From b737808d86dc364730c4fdb6987dd7077b32c0a2 Mon Sep 17 00:00:00 2001 From: Henrik Riomar Date: Fri, 29 Oct 2021 11:38:33 +0200 Subject: [PATCH] apk: handle FORBID_* lines Handle config file options: * FORBID_REFRESH * FORBID_UPGRADE * FORBID_INSTALL --- apk/apt-dater-host | 34 +++++++++++++++++++++++++++++----- apk/apt-dater-host.conf | 15 +++++++++++++++ apk/test-apt-dater-host | 19 +++++++++++++++++++ 3 files changed, 63 insertions(+), 5 deletions(-) diff --git a/apk/apt-dater-host b/apk/apt-dater-host index 02e976a..c60ffd6 100755 --- a/apk/apt-dater-host +++ b/apk/apt-dater-host @@ -34,6 +34,10 @@ APK_CMD="/sbin/apk" VIRT_WHAT_CMD="/usr/sbin/virt-what --test-root=/" DMESG_CMD="dmesg" +FORBID_REFRESH=0 +FORBID_UPGRADE=0 +FORBID_INSTALL=0 + cfg="/etc/apt-dater-host.conf" [ -r $cfg ] && . $cfg @@ -144,7 +148,11 @@ get_kern() # FORBID: ${Operations} check_forbid() { - echo "FORBID: 0" + mask=0 + [ $FORBID_REFRESH -eq 1 ] && mask=$((mask|=1)) + [ $FORBID_UPGRADE -eq 1 ] && mask=$((mask|=2)) + [ $FORBID_INSTALL -eq 1 ] && mask=$((mask|=4)) + echo "FORBID: $mask" } # ADPROTO: ${ProtoVersion} @@ -183,6 +191,10 @@ run_as_root() fi } +echoerr() +{ + printf "\n%s\n\n" "$@" 1>&2 +} if [ -z "$1" ]; then echo "Don't call this script directly!" @@ -192,7 +204,11 @@ fi case "$1" in refresh) say_hi - run_as_root 0 $APK_CMD update + if [ $FORBID_REFRESH -eq 1 ]; then + echoerr "** Sorry, apt-dater based refreshs on this host are disabled! **" + else + run_as_root 0 $APK_CMD update + fi do_status ;; @@ -202,13 +218,21 @@ case "$1" in ;; upgrade) - run_as_root 1 $APK_CMD upgrade + if [ $FORBID_UPGRADE -eq 1 ]; then + echoerr "** Sorry, apt-dater based upgrades on this host are disabled! **" + else + run_as_root 1 $APK_CMD upgrade + fi ;; install) shift - echo "Installing PKG: $*" - run_as_root 1 $APK_CMD add $* + if [ $FORBID_INSTALL -eq 1 ]; then + echoerr "** Sorry, apt-dater based installations on this host are disabled! **" + else + echo "Installing PKG: $*" + run_as_root 1 $APK_CMD add $* + fi ;; kernel) diff --git a/apk/apt-dater-host.conf b/apk/apt-dater-host.conf index 54210c2..6ac7e14 100644 --- a/apk/apt-dater-host.conf +++ b/apk/apt-dater-host.conf @@ -5,3 +5,18 @@ # use this command to become root # Supported: doas and sudo #ROOT_CMD="doas" + +## +## If this host is a mission critical system and +## needs scheduled downtimes for upgrades, enable +## (some) of the following FORBID_* lines: +## + +# prevent apt-dater-host from refreshing package lists +#FORBID_REFRESH=1 + +# prevent apt-dater-host from upgrading packages +#FORBID_UPGRADE=1 + +# prevent apt-dater-host from installing packages +#FORBID_INSTALL=1 diff --git a/apk/test-apt-dater-host b/apk/test-apt-dater-host index e36dea1..f0a47fe 100755 --- a/apk/test-apt-dater-host +++ b/apk/test-apt-dater-host @@ -60,3 +60,22 @@ test_get_virt() result="$(get_kern)" check_tag KERNELINFO $result } + +@test "check_forbid()" { + # check defaults + result="$(check_forbid)" + check_tag FORBID $result + [[ "$result" == "FORBID: 0" ]] + + export FORBID_UPGRADE=1 + result="$(check_forbid)" + [[ "$result" == "FORBID: 2" ]] + + export FORBID_INSTALL=1 + result="$(check_forbid)" + [[ "$result" == "FORBID: 6" ]] + + export FORBID_REFRESH=1 + result="$(check_forbid)" + [[ "$result" == "FORBID: 7" ]] +} -- 2.33.1