From bb5dafe72be40ac55a734068ce7089c5d493cfb9 Mon Sep 17 00:00:00 2001 From: Mike Gomon Date: Mon, 6 Mar 2023 15:58:17 -0500 Subject: [PATCH 1/3] give options for dnf update --- scripts/assemble | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/assemble b/scripts/assemble index 59356eb..4c51edf 100755 --- a/scripts/assemble +++ b/scripts/assemble @@ -49,7 +49,14 @@ mkdir -p /tmp/src cd /tmp/src -$PKGMGR update -y $PKGMGR_OPTS +# run all, security or none for package update +if [[ $PKG_UPDATE == 'all' ]]; then + $PKGMGR update -y $PKGMGR_OPTS +elif [[ $PKG_UPDATE == 'security' ]]; then + $PKGMGR update -y $PKGMGR_OPTS --security +elif [[ $PKG_UPDATE == 'none' ]]; then + echo "Skipping dnf update(s) as defined: ${PKG_UPDATE}" +fi function install_bindep { # Protect from the bindep builder image use of the assemble script From 5569489c076712a4d5617ff280dad0d4dc30330f Mon Sep 17 00:00:00 2001 From: Mike Gomon Date: Mon, 6 Mar 2023 16:19:38 -0500 Subject: [PATCH 2/3] update this script the same as assemble --- scripts/install-from-bindep | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/scripts/install-from-bindep b/scripts/install-from-bindep index 538be19..15d75bc 100755 --- a/scripts/install-from-bindep +++ b/scripts/install-from-bindep @@ -34,7 +34,14 @@ if [ -z $PKGMGR ]; then fi fi -$PKGMGR update -y $PKGMGR_OPTS +# run all, security or none for package update +if [[ $PKG_UPDATE == 'all' ]]; then + $PKGMGR update -y $PKGMGR_OPTS +elif [[ $PKG_UPDATE == 'security' ]]; then + $PKGMGR update -y $PKGMGR_OPTS --security +elif [[ $PKG_UPDATE == 'none' ]]; then + echo "Skipping dnf update(s) as defined: ${PKG_UPDATE}" +fi if [ -f /output/bindep/run.txt ] ; then PACKAGES=$(cat /output/bindep/run.txt) From 2b77b9f02a54aa3c466b94ab840112239d161e61 Mon Sep 17 00:00:00 2001 From: Mike Gomon Date: Tue, 7 Mar 2023 22:15:21 -0500 Subject: [PATCH 3/3] add var and process to install securiry patches, all (like before) or none --- scripts/assemble | 13 +++++++++---- scripts/install-from-bindep | 18 ++++++++++++------ 2 files changed, 21 insertions(+), 10 deletions(-) diff --git a/scripts/assemble b/scripts/assemble index 4c51edf..25fe7c4 100755 --- a/scripts/assemble +++ b/scripts/assemble @@ -26,7 +26,12 @@ RELEASE=$(source /etc/os-release; echo $ID) # manager. PKGMGR="${PKGMGR:-}" PKGMGR_OPTS="${PKGMGR_OPTS:-}" +PKGMGR_UPDATE="${PKGMGR_UPDATE:-}" +# Install dnf because we need it for security patches only when defined +if [[ $PKGMGR_UPDATE == 'security' && -f "/usr/bin/microdnf" ]]; then + /usr/bin/microdnf install dnf -y $PKGMGR_OPTS +fi if [ -z $PKGMGR ]; then # Expect dnf to be installed, however if we find microdnf default to it. PKGMGR=/usr/bin/dnf @@ -50,12 +55,12 @@ mkdir -p /tmp/src cd /tmp/src # run all, security or none for package update -if [[ $PKG_UPDATE == 'all' ]]; then +if [ $PKGMGR_UPDATE == 'all' ]; then $PKGMGR update -y $PKGMGR_OPTS -elif [[ $PKG_UPDATE == 'security' ]]; then +elif [ $PKGMGR_UPDATE == 'security' ]; then $PKGMGR update -y $PKGMGR_OPTS --security -elif [[ $PKG_UPDATE == 'none' ]]; then - echo "Skipping dnf update(s) as defined: ${PKG_UPDATE}" +elif [ $PKGMGR_UPDATE == 'none' ]; then + echo "Skipping dnf update(s) as defined: ${PKGMGR_UPDATE}" fi function install_bindep { diff --git a/scripts/install-from-bindep b/scripts/install-from-bindep index 15d75bc..1503303 100755 --- a/scripts/install-from-bindep +++ b/scripts/install-from-bindep @@ -19,11 +19,17 @@ set -ex # manager. PKGMGR="${PKGMGR:-}" PKGMGR_OPTS="${PKGMGR_OPTS:-}" +PKGMGR_UPDATE="${PKGMGR_UPDATE:-}" +# Install dnf because we need it for security patches only when defined +if [[ $PKGMGR_UPDATE == 'security' && -f "/usr/bin/microdnf" ]]; then + /usr/bin/microdnf install dnf -y $PKGMGR_OPTS +fi if [ -z $PKGMGR ]; then # Expect dnf to be installed, however if we find microdnf default to it. - PKGMGR=/usr/bin/dnf - if [ -f "/usr/bin/microdnf" ]; then + if [[ $PKGMGR_UPDATE == 'security' && -f "/usr/bin/dnf" ]]; then + PKGMGR=/usr/bin/dnf + elif [[ $PKGMGR_UPDATE != 'security' && -f "/usr/bin/microdnf" ]]; then PKGMGR=/usr/bin/microdnf if [ -z "${PKGMGR_OPTS}" ]; then # NOTE(pabelanger): skip install docs and weak dependencies to @@ -35,12 +41,12 @@ if [ -z $PKGMGR ]; then fi # run all, security or none for package update -if [[ $PKG_UPDATE == 'all' ]]; then +if [ $PKGMGR_UPDATE == 'all' ]; then $PKGMGR update -y $PKGMGR_OPTS -elif [[ $PKG_UPDATE == 'security' ]]; then +elif [ $PKGMGR_UPDATE == 'security' ]; then $PKGMGR update -y $PKGMGR_OPTS --security -elif [[ $PKG_UPDATE == 'none' ]]; then - echo "Skipping dnf update(s) as defined: ${PKG_UPDATE}" +elif [ $PKGMGR_UPDATE == 'none' ]; then + echo "Skipping dnf update(s) as defined: ${PKGMGR_UPDATE}" fi if [ -f /output/bindep/run.txt ] ; then