-
Notifications
You must be signed in to change notification settings - Fork 22
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
flatcar-update: Support Flatcar OEM and extension payloads #101
Conversation
b1e480c
to
4b9413c
Compare
4b9413c
to
165d641
Compare
@@ -89,6 +119,32 @@ if [ "${FORCE_DEV_KEY}" = "1" ] && [ "${FORCE_FLATCAR_KEY}" = "1" ]; then | |||
echo "Error: must only specify one of --force-dev-key or --force-flatcar-key" > /dev/stderr ; exit 1 | |||
fi | |||
|
|||
# Use the old mount point for compatibility with old instances, where the script gets copied to | |||
OEMID=$({ grep -m 1 -o "^ID=.*" /usr/share/oem/oem-release 2> /dev/null || true ; } | cut -d = -f 2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
OEMID=$({ grep -m 1 -o "^ID=.*" /usr/share/oem/oem-release 2> /dev/null || true ; } | cut -d = -f 2) | |
OEMID=$({ grep -m 1 -o "^ID=.*" /usr/share/oem/oem-release 2> /dev/null || true ; } | cut -d = -f 2-) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
The delimiter is =
and not supposed to be part of the OEMID, or?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hope so. :) Another option here is (if you want):
OEMID=$({ grep -m 1 -o "^ID=.*" /usr/share/oem/oem-release 2> /dev/null || true ; } | cut -d = -f 2) | |
OEMID=$(source /usr/share/oem/oem-release || :; echo "${ID:-}") |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Good idea, since this is used at other places, I think we should change it everywhere in a follow-up
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested it and it breaks the main script execution if oem-release
would have an invalid syntax.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
What works is this here: $(sh -c "source /usr/share/oem/oem-release" || :; echo "${ID:-}")
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Tested it and it breaks the main script execution if
oem-release
would have an invalid syntax.
Alright, let's have a solution that works. I'll have a look at making sure that this file is valid for sourcing.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I'm sure it's valid as we ship it but if it's broken due to invalid user changes I wanted the script not to crash, hence the sh -c
workaround (since it's a subshell, || :
won't be needed then).
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Ah, no, my example is broken because the echo should be part of the sh -c
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This here works ID=$(sh -c 'source /usr/share/oem/oem-release; echo "${ID:-}"' 2>/dev/null || true)
The OEMs are now getting ported over to systemd-sysext images and they are delivered as additional update payloads in the Omaha response. We also define optional Flatcar extensions that the user can enable. While update-engine's post-install action and the initrd have a fallback mechanism that use the release server in case flatcar-update does not provide the required payloads, this does not work for airgapped environments or updating to developer payloads. Let flatcar-update download the required payloads for the running machine from the release server instead of relying on any fallback logic and also request the user to provide any required extension payloads.
df81001
to
98f6810
Compare
The cleanup of all subprocesses through "kill 0" also ends up sending a SIGTERM to the script itself, which prevents ending with a successful return code. Keep track of spawned subprocesses (at least the top ones) and only kill them.
98f6810
to
879698a
Compare
@@ -89,6 +119,32 @@ if [ "${FORCE_DEV_KEY}" = "1" ] && [ "${FORCE_FLATCAR_KEY}" = "1" ]; then | |||
echo "Error: must only specify one of --force-dev-key or --force-flatcar-key" > /dev/stderr ; exit 1 | |||
fi | |||
|
|||
# Use the old mount point for compatibility with old instances, where the script gets copied to | |||
OEMID=$({ grep -m 1 -o "^ID=.*" /usr/share/oem/oem-release 2> /dev/null || true ; } | cut -d = -f 2) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I hope so. :) Another option here is (if you want):
OEMID=$({ grep -m 1 -o "^ID=.*" /usr/share/oem/oem-release 2> /dev/null || true ; } | cut -d = -f 2) | |
OEMID=$(source /usr/share/oem/oem-release || :; echo "${ID:-}") |
The OEMs are now getting ported over to systemd-sysext images and they are delivered as additional update payloads in the Omaha response. We also define optional Flatcar extensions that the user can enable. While update-engine's post-install action and the initrd have a fallback mechanism that use the release server in case flatcar-update does not provide the required payloads, this does not work for airgapped environments or updating to developer payloads.
Let flatcar-update download the required payloads for the running machine from the release server instead of relying on any fallback logic and also request the user to provide any required extension payloads.
How to use
Testing done
See flatcar/update_engine#24