fixup! Add tix-upgrade(8).
This commit is contained in:
parent
2402ef8361
commit
14b389dfbe
|
@ -52,6 +52,7 @@ url_mirror=false
|
||||||
url_mirror_release=false
|
url_mirror_release=false
|
||||||
url_release_sig=false
|
url_release_sig=false
|
||||||
url_sha256sum=false
|
url_sha256sum=false
|
||||||
|
upgrade=false
|
||||||
# TODO: Option to select this default:
|
# TODO: Option to select this default:
|
||||||
# TODO: This hides errors. Fix wget so it has a quiet, but errors, mode.
|
# TODO: This hides errors. Fix wget so it has a quiet, but errors, mode.
|
||||||
wget_options="-q --show-progress"
|
wget_options="-q --show-progress"
|
||||||
|
@ -112,6 +113,8 @@ for argument do
|
||||||
--output-release-sig-file) previous_option=output_release_sig_file ;;
|
--output-release-sig-file) previous_option=output_release_sig_file ;;
|
||||||
--output-sha256sum=*) output_sha256sum=$parameter ;;
|
--output-sha256sum=*) output_sha256sum=$parameter ;;
|
||||||
--output-sha256sum) previous_option=output_sha256sum ;;
|
--output-sha256sum) previous_option=output_sha256sum ;;
|
||||||
|
--output-upgrade-file=*) output_upgrade_file=$parameter ;;
|
||||||
|
--output-upgrade-file) previous_option=output_upgrade_file ;;
|
||||||
--patch) patch=true ;;
|
--patch) patch=true ;;
|
||||||
--port) port=true ;;
|
--port) port=true ;;
|
||||||
--porttix) porttix=true ;;
|
--porttix) porttix=true ;;
|
||||||
|
@ -124,6 +127,7 @@ for argument do
|
||||||
--sysroot) previous_option=sysroot ;;
|
--sysroot) previous_option=sysroot ;;
|
||||||
--sysroot=*) sysroot=$parameter ;;
|
--sysroot=*) sysroot=$parameter ;;
|
||||||
--toolchain) toolchain=true ;;
|
--toolchain) toolchain=true ;;
|
||||||
|
--upgrade) upgrade=true ;;
|
||||||
--url) url=true ;;
|
--url) url=true ;;
|
||||||
--url-main) url_main=true ;;
|
--url-main) url_main=true ;;
|
||||||
--url-mirror) url_mirror=true ;;
|
--url-mirror) url_mirror=true ;;
|
||||||
|
@ -158,6 +162,7 @@ tmpdir=$(mktemp -dt tix-fetch-port.XXXXXX)
|
||||||
trap 'rm -rf -- "$tmpdir"' EXIT HUP INT QUIT TERM
|
trap 'rm -rf -- "$tmpdir"' EXIT HUP INT QUIT TERM
|
||||||
|
|
||||||
upgrade_conf="${collection%/}/etc/upgrade.conf"
|
upgrade_conf="${collection%/}/etc/upgrade.conf"
|
||||||
|
CHANNEL=$(conf -d '' "$upgrade_conf" CHANNEL)
|
||||||
RELEASE_KEY=$(conf -d '' "$upgrade_conf" RELEASE_KEY)
|
RELEASE_KEY=$(conf -d '' "$upgrade_conf" RELEASE_KEY)
|
||||||
RELEASE_SIG_URL=$(conf -d '' "$upgrade_conf" RELEASE_SIG_URL)
|
RELEASE_SIG_URL=$(conf -d '' "$upgrade_conf" RELEASE_SIG_URL)
|
||||||
PREFERRED_MIRROR=$(conf -d '' "$upgrade_conf" PREFERRED_MIRROR)
|
PREFERRED_MIRROR=$(conf -d '' "$upgrade_conf" PREFERRED_MIRROR)
|
||||||
|
@ -203,17 +208,32 @@ do_wget() {
|
||||||
}
|
}
|
||||||
|
|
||||||
# Fetch signed release description.
|
# Fetch signed release description.
|
||||||
if [ -z "$input_release_file" ]; then
|
download_release_sh() {
|
||||||
if [ -z "$input_release_sig_file" ]; then
|
(cd "$tmpdir" &&
|
||||||
(cd "$tmpdir" &&
|
do_wget -U "$USER_AGENT" $wget_options -O release.sh.sig \
|
||||||
do_wget -U "$USER_AGENT" $wget_options -O release.sh.sig \
|
-- "$RELEASE_SIG_URL")
|
||||||
-- "$RELEASE_SIG_URL")
|
|
||||||
else
|
|
||||||
cp -T -- "$input_release_sig_file" "$tmpdir/release.sh.sig"
|
|
||||||
fi
|
|
||||||
signify -Vq -p "$RELEASE_KEY" -em "$tmpdir/release.sh"
|
signify -Vq -p "$RELEASE_KEY" -em "$tmpdir/release.sh"
|
||||||
else
|
}
|
||||||
|
|
||||||
|
true > "$tmpdir/upgrade.sh"
|
||||||
|
|
||||||
|
if [ -z "$input_release_file" -a -z "$input_release_sig_file" ]; then
|
||||||
|
download_release_sh
|
||||||
|
tix-vars "$tmpdir/release.sh" | \
|
||||||
|
grep -E '^UPGRADE_=' | \
|
||||||
|
cat > "$tmpdir/upgrade.sh"
|
||||||
|
UPGRADE_SIG_URL=$(tix-vars -d '' "$tmpdir/upgrade.sh" UPGRADE_SIG_URL)
|
||||||
|
if $upgrade && [ -n "$UPGRADE_SIG_URL" ]; then
|
||||||
|
RELEASE_SIG_URL="$UPGRADE_SIG_URL"
|
||||||
|
RELEASE_KEY=$(tix-vars "$tmpdir/upgrade.sh" UPGRADE_KEY)
|
||||||
|
download_release_sh
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$input_release_file" ]; then
|
||||||
cp -T -- "$input_release_file" "$tmpdir/release.sh"
|
cp -T -- "$input_release_file" "$tmpdir/release.sh"
|
||||||
|
elif [ -n "$input_release_sig_file" ]; then
|
||||||
|
signify -Vq -p "$RELEASE_KEY" -em "$tmpdir/release.sh"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Store the signed release file if requested.
|
# Store the signed release file if requested.
|
||||||
|
@ -226,6 +246,11 @@ if [ -n "$output_release_file" ]; then
|
||||||
cp -T -- "$tmpdir/release.sh" "$output_release_file"
|
cp -T -- "$tmpdir/release.sh" "$output_release_file"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
# Store the upgrade file if requested.
|
||||||
|
if [ -n "$output_upgrade_file" ]; then
|
||||||
|
cp -T -- "$tmpdir/upgrade.sh" "$output_upgrade_file"
|
||||||
|
fi
|
||||||
|
|
||||||
# Load the release description.
|
# Load the release description.
|
||||||
# TODO: SECURITY: Protect against responding with older release.sh.
|
# TODO: SECURITY: Protect against responding with older release.sh.
|
||||||
|
|
||||||
|
@ -306,11 +331,6 @@ escape_extended_regex() {
|
||||||
printf "%s\n" "$1" | sed -E -e 's/[[$()*?\+.^{|}]/\\\0/g'
|
printf "%s\n" "$1" | sed -E -e 's/[[$()*?\+.^{|}]/\\\0/g'
|
||||||
}
|
}
|
||||||
|
|
||||||
# TODO: Remove:
|
|
||||||
#escape_extended_regex_test_self() {
|
|
||||||
# printf "%s\n" "$1" | grep -E "^$(escape_extended_regex "$1")\$"
|
|
||||||
#}
|
|
||||||
|
|
||||||
request() {
|
request() {
|
||||||
REQUEST="$1"
|
REQUEST="$1"
|
||||||
REQUESTDIR="$2"
|
REQUESTDIR="$2"
|
||||||
|
|
|
@ -26,6 +26,7 @@ download_only=false
|
||||||
fetch_options=
|
fetch_options=
|
||||||
ports_only=false
|
ports_only=false
|
||||||
sysroot=""
|
sysroot=""
|
||||||
|
upgrade=--upgrade
|
||||||
upgrade_ports=false
|
upgrade_ports=false
|
||||||
upgrade_system=false
|
upgrade_system=false
|
||||||
wait=""
|
wait=""
|
||||||
|
@ -60,6 +61,7 @@ for argument do
|
||||||
--fetch-options) previous_option=fetch_options ;;
|
--fetch-options) previous_option=fetch_options ;;
|
||||||
--insecure-downgrade-to-http) fetch_options="$fetch_options $argument" ;;
|
--insecure-downgrade-to-http) fetch_options="$fetch_options $argument" ;;
|
||||||
--insecure-no-check-certificate) fetch_options="$fetch_options $argument" ;;
|
--insecure-no-check-certificate) fetch_options="$fetch_options $argument" ;;
|
||||||
|
--no-upgrade) upgrade= ;;
|
||||||
--ports) upgrade_ports=true ;;
|
--ports) upgrade_ports=true ;;
|
||||||
--system) upgrade_system=true ;;
|
--system) upgrade_system=true ;;
|
||||||
--sysroot) previous_option=sysroot ;;
|
--sysroot) previous_option=sysroot ;;
|
||||||
|
@ -122,37 +124,49 @@ fi
|
||||||
mkdir -p -- "$cachedir"
|
mkdir -p -- "$cachedir"
|
||||||
mkdir -p -- "$cachedir/new"
|
mkdir -p -- "$cachedir/new"
|
||||||
|
|
||||||
# Fetch the latest official release.sig.sh and its matching sha256sum file.
|
# Fetch the latest official signed release.sh and its matching sha256sum file.
|
||||||
tix-fetch $fetch_options \
|
tix-fetch $fetch_options \
|
||||||
--collection="$collection" \
|
--collection="$collection" \
|
||||||
--output-release-file="$cachedir/new/release.sh" \
|
--output-release-file="$cachedir/new/release.sh" \
|
||||||
--output-release-sig-file="$cachedir/new/release.sh.sig" \
|
--output-sha256sum="$cachedir/new/sha256sum" \
|
||||||
--output-sha256sum="$cachedir/new/sha256sum"
|
--output-upgrade-file="$cachedir/new/upgrade.sh" \
|
||||||
|
$upgrade
|
||||||
|
|
||||||
# If release.sig.sh or sha256sum changed, clean the cache directory of downloads
|
# If release.sh or sha256sum changed, clean the cache directory of downloads
|
||||||
# that were currently in progress as they might not have the right checksums.
|
# that were currently in progress as they might not have the right checksums.
|
||||||
if [ ! -e "$cachedir/release.sh" ] ||
|
if [ ! -e "$cachedir/release.sh" ] ||
|
||||||
[ ! -e "$cachedir/release.sh.sig" ] ||
|
|
||||||
[ ! -e "$cachedir/sha256sum" ] ||
|
[ ! -e "$cachedir/sha256sum" ] ||
|
||||||
! (cd "$cachedir/new" && sha256sum release.sh release.sh.sig sha256sum) |
|
[ ! -e "$cachedir/upgrade.sh" ] ||
|
||||||
|
! (cd "$cachedir/new" && sha256sum release.sh sha256sum upgrade.sh) |
|
||||||
(cd "$cachedir" && sha256sum -cs); then
|
(cd "$cachedir" && sha256sum -cs); then
|
||||||
rm -rf -- "$cachedir/boot"
|
rm -rf -- "$cachedir/boot"
|
||||||
rm -rf -- "$cachedir/repository"
|
rm -rf -- "$cachedir/repository"
|
||||||
rm -rf -- "$cachedir/sysroot"
|
rm -rf -- "$cachedir/sysroot"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Store the new release.sig.sh and sha256sum files so we can resume the download
|
# Store the new release.sh and sha256sum files so we can resume the download
|
||||||
# if cancelled and these files still match.
|
# if cancelled and these files still match.
|
||||||
mv -- "$cachedir/new/release.sh" "$cachedir/release.sh"
|
mv -- "$cachedir/new/release.sh" "$cachedir/release.sh"
|
||||||
mv -- "$cachedir/new/release.sh.sig" "$cachedir/release.sh.sig"
|
|
||||||
mv -- "$cachedir/new/sha256sum" "$cachedir/sha256sum"
|
mv -- "$cachedir/new/sha256sum" "$cachedir/sha256sum"
|
||||||
|
mv -- "$cachedir/new/upgrade.sh" "$cachedir/upgrade.sh"
|
||||||
rm -rf -- "$cachedir/new"
|
rm -rf -- "$cachedir/new"
|
||||||
|
|
||||||
|
# Check if we're upgrading to a new release.
|
||||||
|
UPGRADE_SIG_URL=$(tix-vars -d '' "$cachedir/upgrade.sh" UPGRADE_SIG_URL)
|
||||||
|
if [ -n "$UPGRADE_SIG_URL" ]; then
|
||||||
|
UPGRADE_CHANNEL=$(tix-vars "$cachedir/upgrade.sh" UPGRADE_CHANNEL)
|
||||||
|
UPGRADE_KEY=$(tix-vars "$cachedir/upgrade.sh" UPGRADE_KEY)
|
||||||
|
UPGRADE_NAME=$(tix-vars "$cachedir/upgrade.sh" UPGRADE_NAME)
|
||||||
|
if [ -n "$upgrade" ]; then
|
||||||
|
echo "Upgrading to $UPGRADE_NAME."
|
||||||
|
else
|
||||||
|
echo "Ignoring available upgrade to $UPGRADE_NAME."
|
||||||
|
fi
|
||||||
|
fi
|
||||||
|
|
||||||
mkdir -p -- "$cachedir/boot"
|
mkdir -p -- "$cachedir/boot"
|
||||||
mkdir -p -- "$cachedir/repository"
|
mkdir -p -- "$cachedir/repository"
|
||||||
|
|
||||||
# TODO: Support upgrading across releases, renamed channels, etc.
|
|
||||||
|
|
||||||
# TODO: DO NOT SUBMIT: Temporary -d system compatibility until builds roll.
|
# TODO: DO NOT SUBMIT: Temporary -d system compatibility until builds roll.
|
||||||
SYSTEM_INITRDS=$(tix-vars -d system "$cachedir/release.sh" SYSTEM_INITRDS)
|
SYSTEM_INITRDS=$(tix-vars -d system "$cachedir/release.sh" SYSTEM_INITRDS)
|
||||||
|
|
||||||
|
@ -163,7 +177,7 @@ if $upgrade_system; then
|
||||||
for initrd in $SYSTEM_INITRDS; do
|
for initrd in $SYSTEM_INITRDS; do
|
||||||
tix-fetch $fetch_options \
|
tix-fetch $fetch_options \
|
||||||
--collection="$collection" \
|
--collection="$collection" \
|
||||||
--input-release-sig-file="$cachedir/release.sh.sig" \
|
--input-release-file="$cachedir/release.sh" \
|
||||||
--input-sha256sum="$cachedir/sha256sum" \
|
--input-sha256sum="$cachedir/sha256sum" \
|
||||||
-c --initrd -O "$cachedir/boot" -- "$initrd"
|
-c --initrd -O "$cachedir/boot" -- "$initrd"
|
||||||
done
|
done
|
||||||
|
@ -179,14 +193,14 @@ if $upgrade_ports; then
|
||||||
# The port has a hash if if it exists upstream.
|
# The port has a hash if if it exists upstream.
|
||||||
sha256=$(tix-fetch $fetch_options \
|
sha256=$(tix-fetch $fetch_options \
|
||||||
--collection="$collection" \
|
--collection="$collection" \
|
||||||
--input-release-sig-file="$cachedir/release.sh.sig" \
|
--input-release-file="$cachedir/release.sh" \
|
||||||
--input-sha256sum="$cachedir/sha256sum" \
|
--input-sha256sum="$cachedir/sha256sum" \
|
||||||
--sha256 --port -- $port)
|
--sha256 --port -- $port)
|
||||||
# If the port exists upstream, get the latest version.
|
# If the port exists upstream, get the latest version.
|
||||||
if [ -n "$sha256" ]; then
|
if [ -n "$sha256" ]; then
|
||||||
tix-fetch $fetch_options \
|
tix-fetch $fetch_options \
|
||||||
--collection="$collection" \
|
--collection="$collection" \
|
||||||
--input-release-sig-file="$cachedir/release.sh.sig" \
|
--input-release-file="$cachedir/release.sh" \
|
||||||
--input-sha256sum="$cachedir/sha256sum" \
|
--input-sha256sum="$cachedir/sha256sum" \
|
||||||
-c --port -O "$cachedir/repository" -- $port
|
-c --port -O "$cachedir/repository" -- $port
|
||||||
fi
|
fi
|
||||||
|
@ -201,6 +215,18 @@ fi
|
||||||
rm -rf -- "$cachedir/sysroot"
|
rm -rf -- "$cachedir/sysroot"
|
||||||
mkdir -p -- "$cachedir/sysroot"
|
mkdir -p -- "$cachedir/sysroot"
|
||||||
|
|
||||||
|
# Forward the upgrade metadata.
|
||||||
|
UPGRADE_SIG_URL=$(tix-vars -d '' "$cachedir/upgrade.sh" UPGRADE_SIG_URL)
|
||||||
|
if [ -n $upgrade ] && [ -n "$UPGRADE_SIG_URL" ]; then
|
||||||
|
mkdir -p -- "$cachedir/etc"
|
||||||
|
# TODO: More flexible and simple model.
|
||||||
|
cat > "$cachedir/etc/upgrade.conf" << EOF
|
||||||
|
channel = $UPGRADE_CHANNEL
|
||||||
|
release_key = $UPGRADE_KEY
|
||||||
|
release_sig_url = $UPGRADE_SIG_URL
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
||||||
# Extract the base system into the sysroot.
|
# Extract the base system into the sysroot.
|
||||||
if $upgrade_system; then
|
if $upgrade_system; then
|
||||||
for initrd in $SYSTEM_INITRDS; do
|
for initrd in $SYSTEM_INITRDS; do
|
||||||
|
|
Loading…
Reference in New Issue