diff options
| -rw-r--r-- | CHANGELOG.txt | 20 | ||||
| -rw-r--r-- | Makefile | 3 | ||||
| -rw-r--r-- | VERSION.txt | 2 | ||||
| -rwxr-xr-x | bin/container | 20 | ||||
| -rwxr-xr-x | libexec/container/update | 143 | ||||
| -rw-r--r-- | share/bash-completion/container | 16 | ||||
| -rwxr-xr-x | share/hooks/post-start.chown-nvidia.sh | 4 | ||||
| -rwxr-xr-x | share/hooks/pre-build.git-pull.sh | 11 | ||||
| -rwxr-xr-x | share/hooks/pre-get.git-pull.sh | 11 | ||||
| -rw-r--r-- | share/keys/daniel.baumann@open-infrastructure.net_0xB62C61A10B93195F.pub (renamed from share/keys/daniel.baumann@open-infrastructure.net.pub) | 0 | ||||
| -rw-r--r-- | share/keys/daniel@debian.org_0x55CF1BF986ABB9C7.pub (renamed from share/keys/daniel@debian.org.pub) | 0 | ||||
| -rw-r--r-- | share/man/container-run.1.rst | 4 | ||||
| -rw-r--r-- | share/man/container-update.1.rst | 111 | ||||
| -rw-r--r-- | share/man/container.1.rst | 5 |
14 files changed, 332 insertions, 18 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 9885e5a..f52f6f6 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -1,7 +1,27 @@ +2021-07-27 Daniel Baumann <daniel.baumann@open-infrastructure.net> + + * Releasing version 20210727. + + [ Daniel Baumann ] + * Adding backward incompatible changes of the previous release to changelog. + * Correcting synopsis in container-run manpage. + * Adding container update command. + * Also adding notifications for container get command in container main program. + * Suffixing keys with keyid in container keyring samples for transparency and uniqueness of the keys. + * Adding manpage references in usage message in main container program. + * Hardening quoting in container main program. + * Supporting /etc/compute-tools/container.conf.d. + * Adding boliderplate variables in post-start.chown-nvidia.sh example hook for consistency. + 2021-07-26 Daniel Baumann <daniel.baumann@open-infrastructure.net> * Releasing version 20210726. + * Backward incompatible changes: + - The container create command has been renamed to 'build'. + - The container create script using curl is now a 'get' script + for the new container get command. + [ Daniel Baumann ] * Harmonizing formating of default values in manpages. * Harmonizing formating of URL in homepage section in manpages. @@ -73,6 +73,7 @@ install: build mkdir -p $(DESTDIR)/etc/$(SOFTWARE)/debconf mkdir -p $(DESTDIR)/etc/$(SOFTWARE)/hooks mkdir -p $(DESTDIR)/etc/$(SOFTWARE)/keys + mkdir -p $(DESTDIR)/etc/${SOFTWARE}/container.conf.d mkdir -p $(DESTDIR)/usr/bin cp -r bin/* $(DESTDIR)/usr/bin @@ -133,6 +134,7 @@ install: build ln -sf start $(DESTDIR)/usr/libexec/$(PROGRAM)/s ln -sf status $(DESTDIR)/usr/libexec/$(PROGRAM)/st ln -sf stop $(DESTDIR)/usr/libexec/$(PROGRAM)/t + ln -sf update $(DESTDIR)/usr/libexec/$(PROGRAM)/u mkdir -p $(DESTDIR)/lib/systemd/system cp -r share/systemd/* $(DESTDIR)/lib/systemd/system @@ -204,6 +206,7 @@ uninstall: rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/debconf || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/hooks || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/keys || true + rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE)/container.conf.d || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc/$(SOFTWARE) || true rmdir --ignore-fail-on-non-empty --parents $(DESTDIR)/etc || true diff --git a/VERSION.txt b/VERSION.txt index e8d397b..781a3b1 100644 --- a/VERSION.txt +++ b/VERSION.txt @@ -1 +1 @@ -20210726 +20210727 diff --git a/bin/container b/bin/container index e284c23..172caec 100755 --- a/bin/container +++ b/bin/container @@ -32,6 +32,8 @@ if [ -z "${PARAMETER}" ] then echo "Usage: ${PROGRAM} COMMAND [OPTIONS]" >&2 echo "Usage: ${PROGRAM} COMMAND1,COMMAND2,... [COMMON_OPTIONS]" >&2 + echo + echo "See ${PROGRAM}(1) and ${PROJECT}(7) for more information." exit 1 fi @@ -40,9 +42,9 @@ COMMANDS="${1}" # Options shift 1 -OPTIONS="${@}" +OPTIONS="${*}" -for COMMAND in $(echo ${COMMANDS} | sed -e 's|,| |g') +for COMMAND in $(echo "${COMMANDS}" | sed -e 's|,| |g') do if [ ! -e "/usr/libexec/${PROGRAM}/${COMMAND}" ] then @@ -65,7 +67,7 @@ do OPTIONS="$(echo "${OPTIONS}" | sed -e 's|--no-notification||')" else case "${COMMAND}" in - build|b|move|mv|remove|rm|restart|rt|start|s|stop|t) + build|b|get|g|move|mv|remove|rm|restart|rt|start|s|stop|t|update|u) if [ -z "${CONTAINER_USER}" ] then CONTAINER_USER="${SUDO_USER:-${USER}}" @@ -78,15 +80,21 @@ do echo "${DATE} ${HOST} ${CONTAINER_USER} ${PROGRAM} ${COMMAND} ${OPTIONS}" >> "/var/log/${SOFTWARE}/${PROGRAM}.log" # irc - if [ -e /usr/bin/irk ] && [ -e "/etc/${SOFTWARE}.conf" ] + if [ -e /usr/bin/irk ] then - . "/etc/${SOFTWARE}.conf" + for FILE in "/etc/${SOFTWARE}/${PROGRAM}.conf" "/etc/${SOFTWARE}/${PROGRAM}.conf.d"/*.conf + do + if [ -e "${FILE}" ] + then + . "${FILE}" + fi + done if [ -n "${IRK_TARGETS}" ] then for TARGET in ${IRK_TARGETS} do - irk ${TARGET} "\x0300${CONTAINER_USER}\x03@\x0312${HOST}:\x03 \x0303${PROGRAM}\x03 \x0307${COMMAND}\x03 ${OPTIONS}" + irk "${TARGET}" "\x0300${CONTAINER_USER}\x03@\x0312${HOST}:\x03 \x0303${PROGRAM}\x03 \x0307${COMMAND}\x03 ${OPTIONS}" done fi fi diff --git a/libexec/container/update b/libexec/container/update new file mode 100755 index 0000000..bb175d1 --- /dev/null +++ b/libexec/container/update @@ -0,0 +1,143 @@ +#!/bin/sh + +# Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +# +# SPDX-License-Identifier: GPL-3.0+ +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. +# +# This program is distributed in the hope that it will be useful, +# but WITHOUT ANY WARRANTY; without even the implied warranty of +# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +# GNU General Public License for more details. +# +# You should have received a copy of the GNU General Public License +# along with this program. If not, see <https://www.gnu.org/licenses/>. + +set -e + +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" +COMMAND="$(basename ${0})" + +HOOKS="/etc/${SOFTWARE}/hooks" + +Parameters () +{ + GETOPT_LONGOPTIONS="name:,full-upgrade,autoremove,purge,yes," + GETOPT_OPTIONS="n:,r,p,y," + + PARAMETERS="$(getopt --longoptions ${GETOPT_LONGOPTIONS} --name=${COMMAND} --options ${GETOPT_OPTIONS} --shell sh -- ${@})" + + if [ "${?}" != "0" ] + then + echo "'${COMMAND}': getopt exit" >&2 + exit 1 + fi + + eval set -- "${PARAMETERS}" + + while true + do + case "${1}" in + -n|--name) + NAME="${2}" + shift 2 + ;; + + -f|--full-upgrade) + FULL_UPGRADE="true" + shift 1 + ;; + + -r|--autoremove) + AUTOREMOVE="true" + shift 1 + ;; + + -p|--purge) + PURGE="--purge" + shift 1 + ;; + + -y|--yes) + YES="-y" + shift 1 + ;; + + --) + shift 1 + break + ;; + + *) + echo "'${COMMAND}': getopt error" >&2 + exit 1 + ;; + esac + done +} + +Usage () +{ + echo "Usage: ${PROGRAM} ${COMMAND} -n|--name NAME [-f|--full-upgrade] [-r|--autoremove] [-p|--purge] [-y|--yes]" >&2 + exit 1 +} + +Parameters "${@}" + +case "${NAME}" in + ALL) + NAMES="$(container list --started --format shell)" + ;; + + *) + NAMES="${NAME}" + ;; +esac + +# Pre hooks +for FILE in "${HOOKS}/pre-${COMMAND}".* "${HOOKS}/${NAME}.pre-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done + +# Run +for NAME in ${NAMES} +do + echo "################################################################################" + echo "Updating ${NAME}" + echo "################################################################################" + + container run -n ${NAME} -- "apt update && apt ${YES} upgrade" + + case "${FULL_UPGRADE}" in + true) + container run -n ${NAME} -- "apt update && ${YES} full-upgrade" + ;; + esac + + case "${AUTOREMOVE}" in + true) + container run -n ${NAME} -- "apt ${YES} autoremove ${PURGE}" + ;; + esac + + echo "'${NAME}': container updated." +done + +# Post hooks +for FILE in "${HOOKS}/post-${COMMAND}".* "${HOOKS}/${NAME}.post-${COMMAND}" +do + if [ -x "${FILE}" ] + then + "${FILE}" + fi +done diff --git a/share/bash-completion/container b/share/bash-completion/container index bb3eb41..dfb7ad5 100644 --- a/share/bash-completion/container +++ b/share/bash-completion/container @@ -334,6 +334,22 @@ _container() return 0 ;; + update|u) + case "${prev}" in + -n|--name) + opts="$(container list -s -f shell)" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + + *) + opts="-n --name -y --yes" + COMPREPLY=( $(compgen -W "${opts}" -- ${cur}) ) + return 0 + ;; + esac + ;; + version|ver) return 0 ;; diff --git a/share/hooks/post-start.chown-nvidia.sh b/share/hooks/post-start.chown-nvidia.sh index 64c02cc..2a99bd3 100755 --- a/share/hooks/post-start.chown-nvidia.sh +++ b/share/hooks/post-start.chown-nvidia.sh @@ -19,6 +19,10 @@ set -e +PROJECT="open-infrastructure" +SOFTWARE="compute-tools" +PROGRAM="container" + CONTAINER="/var/lib/machines" if grep -qs nvidia "${CONTAINER}/${NAME}/etc/group" diff --git a/share/hooks/pre-build.git-pull.sh b/share/hooks/pre-build.git-pull.sh index 744f955..d2cc152 100755 --- a/share/hooks/pre-build.git-pull.sh +++ b/share/hooks/pre-build.git-pull.sh @@ -31,10 +31,13 @@ do then echo "Updating ${DIRECTORY}..." - if [ -e "/etc/${SOFTWARE}.conf" ] - then - . "/etc/${SOFTWARE}.conf" - fi + for FILE in "/etc/${SOFTWARE}/${PROGRAM}.conf" "/etc/${SOFTWARE}/${PROGRAM}.conf.d"/*.conf + do + if [ -e "${FILE}" ] + then + . "${FILE}" + fi + done DEBCONF_ID="${DEBCONF_ID:-HEAD}" diff --git a/share/hooks/pre-get.git-pull.sh b/share/hooks/pre-get.git-pull.sh index 744f955..d2cc152 100755 --- a/share/hooks/pre-get.git-pull.sh +++ b/share/hooks/pre-get.git-pull.sh @@ -31,10 +31,13 @@ do then echo "Updating ${DIRECTORY}..." - if [ -e "/etc/${SOFTWARE}.conf" ] - then - . "/etc/${SOFTWARE}.conf" - fi + for FILE in "/etc/${SOFTWARE}/${PROGRAM}.conf" "/etc/${SOFTWARE}/${PROGRAM}.conf.d"/*.conf + do + if [ -e "${FILE}" ] + then + . "${FILE}" + fi + done DEBCONF_ID="${DEBCONF_ID:-HEAD}" diff --git a/share/keys/daniel.baumann@open-infrastructure.net.pub b/share/keys/daniel.baumann@open-infrastructure.net_0xB62C61A10B93195F.pub index 1e1884d..1e1884d 100644 --- a/share/keys/daniel.baumann@open-infrastructure.net.pub +++ b/share/keys/daniel.baumann@open-infrastructure.net_0xB62C61A10B93195F.pub diff --git a/share/keys/daniel@debian.org.pub b/share/keys/daniel@debian.org_0x55CF1BF986ABB9C7.pub index 910f870..910f870 100644 --- a/share/keys/daniel@debian.org.pub +++ b/share/keys/daniel@debian.org_0x55CF1BF986ABB9C7.pub diff --git a/share/man/container-run.1.rst b/share/man/container-run.1.rst index 890c95d..9759811 100644 --- a/share/man/container-run.1.rst +++ b/share/man/container-run.1.rst @@ -31,8 +31,8 @@ Execute commands in a container namespace Synopsis ======== -| **container run** ['OPTIONS'] -| **cnt r** ['OPTIONS'] +| **container run** ['OPTIONS'] -- 'COMMAND'\|"COMMANDS" +| **cnt r** ['OPTIONS'] -- 'COMMAND'\|"COMMANDS" Description =========== diff --git a/share/man/container-update.1.rst b/share/man/container-update.1.rst new file mode 100644 index 0000000..7b17ae2 --- /dev/null +++ b/share/man/container-update.1.rst @@ -0,0 +1,111 @@ +.. Open Infrastructure: compute-tools + +.. Copyright (C) 2014-2021 Daniel Baumann <daniel.baumann@open-infrastructure.net> +.. +.. SPDX-License-Identifier: GPL-3.0+ +.. +.. This program is free software: you can redistribute it and/or modify +.. it under the terms of the GNU General Public License as published by +.. the Free Software Foundation, either version 3 of the License, or +.. (at your option) any later version. +.. +.. This program is distributed in the hope that it will be useful, +.. but WITHOUT ANY WARRANTY; without even the implied warranty of +.. MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +.. GNU General Public License for more details. +.. +.. You should have received a copy of the GNU General Public License +.. along with this program. If not, see <https://www.gnu.org/licenses/>. + +================ +container-update +================ + +-------------------------------------------- +Update the packages installed in a container +-------------------------------------------- + +:manual section: 1 +:manual group: Open Infrastructure + +Synopsis +======== + +| **container update** ['OPTIONS'] +| **cnt u** ['OPTIONS'] + +Description +=========== + +The **container update** command updates packages installed in a container. + +Options +======= + +The following **container update** options are available: + +-n, --name='NAME': + Specify container name. Specifying 'ALL' will start all stopped container. + +-f, --full-upgrade: + Runs an additional 'apt full-upgrade' after 'apt upgrade'. + +-r, --autoremove: + Runs an additional 'apt autoremove' after 'apt upgrade'. + +-p, --purge: + Passing '--purge' to 'apt autoremove'. + +-y|--yes: + Passing 'yes' to all questions asked by the package manager. + +Examples +======== + +Update example.net container (apt update && apt upgrade): + + sudo container update -n example.net + +Update example.net container without asking questions (apt update && apt --yes +upgrade): + + sudo container update -n example.net -y + +Full update of example.net container without asking questions (apt update && +apt --yes upgrade && apt --yes full-upgrade): + + sudo container update -n example.net -f -y + +Full update of all container on the host, with asking questions and +purging unused packages (apt update && apt upgrade && apt full-upgrade && apt +autoremove): + + sudo container update -n ALL -f -r -p -y + +See also +======== + +| compute-tools(7), +| container(1). + +Homepage +======== + +More information about compute-tools and the Open Infrastructure project can be +found on the homepage (https://open-infrastructure.net). + +Contact +======= + +Bug reports, feature requests, help, patches, support and everything else are +welcome on the Open Infrastructure Software Mailing List +<software@lists.open-infrastructure.net>. + +Debian specific bugs can also be reported in the Debian Bug Tracking System +(https://bugs.debian.org). + +Authors +======= + +compute-tools were written by Daniel Baumann +<daniel.baumann@open-infrastructure.net> and others. diff --git a/share/man/container.1.rst b/share/man/container.1.rst index cce283b..3fff87b 100644 --- a/share/man/container.1.rst +++ b/share/man/container.1.rst @@ -101,6 +101,9 @@ status: top: Dynamic list of container on the system, see container-top(1). +update: + Update the packages installed in a container. + version: Show container version, see container-version(1). @@ -109,7 +112,7 @@ Files The following files are used: -/etc/compute-tools/container: +/etc/compute-tools/container.conf, /etc/compute-tools/container.conf.d/\*.conf: Container configuration files. /usr/bin/container, /usr/bin/cnt: |