Merge pull request #289 from NethServer/distfeed

Improve updates management

docs/distfeed.md

@@ -19,7 +19,7 @@ The distribution feed includes the following channels:
 
 ## Repositories
 
-Official package repository is hosted at [{{site.download_url}}]({{site.download_url}}/index.html).
+Official package repositories are hosted at [{{site.download_url}}]({{site.download_url}}/index.html).
 
 Each release in the distribution feed is associated with two repositories:
 
@@ -47,6 +47,28 @@ Here are some examples of releases and their corresponding repositories:
     - Fixed repository: `{{site.download_url}}/dev/23.05.2-ns.0.0.1-alpha1`
     - Rolling repository: `{{site.download_url}}/dev/23.05.2`
 
+### Change repository channel
+
+The `distfeed-setup` script simplifies the automatic setup of the repository channel, tailored to the version of the running image. 
+
+Execute the script without any additional arguments to automatically configure the repository channel based on the version of the running image.
+The script is automatically executed when a subscription is enabled or disabled.
+
+### Customization options
+
+The behavior of the distfeed-setup script can be customized using the following environment variables:
+
+- `BASE_URL`: set the base URL for repositories. If not specified, the default value is taken from {{site.download}}.
+- `CHANNEL`: define the desired channel for the repository. Possible values include stable, dev, and subscription.
+   By default, the script attempts to extract this information from the `/etc/os-release` file.
+- `OWRT_VERSION`: specify the OpenWrt version used inside the rolling repository URL.
+   The script typically extracts this information from the `/etc/os-release` file.
+
+Custom configuration example:
+```
+BASE_URL="https://custom-repo-url.com" CHANNEL="dev" OWRT_VERSION="21.02.3" distfeed-setup
+```
+
 ## Upstream OpenWrt repositories
 
 You can add custom feeds by changing the `/etc/opkg/customfeeds.conf` file.

files/usr/bin/ns-download

@@ -43,9 +43,14 @@ if [ "$force" -eq 1 ]; then
     rm -rf "$DL_DIR" &> /dev/null   
 fi
 
+# Extract channel from nethsecurity_core repository url
+url=$(cat /etc/opkg/distfeeds.conf | grep nethsecurity_core | awk '{print $3}')
+path=${url#"$BASE_URL"}
+channel=$(echo $path | cut -d"/" -f2)
+
 # Set version to download
 if [ "$latest" -eq 1 ]; then
-    version=$(curl -L -s -m 10 $BASE_URL/latest_release)
+    version=$(curl -L -s -m 10 $BASE_URL/$channel/latest_release)
     if [ -z "$version" ]; then
         exit 1
     fi
@@ -56,8 +61,8 @@ fi
 hash="$DL_DIR/sha256"
 img_name="nethsecurity-$version-$ARCH-generic-squashfs-combined-efi.img.gz"
 img="$DL_DIR/$img_name"
-img_url="$BASE_URL/$version/targets/$OPENWRT_BOARD/$img_name"
-hash_url="$BASE_URL/$version/targets/$OPENWRT_BOARD/sha256sums"
+img_url="$BASE_URL/$channel/$version/targets/$OPENWRT_BOARD/$img_name"
+hash_url="$BASE_URL/$channel/$version/targets/$OPENWRT_BOARD/sha256sums"
 
 # Download if image does not exists
 if [ ! -d "$DL_DIR" ] || [ ! -f "$img" ] || [ ! -f "$hash" ]; then

files/usr/share/ns-plug/hooks/register/distfeed-setup

@@ -0,0 +1 @@
+/usr/sbin/distfeed-setup

files/usr/share/ns-plug/hooks/unregister/distfeed-setup

@@ -0,0 +1 @@
+/usr/sbin/distfeed-setup

packages/ns-api/Makefile

@@ -121,6 +121,7 @@ define Package/ns-api/install
 	$(INSTALL_BIN) ./files/ns.ssh $(1)/usr/libexec/rpcd/
 	$(INSTALL_DATA) ./files/ns.ssh.json $(1)/usr/share/rpcd/acl.d/
 	$(INSTALL_DATA) ./files/schedule-system-update $(1)/usr/libexec/ns-api/
+	$(INSTALL_DATA) ./files/schedule-automatic-updates $(1)/usr/libexec/ns-api/
 	$(INSTALL_BIN) ./files/ns.reverseproxy $(1)/usr/libexec/rpcd/
 	$(INSTALL_DATA) ./files/ns.reverseproxy.json $(1)/usr/share/rpcd/acl.d/
 	$(INSTALL_BIN) ./files/ns.devices $(1)/usr/libexec/rpcd/

packages/ns-api/README.md

@@ -4194,6 +4194,37 @@ Response example:
 {"result": "success"}
 ```
 
+### get-automatic-updates-status
+
+Check if automatic updates are enabled:
+```
+api-cli ns.update get-automatic-updates-status
+```
+
+Response example:
+```json
+{"enabled": false}
+```
+
+### set-automatic-updates
+
+Enable or disable automatic updates.
+
+Enable:
+```
+api-cli ns.update set-automatic-updates --data '{"enable": true}'
+```
+
+Disable:
+```
+api-cli ns.update set-automatic-updates --data '{"enable": false}'
+```
+
+Response example:
+```json
+{"result": "success"}
+```
+
 ## ns.ssh
 
 Read SSH keys

packages/ns-api/files/ns.update

@@ -124,6 +124,24 @@ def install_uploaded_image(image):
     # The server is too quick: this success result probably will never reach the client.
     return {"result": "success"}
 
+def get_automatic_updates_status():
+    try:
+        p = subprocess.run(["/usr/libexec/ns-api/schedule-automatic-updates", "check"], check=True, capture_output=True, text=True)
+        return {"enabled": True}
+    except:
+        return {"enabled": False}
+
+def set_automatic_updates(status):
+    if status:
+        action = "add"
+    else:
+        action = "remove"
+    try:
+        p = subprocess.run(["/usr/libexec/ns-api/schedule-automatic-updates", action], check=True, capture_output=True, text=True)
+        return {"result": "success"}
+    except:
+        return utils.generic_error("set_automatic_updates_failed")
+
 cmd = sys.argv[1]
 
 if cmd == "list":
@@ -132,13 +150,15 @@ if cmd == "list":
             {
                 "check-package-updates": {},
                 "get-package-updates-last-check": {},
+                "get-automatic-updates-status": {},
                 "install-package-updates": {},
                 "check-system-update": {},
                 "schedule-system-update": {"scheduleAt": 1699615827},
                 "update-system": {},
                 "install-uploaded-image": {
                     "image": "uploaded-xxxx"
                 },
+                "set-automatic-updates": {"enable": True}
             }
         )
     )
@@ -148,10 +168,15 @@ elif cmd == "call":
         ret = check_package_updates()
     elif action == "get-package-updates-last-check":
         ret = get_package_updates_lat_check()
+    elif action == "get-automatic-updates-status":
+        ret = get_automatic_updates_status()
     elif action == "install-package-updates":
         ret = install_package_updates()
     elif action == "check-system-update":
         ret = check_system_update()
+    elif action == "set-automatic-updates":
+        args = json.loads(sys.stdin.read())
+        ret = set_automatic_updates(args["enable"])
     elif action == "schedule-system-update":
         args = json.loads(sys.stdin.read())
         ret = schedule_system_update(args["scheduleAt"])

packages/ns-api/files/schedule-automatic-updates

@@ -0,0 +1,22 @@
+#!/bin/bash
+
+#
+# Copyright (C) 2024 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+#
+# Schedule automatic updates
+#
+
+action=${1:-"check"}
+timestamp=$2
+cmd="sleep echo \$(( RANDOM % 18000 )); /bin/opkg list-upgradable | /usr/bin/cut -f 1 -d ' ' | /usr/bin/xargs -r opkg upgrade"
+
+if [ "$action" == "add" ]; then
+    crontab -l | grep -q '$cmd' || echo "5 2 * * $cmd" >> /etc/crontabs/root
+elif [ "$action" == "remove" ]; then
+    crontab -l | grep -v "$cmd" | sort | uniq | crontab -
+else
+    crontab -l | grep -q "$cmd"
+fi

packages/ns-plug/Makefile

@@ -70,6 +70,7 @@ define Package/ns-plug/install
 	$(INSTALL_DIR) $(1)/usr/lib/netdata/python.d/
 	$(INSTALL_BIN) ./files/ns-plug.init $(1)/etc/init.d/ns-plug
 	$(INSTALL_BIN) ./files/ns-plug $(1)/usr/sbin/ns-plug
+	$(INSTALL_BIN) ./files/distfeed-setup $(1)/usr/sbin/distfeed-setup
 	$(INSTALL_BIN) ./files/remote-backup $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/send-backup $(1)/usr/sbin
 	$(INSTALL_BIN) ./files/send-heartbeat $(1)/usr/sbin

packages/ns-plug/files/distfeed-setup

@@ -0,0 +1,40 @@
+#!/bin/bash
+
+#
+# Copyright (C) 2024 Nethesis S.r.l.
+# SPDX-License-Identifier: GPL-2.0-only
+#
+
+base_url=${BASE_URL:='https://updates.nethsecurity.nethserver.org'}
+channel=${CHANNEL:=''}
+owrt_version=${OWRT_VERSION:=''}
+
+source /etc/os-release
+if [ -z "$channel" ]; then
+    channel="dev"
+    if [ -n "$(uci -q get ns-plug.config.system_id)" ]; then
+        channel="subscription"
+    else
+	# check if ns_version is stable or not
+        ns_version=$(echo "$VERSION" | cut -d- -f3- | cut -d. -f2-)
+        if [[ "$ns_version" =~ ^(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)\.(0|[1-9][0-9]*)(-((0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*)(\.(0|[1-9][0-9]*|[0-9]*[a-zA-Z-][0-9a-zA-Z-]*))*))?(\+([0-9a-zA-Z-]+(\.[0-9a-zA-Z-]+)*))?$ ]]; then
+            pre_release="${BASH_REMATCH[5]:-""}"
+            if [ -z "$pre_release" ]; then
+                channel="stable"
+            fi
+        fi
+    fi
+fi
+
+if [ -z "$owrt_version" ]; then
+    owrt_version=$(echo "$VERSION" | cut -d- -f2)
+fi
+
+cat << EOF > /etc/opkg/distfeeds.conf
+src/gz nethsecurity_core $base_url/$channel/$owrt_version/targets/x86/64/packages
+src/gz nethsecurity_base $base_url/$channel/$owrt_version/packages/x86_64/base
+src/gz nethsecurity_luci $base_url/$channel/$owrt_version/packages/x86_64/luci
+src/gz nethsecurity_nethsecurity $base_url/$channel/$owrt_version/packages/x86_64/nethsecurity
+src/gz nethsecurity_packages $base_url/$channel/$owrt_version/packages/x86_64/packages
+src/gz nethsecurity_routing $base_url/$channel/$owrt_version/packages/x86_64/routing
+EOF