mirrors/aports
1
0
Fork 0
mirror of https://gitlab.alpinelinux.org/alpine/aports.git synced 2025-09-21 13:41:20 +02:00
Code Issues Packages Projects Releases Wiki Activity
aports/community/apt-dater-host/apk-handle-FORBID_-lines.patch
Henrik Riomar 398f857e86 community/apt-dater-host: work with doas (and more) 
Bring in some more fixes and features from upstream master:
 * Work with doas (new default, but still supports sudo)
 * Allow configuring what operations that are not allowed
 * Add cluster reporting
2021-11-05 15:46:02 +00:00

147 lines
3.4 KiB
Diff
Raw Blame History

From b737808d86dc364730c4fdb6987dd7077b32c0a2 Mon Sep 17 00:00:00 2001
From: Henrik Riomar <henrik.riomar@gmail.com>
Date: Fri, 29 Oct 2021 11:38:33 +0200
Subject: [PATCH] apk: handle FORBID_* lines
Handle config file options:
* FORBID_REFRESH
* FORBID_UPGRADE
* FORBID_INSTALL
---
apk/apt-dater-host | 34 +++++++++++++++++++++++++++++-----
apk/apt-dater-host.conf | 15 +++++++++++++++
apk/test-apt-dater-host | 19 +++++++++++++++++++
3 files changed, 63 insertions(+), 5 deletions(-)
diff --git a/apk/apt-dater-host b/apk/apt-dater-host
index 02e976a..c60ffd6 100755
--- a/apk/apt-dater-host
+++ b/apk/apt-dater-host
@@ -34,6 +34,10 @@ APK_CMD="/sbin/apk"
VIRT_WHAT_CMD="/usr/sbin/virt-what --test-root=/"
DMESG_CMD="dmesg"
+FORBID_REFRESH=0
+FORBID_UPGRADE=0
+FORBID_INSTALL=0
+
cfg="/etc/apt-dater-host.conf"
[ -r $cfg ] && . $cfg
@@ -144,7 +148,11 @@ get_kern()
# FORBID: ${Operations}
check_forbid()
{
- echo "FORBID: 0"
+ mask=0
+ [ $FORBID_REFRESH -eq 1 ] && mask=$((mask|=1))
+ [ $FORBID_UPGRADE -eq 1 ] && mask=$((mask|=2))
+ [ $FORBID_INSTALL -eq 1 ] && mask=$((mask|=4))
+ echo "FORBID: $mask"
}
# ADPROTO: ${ProtoVersion}
@@ -183,6 +191,10 @@ run_as_root()
fi
}
+echoerr()
+{
+ printf "\n%s\n\n" "$@" 1>&2
+}
if [ -z "$1" ]; then
echo "Don't call this script directly!"
@@ -192,7 +204,11 @@ fi
case "$1" in
refresh)
say_hi
- run_as_root 0 $APK_CMD update
+ if [ $FORBID_REFRESH -eq 1 ]; then
+ echoerr "** Sorry, apt-dater based refreshs on this host are disabled! **"
+ else
+ run_as_root 0 $APK_CMD update
+ fi
do_status
;;
@@ -202,13 +218,21 @@ case "$1" in
;;
upgrade)
- run_as_root 1 $APK_CMD upgrade
+ if [ $FORBID_UPGRADE -eq 1 ]; then
+ echoerr "** Sorry, apt-dater based upgrades on this host are disabled! **"
+ else
+ run_as_root 1 $APK_CMD upgrade
+ fi
;;
install)
shift
- echo "Installing PKG: $*"
- run_as_root 1 $APK_CMD add $*
+ if [ $FORBID_INSTALL -eq 1 ]; then
+ echoerr "** Sorry, apt-dater based installations on this host are disabled! **"
+ else
+ echo "Installing PKG: $*"
+ run_as_root 1 $APK_CMD add $*
+ fi
;;
kernel)
diff --git a/apk/apt-dater-host.conf b/apk/apt-dater-host.conf
index 54210c2..6ac7e14 100644
--- a/apk/apt-dater-host.conf
+++ b/apk/apt-dater-host.conf
@@ -5,3 +5,18 @@
# use this command to become root
# Supported: doas and sudo
#ROOT_CMD="doas"
+
+##
+## If this host is a mission critical system and
+## needs scheduled downtimes for upgrades, enable
+## (some) of the following FORBID_* lines:
+##
+
+# prevent apt-dater-host from refreshing package lists
+#FORBID_REFRESH=1
+
+# prevent apt-dater-host from upgrading packages
+#FORBID_UPGRADE=1
+
+# prevent apt-dater-host from installing packages
+#FORBID_INSTALL=1
diff --git a/apk/test-apt-dater-host b/apk/test-apt-dater-host
index e36dea1..f0a47fe 100755
--- a/apk/test-apt-dater-host
+++ b/apk/test-apt-dater-host
@@ -60,3 +60,22 @@ test_get_virt()
result="$(get_kern)"
check_tag KERNELINFO $result
}
+
+@test "check_forbid()" {
+ # check defaults
+ result="$(check_forbid)"
+ check_tag FORBID $result
+ [[ "$result" == "FORBID: 0" ]]
+
+ export FORBID_UPGRADE=1
+ result="$(check_forbid)"
+ [[ "$result" == "FORBID: 2" ]]
+
+ export FORBID_INSTALL=1
+ result="$(check_forbid)"
+ [[ "$result" == "FORBID: 6" ]]
+
+ export FORBID_REFRESH=1
+ result="$(check_forbid)"
+ [[ "$result" == "FORBID: 7" ]]
+}
--
2.33.1
Reference in New Issue View Git Blame Copy Permalink