Debian: sw-patch cleanup and repair of old code
- Assign 'system_mode' to 'simplex' when it is unknown. The system_mode is not set until after bootstrap. Without this change, it defaults to duplex. - Remove the Clean RPMS step from sw-patch init Debian does not use rpm, so this method can be removed. - Remove rpm-audit utility. Debian does not use rpm, so this utility can be removed. - Remove 'ID' as a 'required' field for make_test_patch since the utility has a default, and will not use an ID for some of its sub-commands. - Remove the SafeConfigParser workaround which is no longer needed in Debian env. - Add a fix for install-local so that the feed commit is not sent if the host has not been provisioned. Test Plan: Debian: Build / Bootstrap / Unlock / Reboot AIO-SX Verify logs clean Verify no patch alarms Verify make_test_patch prepare does not prompt for ID Story: 2009969 Task: 45409 Signed-off-by: Al Bailey <al.bailey@windriver.com> Change-Id: I75ada6e262533d9c6477721836b6ecdf213c25dc
This commit is contained in:
parent
d5e5c8453c
commit
f7442c98b9
|
@ -1,183 +0,0 @@
|
||||||
#!/bin/bash
|
|
||||||
#
|
|
||||||
# Copyright (c) 2016 Wind River Systems, Inc.
|
|
||||||
#
|
|
||||||
# SPDX-License-Identifier: Apache-2.0
|
|
||||||
#
|
|
||||||
|
|
||||||
if [[ $EUID -ne 0 ]]; then
|
|
||||||
echo "This utility must be run as root." >&2
|
|
||||||
exit 1
|
|
||||||
fi
|
|
||||||
|
|
||||||
function show_usage()
|
|
||||||
{
|
|
||||||
cat <<EOF
|
|
||||||
Usage: [ --include-pyc ] [ --include-cfg ] --skip-multi [ pkg ... ]
|
|
||||||
|
|
||||||
This utility scans the installed RPMs to compare checksums of files.
|
|
||||||
By default, files flagged as config are skipped, as are python pyc files.
|
|
||||||
|
|
||||||
Optional arguments:
|
|
||||||
--include-pyc : Include pyc files in check
|
|
||||||
--include-cfg : Include config files in check
|
|
||||||
--skip-links : Skip symlink check
|
|
||||||
--skip-multi : Skip the search for files with multiple owners
|
|
||||||
pkg : Specify one or more packages to limit the scan
|
|
||||||
(implies --skip-multi)
|
|
||||||
|
|
||||||
EOF
|
|
||||||
|
|
||||||
exit 1
|
|
||||||
}
|
|
||||||
|
|
||||||
declare INCLUDE_PYTHON_FILES="no"
|
|
||||||
declare INCLUDE_CFG_FILES="no"
|
|
||||||
declare CHECK_FOR_MULTI="yes"
|
|
||||||
declare CHECK_LINKS="yes"
|
|
||||||
declare TIS_ONLY="yes"
|
|
||||||
|
|
||||||
declare CHECK_RPM=
|
|
||||||
|
|
||||||
for arg in "$@"
|
|
||||||
do
|
|
||||||
case $arg in
|
|
||||||
-h|--help)
|
|
||||||
show_usage
|
|
||||||
;;
|
|
||||||
--include-pyc)
|
|
||||||
INCLUDE_PYTHON_FILES="yes"
|
|
||||||
;;
|
|
||||||
--include-cfg)
|
|
||||||
INCLUDE_CFG_FILES="yes"
|
|
||||||
;;
|
|
||||||
--skip-links)
|
|
||||||
CHECK_LINKS="no"
|
|
||||||
;;
|
|
||||||
--skip-multi)
|
|
||||||
CHECK_FOR_MULTI="no"
|
|
||||||
;;
|
|
||||||
--all-rpms)
|
|
||||||
TIS_ONLY="no"
|
|
||||||
;;
|
|
||||||
*)
|
|
||||||
CHECK_RPM="$CHECK_RPM $arg"
|
|
||||||
CHECK_FOR_MULTI="no"
|
|
||||||
;;
|
|
||||||
esac
|
|
||||||
done
|
|
||||||
|
|
||||||
function rpm_list()
|
|
||||||
{
|
|
||||||
if [ -n "$CHECK_RPM" ]
|
|
||||||
then
|
|
||||||
for pkg in $CHECK_RPM
|
|
||||||
do
|
|
||||||
echo $pkg
|
|
||||||
done
|
|
||||||
elif [ "$TIS_ONLY" = "yes" ]
|
|
||||||
then
|
|
||||||
rpm -qa | grep '\.tis\.' | sort
|
|
||||||
else
|
|
||||||
rpm -qa | sort
|
|
||||||
fi
|
|
||||||
}
|
|
||||||
|
|
||||||
rpm_list | while read pkg
|
|
||||||
do
|
|
||||||
# Get the --dump from the pkg
|
|
||||||
rpm -q --queryformat "[%{FILENAMES}|%{FILEMD5S}|%{FILEFLAGS:fflags}|%{FILELINKTOS}\n]" $pkg | \
|
|
||||||
while IFS='|' read pname psum pflags plinkto
|
|
||||||
do
|
|
||||||
if [[ $pname == "(contains" ]]
|
|
||||||
then
|
|
||||||
# (contains no files)
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $INCLUDE_CFG_FILES == "no" && $pflags =~ c ]]
|
|
||||||
then
|
|
||||||
# Skip file already flagged as config
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
if [[ $INCLUDE_PYTHON_FILES == "no" && $pname =~ \.py[co]$ ]]
|
|
||||||
then
|
|
||||||
# Skip python .pyo or .pyc file
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Directories and symlinks will have no checksum
|
|
||||||
if [[ -z $psum ]]
|
|
||||||
then
|
|
||||||
if [[ -n $plinkto && $CHECK_LINKS == "yes" ]]
|
|
||||||
then
|
|
||||||
# Check the symlink pointer
|
|
||||||
flinkto=$(readlink $pname)
|
|
||||||
if [[ "$flinkto" != "$plinkto" ]]
|
|
||||||
then
|
|
||||||
echo "Link Mismatch: $pname ($pkg)"
|
|
||||||
fi
|
|
||||||
fi
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Does the file exist?
|
|
||||||
if [ ! -e "$pname" ]
|
|
||||||
then
|
|
||||||
echo "Missing: $pname ($pkg)"
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Has the file been replaced by a symlink? ie. update-alternatives
|
|
||||||
if [ -L "$pname" ]
|
|
||||||
then
|
|
||||||
continue
|
|
||||||
fi
|
|
||||||
|
|
||||||
let -i sumlen=$(echo -n $psum | wc -c)
|
|
||||||
if [ $sumlen = 64 ]
|
|
||||||
then
|
|
||||||
sumcmd=sha256sum
|
|
||||||
else
|
|
||||||
sumcmd=md5sum
|
|
||||||
fi
|
|
||||||
|
|
||||||
echo $psum $pname | $sumcmd --check --status
|
|
||||||
if [ $? -ne 0 ]
|
|
||||||
then
|
|
||||||
echo "Mismatch: $pname ($pkg)"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
done
|
|
||||||
|
|
||||||
|
|
||||||
function check_for_multi_master()
|
|
||||||
{
|
|
||||||
# Search for files owned by multiple packages
|
|
||||||
prev=
|
|
||||||
rpm_list | xargs rpm -q --queryformat "[%{FILENAMES}|%{=NAME}\n]" | sort | while IFS='|' read f p
|
|
||||||
do
|
|
||||||
if [ "$f" = "$prev" ]
|
|
||||||
then
|
|
||||||
echo $f
|
|
||||||
fi
|
|
||||||
prev=$f
|
|
||||||
done | sort -u | while read f
|
|
||||||
do
|
|
||||||
if [ ! -d "$f" ]
|
|
||||||
then
|
|
||||||
echo $f
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
}
|
|
||||||
|
|
||||||
if [ $CHECK_FOR_MULTI = "yes" ]
|
|
||||||
then
|
|
||||||
echo
|
|
||||||
echo
|
|
||||||
echo "The following files belong to multiple packages:"
|
|
||||||
echo
|
|
||||||
check_for_multi_master
|
|
||||||
fi
|
|
||||||
|
|
|
@ -27,6 +27,13 @@ logfile=/var/log/patching.log
|
||||||
patch_failed_file=/var/run/patch_install_failed
|
patch_failed_file=/var/run/patch_install_failed
|
||||||
patched_during_init=/etc/patching/.patched_during_init
|
patched_during_init=/etc/patching/.patched_during_init
|
||||||
|
|
||||||
|
# if the system has never been bootstrapped, system_mode is not set
|
||||||
|
# treat a non bootstrapped system like it is simplex
|
||||||
|
# and manually manage lighttpd, etc..
|
||||||
|
if [ "${system_mode}" = "" ]; then
|
||||||
|
system_mode="simplex"
|
||||||
|
fi
|
||||||
|
|
||||||
function LOG_TO_FILE {
|
function LOG_TO_FILE {
|
||||||
echo "`date "+%FT%T.%3N"`: $NAME: $*" >> $logfile
|
echo "`date "+%FT%T.%3N"`: $NAME: $*" >> $logfile
|
||||||
}
|
}
|
||||||
|
@ -86,13 +93,6 @@ if [ -f /etc/platform/installation_failed ] ; then
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Clean up the RPM DB
|
|
||||||
if [ ! -f /var/run/.rpmdb_cleaned ]; then
|
|
||||||
LOG_TO_FILE "Cleaning RPM DB"
|
|
||||||
rm -f /var/lib/rpm/__db*
|
|
||||||
touch /var/run/.rpmdb_cleaned
|
|
||||||
fi
|
|
||||||
|
|
||||||
# For AIO-SX, abort if config is not yet applied and this is running in init
|
# For AIO-SX, abort if config is not yet applied and this is running in init
|
||||||
if [ "${system_mode}" = "simplex" -a ! -f ${INITIAL_CONTROLLER_CONFIG_COMPLETE} -a "$1" = "start" ]; then
|
if [ "${system_mode}" = "simplex" -a ! -f ${INITIAL_CONTROLLER_CONFIG_COMPLETE} -a "$1" = "start" ]; then
|
||||||
LOG_TO_FILE "Config is not yet applied. Skipping init patching"
|
LOG_TO_FILE "Config is not yet applied. Skipping init patching"
|
||||||
|
@ -106,8 +106,10 @@ DELAY_SEC=120
|
||||||
START=`date +%s`
|
START=`date +%s`
|
||||||
FOUND=0
|
FOUND=0
|
||||||
while [ $(date +%s) -lt $(( ${START} + ${DELAY_SEC} )) ]; do
|
while [ $(date +%s) -lt $(( ${START} + ${DELAY_SEC} )) ]; do
|
||||||
|
LOG_TO_FILE "Waiting for controller to be pingable"
|
||||||
ping -c 1 controller > /dev/null 2>&1 || ping6 -c 1 controller > /dev/null 2>&1
|
ping -c 1 controller > /dev/null 2>&1 || ping6 -c 1 controller > /dev/null 2>&1
|
||||||
if [ $? -eq 0 ]; then
|
if [ $? -eq 0 ]; then
|
||||||
|
LOG_TO_FILE "controller is pingable"
|
||||||
FOUND=1
|
FOUND=1
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
|
|
|
@ -4,16 +4,16 @@ Copyright (c) 2014-2022 Wind River Systems, Inc.
|
||||||
SPDX-License-Identifier: Apache-2.0
|
SPDX-License-Identifier: Apache-2.0
|
||||||
|
|
||||||
"""
|
"""
|
||||||
|
|
||||||
import os
|
|
||||||
import six
|
|
||||||
from six.moves import configparser
|
|
||||||
import io
|
import io
|
||||||
import logging
|
import logging
|
||||||
|
import os
|
||||||
|
from six.moves import configparser
|
||||||
import socket
|
import socket
|
||||||
|
|
||||||
|
import tsconfig.tsconfig as tsc
|
||||||
|
|
||||||
import cgcs_patch.utils as utils
|
import cgcs_patch.utils as utils
|
||||||
import cgcs_patch.constants as constants
|
import cgcs_patch.constants as constants
|
||||||
import tsconfig.tsconfig as tsc
|
|
||||||
|
|
||||||
controller_mcast_group = None
|
controller_mcast_group = None
|
||||||
agent_mcast_group = None
|
agent_mcast_group = None
|
||||||
|
@ -49,17 +49,7 @@ def read_config():
|
||||||
global controller_port
|
global controller_port
|
||||||
global agent_port
|
global agent_port
|
||||||
|
|
||||||
# In python3 configparser uses strict mode by default. It doesn't
|
|
||||||
# agree duplicate keys, and will throw an error
|
|
||||||
# In python2 the strict argument is missing
|
|
||||||
# TODO(dsafta): the logic branching here can be removed once
|
|
||||||
# https://bugs.launchpad.net/starlingx/+bug/1931529 is fixed, allowing
|
|
||||||
# python3 parser to work in strict mode.
|
|
||||||
|
|
||||||
if six.PY2:
|
|
||||||
config = configparser.SafeConfigParser(defaults)
|
config = configparser.SafeConfigParser(defaults)
|
||||||
elif six.PY3:
|
|
||||||
config = configparser.SafeConfigParser(defaults, strict=False)
|
|
||||||
|
|
||||||
config.read(patching_conf)
|
config.read(patching_conf)
|
||||||
patching_conf_mtime = os.stat(patching_conf).st_mtime
|
patching_conf_mtime = os.stat(patching_conf).st_mtime
|
||||||
|
@ -115,10 +105,7 @@ def get_mgmt_iface():
|
||||||
# so return the cached value.
|
# so return the cached value.
|
||||||
return mgmt_if
|
return mgmt_if
|
||||||
|
|
||||||
if six.PY2:
|
|
||||||
config = configparser.SafeConfigParser()
|
config = configparser.SafeConfigParser()
|
||||||
elif six.PY3:
|
|
||||||
config = configparser.SafeConfigParser(strict=False)
|
|
||||||
|
|
||||||
# The platform.conf file has no section headers, which causes problems
|
# The platform.conf file has no section headers, which causes problems
|
||||||
# for ConfigParser. So we'll fake it out.
|
# for ConfigParser. So we'll fake it out.
|
||||||
|
|
|
@ -1555,6 +1555,11 @@ class PatchController(PatchService):
|
||||||
Notify the patch agent that the latest commit on the feed
|
Notify the patch agent that the latest commit on the feed
|
||||||
repo has been updated
|
repo has been updated
|
||||||
"""
|
"""
|
||||||
|
# Skip sending messages if host not yet provisioned
|
||||||
|
if self.sock_out is None:
|
||||||
|
LOG.info("Skipping send feed commit to agent")
|
||||||
|
return
|
||||||
|
|
||||||
send_commit_to_agent = PatchMessageSendLatestFeedCommit()
|
send_commit_to_agent = PatchMessageSendLatestFeedCommit()
|
||||||
self.socket_lock.acquire()
|
self.socket_lock.acquire()
|
||||||
send_commit_to_agent.send(self.sock_out)
|
send_commit_to_agent.send(self.sock_out)
|
||||||
|
|
|
@ -1,4 +1,3 @@
|
||||||
usr/sbin/rpm-audit
|
|
||||||
etc/patching/policy.json
|
etc/patching/policy.json
|
||||||
etc/patching/patching.conf
|
etc/patching/patching.conf
|
||||||
etc/patching/patch-functions
|
etc/patching/patch-functions
|
||||||
|
|
|
@ -31,8 +31,6 @@ override_dh_install:
|
||||||
${DEBIAN_DESTDIR}/usr/sbin/sw-patch-controller-daemon
|
${DEBIAN_DESTDIR}/usr/sbin/sw-patch-controller-daemon
|
||||||
install -m 555 bin/sw-patch \
|
install -m 555 bin/sw-patch \
|
||||||
${DEBIAN_DESTDIR}/usr/sbin/sw-patch
|
${DEBIAN_DESTDIR}/usr/sbin/sw-patch
|
||||||
install -m 555 bin/rpm-audit \
|
|
||||||
${DEBIAN_DESTDIR}/usr/sbin/rpm-audit
|
|
||||||
install -m 500 bin/sw-patch-controller-daemon-init.sh \
|
install -m 500 bin/sw-patch-controller-daemon-init.sh \
|
||||||
${DEBIAN_DESTDIR}/etc/init.d/sw-patch-controller-daemon
|
${DEBIAN_DESTDIR}/etc/init.d/sw-patch-controller-daemon
|
||||||
install -m 500 bin/sw-patch-agent-init.sh \
|
install -m 500 bin/sw-patch-agent-init.sh \
|
||||||
|
@ -73,6 +71,6 @@ override_dh_python3:
|
||||||
dh_python3 --shebang=/usr/bin/python3
|
dh_python3 --shebang=/usr/bin/python3
|
||||||
|
|
||||||
override_dh_fixperms:
|
override_dh_fixperms:
|
||||||
dh_fixperms -Xsw-patch-* -Xrpm-audit -Xpatching.conf -Xpolicy.json \
|
dh_fixperms -Xsw-patch-* -Xpatching.conf -Xpolicy.json \
|
||||||
-Xpatch-functions -Xpatch-tmpdirs.conf -Xrun-patch-scripts \
|
-Xpatch-functions -Xpatch-tmpdirs.conf -Xrun-patch-scripts \
|
||||||
-Xpatch_check_goenabled.sh -Xpatching -Xupgrade-start-pkg-extract
|
-Xpatch_check_goenabled.sh -Xpatching -Xupgrade-start-pkg-extract
|
||||||
|
|
|
@ -335,7 +335,7 @@ if __name__ == "__main__":
|
||||||
parser.add_argument('-c', '--create', action='store_true',
|
parser.add_argument('-c', '--create', action='store_true',
|
||||||
help='Create patch, should be executed after changes are done to the environment')
|
help='Create patch, should be executed after changes are done to the environment')
|
||||||
parser.add_argument('-i', '--id', type=str,
|
parser.add_argument('-i', '--id', type=str,
|
||||||
help='Patch ID', default='PATCH_0001', required=True)
|
help='Patch ID', default='PATCH_0001')
|
||||||
parser.add_argument('-cl', '--clean-mode', action='store_true',
|
parser.add_argument('-cl', '--clean-mode', action='store_true',
|
||||||
help='Whether to clean the delta directory automatically')
|
help='Whether to clean the delta directory automatically')
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue