diff options
| -rw-r--r-- | updater-ng/Makefile | 97 | ||||
| -rwxr-xr-x | updater-ng/files/cleanup_rc_d.sh | 27 | ||||
| -rw-r--r-- | updater-ng/files/turris-repo.lua | 34 | ||||
| -rw-r--r-- | updater-ng/files/turris.lua | 108 | ||||
| -rw-r--r-- | updater-ng/files/uci-defaults | 16 | ||||
| -rwxr-xr-x | updater-ng/files/update_alternatives.sh | 23 | ||||
| -rw-r--r-- | updater-ng/files/updater.config | 4 |
7 files changed, 309 insertions, 0 deletions
diff --git a/updater-ng/Makefile b/updater-ng/Makefile new file mode 100644 index 0000000..3fe04f9 --- /dev/null +++ b/updater-ng/Makefile @@ -0,0 +1,97 @@ +# +## Copyright (C) 2016-2020 CZ.NIC z.s.p.o. (http://www.nic.cz/) +# +## This is free software, licensed under the GNU General Public License v2. +# See /LICENSE for more information. +# # +# +include $(TOPDIR)/rules.mk + +PKG_NAME:=updater-ng +PKG_VERSION:=70.0.0 +PKG_RELEASE:=1 + +PKG_SOURCE_PROTO:=git +PKG_SOURCE_URL:=https://gitlab.nic.cz/turris/updater/updater.git +PKG_MIRROR_HASH:=4e3cb85ae1fd77e06799cb40dacb9f6170c4523c0be52b9dadddb2a05d5afe1b +PKG_SOURCE_VERSION:=v$(PKG_VERSION) + +PKG_MAINTAINER:=CZ.NIC <packaging@turris.cz> +PKG_LICENSE:=GPL-3.0-or-later +PKG_LICENSE_FILES:=COPYING + +PKG_BUILD_DEPENDS:=busybox uthash argp-standalone + +PKG_INSTALL:=1 +PKG_FIXUP:=autoreconf + +include $(INCLUDE_DIR)/package.mk +include $(INCLUDE_DIR)/autotools.mk + +define Package/updater-ng + SECTION:=updater + CATEGORY:=Turris Updater + TITLE:=Updater + DEPENDS:=\ + +liblua \ + +libuci-lua \ + +libevent2 \ + +libcurl \ + +liburiparser \ + +libarchive \ + +base64c \ + +ca-certificates +endef + +define Package/updater-ng/description + Turris package manager designed for automatic updates in mind. It is + non-interactive in general but highly configurable through Lua scripts. +endef + +CONFIGURE_ARGS += \ + --disable-tests \ + --disable-linters \ + --disable-docs \ + --with-embed-busybox="$(STAGING_DIR)/bin/busybox-static" + +define Package/$(PKG_NAME)/install + $(INSTALL_DIR) $(1)/usr/lib/ + $(CP) $(PKG_INSTALL_DIR)/usr/lib/libupdater*.so* $(1)/usr/lib/ + + $(INSTALL_DIR) $(1)/usr/bin + $(INSTALL_BIN) $(PKG_INSTALL_DIR)/usr/bin/* $(1)/usr/bin/ + $(INSTALL_BIN) ./files/update_alternatives.sh $(1)/usr/bin/ + + $(INSTALL_DIR) $(1)/etc/updater + $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/pkgupdate/configs/conf.lua $(1)/etc/updater + $(INSTALL_DIR) $(1)/etc/updater/conf.d + $(INSTALL_CONF) ./files/turris.lua $(1)/etc/updater/conf.d/turris.lua + $(INSTALL_CONF) ./files/turris-repo.lua $(1)/etc/updater/turris-repo.lua + $(INSTALL_CONF) $(PKG_BUILD_DIR)/src/pkgupdate/configs/example.lua $(1)/etc/updater/conf.d/example.lua + + $(INSTALL_DIR) $(1)/etc/updater/hook_preupdate + touch $(1)/etc/updater/hook_preupdate/.keep + $(INSTALL_DIR) $(1)/etc/updater/hook_postupdate + $(INSTALL_BIN) ./files/cleanup_rc_d.sh $(1)/etc/updater/hook_postupdate/ + $(INSTALL_DIR) $(1)/etc/updater/hook_reboot_required + $(INSTALL_BIN) $(PKG_BUILD_DIR)/src/pkgupdate/hook_reboot_required/50-create-notification.sh $(1)/etc/updater/hook_reboot_required/50-create-notification.sh + + $(INSTALL_DIR) $(1)/etc/config + $(INSTALL_CONF) ./files/updater.config $(1)/etc/config/updater +endef + +define Package/updater-ng/conffiles +/etc/updater/conf.d/example.lua +/etc/updater/turris-repo.lua +/etc/config/updater +endef + +define Package/updater-ng/postinst +if [ -n "$$IPKG_INSTROOT" ] && [ -n "$$BOOTSTRAP_UPDATER_BRANCH" ]; then + mkdir -p "$$IPKG_INSTROOT/usr/share/updater" + echo "$$BOOTSTRAP_UPDATER_BRANCH" \ + > "$$IPKG_INSTROOT/usr/share/updater/bootstrap-updater-branch" +fi +endef + +$(eval $(call BuildPackage,updater-ng)) diff --git a/updater-ng/files/cleanup_rc_d.sh b/updater-ng/files/cleanup_rc_d.sh new file mode 100755 index 0000000..9df8015 --- /dev/null +++ b/updater-ng/files/cleanup_rc_d.sh @@ -0,0 +1,27 @@ +#!/bin/sh +set -eu + +cd "$ROOT_DIR/etc/rc.d" + +# Remove any dangling links +for rc in *; do + [ -L "$rc" ] || continue + [ -f "$rc" ] || { + echo "Removing enable for non-existent service: $rc" >&2 + rm -f "$rc" + } +done + +# Fix multiple links for same service +# We list here all links and do two passes. First we just remove number and filter +# out only duplicates. This way we have problematic services but to get name only +# once we have to remove leading 'S' or 'K' and do second pass. This way we have +# just list of all problematic services. +find -maxdepth 1 -type l \ + | sed 's|\./\([SK]\)..|\1|' | sort | uniq -d \ + | sed 's|[SK]||' | sort | uniq \ + | while read -r service; do + echo "Fixing multiple startup/shutdown links for service: $service" >&2 + rm -f [SK]??"$service" + /bin/sh "$ROOT_DIR/etc/rc.common" "$ROOT_DIR/etc/init.d/$service" enable +done diff --git a/updater-ng/files/turris-repo.lua b/updater-ng/files/turris-repo.lua new file mode 100644 index 0000000..2935e3d --- /dev/null +++ b/updater-ng/files/turris-repo.lua @@ -0,0 +1,34 @@ +--[[ +This file allows you to override path to Turris lists. Those are Lua scripts +maintained in default on https://repo.turris.cz along side the packages. +Sometimes you want to point all machinery to different server just for testing. +This file is here exactly for that. +]] +return { + + --[[ + Following line can be uncommented and changed to specify different server. + ]] + --url = "https://repo.turris.cz", + + --[[ + Following few lines can be uncommented if you want to include your own public + key used to sign your own copy of lists. + This is used only if url is also defined. + ]] + --pubkey = { + -- "file:///etc/updater/keys/release.pub", + -- "file:///etc/updater/keys/standby.pub", + -- "file:///etc/updater/keys/test.pub" + --}, + + --[[ + These options are here rather for completeness. You can ping appropriate CA, + specify CRL or disable OCSP. + These options are ignored if url is not also defined. + ]] + --ca = true, + --crl = false, + --ocsp = true, + +} diff --git a/updater-ng/files/turris.lua b/updater-ng/files/turris.lua new file mode 100644 index 0000000..ae9b701 --- /dev/null +++ b/updater-ng/files/turris.lua @@ -0,0 +1,108 @@ +--[[ +This file is part of updater-ng. Don't edit it. +]] + +local uci_cursor = nil +if uci then + uci_cursor = uci.cursor(root_dir .. "/etc/config") +else + ERROR("UCI library is not available. Configuration not used.") +end +local function uci_cnf(name, default) + if uci_cursor then + return uci_cursor:get("updater", "turris", name) or default + else + return default + end +end + +-- Configuration variables +local mode = uci_cnf("mode", "branch") -- should we follow branch or version? +local branch = uci_cnf("branch", "hbs") -- which branch to follow +local version = uci_cnf("version", nil) -- which version to follow + +-- Verify that we have sensible configuration +if mode == "version" and not version then + WARN("Mode configured to be 'version' but no version provided. Changing mode to 'branch' instead.") + mode = "branch" +end + +-- Detect host board +local product = os_release["OPENWRT_DEVICE_PRODUCT"] or os_release["LEDE_DEVICE_PRODUCT"] +if product:match("[Mm]ox") then + board = "mox" +elseif product:match("[Oo]mnia") then + board = "omnia" +elseif product:match("[Tt]urris 1.x") then + board = "turris1x" +else + DIE("Unsupported Turris board: " .. tostring(product)) +end +Export('board') + +-- Detect container +local env = io.open("/proc/1/environ", "rb") +for name, value in env:read("*a"):gmatch"([^=]+)=([^%z]+)%z?" do + if name == "container" then + container=value + Export("container") + end +end +env:close() + + +-- Common connection settings for Turris OS scripts +local script_options = { + security = "Remote", + pubkey = { + "file:///etc/updater/keys/release.pub", + "file:///etc/updater/keys/standby.pub", + "file:///etc/updater/keys/test.pub" -- It is normal for this one to not be present in production systems + } +} + +-- Turris repository server URL (or override) +local repo_url = "https://repo.turris.cz" +local config, config_error = loadfile("/etc/updater/turris-repo.lua") +if config then + config = config() + if config.url ~= nil then + repo_url = config.url + for _, field in {"pubkey", "ca", "crl", "ocsp"} do + if config[field] ~= nil then + script_options[field] = config[field] + end + end + end +else + WARN("Failed to load /etc/updater/turris-repo.lua: " .. tostring(config_error)) +end + +-- Common URI to Turris OS lists +local base_url +if mode == "branch" then + base_url = repo_url .. "/" .. branch .. "/" .. board .. "/lists/" +elseif mode == "version" then + base_url = repo_url .. "/archive/" .. version .. "/" .. board .. "/lists/" +else + DIE("Invalid updater.turris.mode specified: " .. mode) +end + +-- The distribution base script. It contains the repository and bunch of basic packages +Script(base_url .. "base.lua", script_options) + +-- Additional enabled distribution lists forced by boot arguments +if root_dir == "/" then + local cmdf = io.open("/proc/cmdline") + if cmdf then + for cmdarg in cmdf:read():gmatch('[^ ]+') do + local key, value = cmdarg:match('([^=]+)=(.*)') + if key == "turris_lists" then + for list in value:gmatch('[^,]+') do + Script(base_url .. list .. ".lua", script_options) + end + end + end + cmdf:close() + end +end diff --git a/updater-ng/files/uci-defaults b/updater-ng/files/uci-defaults new file mode 100644 index 0000000..63fe73b --- /dev/null +++ b/updater-ng/files/uci-defaults @@ -0,0 +1,16 @@ +#!/bin/sh +set -eu + +# bootstrap file is created to store content of BOOTSTRAP_UPDATER_BRANCH +# environment variable, if defined, when updater is run in out root mode (the way +# bootstrap is performed). +# BOOTSTRAP_UPDATER_BRANCH contains simply target branch for updater (eg. HBL or HBD). +bootstrap="/usr/share/updater/bootstrap-updater-branch" + +if [ -f "$bootstrap" ]; then + uci -q batch <<-EOF + set updater.turris.branch='$(cat "$bootstrap")' + commit updater.turris.branch + EOF + rm -f "$bootstrap" +fi diff --git a/updater-ng/files/update_alternatives.sh b/updater-ng/files/update_alternatives.sh new file mode 100755 index 0000000..c93ae45 --- /dev/null +++ b/updater-ng/files/update_alternatives.sh @@ -0,0 +1,23 @@ +#!/bin/sh +set -e + +if [ $# -gt 0 ]; then + echo "This script is part of updater and allows user to manually fix alternative links in system." >&2 + exit 0 +fi + +if [ ! -d /usr/lib/opkg/info ]; then + echo "OPKG info directory not located. This is OpenWrt system, isn't it?" >&2 + exit 1 +fi + +# Fist install all busybox applets and then overwite them with alternatives + +busybox --install /bin + +sed -n 's/^Alternatives://p' /usr/lib/opkg/info/*.control | \ + tr , '\n' | \ + sort -n | \ + while IFS=: read PRIO TRG SRC; do + ln -sf "$SRC" "$TRG" + done diff --git a/updater-ng/files/updater.config b/updater-ng/files/updater.config new file mode 100644 index 0000000..82e220e --- /dev/null +++ b/updater-ng/files/updater.config @@ -0,0 +1,4 @@ + +config turris 'turris' + option mode 'branch' + |