From 0cb0241b880ab0026d5cbf860232849efdc27ab6 Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Fri, 8 Oct 2021 16:39:10 +0100 Subject: [PATCH 1/3] Extract release tag from release api using awk (fix BSD issues) --- getssl | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/getssl b/getssl index c4712e8f..254ca168 100755 --- a/getssl +++ b/getssl @@ -774,10 +774,8 @@ check_getssl_upgrade() { # check if a more recent release is available fi local release_data release_tag release_ver local_ver release_desc NEWCMD debug "Checking for releases at $RELEASE_API" - # Sometimes the json is pretty-printed, sometimes not. Loosely tied to --user-agent, but not - # always. Normalize it enough to get the 3 elements necessary. Oh, for jq... # shellcheck disable=SC2086 - release_data="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$RELEASE_API" | sed -e's/\("[^:]*": *\("[^""]*",\|[^,]*[,}]\)\)/\r\n\1/g')" + release_data="$(curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" -H 'Accept: application/vnd.github.v3+json' "$RELEASE_API")" errcode=$? if [[ $errcode -eq 60 ]]; then error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)" @@ -786,8 +784,8 @@ check_getssl_upgrade() { # check if a more recent release is available fi # Replace error in release description with _error (which is ignored by check_output_for_errors() in the tests) debug "${release_data//error/_error}" - release_data="$(sed -e's/^ *//g' <<<"${release_data}")" - release_tag="$(sed -e'/"tag_name": *"/!d;s/"tag_name": *"\([^""]*\).*$/\1/' <<<"${release_data}")" + # awk from https://stackoverflow.com/questions/1761341/awk-print-next-record-following-matched-record + release_tag=$(awk -F'"' '/tag_name/ {f=NR} f&&NR-1==f' RS=":|," <<<"${release_data}" | sed -e's/"//g') if [[ "${release_tag:0:1}" != 'v' ]] ; then if [[ ${_MUTE} -eq 0 ]]; then info "The current repository has no releases or is improperly tagged; can't check for upgrades: '$release_tag'" From 07b5b6e4da964a25b9d0787e1da06ce89585e63f Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Mon, 11 Oct 2021 10:18:15 +0100 Subject: [PATCH 2/3] Fix broken upgrade url Add pre and post upgrade sanity checks Fixes #718 --- getssl | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/getssl b/getssl index 254ca168..fc61831e 100755 --- a/getssl +++ b/getssl @@ -274,6 +274,8 @@ # 2021-09-30 better error if curl returns 60 (#709) # 2021-10-01 Fix -preferred-chain argument (#712) # 2021-10-01 Show help if no domain specified (#705)(2.44) +# 2021-10-08 Extract release tag from release api using awk (fix BSD issues) +# 2021-10-11 Fix broken upgrade url (#718)(2.45) # ---------------------------------------------------------------------------------------- case :$SHELLOPTS: in @@ -282,7 +284,7 @@ esac PROGNAME=${0##*/} PROGDIR="$(cd "$(dirname "$0")" || exit; pwd -P;)" -VERSION="2.44" +VERSION="2.45" # defaults ACCOUNT_KEY_LENGTH=4096 @@ -825,8 +827,9 @@ check_getssl_upgrade() { # check if a more recent release is available # shellcheck disable=SC2086 debug curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE" # shellcheck disable=SC2086 - curl ${_NOMETER:---silent} --user-agent "$CURL_USERAGENT" "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE" + status=$(curl ${_NOMETER:---silent} -w "%{http_code}" --user-agent "$CURL_USERAGENT" "$CODE_LOCATION" --output "$TEMP_UPGRADE_FILE") errcode=$? +debug errcode=$errcode if [[ $errcode -eq 60 ]]; then error_exit "curl needs updating, your version does not support SNI (multiple SSL domains on a single IP)" @@ -834,6 +837,10 @@ check_getssl_upgrade() { # check if a more recent release is available error_exit "curl error downloading release: $errcode" fi + if [[ $status -ne 200 ]]; then + error_exit "curl didn't find the updated version of getssl at $CODE_LOCATION" + fi + if ! install "$0" "${0}.v${VERSION}"; then error_exit "problem renaming old version while updating, check permissions" fi @@ -841,6 +848,17 @@ check_getssl_upgrade() { # check if a more recent release is available error_exit "problem installing new version while updating, check permissions" fi + check=$(bash "$0" -U -v) + release_tag_upper=$(echo "$release_tag" | tr "[:lower:]" "[:upper:]") + if [[ "$check" != "getssl ${release_tag_upper}" ]]; then + info "problem running new version, rolling back to old version" + if ! install "${0}.v${VERSION}" "$0"; then + error_exit "problem rolling back, you'll need to manually check $0 and $0.${VERSION}" + fi + error_exit "problem calling new version; output of $TEMP_UPGRADE_FILE -v was \"$check\", expected \"getssl ${release_tag_upper}\"" + fi + + if [[ ${_MUTE} -eq 0 ]]; then echo "Updated getssl from v${VERSION} to ${release_tag}" echo "The old version remains as ${0}.v${VERSION} and should be removed" From f960ac9843a0138118ce99609f32e33984a2968a Mon Sep 17 00:00:00 2001 From: Tim Kimber Date: Mon, 11 Oct 2021 11:49:12 +0100 Subject: [PATCH 3/3] Don't run centos and ubuntu tests at same time --- .github/workflows/run-tests-staging-duckdns.yml | 2 ++ .github/workflows/run-tests-staging-dynu.yml | 2 ++ 2 files changed, 4 insertions(+) diff --git a/.github/workflows/run-tests-staging-duckdns.yml b/.github/workflows/run-tests-staging-duckdns.yml index 87da1588..02805fab 100644 --- a/.github/workflows/run-tests-staging-duckdns.yml +++ b/.github/workflows/run-tests-staging-duckdns.yml @@ -24,6 +24,8 @@ jobs: run: test/run-test.sh centos7-duckdns test-ubuntu-duckdns: runs-on: ubuntu-latest + if: always() + needs: test-centos7-duckdns steps: - uses: actions/checkout@v2 - name: Build the docker-compose stack diff --git a/.github/workflows/run-tests-staging-dynu.yml b/.github/workflows/run-tests-staging-dynu.yml index fde2ba2b..cf38bd75 100644 --- a/.github/workflows/run-tests-staging-dynu.yml +++ b/.github/workflows/run-tests-staging-dynu.yml @@ -24,6 +24,8 @@ jobs: run: test/run-test.sh centos7-dynu test-ubuntu-dynu: runs-on: ubuntu-latest + if: always() + needs: test-centos7-dynu steps: - uses: actions/checkout@v2 - name: Build the docker-compose stack