aboutsummaryrefslogblamecommitdiffstats
path: root/community/apt-dater-host/apk-handle-FORBID_-lines.patch
blob: 92a40f1dc20c4638a8fd2ef454c79d3fa5d1499c (plain) (tree)

















































































































































                                                                                                       
From b737808d86dc364730c4fdb6987dd7077b32c0a2 Mon Sep 17 00:00:00 2001
From: Henrik Riomar <henrik.riomar@gmail.com>
Date: Fri, 29 Oct 2021 11:38:33 +0200
Subject: [PATCH] apk: handle FORBID_* lines

Handle config file options:

 * FORBID_REFRESH
 * FORBID_UPGRADE
 * FORBID_INSTALL
---
 apk/apt-dater-host      | 34 +++++++++++++++++++++++++++++-----
 apk/apt-dater-host.conf | 15 +++++++++++++++
 apk/test-apt-dater-host | 19 +++++++++++++++++++
 3 files changed, 63 insertions(+), 5 deletions(-)

diff --git a/apk/apt-dater-host b/apk/apt-dater-host
index 02e976a..c60ffd6 100755
--- a/apk/apt-dater-host
+++ b/apk/apt-dater-host
@@ -34,6 +34,10 @@ APK_CMD="/sbin/apk"
 VIRT_WHAT_CMD="/usr/sbin/virt-what --test-root=/"
 DMESG_CMD="dmesg"
 
+FORBID_REFRESH=0
+FORBID_UPGRADE=0
+FORBID_INSTALL=0
+
 cfg="/etc/apt-dater-host.conf"
 [ -r $cfg ] && . $cfg
 
@@ -144,7 +148,11 @@ get_kern()
 # FORBID: ${Operations}
 check_forbid()
 {
-	echo "FORBID: 0"
+	mask=0
+	[ $FORBID_REFRESH -eq 1 ] && mask=$((mask|=1))
+	[ $FORBID_UPGRADE -eq 1 ] && mask=$((mask|=2))
+	[ $FORBID_INSTALL -eq 1 ] && mask=$((mask|=4))
+	echo "FORBID: $mask"
 }
 
 #  ADPROTO: ${ProtoVersion}
@@ -183,6 +191,10 @@ run_as_root()
 	fi
 }
 
+echoerr()
+{
+	printf "\n%s\n\n" "$@" 1>&2
+}
 
 if [ -z "$1" ]; then
 	echo "Don't call this script directly!"
@@ -192,7 +204,11 @@ fi
 case "$1" in
 	refresh)
 		say_hi
-		run_as_root 0 $APK_CMD update
+		if [ $FORBID_REFRESH -eq 1 ]; then
+			echoerr "** Sorry, apt-dater based refreshs on this host are disabled! **"
+		else
+			run_as_root 0 $APK_CMD update
+		fi
 		do_status
 		;;
 
@@ -202,13 +218,21 @@ case "$1" in
 		;;
 
 	upgrade)
-		run_as_root 1 $APK_CMD upgrade
+		if [ $FORBID_UPGRADE -eq 1 ]; then
+			echoerr "** Sorry, apt-dater based upgrades on this host are disabled! **"
+		else
+			run_as_root 1 $APK_CMD upgrade
+		fi
 		;;
 
 	install)
 		shift
-		echo "Installing PKG: $*"
-		run_as_root 1 $APK_CMD add $*
+		if [ $FORBID_INSTALL -eq 1 ]; then
+			echoerr "** Sorry, apt-dater based installations on this host are disabled! **"
+		else
+			echo "Installing PKG: $*"
+			run_as_root 1 $APK_CMD add $*
+		fi
 		;;
 
 	kernel)
diff --git a/apk/apt-dater-host.conf b/apk/apt-dater-host.conf
index 54210c2..6ac7e14 100644
--- a/apk/apt-dater-host.conf
+++ b/apk/apt-dater-host.conf
@@ -5,3 +5,18 @@
 # use this command to become root
 # Supported: doas and sudo
 #ROOT_CMD="doas"
+
+##
+## If this host is a mission critical system and
+## needs scheduled downtimes for upgrades, enable
+## (some) of the following FORBID_* lines:
+##
+
+# prevent apt-dater-host from refreshing package lists
+#FORBID_REFRESH=1
+
+# prevent apt-dater-host from upgrading packages
+#FORBID_UPGRADE=1
+
+# prevent apt-dater-host from installing packages
+#FORBID_INSTALL=1
diff --git a/apk/test-apt-dater-host b/apk/test-apt-dater-host
index e36dea1..f0a47fe 100755
--- a/apk/test-apt-dater-host
+++ b/apk/test-apt-dater-host
@@ -60,3 +60,22 @@ test_get_virt()
 	result="$(get_kern)"
 	check_tag KERNELINFO $result
 }
+
+@test "check_forbid()" {
+	# check defaults
+	result="$(check_forbid)"
+	check_tag FORBID $result
+	[[ "$result" == "FORBID: 0" ]]
+
+	export FORBID_UPGRADE=1
+	result="$(check_forbid)"
+	[[ "$result" == "FORBID: 2" ]]
+
+	export FORBID_INSTALL=1
+	result="$(check_forbid)"
+	[[ "$result" == "FORBID: 6" ]]
+
+	export FORBID_REFRESH=1
+	result="$(check_forbid)"
+	[[ "$result" == "FORBID: 7" ]]
+}
-- 
2.33.1