Browse Source

Debian: sw-patch cleanup and repair of old code

- Assign 'system_mode' to 'simplex' when it is unknown.
 The system_mode is not set until after bootstrap.  Without
 this change, it defaults to duplex.

- Remove the Clean RPMS step from sw-patch init
 Debian does not use rpm, so this method can be removed.

- Remove rpm-audit utility.
 Debian does not use rpm, so this utility can be removed.

- Remove 'ID' as a 'required' field for make_test_patch
 since the utility has a default, and will not use an ID
 for some of its sub-commands.

- Remove the SafeConfigParser workaround which is no
 longer needed in Debian env.

- Add a fix for install-local so that the feed commit
is not sent if the host has not been provisioned.

Test Plan:
 Debian:  Build / Bootstrap / Unlock / Reboot AIO-SX
 Verify logs clean
 Verify no patch alarms
 Verify make_test_patch prepare does not prompt for ID

Story: 2009969
Task: 45409
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I75ada6e262533d9c6477721836b6ecdf213c25dc
changes/08/842108/3
Al Bailey 3 months ago
parent
commit
f7442c98b9
  1. 183
      sw-patch/bin/rpm-audit
  2. 16
      sw-patch/bin/sw-patch-init.sh
  3. 27
      sw-patch/cgcs-patch/cgcs_patch/config.py
  4. 5
      sw-patch/cgcs-patch/cgcs_patch/patch_controller.py
  5. 1
      sw-patch/debian/deb_folder/cgcs-patch.install
  6. 4
      sw-patch/debian/deb_folder/rules
  7. 2
      sw-patch/scripts/make_test_patch.py

183
sw-patch/bin/rpm-audit

@ -1,183 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
if [[ $EUID -ne 0 ]]; then
echo "This utility must be run as root." >&2
exit 1
fi
function show_usage()
{
cat <<EOF
Usage: [ --include-pyc ] [ --include-cfg ] --skip-multi [ pkg ... ]
This utility scans the installed RPMs to compare checksums of files.
By default, files flagged as config are skipped, as are python pyc files.
Optional arguments:
--include-pyc : Include pyc files in check
--include-cfg : Include config files in check
--skip-links : Skip symlink check
--skip-multi : Skip the search for files with multiple owners
pkg : Specify one or more packages to limit the scan
(implies --skip-multi)
EOF
exit 1
}
declare INCLUDE_PYTHON_FILES="no"
declare INCLUDE_CFG_FILES="no"
declare CHECK_FOR_MULTI="yes"
declare CHECK_LINKS="yes"
declare TIS_ONLY="yes"
declare CHECK_RPM=
for arg in "$@"
do
case $arg in
-h|--help)
show_usage
;;
--include-pyc)
INCLUDE_PYTHON_FILES="yes"
;;
--include-cfg)
INCLUDE_CFG_FILES="yes"
;;
--skip-links)
CHECK_LINKS="no"
;;
--skip-multi)
CHECK_FOR_MULTI="no"
;;
--all-rpms)
TIS_ONLY="no"
;;
*)
CHECK_RPM="$CHECK_RPM $arg"
CHECK_FOR_MULTI="no"
;;
esac
done
function rpm_list()
{
if [ -n "$CHECK_RPM" ]
then
for pkg in $CHECK_RPM
do
echo $pkg
done
elif [ "$TIS_ONLY" = "yes" ]
then
rpm -qa | grep '\.tis\.' | sort
else
rpm -qa | sort
fi
}
rpm_list | while read pkg
do
# Get the --dump from the pkg
rpm -q --queryformat "[%{FILENAMES}|%{FILEMD5S}|%{FILEFLAGS:fflags}|%{FILELINKTOS}\n]" $pkg | \
while IFS='|' read pname psum pflags plinkto
do
if [[ $pname == "(contains" ]]
then
# (contains no files)
continue
fi
if [[ $INCLUDE_CFG_FILES == "no" && $pflags =~ c ]]
then
# Skip file already flagged as config
continue
fi
if [[ $INCLUDE_PYTHON_FILES == "no" && $pname =~ \.py[co]$ ]]
then
# Skip python .pyo or .pyc file
continue
fi
# Directories and symlinks will have no checksum
if [[ -z $psum ]]
then
if [[ -n $plinkto && $CHECK_LINKS == "yes" ]]
then
# Check the symlink pointer
flinkto=$(readlink $pname)
if [[ "$flinkto" != "$plinkto" ]]
then
echo "Link Mismatch: $pname ($pkg)"
fi
fi
continue
fi
# Does the file exist?
if [ ! -e "$pname" ]
then
echo "Missing: $pname ($pkg)"
continue
fi
# Has the file been replaced by a symlink? ie. update-alternatives
if [ -L "$pname" ]
then
continue
fi
let -i sumlen=$(echo -n $psum | wc -c)
if [ $sumlen = 64 ]
then
sumcmd=sha256sum
else
sumcmd=md5sum
fi
echo $psum $pname | $sumcmd --check --status
if [ $? -ne 0 ]
then
echo "Mismatch: $pname ($pkg)"
fi
done
done
function check_for_multi_master()
{
# Search for files owned by multiple packages
prev=
rpm_list | xargs rpm -q --queryformat "[%{FILENAMES}|%{=NAME}\n]" | sort | while IFS='|' read f p
do
if [ "$f" = "$prev" ]
then
echo $f
fi
prev=$f
done | sort -u | while read f
do
if [ ! -d "$f" ]
then
echo $f
fi
done
}
if [ $CHECK_FOR_MULTI = "yes" ]
then
echo
echo
echo "The following files belong to multiple packages:"
echo
check_for_multi_master
fi

16
sw-patch/bin/sw-patch-init.sh

@ -27,6 +27,13 @@ logfile=/var/log/patching.log
patch_failed_file=/var/run/patch_install_failed
patched_during_init=/etc/patching/.patched_during_init
# if the system has never been bootstrapped, system_mode is not set
# treat a non bootstrapped system like it is simplex
# and manually manage lighttpd, etc..
if [ "${system_mode}" = "" ]; then
system_mode="simplex"
fi
function LOG_TO_FILE {
echo "`date "+%FT%T.%3N"`: $NAME: $*" >> $logfile
}
@ -86,13 +93,6 @@ if [ -f /etc/platform/installation_failed ] ; then
exit 1
fi
# Clean up the RPM DB
if [ ! -f /var/run/.rpmdb_cleaned ]; then
LOG_TO_FILE "Cleaning RPM DB"
rm -f /var/lib/rpm/__db*
touch /var/run/.rpmdb_cleaned
fi
# For AIO-SX, abort if config is not yet applied and this is running in init
if [ "${system_mode}" = "simplex" -a ! -f ${INITIAL_CONTROLLER_CONFIG_COMPLETE} -a "$1" = "start" ]; then
LOG_TO_FILE "Config is not yet applied. Skipping init patching"
@ -106,8 +106,10 @@ DELAY_SEC=120
START=`date +%s`
FOUND=0
while [ $(date +%s) -lt $(( ${START} + ${DELAY_SEC} )) ]; do
LOG_TO_FILE "Waiting for controller to be pingable"
ping -c 1 controller > /dev/null 2>&1 || ping6 -c 1 controller > /dev/null 2>&1
if [ $? -eq 0 ]; then
LOG_TO_FILE "controller is pingable"
FOUND=1
break
fi

27
sw-patch/cgcs-patch/cgcs_patch/config.py

@ -4,16 +4,16 @@ Copyright (c) 2014-2022 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0
"""
import os
import six
from six.moves import configparser
import io
import logging
import os
from six.moves import configparser
import socket
import tsconfig.tsconfig as tsc
import cgcs_patch.utils as utils
import cgcs_patch.constants as constants
import tsconfig.tsconfig as tsc
controller_mcast_group = None
agent_mcast_group = None
@ -49,17 +49,7 @@ def read_config():
global controller_port
global agent_port
# In python3 configparser uses strict mode by default. It doesn't
# agree duplicate keys, and will throw an error
# In python2 the strict argument is missing
# TODO(dsafta): the logic branching here can be removed once
# https://bugs.launchpad.net/starlingx/+bug/1931529 is fixed, allowing
# python3 parser to work in strict mode.
if six.PY2:
config = configparser.SafeConfigParser(defaults)
elif six.PY3:
config = configparser.SafeConfigParser(defaults, strict=False)
config = configparser.SafeConfigParser(defaults)
config.read(patching_conf)
patching_conf_mtime = os.stat(patching_conf).st_mtime
@ -115,10 +105,7 @@ def get_mgmt_iface():
# so return the cached value.
return mgmt_if
if six.PY2:
config = configparser.SafeConfigParser()
elif six.PY3:
config = configparser.SafeConfigParser(strict=False)
config = configparser.SafeConfigParser()
# The platform.conf file has no section headers, which causes problems
# for ConfigParser. So we'll fake it out.

5
sw-patch/cgcs-patch/cgcs_patch/patch_controller.py

@ -1555,6 +1555,11 @@ class PatchController(PatchService):
Notify the patch agent that the latest commit on the feed
repo has been updated
"""
# Skip sending messages if host not yet provisioned
if self.sock_out is None:
LOG.info("Skipping send feed commit to agent")
return
send_commit_to_agent = PatchMessageSendLatestFeedCommit()
self.socket_lock.acquire()
send_commit_to_agent.send(self.sock_out)

1
sw-patch/debian/deb_folder/cgcs-patch.install vendored

@ -1,4 +1,3 @@
usr/sbin/rpm-audit
etc/patching/policy.json
etc/patching/patching.conf
etc/patching/patch-functions

4
sw-patch/debian/deb_folder/rules vendored

@ -31,8 +31,6 @@ override_dh_install:
${DEBIAN_DESTDIR}/usr/sbin/sw-patch-controller-daemon
install -m 555 bin/sw-patch \
${DEBIAN_DESTDIR}/usr/sbin/sw-patch
install -m 555 bin/rpm-audit \
${DEBIAN_DESTDIR}/usr/sbin/rpm-audit
install -m 500 bin/sw-patch-controller-daemon-init.sh \
${DEBIAN_DESTDIR}/etc/init.d/sw-patch-controller-daemon
install -m 500 bin/sw-patch-agent-init.sh \
@ -73,6 +71,6 @@ override_dh_python3:
dh_python3 --shebang=/usr/bin/python3
override_dh_fixperms:
dh_fixperms -Xsw-patch-* -Xrpm-audit -Xpatching.conf -Xpolicy.json \
dh_fixperms -Xsw-patch-* -Xpatching.conf -Xpolicy.json \
-Xpatch-functions -Xpatch-tmpdirs.conf -Xrun-patch-scripts \
-Xpatch_check_goenabled.sh -Xpatching -Xupgrade-start-pkg-extract

2
sw-patch/scripts/make_test_patch.py

@ -335,7 +335,7 @@ if __name__ == "__main__":
parser.add_argument('-c', '--create', action='store_true',
help='Create patch, should be executed after changes are done to the environment')
parser.add_argument('-i', '--id', type=str,
help='Patch ID', default='PATCH_0001', required=True)
help='Patch ID', default='PATCH_0001')
parser.add_argument('-cl', '--clean-mode', action='store_true',
help='Whether to clean the delta directory automatically')

Loading…
Cancel
Save