[pve-devel] [PATCH manager] postinst: migrate/update APT auth config

Fabian Grünbichler f.gruenbichler at proxmox.com
Wed Sep 14 10:05:13 CEST 2022 

On September 13, 2022 5:03 pm, Stoiko Ivanov wrote:
> Thanks for the patch!
> 
> 2-3 small issues and one nit:
> On Tue, 13 Sep 2022 14:30:35 +0200
> Fabian Grünbichler <f.gruenbichler at proxmox.com> wrote:
> 
>> missed when switching over to Proxmox::RS::Subscription, which stores
>> the same info in the product-specific /etc/apt/auth.conf.d/pve.conf .
>> 
>> the top-level file might contain non-PVE-managed entries, so only remove
>> entries matching "our" machine.
>> 
>> Signed-off-by: Fabian Grünbichler <f.gruenbichler at proxmox.com>
>> ---
>>  debian/postinst | 30 ++++++++++++++++++++++++++++++
>>  1 file changed, 30 insertions(+)
>> 
>> diff --git a/debian/postinst b/debian/postinst
>> index 7be1aa3d..d6216607 100755
>> --- a/debian/postinst
>> +++ b/debian/postinst
>> @@ -62,6 +62,30 @@ EOF
>>      fi
>>  }
>>  
>> +migrate_apt_auth_conf() {
>> +    output=""
>> +    removed=""
>> +    match=0
>> +
>> +    while read l; do
> nit: shellcheck:  https://www.shellcheck.net/wiki/SC2162 -- read without
> -r will mangle backslashes - not sure if wanted here?

added in v2 for both patches, thanks!

>> +	if echo "$l" | grep -q "^/machine enterprise.proxmox.com/debian/pmg"; then
>> +	    match=1
>> +	elif echo "$l" | grep -q "^machine"; then
>> +	    match=0
>> +	fi
>> +    done
> here the '< /etc/apt/auth.conf' is missing (present in the pmg-api patch)

seems like an outdated version of the function snuck into the final 
patch :-/ this also has a stray '/' in the grep and is missing actually 
copying the lines to $output/$removed.

> 
>> +
>> +    if test -n "$removed"; then
>> +	if test ! -e /etc/apt/auth.conf.d/pmg.conf; then
>> +	    echo "Migrating APT auth config for enterprise.proxmox.com to PMG specific file.."
>> +	    echo "$removed" > /etc/apt/auth.conf.d/pmg.conf
> s/pmg.conf/pve.conf for this one

see above

> 
> 
>> +	else
>> +	    echo "Removing stale APT auth config from /etc/apt/auth.conf"
>> +	fi
>> +	echo "$output" > /etc/apt/auth.conf
> this leaves an emtpy /etc/apt/auth.conf (tested on a pmg-install) if the
> only auth.conf entry was the one for our hosts
> (maybe `test -n "$output" && echo "$output" > /etc/apt/auth.conf`
> also maybe printf might save you the trailing newline)

yeah, but that is not problematic (whitespace is meaningless except to 
start a new machine block, hence the newlines and/or empty file don't 
hurt)

> 
> 
>> +    fi
>> +}
>> +
>>  case "$1" in
>>    triggered)
>>      # We don't print a status message here, as dpkg already said
>> @@ -190,6 +214,12 @@ case "$1" in
>>  	    fi
>>  	done
>>      fi
>> +
>> +    if test ! -e /proxmox_install_mode && test -n "$2" && dpkg --compare-versions "$2" 'lt' '7.2.11~'; then
>> +	if test -e /etc/apt/auth.conf ; then
>> +	    migrate_apt_auth_conf
>> +	fi
>> +    fi
>>      ;;
>>  
>>    abort-upgrade|abort-remove|abort-deconfigure)
> 
>

More information about the pve-devel mailing list