fixup! Add tix-upgrade(8).
This commit is contained in:
parent
2402ef8361
commit
14b389dfbe
|
@ -52,6 +52,7 @@ url_mirror=false
|
|||
url_mirror_release=false
|
||||
url_release_sig=false
|
||||
url_sha256sum=false
|
||||
upgrade=false
|
||||
# TODO: Option to select this default:
|
||||
# TODO: This hides errors. Fix wget so it has a quiet, but errors, mode.
|
||||
wget_options="-q --show-progress"
|
||||
|
@ -112,6 +113,8 @@ for argument do
|
|||
--output-release-sig-file) previous_option=output_release_sig_file ;;
|
||||
--output-sha256sum=*) output_sha256sum=$parameter ;;
|
||||
--output-sha256sum) previous_option=output_sha256sum ;;
|
||||
--output-upgrade-file=*) output_upgrade_file=$parameter ;;
|
||||
--output-upgrade-file) previous_option=output_upgrade_file ;;
|
||||
--patch) patch=true ;;
|
||||
--port) port=true ;;
|
||||
--porttix) porttix=true ;;
|
||||
|
@ -124,6 +127,7 @@ for argument do
|
|||
--sysroot) previous_option=sysroot ;;
|
||||
--sysroot=*) sysroot=$parameter ;;
|
||||
--toolchain) toolchain=true ;;
|
||||
--upgrade) upgrade=true ;;
|
||||
--url) url=true ;;
|
||||
--url-main) url_main=true ;;
|
||||
--url-mirror) url_mirror=true ;;
|
||||
|
@ -158,6 +162,7 @@ tmpdir=$(mktemp -dt tix-fetch-port.XXXXXX)
|
|||
trap 'rm -rf -- "$tmpdir"' EXIT HUP INT QUIT TERM
|
||||
|
||||
upgrade_conf="${collection%/}/etc/upgrade.conf"
|
||||
CHANNEL=$(conf -d '' "$upgrade_conf" CHANNEL)
|
||||
RELEASE_KEY=$(conf -d '' "$upgrade_conf" RELEASE_KEY)
|
||||
RELEASE_SIG_URL=$(conf -d '' "$upgrade_conf" RELEASE_SIG_URL)
|
||||
PREFERRED_MIRROR=$(conf -d '' "$upgrade_conf" PREFERRED_MIRROR)
|
||||
|
@ -203,17 +208,32 @@ do_wget() {
|
|||
}
|
||||
|
||||
# Fetch signed release description.
|
||||
if [ -z "$input_release_file" ]; then
|
||||
if [ -z "$input_release_sig_file" ]; then
|
||||
(cd "$tmpdir" &&
|
||||
do_wget -U "$USER_AGENT" $wget_options -O release.sh.sig \
|
||||
-- "$RELEASE_SIG_URL")
|
||||
else
|
||||
cp -T -- "$input_release_sig_file" "$tmpdir/release.sh.sig"
|
||||
fi
|
||||
download_release_sh() {
|
||||
(cd "$tmpdir" &&
|
||||
do_wget -U "$USER_AGENT" $wget_options -O release.sh.sig \
|
||||
-- "$RELEASE_SIG_URL")
|
||||
signify -Vq -p "$RELEASE_KEY" -em "$tmpdir/release.sh"
|
||||
else
|
||||
}
|
||||
|
||||
true > "$tmpdir/upgrade.sh"
|
||||
|
||||
if [ -z "$input_release_file" -a -z "$input_release_sig_file" ]; then
|
||||
download_release_sh
|
||||
tix-vars "$tmpdir/release.sh" | \
|
||||
grep -E '^UPGRADE_=' | \
|
||||
cat > "$tmpdir/upgrade.sh"
|
||||
UPGRADE_SIG_URL=$(tix-vars -d '' "$tmpdir/upgrade.sh" UPGRADE_SIG_URL)
|
||||
if $upgrade && [ -n "$UPGRADE_SIG_URL" ]; then
|
||||
RELEASE_SIG_URL="$UPGRADE_SIG_URL"
|
||||
RELEASE_KEY=$(tix-vars "$tmpdir/upgrade.sh" UPGRADE_KEY)
|
||||
download_release_sh
|
||||
fi
|
||||
fi
|
||||
|
||||
if [ -n "$input_release_file" ]; then
|
||||
cp -T -- "$input_release_file" "$tmpdir/release.sh"
|
||||
elif [ -n "$input_release_sig_file" ]; then
|
||||
signify -Vq -p "$RELEASE_KEY" -em "$tmpdir/release.sh"
|
||||
fi
|
||||
|
||||
# Store the signed release file if requested.
|
||||
|
@ -226,6 +246,11 @@ if [ -n "$output_release_file" ]; then
|
|||
cp -T -- "$tmpdir/release.sh" "$output_release_file"
|
||||
fi
|
||||
|
||||
# Store the upgrade file if requested.
|
||||
if [ -n "$output_upgrade_file" ]; then
|
||||
cp -T -- "$tmpdir/upgrade.sh" "$output_upgrade_file"
|
||||
fi
|
||||
|
||||
# Load the release description.
|
||||
# TODO: SECURITY: Protect against responding with older release.sh.
|
||||
|
||||
|
@ -306,11 +331,6 @@ escape_extended_regex() {
|
|||
printf "%s\n" "$1" | sed -E -e 's/[[$()*?\+.^{|}]/\\\0/g'
|
||||
}
|
||||
|
||||
# TODO: Remove:
|
||||
#escape_extended_regex_test_self() {
|
||||
# printf "%s\n" "$1" | grep -E "^$(escape_extended_regex "$1")\$"
|
||||
#}
|
||||
|
||||
request() {
|
||||
REQUEST="$1"
|
||||
REQUESTDIR="$2"
|
||||
|
|
|
@ -26,6 +26,7 @@ download_only=false
|
|||
fetch_options=
|
||||
ports_only=false
|
||||
sysroot=""
|
||||
upgrade=--upgrade
|
||||
upgrade_ports=false
|
||||
upgrade_system=false
|
||||
wait=""
|
||||
|
@ -60,6 +61,7 @@ for argument do
|
|||
--fetch-options) previous_option=fetch_options ;;
|
||||
--insecure-downgrade-to-http) fetch_options="$fetch_options $argument" ;;
|
||||
--insecure-no-check-certificate) fetch_options="$fetch_options $argument" ;;
|
||||
--no-upgrade) upgrade= ;;
|
||||
--ports) upgrade_ports=true ;;
|
||||
--system) upgrade_system=true ;;
|
||||
--sysroot) previous_option=sysroot ;;
|
||||
|
@ -122,37 +124,49 @@ fi
|
|||
mkdir -p -- "$cachedir"
|
||||
mkdir -p -- "$cachedir/new"
|
||||
|
||||
# Fetch the latest official release.sig.sh and its matching sha256sum file.
|
||||
# Fetch the latest official signed release.sh and its matching sha256sum file.
|
||||
tix-fetch $fetch_options \
|
||||
--collection="$collection" \
|
||||
--output-release-file="$cachedir/new/release.sh" \
|
||||
--output-release-sig-file="$cachedir/new/release.sh.sig" \
|
||||
--output-sha256sum="$cachedir/new/sha256sum"
|
||||
--output-sha256sum="$cachedir/new/sha256sum" \
|
||||
--output-upgrade-file="$cachedir/new/upgrade.sh" \
|
||||
$upgrade
|
||||
|
||||
# If release.sig.sh or sha256sum changed, clean the cache directory of downloads
|
||||
# If release.sh or sha256sum changed, clean the cache directory of downloads
|
||||
# that were currently in progress as they might not have the right checksums.
|
||||
if [ ! -e "$cachedir/release.sh" ] ||
|
||||
[ ! -e "$cachedir/release.sh.sig" ] ||
|
||||
[ ! -e "$cachedir/sha256sum" ] ||
|
||||
! (cd "$cachedir/new" && sha256sum release.sh release.sh.sig sha256sum) |
|
||||
[ ! -e "$cachedir/upgrade.sh" ] ||
|
||||
! (cd "$cachedir/new" && sha256sum release.sh sha256sum upgrade.sh) |
|
||||
(cd "$cachedir" && sha256sum -cs); then
|
||||
rm -rf -- "$cachedir/boot"
|
||||
rm -rf -- "$cachedir/repository"
|
||||
rm -rf -- "$cachedir/sysroot"
|
||||
fi
|
||||
|
||||
# Store the new release.sig.sh and sha256sum files so we can resume the download
|
||||
# Store the new release.sh and sha256sum files so we can resume the download
|
||||
# if cancelled and these files still match.
|
||||
mv -- "$cachedir/new/release.sh" "$cachedir/release.sh"
|
||||
mv -- "$cachedir/new/release.sh.sig" "$cachedir/release.sh.sig"
|
||||
mv -- "$cachedir/new/sha256sum" "$cachedir/sha256sum"
|
||||
mv -- "$cachedir/new/upgrade.sh" "$cachedir/upgrade.sh"
|
||||
rm -rf -- "$cachedir/new"
|
||||
|
||||
# Check if we're upgrading to a new release.
|
||||
UPGRADE_SIG_URL=$(tix-vars -d '' "$cachedir/upgrade.sh" UPGRADE_SIG_URL)
|
||||
if [ -n "$UPGRADE_SIG_URL" ]; then
|
||||
UPGRADE_CHANNEL=$(tix-vars "$cachedir/upgrade.sh" UPGRADE_CHANNEL)
|
||||
UPGRADE_KEY=$(tix-vars "$cachedir/upgrade.sh" UPGRADE_KEY)
|
||||
UPGRADE_NAME=$(tix-vars "$cachedir/upgrade.sh" UPGRADE_NAME)
|
||||
if [ -n "$upgrade" ]; then
|
||||
echo "Upgrading to $UPGRADE_NAME."
|
||||
else
|
||||
echo "Ignoring available upgrade to $UPGRADE_NAME."
|
||||
fi
|
||||
fi
|
||||
|
||||
mkdir -p -- "$cachedir/boot"
|
||||
mkdir -p -- "$cachedir/repository"
|
||||
|
||||
# TODO: Support upgrading across releases, renamed channels, etc.
|
||||
|
||||
# TODO: DO NOT SUBMIT: Temporary -d system compatibility until builds roll.
|
||||
SYSTEM_INITRDS=$(tix-vars -d system "$cachedir/release.sh" SYSTEM_INITRDS)
|
||||
|
||||
|
@ -163,7 +177,7 @@ if $upgrade_system; then
|
|||
for initrd in $SYSTEM_INITRDS; do
|
||||
tix-fetch $fetch_options \
|
||||
--collection="$collection" \
|
||||
--input-release-sig-file="$cachedir/release.sh.sig" \
|
||||
--input-release-file="$cachedir/release.sh" \
|
||||
--input-sha256sum="$cachedir/sha256sum" \
|
||||
-c --initrd -O "$cachedir/boot" -- "$initrd"
|
||||
done
|
||||
|
@ -179,14 +193,14 @@ if $upgrade_ports; then
|
|||
# The port has a hash if if it exists upstream.
|
||||
sha256=$(tix-fetch $fetch_options \
|
||||
--collection="$collection" \
|
||||
--input-release-sig-file="$cachedir/release.sh.sig" \
|
||||
--input-release-file="$cachedir/release.sh" \
|
||||
--input-sha256sum="$cachedir/sha256sum" \
|
||||
--sha256 --port -- $port)
|
||||
# If the port exists upstream, get the latest version.
|
||||
if [ -n "$sha256" ]; then
|
||||
tix-fetch $fetch_options \
|
||||
--collection="$collection" \
|
||||
--input-release-sig-file="$cachedir/release.sh.sig" \
|
||||
--input-release-file="$cachedir/release.sh" \
|
||||
--input-sha256sum="$cachedir/sha256sum" \
|
||||
-c --port -O "$cachedir/repository" -- $port
|
||||
fi
|
||||
|
@ -201,6 +215,18 @@ fi
|
|||
rm -rf -- "$cachedir/sysroot"
|
||||
mkdir -p -- "$cachedir/sysroot"
|
||||
|
||||
# Forward the upgrade metadata.
|
||||
UPGRADE_SIG_URL=$(tix-vars -d '' "$cachedir/upgrade.sh" UPGRADE_SIG_URL)
|
||||
if [ -n $upgrade ] && [ -n "$UPGRADE_SIG_URL" ]; then
|
||||
mkdir -p -- "$cachedir/etc"
|
||||
# TODO: More flexible and simple model.
|
||||
cat > "$cachedir/etc/upgrade.conf" << EOF
|
||||
channel = $UPGRADE_CHANNEL
|
||||
release_key = $UPGRADE_KEY
|
||||
release_sig_url = $UPGRADE_SIG_URL
|
||||
EOF
|
||||
fi
|
||||
|
||||
# Extract the base system into the sysroot.
|
||||
if $upgrade_system; then
|
||||
for initrd in $SYSTEM_INITRDS; do
|
||||
|
|
Loading…
Reference in New Issue