diff options
| -rw-r--r-- | Makefile | 7 | ||||
| -rw-r--r-- | README.md | 38 | ||||
| -rwxr-xr-x | bin/pacman-offline | 101 | ||||
| -rw-r--r-- | config/offline-include.conf | 2 | ||||
| -rw-r--r-- | config/offline.conf | 2 | ||||
| -rw-r--r-- | hook/99-pacman-offline.hook | 6 | ||||
| -rw-r--r-- | polkit/pacman-offline.rules | 11 | ||||
| -rwxr-xr-x | systemd/pacman-offline | 51 | ||||
| -rw-r--r-- | systemd/pacman-offline-done-poweroff.service | 22 | ||||
| -rw-r--r-- | systemd/pacman-offline-done-reboot.service | 22 | ||||
| -rw-r--r-- | systemd/pacman-offline-prepare.service | 6 | ||||
| -rw-r--r-- | systemd/pacman-offline-prepare.timer | 3 | ||||
| -rw-r--r-- | systemd/pacman-offline-reboot.service | 14 | ||||
| -rw-r--r-- | systemd/pacman-offline-reboot.timer | 4 | ||||
| -rw-r--r-- | systemd/pacman-offline.service | 14 |
15 files changed, 237 insertions, 66 deletions
@@ -7,7 +7,7 @@ SED := sed # this is just a fallback in case you do not # use git but downloaded a release tarball... -VERSION := 0.2.3 +VERSION := 0.3.7 all: README.html @@ -20,12 +20,15 @@ install: install-bin install-doc install-bin: $(INSTALL) -D -m0755 bin/pacman-offline $(DESTDIR)/usr/bin/pacman-offline $(INSTALL) -D -m0644 config/offline.conf $(DESTDIR)/etc/pacman.d/offline.conf + $(INSTALL) -D -m0644 config/offline-include.conf $(DESTDIR)/etc/pacman.d/offline-include.conf $(INSTALL) -D -m0644 hook/99-pacman-offline.hook $(DESTDIR)/usr/share/libalpm/hooks/99-pacman-offline.hook + $(INSTALL) -D -m0644 polkit/pacman-offline.rules $(DESTDIR)/usr/share/polkit-1/rules.d/pacman-offline.rules $(INSTALL) -D -m0644 systemd/pacman-offline.service $(DESTDIR)/usr/lib/systemd/system/pacman-offline.service $(INSTALL) -D -m0755 systemd/pacman-offline $(DESTDIR)/usr/lib/systemd/scripts/pacman-offline + $(INSTALL) -D -m0644 systemd/pacman-offline-done-poweroff.service $(DESTDIR)/usr/lib/systemd/system/pacman-offline-done-poweroff.service + $(INSTALL) -D -m0644 systemd/pacman-offline-done-reboot.service $(DESTDIR)/usr/lib/systemd/system/pacman-offline-done-reboot.service $(INSTALL) -D -m0644 systemd/pacman-offline-prepare.service $(DESTDIR)/usr/lib/systemd/system/pacman-offline-prepare.service $(INSTALL) -D -m0644 systemd/pacman-offline-prepare.timer $(DESTDIR)/usr/lib/systemd/system/pacman-offline-prepare.timer - $(INSTALL) -D -m0644 systemd/pacman-offline-reboot.service $(DESTDIR)/usr/lib/systemd/system/pacman-offline-reboot.service $(INSTALL) -D -m0644 systemd/pacman-offline-reboot.timer $(DESTDIR)/usr/lib/systemd/system/pacman-offline-reboot.timer $(INSTALL) -d -m0755 $(DESTDIR)/usr/lib/systemd/system/system-update.target.wants/ $(LN) -s ../pacman-offline.service $(DESTDIR)/usr/lib/systemd/system/system-update.target.wants/pacman-offline.service @@ -4,7 +4,7 @@ pacman-offline **Run offline system update with pacman.** The offline system update with pacman is achieved by integrating into -[offline updates in systemd](https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html#/etc/system-update). +[offline updates in systemd](https://www.freedesktop.org/software/systemd/man/systemd.offline-updates.html). In fact only two scripts and a number of systemd unit files are used to glue `systemd` and `pacman`. @@ -16,6 +16,10 @@ There are the runtime dependencies: * [pacman](https://archlinux.org/pacman/) * [systemd](https://www.github.com/systemd/systemd) +And there's an optional dependency to support elevating privileges: + +* [polkit](https://github.com/polkit-org/polkit) + Optional basic support for [plymouth](https://www.freedesktop.org/wiki/Software/Plymouth/) is integrated. @@ -26,13 +30,25 @@ Usage A single command `pacman-offline` is used to prepare the offline update. It accepts some arguments: +* *-a*: abort pending system-update * *-c*: clean before download * *-f*: force if other system-update is pending * *-h*: show help +* *-p*: reboot, install and poweroff immediately * *-r*: reboot and install immediately * *-t*: start timer for nightly reboot * *-y*: update sync databases +### Elevating privileges + +The privileges are elevated automatically if `polkit` is installed. This works +with no authentication if your user is member of the group `wheel`. To add your +user to that group run: + + usermod --append --groups wheel user + +If your user is not member of that group you will be asked for a password. + ### Timer for preparation You can enable a timer to prepare the offline update automatically. @@ -54,16 +70,21 @@ This will trigger at night, if updates are pending and prepared. Configuration ------------- -A sinppet for inclusion in `/etc/pacman.conf` is shipped. To make use of -it add this line: +Two snippets for inclusion in `/etc/pacman.conf` are shipped. To make use of +them add these line: Include = /etc/pacman.d/offline.conf + #Include = /etc/pacman.d/offline-include.conf -It will cause `pacman` to ignore linux packages and prevent breaking module -loading. These packages are not ignored on offline update. +The first one will cause `pacman` to ignore linux packages and prevent +breaking module loading and hibernation. These packages are not ignored +on offline update. -Modify `/etc/pacman.d/offline.conf` to your needs by changing or adding -packages. +The second one has the opposite effect, it is included on offline action +only. + +Modify `/etc/pacman.d/offline.conf` and `/etc/pacman.d/offline-include.conf` +to your needs by changing or adding packages, or adding new directives. License and warranty -------------------- @@ -86,3 +107,6 @@ URL: Mirror: [eworm.de](https://git.eworm.de/cgit.cgi/pacman-offline/) [GitLab.com](https://gitlab.com/eworm-de/pacman-offline#pacman-offline) + +--- +[⬆️ Go back to top](#top) diff --git a/bin/pacman-offline b/bin/pacman-offline index acc8646..181aa74 100755 --- a/bin/pacman-offline +++ b/bin/pacman-offline @@ -1,6 +1,6 @@ #!/bin/sh -# (C) 2017-2024 by Christian Hesse <mail@eworm.de> +# (C) 2017-2025 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -12,20 +12,66 @@ set -e function help() { echo "usage: ${0} [OPTIONS]" echo - echo ' -f force if other system-update is pending' + echo ' -a abort pending system-update' echo ' -c clean before download' + echo ' -f force if other system-update is pending' echo ' -h this help' + echo ' -p reboot, install and poweroff immediately' echo ' -r reboot and install immediately' echo ' -t start timer for nightly reboot' echo ' -y update sync databases' } CLEAN=0 +POWEROFF=0 REBOOT=0 TIMER=0 -while getopts 'cfhrty' opt; do +while getopts 'acfhprty' opt; do case ${opt} in + h) + help + exit 0 + ;; + a|c|f|p|r|t|y) + ;; + *) + exit 1 + ;; + esac +done + +if systemd-detect-virt --chroot 2>/dev/null; then + echo 'Running in chroot, skipping.' >&2 + exit 0 +fi + +if [ ! -d /run/systemd/system ]; then + echo 'Current root is not booted, skipping.' >&2 + exit 0 +fi + +if [ "${UID}" -ne 0 ]; then + if command -v pkexec >/dev/null; then + echo 'Missing privileges, trying to elevate.' >&2 + exec pkexec "${0}" "${@}" + fi + + echo "You need elevated privileges. Please run as user 'root'!" >&2 + exit 1 +fi + +OPTIND=1 +while getopts 'acfhprty' opt; do + case ${opt} in + a) + rm --force \ + /system-update \ + /run/systemd/system/systemd-poweroff.service \ + /run/systemd/system/systemd-reboot.service + systemctl daemon-reload + exit 0 + ;; c) if pacman-conf 'CleanMethod' | grep -q 'KeepCurrent'; then CLEAN=1 @@ -36,9 +82,9 @@ while getopts 'cfhrty' opt; do f) rm -f /system-update ;; - h) - help - exit 0 + p) + POWEROFF=1 + REBOOT=1 ;; r) REBOOT=1 @@ -61,7 +107,10 @@ fi # exclude /etc/pacman.d/offline.conf function finish { rm -f /run/pacman.conf; } trap finish EXIT -sed '/^Include *= *\/etc\/pacman\.d\/offline\.conf$/s|^|#|' < /etc/pacman.conf > /run/pacman.conf +sed \ + -e '/^Include *= *\/etc\/pacman\.d\/offline\.conf$/s|^|#|' \ + -e '/^#Include *= *\/etc\/pacman\.d\/offline-include\.conf$/s|^#||' \ + < /etc/pacman.conf > /run/pacman.conf # remove the symlink for now, will be recreated it later rm -f /system-update @@ -82,20 +131,30 @@ pacman --config /run/pacman.conf --sync --noconfirm --sysupgrade --downloadonly # enable system update ln -sf /var/cache/pacman/pkg /system-update +if [ ${POWEROFF} -eq 1 ]; then + touch /run/pacman-offline-poweroff +fi + +# force a soft-reboot on (manual) reboot ... +ln -sf ../../../usr/lib/systemd/system/systemd-soft-reboot.service \ + /run/systemd/system/systemd-reboot.service -# reboot if requested +# ... and also on poweroff, but prepare poweroff +cp /usr/lib/systemd/system/systemd-soft-reboot.service \ + /run/systemd/system/systemd-poweroff.service +cat >> /run/systemd/system/systemd-poweroff.service <<-EOF + + [Service] + ExecStart=/usr/bin/touch /run/pacman-offline-poweroff + EOF + +# reload for service changes +systemctl daemon-reload + +# (soft-)reboot if requested if [ ${REBOOT} -eq 1 ]; then - if systemctl --dry-run soft-reboot 2>/dev/null; then - echo "Soft-rebooting for update." - systemctl soft-reboot - else - echo "Rebooting for update." - systemctl reboot - fi -# force a soft-reboot on (manual) reboot -elif [ -e /usr/lib/systemd/system/systemd-soft-reboot.service ]; then - ln -sf ../../../usr/lib/systemd/system/systemd-soft-reboot.service /run/systemd/system/systemd-reboot.service - systemctl daemon-reload + echo 'Rebooting for update.' + exec systemctl reboot fi # start timer if requested @@ -104,4 +163,6 @@ if [ ${TIMER} -eq 1 ]; then fi # show the timer (if active) -systemctl --quiet --no-pager list-timers pacman-offline-prepare.timer pacman-offline-reboot.timer +systemctl --quiet --no-pager list-timers \ + pacman-offline-prepare.timer \ + pacman-offline-reboot.timer diff --git a/config/offline-include.conf b/config/offline-include.conf new file mode 100644 index 0000000..879919e --- /dev/null +++ b/config/offline-include.conf @@ -0,0 +1,2 @@ +# Add this file as commented include, and it will be included on +# offline action. diff --git a/config/offline.conf b/config/offline.conf index 56f8b76..97e78e3 100644 --- a/config/offline.conf +++ b/config/offline.conf @@ -1,4 +1,4 @@ -# Ingore linux packages and prevent breaking module loading. The include of +# Ignore linux packages and prevent breaking module loading. The include of # this configuration file is removed on offline action. IgnorePkg = linux linux-headers linux-docs IgnorePkg = linux-lts linux-lts-headers linux-lts-docs diff --git a/hook/99-pacman-offline.hook b/hook/99-pacman-offline.hook index 0538072..12da360 100644 --- a/hook/99-pacman-offline.hook +++ b/hook/99-pacman-offline.hook @@ -6,6 +6,6 @@ Type = Package Target = * [Action] -Description = Disabling scheduled pacman offline update... -When = PostTransaction -Exec = /bin/sh -c 'rm -fv /system-update /run/systemd/system/systemd-reboot.service && systemctl daemon-reload' +Description = Aborting pending pacman offline system-update... +When = PreTransaction +Exec = /usr/bin/pacman-offline -a diff --git a/polkit/pacman-offline.rules b/polkit/pacman-offline.rules new file mode 100644 index 0000000..82cc5c2 --- /dev/null +++ b/polkit/pacman-offline.rules @@ -0,0 +1,11 @@ +/* Allow members of the wheel group to run pacman-offline */ + +polkit.addRule( + function(action, subject) { + if (action.id == "org.freedesktop.policykit.exec" && + action.lookup("program") == "/usr/bin/pacman-offline" && + subject.isInGroup("wheel")) { + return polkit.Result.YES; + } + } +); diff --git a/systemd/pacman-offline b/systemd/pacman-offline index 9471bfc..f7ba48a 100755 --- a/systemd/pacman-offline +++ b/systemd/pacman-offline @@ -1,6 +1,6 @@ #!/bin/sh -# (C) 2017-2024 by Christian Hesse <mail@eworm.de> +# (C) 2017-2025 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -14,27 +14,54 @@ if [ "$(readlink '/system-update')" != '/var/cache/pacman/pkg' ]; then exit 0 fi +# force the proper action on failure, ... +if [ -e '/run/pacman-offline-poweroff' ]; then + ln -sf ../../../usr/lib/systemd/system/poweroff.target \ + /run/systemd/system/pacman-offline-failure.target +else + ln -sf ../../../usr/lib/systemd/system/reboot.target \ + /run/systemd/system/pacman-offline-failure.target +fi +# ... remove triggering symlink and reboot & poweroff override, ... +rm --force \ + /system-update \ + /run/systemd/system/systemd-poweroff.service \ + /run/systemd/system/systemd-reboot.service +# ... and reload +systemctl daemon-reload + # exclude /etc/pacman.d/offline.conf function finish { rm -f /run/pacman.conf; } trap finish EXIT -sed '/^Include *= *\/etc\/pacman\.d\/offline\.conf$/s|^|#|' < /etc/pacman.conf > /run/pacman.conf - -# remove triggering symlink and (soft-)reboot override -rm -f /system-update -rm -f /run/systemd/system/systemd-reboot.service +sed \ + -e '/^Include *= *\/etc\/pacman\.d\/offline\.conf$/s|^|#|' \ + -e '/^#Include *= *\/etc\/pacman\.d\/offline-include\.conf$/s|^#||' \ + < /etc/pacman.conf > /run/pacman.conf # install updates -if [ "$(pacman --sync --print --needed archlinux-keyring | wc -l)" -gt 0 ]; then +if [ "$(pacman --sync --print --needed archlinux-keyring | wc -l)" -gt 0 ]; then pacman --sync --noconfirm archlinux-keyring fi pacman --config /run/pacman.conf --sync --noconfirm --sysupgrade +# clean up config file, drop trap +rm -f /run/pacman.conf +trap - EXIT + # clean up package cache pacman --sync --noconfirm --clean -# reboot -if [ -s "/usr/lib/modules/$(uname -r)/pkgbase" ] && systemctl --dry-run soft-reboot 2>/dev/null; then - systemctl soft-reboot -else - systemctl reboot +# sync the storage +sync + +# prepare for soft-reboot via override when applicable +if [ ! -e '/run/pacman-offline-poweroff' -a \ + -s "/usr/lib/modules/$(uname -r)/pkgbase" ]; then + ln -sf ../../../usr/lib/systemd/system/systemd-soft-reboot.service \ + /run/systemd/system/systemd-reboot.service + systemctl daemon-reload fi + +# All done, just touch a status file and exit successfully! +# (Soft-)Reboot or Poweroff is done by specific units. +touch /run/pacman-offline-done diff --git a/systemd/pacman-offline-done-poweroff.service b/systemd/pacman-offline-done-poweroff.service new file mode 100644 index 0000000..441daa9 --- /dev/null +++ b/systemd/pacman-offline-done-poweroff.service @@ -0,0 +1,22 @@ +# (C) 2017-2025 by Christian Hesse <mail@eworm.de> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + + +[Unit] +Description=Offline system update with pacman - Poweroff +Documentation=https://pacman-offline.eworm.de/ +After=pacman-offline.service +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target system-update.target +ConditionPathExists=/run/pacman-offline-done +ConditionPathExists=/run/pacman-offline-poweroff +SuccessAction=poweroff + +[Service] +Type=oneshot +ExecStart=/usr/bin/rm --force /run/pacman-offline-done /run/pacman-offline-poweroff diff --git a/systemd/pacman-offline-done-reboot.service b/systemd/pacman-offline-done-reboot.service new file mode 100644 index 0000000..b4e7b48 --- /dev/null +++ b/systemd/pacman-offline-done-reboot.service @@ -0,0 +1,22 @@ +# (C) 2017-2025 by Christian Hesse <mail@eworm.de> +# +# This program is free software: you can redistribute it and/or modify +# it under the terms of the GNU General Public License as published by +# the Free Software Foundation, either version 3 of the License, or +# (at your option) any later version. + + +[Unit] +Description=Offline system update with pacman - Reboot +Documentation=https://pacman-offline.eworm.de/ +After=pacman-offline.service +DefaultDependencies=no +Conflicts=shutdown.target +Before=shutdown.target system-update.target +ConditionPathExists=/run/pacman-offline-done +ConditionPathExists=!/run/pacman-offline-poweroff +SuccessAction=reboot + +[Service] +Type=oneshot +ExecStart=/usr/bin/rm --force /run/pacman-offline-done /run/systemd/system/systemd-reboot.service diff --git a/systemd/pacman-offline-prepare.service b/systemd/pacman-offline-prepare.service index c9b5ba5..deb746b 100644 --- a/systemd/pacman-offline-prepare.service +++ b/systemd/pacman-offline-prepare.service @@ -1,4 +1,4 @@ -# (C) 2017-2024 by Christian Hesse <mail@eworm.de> +# (C) 2017-2025 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -7,7 +7,11 @@ [Unit] Description=Prepare pacman offline system-update +Documentation=https://pacman-offline.eworm.de/ ConditionPathExists=!/var/lib/pacman/db.lck +# Synchronizing databases needs network, see https://systemd.io/NETWORK_ONLINE/ +After=network-online.target +Wants=network-online.target [Service] Type=oneshot diff --git a/systemd/pacman-offline-prepare.timer b/systemd/pacman-offline-prepare.timer index 598b387..c4a2cdf 100644 --- a/systemd/pacman-offline-prepare.timer +++ b/systemd/pacman-offline-prepare.timer @@ -1,4 +1,4 @@ -# (C) 2017-2024 by Christian Hesse <mail@eworm.de> +# (C) 2017-2025 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -7,6 +7,7 @@ [Unit] Description=Prepare pacman offline system-update +Documentation=https://pacman-offline.eworm.de/ [Timer] OnBootSec=5min diff --git a/systemd/pacman-offline-reboot.service b/systemd/pacman-offline-reboot.service deleted file mode 100644 index 26dca94..0000000 --- a/systemd/pacman-offline-reboot.service +++ /dev/null @@ -1,14 +0,0 @@ -# (C) 2017-2024 by Christian Hesse <mail@eworm.de> -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. - -[Unit] -Description=Reboot for pacman offline system-update -ConditionPathExists=/system-update - -[Service] -Type=oneshot -ExecStart=/bin/sh -c "if systemctl --dry-run soft-reboot 2>/dev/null; then systemctl soft-reboot; else systemctl reboot; fi" diff --git a/systemd/pacman-offline-reboot.timer b/systemd/pacman-offline-reboot.timer index b6852a9..024c9da 100644 --- a/systemd/pacman-offline-reboot.timer +++ b/systemd/pacman-offline-reboot.timer @@ -1,4 +1,4 @@ -# (C) 2017-2024 by Christian Hesse <mail@eworm.de> +# (C) 2017-2025 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -7,10 +7,12 @@ [Unit] Description=Reboot for pacman offline system-update +Documentation=https://pacman-offline.eworm.de/ [Timer] OnCalendar=03:00:00 RandomizedDelaySec=2hours +Unit=systemd-reboot.service [Install] WantedBy=timers.target diff --git a/systemd/pacman-offline.service b/systemd/pacman-offline.service index 516acae..9ce6639 100644 --- a/systemd/pacman-offline.service +++ b/systemd/pacman-offline.service @@ -1,4 +1,4 @@ -# (C) 2017-2024 by Christian Hesse <mail@eworm.de> +# (C) 2017-2025 by Christian Hesse <mail@eworm.de> # # This program is free software: you can redistribute it and/or modify # it under the terms of the GNU General Public License as published by @@ -7,17 +7,23 @@ [Unit] Description=Offline system update with pacman +Documentation=https://pacman-offline.eworm.de/ ConditionPathIsSymbolicLink=/system-update DefaultDependencies=false Requires=sysinit.target dbus.socket -After=sysinit.target dbus.socket -Before=shutdown.target system-update.target -OnFailure=reboot.target +Wants=pacman-offline-done-poweroff.service pacman-offline-done-reboot.service +After=sysinit.target system-update-pre.target dbus.socket +Before=pacman-offline-done-poweroff.service pacman-offline-done-reboot.service system-update.target +OnFailure=pacman-offline-failure.target [Service] Type=oneshot +# Pretty print to tty... StandardOutput=tty StandardError=tty +# ... or use this for debugging - less pretty, but with output in journal. +#StandardOutput=journal+console +#StandardError=journal+console ExecStartPre=-/usr/bin/plymouth change-mode --updates ExecStartPre=-/usr/bin/plymouth system-update --progress=20 ExecStart=/usr/lib/systemd/scripts/pacman-offline |