qubes-download-dom0-updates.sh 4.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163
  1. #!/bin/bash
  2. DOM0_UPDATES_DIR=/var/lib/qubes/dom0-updates
  3. GUI=1
  4. CLEAN=0
  5. CHECK_ONLY=0
  6. OPTS="--installroot $DOM0_UPDATES_DIR --config=$DOM0_UPDATES_DIR/etc/yum.conf"
  7. # DNF uses /etc/yum.repos.d, even when --installroot is specified
  8. OPTS="$OPTS --setopt=reposdir=$DOM0_UPDATES_DIR/etc/yum.repos.d"
  9. PKGLIST=
  10. YUM_ACTION=
  11. export LC_ALL=C
  12. while [ -n "$1" ]; do
  13. case "$1" in
  14. --doit)
  15. # ignore
  16. ;;
  17. --nogui)
  18. GUI=0
  19. ;;
  20. --gui)
  21. GUI=1
  22. ;;
  23. --clean)
  24. CLEAN=1
  25. ;;
  26. --check-only)
  27. CHECK_ONLY=1
  28. ;;
  29. --action=*)
  30. YUM_ACTION=${1#--action=}
  31. ;;
  32. -*)
  33. OPTS="$OPTS $1"
  34. ;;
  35. *)
  36. PKGLIST="$PKGLIST $1"
  37. if [ -z "$YUM_ACTION" ]; then
  38. YUM_ACTION=install
  39. fi
  40. ;;
  41. esac
  42. shift
  43. done
  44. if [ -z "$YUM_ACTION" ]; then
  45. YUM_ACTION=upgrade
  46. fi
  47. YUM="yum"
  48. if type dnf >/dev/null 2>&1; then
  49. YUM="dnf --best --allowerasing --noplugins"
  50. fi
  51. if ! [ -d "$DOM0_UPDATES_DIR" ]; then
  52. echo "Dom0 updates dir does not exists: $DOM0_UPDATES_DIR" >&2
  53. exit 1
  54. fi
  55. mkdir -p $DOM0_UPDATES_DIR/etc
  56. if [ -e /etc/debian_version ]; then
  57. # Default rpm configuration on Debian uses ~/.rpmdb for rpm database (as
  58. # rpm isn't native package manager there)
  59. mkdir -p "$DOM0_UPDATES_DIR$HOME"
  60. ln -nsf "$DOM0_UPDATES_DIR/var/lib/rpm" "$DOM0_UPDATES_DIR$HOME/.rpmdb"
  61. fi
  62. # Rebuild rpm database in case of different rpm version
  63. rm -f $DOM0_UPDATES_DIR/var/lib/rpm/__*
  64. rpm --root=$DOM0_UPDATES_DIR --rebuilddb
  65. if [ "$CLEAN" = "1" ]; then
  66. # shellcheck disable=SC2086
  67. $YUM $OPTS clean all
  68. rm -f "$DOM0_UPDATES_DIR"/packages/*
  69. rm -rf "$DOM0_UPDATES_DIR"/var/cache/yum/*
  70. fi
  71. # just check for updates, but don't download any package
  72. if [ "x$PKGLIST" = "x" ] && [ "$CHECK_ONLY" = "1" ]; then
  73. echo "Checking for dom0 updates..." >&2
  74. # shellcheck disable=SC2086
  75. UPDATES_FULL=$($YUM $OPTS check-update)
  76. check_update_retcode=$?
  77. if [ "$check_update_retcode" -eq 1 ]; then
  78. # Exit here if yum have reported an error. Exit code 100 isn't an
  79. # error, it's "updates available" info, so check specifically for exit code 1
  80. exit 1
  81. fi
  82. if [ $check_update_retcode -eq 100 ]; then
  83. echo "Available updates: "
  84. echo "$UPDATES_FULL"
  85. exit 100
  86. else
  87. echo "No new updates available"
  88. if [ "$GUI" = 1 ]; then
  89. zenity --info --text="No new updates available"
  90. fi
  91. exit 0
  92. fi
  93. fi
  94. # now, we will download something
  95. YUM_COMMAND="fakeroot $YUM $YUM_ACTION -y --downloadonly"
  96. # check for --downloadonly option - if not supported (Debian), fallback to
  97. # yumdownloader
  98. if ! $YUM --help | grep -q downloadonly; then
  99. if [ "$YUM_ACTION" != "install" ] && [ "$YUM_ACTION" != "upgrade" ]; then
  100. echo "ERROR: yum version installed in VM $(hostname) does not suppport --downloadonly option" >&2
  101. echo "ERROR: only 'install' and 'upgrade' actions supported ($YUM_ACTION not)" >&2
  102. if [ "$GUI" = 1 ]; then
  103. zenity --error --text="yum version too old for '$YUM_ACTION' action, see console for details"
  104. fi
  105. exit 1
  106. fi
  107. if [ "$YUM_ACTION" = "upgrade" ]; then
  108. # shellcheck disable=SC2086
  109. UPDATES_FULL=$($YUM $OPTS check-update $PKGLIST)
  110. check_update_retcode=$?
  111. UPDATES_FULL=$(echo "$UPDATES_FULL" | grep -v "^Loaded plugins:\|^Last metadata\|^$")
  112. UPDATES=$(echo "$UPDATES_FULL" | grep -v "^Obsoleting\|Could not" | cut -f 1 -d ' ')
  113. if [ "$check_update_retcode" -eq 0 ]; then
  114. # exit code 0 means no updates available - regardless of stdout messages
  115. echo "No new updates available"
  116. exit 0
  117. fi
  118. PKGLIST=$UPDATES
  119. fi
  120. YUM_COMMAND="yumdownloader --destdir=$DOM0_UPDATES_DIR/packages --resolve"
  121. fi
  122. mkdir -p "$DOM0_UPDATES_DIR/packages"
  123. set -e
  124. if [ "$GUI" = 1 ]; then
  125. ( echo "1"
  126. # shellcheck disable=SC2086
  127. $YUM_COMMAND $OPTS $PKGLIST
  128. echo 100 ) | zenity --progress --pulsate --auto-close --auto-kill \
  129. --text="Downloading updates for Dom0, please wait..." --title="Qubes Dom0 updates"
  130. else
  131. # shellcheck disable=SC2086
  132. $YUM_COMMAND $OPTS $PKGLIST
  133. fi
  134. find "$DOM0_UPDATES_DIR/var/cache/yum" -name '*.rpm' -print0 |\
  135. xargs -0 -r ln -f -t "$DOM0_UPDATES_DIR/packages/"
  136. if ls "$DOM0_UPDATES_DIR"/packages/*.rpm > /dev/null 2>&1; then
  137. cmd="/usr/lib/qubes/qrexec-client-vm dom0 qubes.ReceiveUpdates /usr/lib/qubes/qfile-agent"
  138. qrexec_exit_code=0
  139. $cmd "$DOM0_UPDATES_DIR"/packages/*.rpm || { qrexec_exit_code=$? ; true; };
  140. if [ ! "$qrexec_exit_code" = "0" ]; then
  141. echo "'$cmd $DOM0_UPDATES_DIR/packages/*.rpm' failed with exit code ${qrexec_exit_code}!" >&2
  142. exit "$qrexec_exit_code"
  143. fi
  144. else
  145. echo "No packages downloaded"
  146. fi