Uploaded image for project: 'XenServer Org'
  1. XenServer Org
  2. XSO-996

Do not hide failures in patching system configuration

    XMLWordPrintable

Details

    • Improvement
    • Resolution: Unresolved
    • Major
    • None
    • 8.2
    • Packaging
    • None

    Description

      Context: in xenserver-release, there are many %triggerin scriptlets that apply patches to configuration files. This is fragile, as it can fail if the users made changes to those files, or in some cases patches may not apply at all, as was the case with the ssh configuration (ciphers, etc., cf XS82E015).

      I don't have a better way to suggest for now for handling the changing of configuration files that belong to CentOS packages such as openssh-server, however the issue mentioned above would have been detected when analysing installation logs if the patch wasn't applied silently.

      Currently, the patches are applied totally silently: 

      ( patch -tsN -r - -d / -p1 || : ) >/dev/null <<'EOF'
...patch content...
EOF

      It will never return nonzero (which is good in a RPM scriptlet AFAIK), however it will not display anything in case it fails either.

      Having it display errors would allow for:

      • errors caused by bad/obsolete patches to be displayed in installation logs
      • errors caused by user modifications on their configuration files to have a chance to be detected, when they apply updates from command line (maybe XenCenter can also display the output, I don't know).

      Here's how I did it for a patch we added to XCP-ng:

      # XCP-ng: change depmod global configuration to give priority to 'override' modules dir
%triggerin config -- kmod
DEPMOD_PATCH=$(cat <<'EOF'
--- /etc/depmod.d/dist.conf.orig        2019-04-23 11:31:19.107096410 +0200
+++ /etc/depmod.d/dist.conf     2019-04-23 11:31:30.533088996 +0200
@@ -3,4 +3,4 @@
 # # override default search ordering for kmod packaging
-search updates extra built-in weak-updates
+search override updates extra built-in weak-updates
EOF
)
# Do not apply patch if it was already applied
if ! echo "$DEPMOD_PATCH" | patch --dry-run -RsN -d / -p1 >/dev/null; then
    # Apply patch. Output NOT redirected to /dev/null so that error messages are displayed
    if ! echo "$DEPMOD_PATCH" | patch -tsN -r - -d / -p1; then
        echo "Error: failed to apply patch:"
        echo "$DEPMOD_PATCH"
    fi
fi

      This could very well be made into a macro that is then used to apply any patch to configuration files that are owned by other packages.

      Hoping you will consider this suggestion.

      Attachments

        Activity

          People

            Unassigned Unassigned
            stormi Samuel Verschelde
            Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

              Created:
              Updated: