2011-06-22 00:44:48 +02:00
|
|
|
|
#!/bin/bash
|
|
|
|
|
|
|
|
|
|
DOM0_UPDATES_DIR=/var/lib/qubes/dom0-updates
|
|
|
|
|
|
|
|
|
|
GUI=1
|
2011-09-12 14:36:53 +02:00
|
|
|
|
CLEAN=0
|
2011-09-15 00:18:56 +02:00
|
|
|
|
CHECK_ONLY=0
|
2020-12-10 23:53:22 +01:00
|
|
|
|
OPTS=(--installroot "$DOM0_UPDATES_DIR")
|
2019-04-01 18:18:22 +02:00
|
|
|
|
if [ -f "$DOM0_UPDATES_DIR/etc/dnf/dnf.conf" ]; then
|
2020-12-10 23:53:22 +01:00
|
|
|
|
OPTS+=("--config=$DOM0_UPDATES_DIR/etc/dnf/dnf.conf")
|
2019-04-01 18:18:22 +02:00
|
|
|
|
elif [ -f "$DOM0_UPDATES_DIR/etc/yum.conf" ]; then
|
2020-12-10 23:53:22 +01:00
|
|
|
|
OPTS+=("--config=$DOM0_UPDATES_DIR/etc/yum.conf")
|
2019-04-01 18:18:22 +02:00
|
|
|
|
fi
|
2016-06-01 04:40:56 +02:00
|
|
|
|
# DNF uses /etc/yum.repos.d, even when --installroot is specified
|
2020-12-10 23:53:22 +01:00
|
|
|
|
OPTS+=("--setopt=reposdir=$DOM0_UPDATES_DIR/etc/yum.repos.d")
|
2021-01-22 20:28:26 +01:00
|
|
|
|
CLEAN_OPTS=("${OPTS[@]}")
|
2019-10-12 22:43:38 +02:00
|
|
|
|
# DNF verifies signatures implicitly, but yumdownloader does not.
|
|
|
|
|
SIGNATURE_REGEX=""
|
2019-07-20 10:46:24 +02:00
|
|
|
|
PKGLIST=()
|
2015-03-26 00:59:28 +01:00
|
|
|
|
YUM_ACTION=
|
|
|
|
|
|
2014-01-10 03:34:16 +01:00
|
|
|
|
export LC_ALL=C
|
|
|
|
|
|
2011-06-22 00:44:48 +02:00
|
|
|
|
while [ -n "$1" ]; do
|
2011-09-12 14:32:56 +02:00
|
|
|
|
case "$1" in
|
2020-12-29 04:05:41 +01:00
|
|
|
|
--doit|--force-xen-upgrade|--console|--show-output)
|
2017-05-20 03:49:13 +02:00
|
|
|
|
# ignore
|
2011-09-12 14:32:56 +02:00
|
|
|
|
;;
|
|
|
|
|
--nogui)
|
|
|
|
|
GUI=0
|
|
|
|
|
;;
|
2011-10-07 21:13:00 +02:00
|
|
|
|
--gui)
|
|
|
|
|
GUI=1
|
|
|
|
|
;;
|
2011-09-12 14:36:53 +02:00
|
|
|
|
--clean)
|
|
|
|
|
CLEAN=1
|
|
|
|
|
;;
|
2011-09-15 00:18:56 +02:00
|
|
|
|
--check-only)
|
|
|
|
|
CHECK_ONLY=1
|
|
|
|
|
;;
|
2015-03-26 00:59:28 +01:00
|
|
|
|
--action=*)
|
|
|
|
|
YUM_ACTION=${1#--action=}
|
|
|
|
|
;;
|
2011-09-12 14:32:56 +02:00
|
|
|
|
-*)
|
2020-12-10 23:53:22 +01:00
|
|
|
|
# we already add these options for DNF, and Yum doesn’t support them
|
|
|
|
|
case $1 in (--best|--allowerasing) :;; (*) OPTS+=("$1");; esac
|
2011-09-12 14:32:56 +02:00
|
|
|
|
;;
|
|
|
|
|
*)
|
2019-07-20 10:46:24 +02:00
|
|
|
|
PKGLIST+=( "${1}" )
|
2015-03-26 00:59:28 +01:00
|
|
|
|
if [ -z "$YUM_ACTION" ]; then
|
|
|
|
|
YUM_ACTION=install
|
|
|
|
|
fi
|
2011-09-12 14:32:56 +02:00
|
|
|
|
;;
|
|
|
|
|
esac
|
2011-06-22 00:44:48 +02:00
|
|
|
|
shift
|
|
|
|
|
done
|
|
|
|
|
|
2015-03-26 00:59:28 +01:00
|
|
|
|
if [ -z "$YUM_ACTION" ]; then
|
|
|
|
|
YUM_ACTION=upgrade
|
|
|
|
|
fi
|
|
|
|
|
|
2016-06-01 04:40:56 +02:00
|
|
|
|
if type dnf >/dev/null 2>&1; then
|
2020-12-10 23:53:22 +01:00
|
|
|
|
YUM=(dnf --best --allowerasing --noplugins)
|
2018-04-07 23:25:55 +02:00
|
|
|
|
else
|
2020-12-10 23:53:22 +01:00
|
|
|
|
YUM=(yum)
|
2015-11-10 16:37:14 +01:00
|
|
|
|
fi
|
|
|
|
|
|
2011-06-22 00:44:48 +02:00
|
|
|
|
if ! [ -d "$DOM0_UPDATES_DIR" ]; then
|
2011-09-15 00:19:48 +02:00
|
|
|
|
echo "Dom0 updates dir does not exists: $DOM0_UPDATES_DIR" >&2
|
2011-06-22 00:44:48 +02:00
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
|
|
|
|
|
mkdir -p $DOM0_UPDATES_DIR/etc
|
|
|
|
|
|
2015-06-16 02:22:42 +02:00
|
|
|
|
if [ -e /etc/debian_version ]; then
|
|
|
|
|
# Default rpm configuration on Debian uses ~/.rpmdb for rpm database (as
|
|
|
|
|
# rpm isn't native package manager there)
|
|
|
|
|
mkdir -p "$DOM0_UPDATES_DIR$HOME"
|
2020-10-28 14:21:20 +01:00
|
|
|
|
rm -rf "$DOM0_UPDATES_DIR$HOME/.rpmdb"
|
|
|
|
|
cp -r "$DOM0_UPDATES_DIR/var/lib/rpm" "$DOM0_UPDATES_DIR$HOME/.rpmdb"
|
2015-06-16 02:22:42 +02:00
|
|
|
|
fi
|
2012-06-13 01:59:25 +02:00
|
|
|
|
# Rebuild rpm database in case of different rpm version
|
|
|
|
|
rm -f $DOM0_UPDATES_DIR/var/lib/rpm/__*
|
|
|
|
|
rpm --root=$DOM0_UPDATES_DIR --rebuilddb
|
|
|
|
|
|
2011-09-15 00:14:13 +02:00
|
|
|
|
if [ "$CLEAN" = "1" ]; then
|
2017-09-30 04:54:28 +02:00
|
|
|
|
# shellcheck disable=SC2086
|
2021-01-22 20:28:26 +01:00
|
|
|
|
"${YUM[@]}" "${CLEAN_OPTS[@]}" clean all
|
2017-09-30 04:54:28 +02:00
|
|
|
|
rm -f "$DOM0_UPDATES_DIR"/packages/*
|
2019-06-17 19:54:44 +02:00
|
|
|
|
rm -rf "$DOM0_UPDATES_DIR"/var/cache/*
|
2011-09-12 14:36:53 +02:00
|
|
|
|
fi
|
|
|
|
|
|
2017-05-20 03:49:13 +02:00
|
|
|
|
# just check for updates, but don't download any package
|
2019-07-20 10:46:24 +02:00
|
|
|
|
if [ ${#PKGLIST[@]} -eq 0 ] && [ "$CHECK_ONLY" = "1" ]; then
|
2011-09-15 00:19:48 +02:00
|
|
|
|
echo "Checking for dom0 updates..." >&2
|
2017-09-30 04:54:28 +02:00
|
|
|
|
# shellcheck disable=SC2086
|
2020-12-10 23:53:22 +01:00
|
|
|
|
UPDATES_FULL=$("${YUM[@]}" "${OPTS[@]}" check-update)
|
2015-11-10 16:37:14 +01:00
|
|
|
|
check_update_retcode=$?
|
2017-09-30 04:54:28 +02:00
|
|
|
|
if [ "$check_update_retcode" -eq 1 ]; then
|
2015-10-10 22:01:02 +02:00
|
|
|
|
# Exit here if yum have reported an error. Exit code 100 isn't an
|
|
|
|
|
# error, it's "updates available" info, so check specifically for exit code 1
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
2017-05-20 03:49:13 +02:00
|
|
|
|
if [ $check_update_retcode -eq 100 ]; then
|
|
|
|
|
echo "Available updates: "
|
|
|
|
|
echo "$UPDATES_FULL"
|
|
|
|
|
exit 100
|
|
|
|
|
else
|
|
|
|
|
echo "No new updates available"
|
|
|
|
|
if [ "$GUI" = 1 ]; then
|
|
|
|
|
zenity --info --text="No new updates available"
|
|
|
|
|
fi
|
|
|
|
|
exit 0
|
2012-04-25 00:25:54 +02:00
|
|
|
|
fi
|
2011-06-22 00:44:48 +02:00
|
|
|
|
fi
|
|
|
|
|
|
2017-05-20 03:49:13 +02:00
|
|
|
|
# now, we will download something
|
2020-12-10 23:53:22 +01:00
|
|
|
|
YUM_COMMAND=(fakeroot "${YUM[@]}" "$YUM_ACTION" -y --downloadonly)
|
2015-06-16 02:22:42 +02:00
|
|
|
|
# check for --downloadonly option - if not supported (Debian), fallback to
|
|
|
|
|
# yumdownloader
|
2020-12-10 23:53:22 +01:00
|
|
|
|
if ! "${YUM[@]}" --help | grep -q downloadonly; then
|
2019-10-12 22:43:38 +02:00
|
|
|
|
if dpkg --compare-versions \
|
|
|
|
|
"$(dpkg-query --show --showformat='${version}' rpm)" gt 4.14; then
|
|
|
|
|
SIGNATURE_REGEX="^[A-Za-z0-9._+-/]{1,128}\.rpm: digests signatures OK$"
|
|
|
|
|
else
|
|
|
|
|
SIGNATURE_REGEX="^[A-Za-z0-9._+-/]{1,128}\.rpm: [a-z0-9() ]* (pgp|gpg) [a-z0-9 ]* OK$"
|
|
|
|
|
fi
|
|
|
|
|
|
2019-08-07 00:03:51 +02:00
|
|
|
|
# setup environment for yumdownloader to be happy
|
|
|
|
|
if [ ! -e "$DOM0_UPDATES_DIR/etc/yum.conf" ]; then
|
|
|
|
|
ln -nsf dnf/dnf.conf "$DOM0_UPDATES_DIR/etc/yum.conf"
|
|
|
|
|
fi
|
2018-02-11 13:54:34 +01:00
|
|
|
|
if [ "$YUM_ACTION" = "install" ]; then
|
2020-12-10 23:53:22 +01:00
|
|
|
|
YUM_COMMAND=(yumdownloader "--destdir=$DOM0_UPDATES_DIR/packages" --resolve)
|
2018-02-11 13:54:34 +01:00
|
|
|
|
elif [ "$YUM_ACTION" = "upgrade" ]; then
|
2017-09-30 04:54:28 +02:00
|
|
|
|
# shellcheck disable=SC2086
|
2020-12-10 23:53:22 +01:00
|
|
|
|
UPDATES_FULL=$("${YUM[@]}" "${OPTS[@]}" check-update "${PKGLIST[@]}")
|
2017-05-20 03:49:13 +02:00
|
|
|
|
check_update_retcode=$?
|
2017-09-30 04:54:28 +02:00
|
|
|
|
UPDATES_FULL=$(echo "$UPDATES_FULL" | grep -v "^Loaded plugins:\|^Last metadata\|^$")
|
2019-07-20 10:46:24 +02:00
|
|
|
|
mapfile -t PKGLIST < <(echo "$UPDATES_FULL" | grep -v "^Obsoleting\|Could not" | cut -f 1 -d ' ')
|
2017-09-30 04:54:28 +02:00
|
|
|
|
if [ "$check_update_retcode" -eq 0 ]; then
|
2017-05-20 14:29:51 +02:00
|
|
|
|
# exit code 0 means no updates available - regardless of stdout messages
|
2020-03-16 02:10:14 +01:00
|
|
|
|
echo "No new updates available" >&2
|
2017-05-20 03:49:13 +02:00
|
|
|
|
exit 0
|
|
|
|
|
fi
|
2020-12-10 23:53:22 +01:00
|
|
|
|
YUM_COMMAND=(yumdownloader "--destdir=$DOM0_UPDATES_DIR/packages" --resolve)
|
2018-02-11 14:08:19 +01:00
|
|
|
|
elif [ "$YUM_ACTION" == "list" ] || [ "$YUM_ACTION" == "search" ]; then
|
|
|
|
|
# those actions do not download any package, so lack of --downloadonly is irrelevant
|
2020-12-10 23:53:22 +01:00
|
|
|
|
YUM_COMMAND=("${YUM[@]}" -y -- "$YUM_ACTION")
|
2018-02-27 11:17:40 +01:00
|
|
|
|
elif [ "$YUM_ACTION" == "reinstall" ]; then
|
2018-02-11 14:08:19 +01:00
|
|
|
|
# this is just approximation of 'reinstall' action...
|
2020-12-10 23:53:22 +01:00
|
|
|
|
mapfile -t PKGLIST < <(rpm "--root=$DOM0_UPDATES_DIR" -q "${PKGLIST[@]}")
|
|
|
|
|
YUM_COMMAND=(yumdownloader "--destdir=$DOM0_UPDATES_DIR/packages" --resolve)
|
2018-02-11 13:54:34 +01:00
|
|
|
|
else
|
|
|
|
|
echo "ERROR: yum version installed in VM $(hostname) does not suppport --downloadonly option" >&2
|
|
|
|
|
echo "ERROR: only 'install' and 'upgrade' actions supported ($YUM_ACTION not)" >&2
|
|
|
|
|
if [ "$GUI" = 1 ]; then
|
|
|
|
|
zenity --error --text="yum version too old for '$YUM_ACTION' action, see console for details"
|
|
|
|
|
fi
|
|
|
|
|
exit 1
|
2015-06-16 02:22:42 +02:00
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2011-06-22 00:44:48 +02:00
|
|
|
|
mkdir -p "$DOM0_UPDATES_DIR/packages"
|
|
|
|
|
|
|
|
|
|
set -e
|
|
|
|
|
|
2020-12-10 23:55:09 +01:00
|
|
|
|
"${YUM_COMMAND[@]}" "${OPTS[@]}" "${PKGLIST[@]}"
|
2011-06-22 00:44:48 +02:00
|
|
|
|
|
2019-08-07 00:03:51 +02:00
|
|
|
|
find "$DOM0_UPDATES_DIR/var/cache" -name '*.rpm' -print0 2>/dev/null |\
|
2017-09-30 04:54:28 +02:00
|
|
|
|
xargs -0 -r ln -f -t "$DOM0_UPDATES_DIR/packages/"
|
2016-06-01 04:40:56 +02:00
|
|
|
|
|
2017-09-30 04:54:28 +02:00
|
|
|
|
if ls "$DOM0_UPDATES_DIR"/packages/*.rpm > /dev/null 2>&1; then
|
2019-10-12 22:43:38 +02:00
|
|
|
|
if [ -n "$SIGNATURE_REGEX" ]; then
|
|
|
|
|
rpmkeys_error=0
|
|
|
|
|
for pkg in "$DOM0_UPDATES_DIR"/packages/*.rpm; do
|
|
|
|
|
rpmkeys_exit_code=0
|
|
|
|
|
output="$(rpmkeys --root "$DOM0_UPDATES_DIR" --checksig "$pkg")" \
|
|
|
|
|
|| rpmkeys_exit_code="$?"
|
|
|
|
|
if [ ! "$rpmkeys_exit_code" = "0" ]; then
|
|
|
|
|
echo "ERROR: could not verify $pkg" >&2
|
|
|
|
|
rpmkeys_error=1
|
|
|
|
|
rm "$pkg"
|
|
|
|
|
elif ! echo "$output" |grep -Pq "$SIGNATURE_REGEX"; then
|
|
|
|
|
echo "ERROR: missing or invalid signature for $pkg" >&2
|
|
|
|
|
rpmkeys_error=1
|
|
|
|
|
rm "$pkg"
|
|
|
|
|
else
|
2020-03-16 02:10:14 +01:00
|
|
|
|
echo "Successfully verified $pkg" >&2
|
2019-10-12 22:43:38 +02:00
|
|
|
|
fi
|
|
|
|
|
done
|
|
|
|
|
if [ ! "$rpmkeys_error" = "0" ]; then
|
|
|
|
|
echo "ERROR: could not verify one or more packages" >&2
|
|
|
|
|
exit 1
|
|
|
|
|
fi
|
|
|
|
|
fi
|
|
|
|
|
|
2015-09-03 16:56:29 +02:00
|
|
|
|
cmd="/usr/lib/qubes/qrexec-client-vm dom0 qubes.ReceiveUpdates /usr/lib/qubes/qfile-agent"
|
|
|
|
|
qrexec_exit_code=0
|
2017-09-30 04:54:28 +02:00
|
|
|
|
$cmd "$DOM0_UPDATES_DIR"/packages/*.rpm || { qrexec_exit_code=$? ; true; };
|
2015-09-03 16:56:29 +02:00
|
|
|
|
if [ ! "$qrexec_exit_code" = "0" ]; then
|
|
|
|
|
echo "'$cmd $DOM0_UPDATES_DIR/packages/*.rpm' failed with exit code ${qrexec_exit_code}!" >&2
|
2017-09-30 04:54:28 +02:00
|
|
|
|
exit "$qrexec_exit_code"
|
2015-09-03 16:56:29 +02:00
|
|
|
|
fi
|
2011-07-24 21:54:10 +02:00
|
|
|
|
else
|
2020-03-16 02:10:14 +01:00
|
|
|
|
echo "No packages downloaded" >&2
|
2011-07-24 21:54:10 +02:00
|
|
|
|
fi
|