starlingx
/
update
Code Issues Proposed changes

Debian: sw-patch cleanup and repair of old code 

- Assign 'system_mode' to 'simplex' when it is unknown.
 The system_mode is not set until after bootstrap.  Without
 this change, it defaults to duplex.

- Remove the Clean RPMS step from sw-patch init
 Debian does not use rpm, so this method can be removed.

- Remove rpm-audit utility.
 Debian does not use rpm, so this utility can be removed.

- Remove 'ID' as a 'required' field for make_test_patch
 since the utility has a default, and will not use an ID
 for some of its sub-commands.

- Remove the SafeConfigParser workaround which is no
 longer needed in Debian env.

- Add a fix for install-local so that the feed commit
is not sent if the host has not been provisioned.

Test Plan:
 Debian:  Build / Bootstrap / Unlock / Reboot AIO-SX
 Verify logs clean
 Verify no patch alarms
 Verify make_test_patch prepare does not prompt for ID

Story: 2009969
Task: 45409
Signed-off-by: Al Bailey <al.bailey@windriver.com>
Change-Id: I75ada6e262533d9c6477721836b6ecdf213c25dc
This commit is contained in:
Al Bailey 2022-05-16 16:33:15 +00:00
parent d5e5c8453c
commit f7442c98b9
7 changed files with 23 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

183
sw-patch/bin/rpm-audit
View File

@ -1,183 +0,0 @@
#!/bin/bash
#
# Copyright (c) 2016 Wind River Systems, Inc.
#
# SPDX-License-Identifier: Apache-2.0
#
if [[ $EUID -ne 0 ]]; then
echo "This utility must be run as root." >&2
exit 1
fi
function show_usage()
{
cat <<EOF
Usage: [ --include-pyc ] [ --include-cfg ] --skip-multi [ pkg ... ]
This utility scans the installed RPMs to compare checksums of files.
By default, files flagged as config are skipped, as are python pyc files.
Optional arguments:
--include-pyc : Include pyc files in check
--include-cfg : Include config files in check
--skip-links : Skip symlink check
--skip-multi : Skip the search for files with multiple owners
pkg : Specify one or more packages to limit the scan
(implies --skip-multi)
EOF
exit 1
}
declare INCLUDE_PYTHON_FILES="no"
declare INCLUDE_CFG_FILES="no"
declare CHECK_FOR_MULTI="yes"
declare CHECK_LINKS="yes"
declare TIS_ONLY="yes"
declare CHECK_RPM=
for arg in "$@"
do
case $arg in
-h|--help)
show_usage
;;
--include-pyc)
INCLUDE_PYTHON_FILES="yes"
;;
--include-cfg)
INCLUDE_CFG_FILES="yes"
;;
--skip-links)
CHECK_LINKS="no"
;;
--skip-multi)
CHECK_FOR_MULTI="no"
;;
--all-rpms)
TIS_ONLY="no"
;;
*)
CHECK_RPM="$CHECK_RPM $arg"
CHECK_FOR_MULTI="no"
;;
esac
done
function rpm_list()
{
if [ -n "$CHECK_RPM" ]
then
for pkg in $CHECK_RPM
do
echo $pkg
done
elif [ "$TIS_ONLY" = "yes" ]
then
rpm -qa | grep '\.tis\.' | sort
else
rpm -qa | sort
fi
}
rpm_list | while read pkg
do
# Get the --dump from the pkg
rpm -q --queryformat "[%{FILENAMES}|%{FILEMD5S}|%{FILEFLAGS:fflags}|%{FILELINKTOS}\n]" $pkg | \
while IFS='|' read pname psum pflags plinkto
do
if [[ $pname == "(contains" ]]
then
# (contains no files)
continue
fi
if [[ $INCLUDE_CFG_FILES == "no" && $pflags =~ c ]]
then
# Skip file already flagged as config
continue
fi
if [[ $INCLUDE_PYTHON_FILES == "no" && $pname =~ \.py[co]$ ]]
then
# Skip python .pyo or .pyc file
continue
fi
# Directories and symlinks will have no checksum
if [[ -z $psum ]]
then
if [[ -n $plinkto && $CHECK_LINKS == "yes" ]]
then
# Check the symlink pointer
flinkto=$(readlink $pname)
if [[ "$flinkto" != "$plinkto" ]]
then
echo "Link Mismatch: $pname ($pkg)"
fi
fi
continue
fi
# Does the file exist?
if [ ! -e "$pname" ]
then
echo "Missing: $pname ($pkg)"
continue
fi
# Has the file been replaced by a symlink? ie. update-alternatives
if [ -L "$pname" ]
then
continue
fi
let -i sumlen=$(echo -n $psum | wc -c)
if [ $sumlen = 64 ]
then
sumcmd=sha256sum
else
sumcmd=md5sum
fi
echo $psum $pname | $sumcmd --check --status
if [ $? -ne 0 ]
then
echo "Mismatch: $pname ($pkg)"
fi
done
done
function check_for_multi_master()
{
# Search for files owned by multiple packages
prev=
rpm_list | xargs rpm -q --queryformat "[%{FILENAMES}|%{=NAME}\n]" | sort | while IFS='|' read f p
do
if [ "$f" = "$prev" ]
then
echo $f
fi
prev=$f
done | sort -u | while read f
do
if [ ! -d "$f" ]
then
echo $f
fi
done
}
if [ $CHECK_FOR_MULTI = "yes" ]
then
echo
echo
echo "The following files belong to multiple packages:"
echo
check_for_multi_master
fi

16
sw-patch/bin/sw-patch-init.sh
View File

@ -27,6 +27,13 @@ logfile=/var/log/patching.log
patch_failed_file=/var/run/patch_install_failed patch_failed_file=/var/run/patch_install_failed
patched_during_init=/etc/patching/.patched_during_init patched_during_init=/etc/patching/.patched_during_init
# if the system has never been bootstrapped, system_mode is not set
# treat a non bootstrapped system like it is simplex
# and manually manage lighttpd, etc..
if [ "${system_mode}" = "" ]; then
system_mode="simplex"
fi
function LOG_TO_FILE { function LOG_TO_FILE {
echo "`date "+%FT%T.%3N"`: $NAME: $*" >> $logfile echo "`date "+%FT%T.%3N"`: $NAME: $*" >> $logfile
} }
@ -86,13 +93,6 @@ if [ -f /etc/platform/installation_failed ] ; then
exit 1 exit 1
fi fi
# Clean up the RPM DB
if [ ! -f /var/run/.rpmdb_cleaned ]; then
LOG_TO_FILE "Cleaning RPM DB"
rm -f /var/lib/rpm/__db*
touch /var/run/.rpmdb_cleaned
fi
# For AIO-SX, abort if config is not yet applied and this is running in init # For AIO-SX, abort if config is not yet applied and this is running in init
if [ "${system_mode}" = "simplex" -a ! -f ${INITIAL_CONTROLLER_CONFIG_COMPLETE} -a "$1" = "start" ]; then if [ "${system_mode}" = "simplex" -a ! -f ${INITIAL_CONTROLLER_CONFIG_COMPLETE} -a "$1" = "start" ]; then
LOG_TO_FILE "Config is not yet applied. Skipping init patching" LOG_TO_FILE "Config is not yet applied. Skipping init patching"
@ -106,8 +106,10 @@ DELAY_SEC=120
START=`date +%s` START=`date +%s`
FOUND=0 FOUND=0
while [ $(date +%s) -lt $(( ${START} + ${DELAY_SEC} )) ]; do while [ $(date +%s) -lt $(( ${START} + ${DELAY_SEC} )) ]; do
LOG_TO_FILE "Waiting for controller to be pingable"
ping -c 1 controller > /dev/null 2>&1 || ping6 -c 1 controller > /dev/null 2>&1 ping -c 1 controller > /dev/null 2>&1 || ping6 -c 1 controller > /dev/null 2>&1
if [ $? -eq 0 ]; then if [ $? -eq 0 ]; then
LOG_TO_FILE "controller is pingable"
FOUND=1 FOUND=1
break break
fi fi

23
sw-patch/cgcs-patch/cgcs_patch/config.py
View File

@ -4,16 +4,16 @@ Copyright (c) 2014-2022 Wind River Systems, Inc.
SPDX-License-Identifier: Apache-2.0 SPDX-License-Identifier: Apache-2.0
""" """
import os
import six
from six.moves import configparser
import io import io
import logging import logging
import os
from six.moves import configparser
import socket import socket
import tsconfig.tsconfig as tsc
import cgcs_patch.utils as utils import cgcs_patch.utils as utils
import cgcs_patch.constants as constants import cgcs_patch.constants as constants
import tsconfig.tsconfig as tsc
controller_mcast_group = None controller_mcast_group = None
agent_mcast_group = None agent_mcast_group = None
@ -49,17 +49,7 @@ def read_config():
global controller_port global controller_port
global agent_port global agent_port
# In python3 configparser uses strict mode by default. It doesn't
# agree duplicate keys, and will throw an error
# In python2 the strict argument is missing
# TODO(dsafta): the logic branching here can be removed once
# https://bugs.launchpad.net/starlingx/+bug/1931529 is fixed, allowing
# python3 parser to work in strict mode.
if six.PY2:
config = configparser.SafeConfigParser(defaults) config = configparser.SafeConfigParser(defaults)
elif six.PY3:
config = configparser.SafeConfigParser(defaults, strict=False)
config.read(patching_conf) config.read(patching_conf)
patching_conf_mtime = os.stat(patching_conf).st_mtime patching_conf_mtime = os.stat(patching_conf).st_mtime
@ -115,10 +105,7 @@ def get_mgmt_iface():
# so return the cached value. # so return the cached value.
return mgmt_if return mgmt_if
if six.PY2:
config = configparser.SafeConfigParser() config = configparser.SafeConfigParser()
elif six.PY3:
config = configparser.SafeConfigParser(strict=False)
# The platform.conf file has no section headers, which causes problems # The platform.conf file has no section headers, which causes problems
# for ConfigParser. So we'll fake it out. # for ConfigParser. So we'll fake it out.

5
sw-patch/cgcs-patch/cgcs_patch/patch_controller.py
View File

@ -1555,6 +1555,11 @@ class PatchController(PatchService):
Notify the patch agent that the latest commit on the feed Notify the patch agent that the latest commit on the feed
repo has been updated repo has been updated
""" """
# Skip sending messages if host not yet provisioned
if self.sock_out is None:
LOG.info("Skipping send feed commit to agent")
return
send_commit_to_agent = PatchMessageSendLatestFeedCommit() send_commit_to_agent = PatchMessageSendLatestFeedCommit()
self.socket_lock.acquire() self.socket_lock.acquire()
send_commit_to_agent.send(self.sock_out) send_commit_to_agent.send(self.sock_out)

1
sw-patch/debian/deb_folder/cgcs-patch.install
View File

@ -1,4 +1,3 @@
usr/sbin/rpm-audit
etc/patching/policy.json etc/patching/policy.json
etc/patching/patching.conf etc/patching/patching.conf
etc/patching/patch-functions etc/patching/patch-functions

4
sw-patch/debian/deb_folder/rules
View File

@ -31,8 +31,6 @@ override_dh_install:
${DEBIAN_DESTDIR}/usr/sbin/sw-patch-controller-daemon ${DEBIAN_DESTDIR}/usr/sbin/sw-patch-controller-daemon
install -m 555 bin/sw-patch \ install -m 555 bin/sw-patch \
${DEBIAN_DESTDIR}/usr/sbin/sw-patch ${DEBIAN_DESTDIR}/usr/sbin/sw-patch
install -m 555 bin/rpm-audit \
${DEBIAN_DESTDIR}/usr/sbin/rpm-audit
install -m 500 bin/sw-patch-controller-daemon-init.sh \ install -m 500 bin/sw-patch-controller-daemon-init.sh \
${DEBIAN_DESTDIR}/etc/init.d/sw-patch-controller-daemon ${DEBIAN_DESTDIR}/etc/init.d/sw-patch-controller-daemon
install -m 500 bin/sw-patch-agent-init.sh \ install -m 500 bin/sw-patch-agent-init.sh \
@ -73,6 +71,6 @@ override_dh_python3:
dh_python3 --shebang=/usr/bin/python3 dh_python3 --shebang=/usr/bin/python3
override_dh_fixperms: override_dh_fixperms:
dh_fixperms -Xsw-patch-* -Xrpm-audit -Xpatching.conf -Xpolicy.json \ dh_fixperms -Xsw-patch-* -Xpatching.conf -Xpolicy.json \
-Xpatch-functions -Xpatch-tmpdirs.conf -Xrun-patch-scripts \ -Xpatch-functions -Xpatch-tmpdirs.conf -Xrun-patch-scripts \
-Xpatch_check_goenabled.sh -Xpatching -Xupgrade-start-pkg-extract -Xpatch_check_goenabled.sh -Xpatching -Xupgrade-start-pkg-extract

2
sw-patch/scripts/make_test_patch.py
View File

@ -335,7 +335,7 @@ if __name__ == "__main__":
parser.add_argument('-c', '--create', action='store_true', parser.add_argument('-c', '--create', action='store_true',
help='Create patch, should be executed after changes are done to the environment') help='Create patch, should be executed after changes are done to the environment')
parser.add_argument('-i', '--id', type=str, parser.add_argument('-i', '--id', type=str,
help='Patch ID', default='PATCH_0001', required=True) help='Patch ID', default='PATCH_0001')
parser.add_argument('-cl', '--clean-mode', action='store_true', parser.add_argument('-cl', '--clean-mode', action='store_true',
help='Whether to clean the delta directory automatically') help='Whether to clean the delta directory automatically')