK_URL; then
+ chmod 500 $UPDATE_HOOK
+ SHA256SUM=$(curl -sf --cacert $MITCA $UPDATE_HOOK_SUM)
+ rv=$?
+ if [ $rv = 0 ]; then
+ LOCALSUM=$(sha256sum $UPDATE_HOOK | awk '{print $1}')
+ if [ "$SHA256SUM" = "$LOCALSUM" ]; then
+ if ! $UPDATE_HOOK; then
+ complain "update hook returned non-zero status"
+ exit
+ fi
+ else
+ complain "bad update hook checksum ($SHA256SUM != $LOCALSUM)"
+ exit
+ fi
+ else
+ complain "Failed to retrieve $UPDATE_HOOK_SUM (curl returned $rv)"
+ exit
+ fi
+fi
+
+echo "Running aptitude install"
+if ! v aptitude --quiet --assume-yes install; then
+ # Don't fail, because make dpkg --configure -a will save us
+ echo "ERROR: aptitude install failed, but continuing anyway"
+fi
+
+
# Configure any unconfigured packages (Trac #407)
if ! v dpkg --configure -a; then
complain "Failed to configure unconfigured packages."
@@ -152,6 +232,24 @@
save_success "Rebooted after dpkg --configure -a"
maybe_reboot
+# Ensure that the mirrors aren't broken
+urls=$(cat /etc/apt/sources.list /etc/apt/sources.list.d/*.list | grep -v ^# | grep -v ^$ | awk '{print $2}' | sort | uniq)
+failed=""
+for u in $urls; do
+ curl -m 60 -sfL -o /dev/null $u
+ if [ $? != 0 ]; then
+ if [ -z "$failed" ]; then
+ failed=$u
+ else
+ failed="$failed $u"
+ fi
+ fi
+done
+if [ -n "$failed" ]; then
+ warn "Failed to contact mirror(s): $failed"
+ exit
+fi
+
# Update the aptitude cache.
if ! v aptitude --quiet --assume-yes update; then
complain "aptitude update failed"
@@ -167,6 +265,7 @@
for p in $(awk '{print $1}' $licenses); do
if dpkg-query --showformat '${Status}\n' -W $p 2>/dev/null | grep -q ' installed$'; then
if ! v dpkg-reconfigure -fnoninteractive $p; then
+ # Don't fail here
complain "Failed to dpkg-reconfigure $p"
fi
fi
@@ -205,13 +304,6 @@
fi
APTITUDE_OPTS=
-UPDATE_FORCE_CONFFILE=old
-[ -f /etc/default/debathena-auto-update ] && . /etc/default/debathena-auto-update
-# On cluster machines, force the new conffile if there's a conflict
-# Ignore /etc/default/debathena-auto-update
-if dpkg-query --showformat '${Status}\n' -W "debathena-cluster" 2>/dev/null | grep -q ' installed$'; then
- UPDATE_FORCE_CONFFILE=new
-fi
case $UPDATE_FORCE_CONFFILE in
old)
APTITUDE_OPTS="-o Dpkg::Options::=--force-confold"
Modified: trunk/debathena/config/auto-update/debian/changelog
===================================================================
--- trunk/debathena/config/auto-update/debian/changelog 2011-03-15 19:34:16 UTC (rev 25042)
+++ trunk/debathena/config/auto-update/debian/changelog 2011-03-16 02:08:33 UTC (rev 25043)
@@ -1,8 +1,10 @@
-debathena-auto-update (1.23) UNRELEASED; urgency=low
+debathena-auto-update (1.23) unstable; urgency=low
* Upgrade attempts now happen up to 3 times per night (Trac #694)
+ * Download and verify a recovery script (Trac #783)
+ * Add new command-line options to auto-update
- -- Jonathan Reed <jdreed@mit.edu> Thu, 10 Mar 2011 23:44:50 -0500
+ -- Jonathan Reed <jdreed@mit.edu> Tue, 15 Mar 2011 22:03:03 -0400
debathena-auto-update (1.22.2) unstable; urgency=low
Modified: trunk/debathena/config/auto-update/debian/debathena-auto-update.default
===================================================================
--- trunk/debathena/config/auto-update/debian/debathena-auto-update.default 2011-03-15 19:34:16 UTC (rev 25042)
+++ trunk/debathena/config/auto-update/debian/debathena-auto-update.default 2011-03-16 02:08:33 UTC (rev 25043)
@@ -1,6 +1,8 @@
-# Defaults for athena-auto-update(8)
+# Defaults for athena-auto-update(8)
+#
+# N.B. The defaults for athena-auto-update (not upgrade) do not apply
+# when the debathena-cluster metapackage is installed
-# Note: The following does not apply when -cluster is installed
# When a package ships a new configuration file, and the sysadmin has
# made changes to that configuration file since it was originally
# installed, what should happen?
@@ -10,6 +12,12 @@
# new - the old file is overwritten by the new file
UPDATE_FORCE_CONFFILE=old
+# Check for and run an IS&T supplied remote update hook in the event
+# of a catastrophe?
+# Values: yes, no
+RUN_UPDATE_HOOK=no
+
+######################################################################
# Defaults for athena-auto-upgrade(8)
# Warning:
Modified: trunk/debathena/config/auto-update/debian/debathena-auto-update.install
===================================================================
--- trunk/debathena/config/auto-update/debian/debathena-auto-update.install 2011-03-15 19:34:16 UTC (rev 25042)
+++ trunk/debathena/config/auto-update/debian/debathena-auto-update.install 2011-03-16 02:08:33 UTC (rev 25043)
@@ -2,3 +2,4 @@
debian/athena-auto-update.8 usr/share/man/man8
debian/athena-auto-upgrade usr/sbin
debian/athena-auto-upgrade.8 usr/share/man/man8
+debian/mitCA.crt usr/share/debathena-auto-update
Added: trunk/debathena/config/auto-update/debian/mitCA.crt
===================================================================
--- trunk/debathena/config/auto-update/debian/mitCA.crt (rev 0)
+++ trunk/debathena/config/auto-update/debian/mitCA.crt 2011-03-16 02:08:33 UTC (rev 25043)
@@ -0,0 +1,21 @@
+-----BEGIN CERTIFICATE-----
+MIIDZTCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzEW
+MBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJ
+bnN0aXR1dGUgb2YgVGVjaG5vbG9neTEkMCIGA1UECxMbTUlUIENlcnRpZmljYXRp
+b24gQXV0aG9yaXR5MB4XDTA2MDQwODE2NTAwNFoXDTI2MDgwMTE2NTAwNFowezEL
+MAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1h
+c3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsTG01J
+VCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
+gYkCgYEA09Dr51G1M3Wm2KOE6gJwXM+cIOALA4uORm4VJeF39mvEcN3UFgvMEYgx
+OAvufFkkV+mNzXX4UmPdMwzwT5+1/JGuMoWMGnVjGZiGHpIjsofz9cmmopdo8uyy
+Gq2z9e0J6sznvLRkUBXmVwAaesbe/uEwWFpdq7u0HBHsZMHTpFUCAwEAAaOB+DCB
+9TAdBgNVHQ4EFgQUU/WjDwZdZdiKj1JtafrrVS29iwwwgaUGA1UdIwSBnTCBmoAU
+U/WjDwZdZdiKj1JtafrrVS29iwyhf6R9MHsxCzAJBgNVBAYTAlVTMRYwFAYDVQQI
+Ew1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0
+ZSBvZiBUZWNobm9sb2d5MSQwIgYDVQQLExtNSVQgQ2VydGlmaWNhdGlvbiBBdXRo
+b3JpdHmCAQEwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEB
+BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAMTjXyVdM89JlPTzoe3o5CIvUP6TrWMN
+Bm3/mSX5pXeZWbWLtdVfUgQ9mW6UBYXaQSUPmz9C09ZNBH8N3vOoDS5/jD8MMcV/
+U/rOAIb4v2bMRKpPweSINGm72Pv/Pg15t1sRcnatBK94orekYvfJa3PiPU/3pfge
+RYhCd9zByXr2
+-----END CERTIFICATE-----
