Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

subprocess: Forward proxy env for postinstall script #37

Merged
merged 1 commit into from
Jan 24, 2024
Merged

subprocess: Forward proxy env for postinstall script #37

merged 1 commit into from
Jan 24, 2024

Conversation

pothos
Copy link
Member

@pothos pothos commented Jan 24, 2024
edited
Loading

The proxy env vars for curl can be set up for the update-engine service but so far weren't forwarded to the postinstall script. Now that we download from it, we need to forward them.
Forward the env vars for curl and ue-rs download_sysext (Flatcar Stable currently uses curl, Alpha uses ue-rs).

How to use

Backport to Stable and LTS.

Testing done

Checked that these env vars pop up when set up. First I tested

# /etc/systemd/system/update-engine.service.d/override.conf
[Service]
Environment="LD_LIBRARY_PATH=/usr/lib64"

with sudo flatcar-update … and it made one more env var entry (2 vars). The same should happen for the proxy vars.

sudo strace -f -e trace=execve -p $(pgrep update_engine) 2>&1 | grep postinst
[pid 163396] execve("/tmp/au_postint_mount.DzIv8e/postinst", ["/tmp/au_postint_mount.DzIv8e/pos"..., "/dev/vda4", "KERNEL=/boot/flatcar/vmlinuz-b"], 0x5601b610aaf0 /* 2 vars */) = 0

With setting Environment=HTTPS_PROXY=http://a.b on a patched system and running sudo ./flatcar-update -V 3850.0.0 -F with this patch to have it download the payload as fallback:

$ diff -u /usr/bin/flatcar-update flatcar-update 
--- /usr/bin/flatcar-update	2024-01-24 11:38:22.000000000 +0000
+++ flatcar-update	2024-01-24 13:40:51.383160024 +0000
@@ -113,7 +113,7 @@
 fi
 
 # Use the old mount point for compatibility with old instances, where the script gets copied to
-OEMID=$({ grep -m 1 -o "^ID=.*" /usr/share/oem/oem-release 2> /dev/null || true ; } | cut -d = -f 2)
+OEMID= # $({ grep -m 1 -o "^ID=.*" /usr/share/oem/oem-release 2> /dev/null || true ; } | cut -d = -f 2)
 
 # Determine what to download from release server if no local payload is given.
 # Using /usr/share/flatcar/oems/ from the currently running version means the download is only best-effort

we see the 2 vars strace log as well, indicating that the env var is forwarded, and we get a failed update because the fallback download can't reach https with a non-existing proxy:

Jan 24 13:42:57 localhost update_engine[2565]: I0124 13:42:57.641688  2565 subprocess.cc:43] Subprocess status: 1
Jan 24 13:42:57 localhost update_engine[2565]: I0124 13:42:57.641752  2565 subprocess.cc:46] Subprocess output:
Jan 24 13:42:57 localhost update_engine[2565]: Args { output_dir: "/var/lib/update_engine/ue-rs/", input_xml: Some("/var/lib/update_engine/prefs/full-response"), payload_url: None, pubkey_file: "/usr/share/update_engine/update-payload-key.pub.pem", image_match: ["oem-qemu.gz"], print_progress: false }
Jan 24 13:42:57 localhost update_engine[2565]: mv: cannot stat '/var/lib/update_engine/ue-rs//oem-qemu.raw': No such file or directory
Jan 24 13:42:57 localhost update_engine[2565]: Falling back to release-server for extension 'oem-qemu'
Jan 24 13:42:57 localhost update_engine[2565]: Args { output_dir: "/var/lib/update_engine/ue-rs/", input_xml: None, payload_url: Some("https://update.release.flatcar-linux.net/amd64-usr/3850.0.0/oem-qemu.gz"), pubkey_file: "/usr/share/update_engine/update-payload-key.pub.pem", image_match: [], print_progress: false }
Jan 24 13:42:57 localhost update_engine[2565]: Error: unable to download data(url Url { scheme: "https", cannot_be_a_base: false, username: "", password: None, host: Some(Domain("update.release.flatcar-linux.net")), port: None, path: "/amd64-usr/3850.0.0/oem-qemu.gz", query: None, fragment: None })
Jan 24 13:42:57 localhost update_engine[2565]: Caused by:
Jan 24 13:42:57 localhost update_engine[2565]:     0: client get & send"https://update.release.flatcar-linux.net/amd64-usr/3850.0.0/oem-qemu.gz" failed
Jan 24 13:42:57 localhost update_engine[2565]:     1: error sending request for url (https://update.release.flatcar-linux.net/amd64-usr/3850.0.0/oem-qemu.gz): error trying to connect: dns error: failed to lookup address information: Name or service not known
Jan 24 13:42:57 localhost update_engine[2565]:     2: error trying to connect: dns error: failed to lookup address information: Name or service not known
Jan 24 13:42:57 localhost update_engine[2565]:     3: dns error: failed to lookup address information: Name or service not known
Jan 24 13:42:57 localhost update_engine[2565]:     4: failed to lookup address information: Name or service not known
Jan 24 13:42:57 localhost update_engine[2565]: Failed to download required OEM update payload

The same happens with sudo ./flatcar-update -V 3760.2.0 -F which uses curl instead of ue-rs (the error message is curl: (5) Could not resolve proxy: a.b).

@pothos
subprocess: Forward proxy env for postinstall script
2884789 
The proxy env vars for curl can be set up for the update-engine service
but so far weren't forwarded to the postinstall script. Now that we
download from it, we need to forward them.
Forward the env vars for curl and ue-rs download_sysext (Flatcar Stable
currently uses curl, Alpha uses ue-rs).
pothos added a commit to flatcar/scripts that referenced this pull request Jan 24, 2024
@pothos
coreos-base/update_engine: Forward proxy env for postinstall script
ce73388 
This pulls in flatcar/update_engine#37
to forward the proxy env vars for curl and ue-rs download_sysext
(Flatcar Stable currently uses curl, Alpha uses ue-rs).
This was referenced Jan 24, 2024
Merged
Closed
@pothos pothos merged commit 367f1fd into flatcar-master Jan 24, 2024
1 check passed
@pothos pothos deleted the kai/pass-env branch January 24, 2024 13:52
pothos added a commit to flatcar/scripts that referenced this pull request Jan 24, 2024
@pothos
coreos-base/update_engine: Forward proxy env for postinstall script
32737a2 
This pulls in flatcar/update_engine#37
to forward the proxy env vars for curl and ue-rs download_sysext
(Flatcar Stable currently uses curl, Alpha uses ue-rs).
pothos added a commit to flatcar/scripts that referenced this pull request Jan 24, 2024
@pothos
coreos-base/update_engine: Forward proxy env for postinstall script
b4ef138 
This pulls in flatcar/update_engine#37
to forward the proxy env vars for curl and ue-rs download_sysext
(Flatcar Stable currently uses curl, Alpha uses ue-rs).
pothos added a commit to flatcar/scripts that referenced this pull request Jan 24, 2024
@pothos
coreos-base/update_engine: Forward proxy env for postinstall script
8da4d70 
This pulls in flatcar/update_engine#37
to forward the proxy env vars for curl and ue-rs download_sysext
(Flatcar Stable currently uses curl, Alpha uses ue-rs).
pothos added a commit to flatcar/scripts that referenced this pull request Jan 24, 2024
@pothos
coreos-base/update_engine: Forward proxy env for postinstall script
0ce06ba 
This pulls in flatcar/update_engine#37
to forward the proxy env vars for curl and ue-rs download_sysext
(Flatcar Stable currently uses curl, Alpha uses ue-rs).
pothos added a commit to flatcar/scripts that referenced this pull request Jan 24, 2024
@pothos
coreos-base/update_engine: Forward proxy env for postinstall script
018f8c1 
This pulls in flatcar/update_engine#37
to forward the proxy env vars for curl and ue-rs download_sysext
(Flatcar Stable currently uses curl, Alpha uses ue-rs).
@github-actions github-actions bot mentioned this pull request Feb 22, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@jepio jepio jepio approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pothos @jepio