From 7907e71a5e8eb8a3dc790b384cde4e7d9b15593f Mon Sep 17 00:00:00 2001 From: Jose Date: Sat, 7 Feb 2026 18:32:40 +0100 Subject: [PATCH] =?UTF-8?q?feat=20=E2=9C=A8:=20Add=20task=20to=20ensure=20?= =?UTF-8?q?nag=20patch=20state=20directory=20exists=20and=20manage=20check?= =?UTF-8?q?sums=20for=20legacy=20and=20minified=20proxmoxlib.js=20files?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This commit introduces a new feature that ensures the existence of a nag patch state directory. It also reads and stores checksums for both legacy and minified proxmoxlib.js files, applying patches only when necessary. No blind replaces No silent failures Upgrade-safe Self-healing Predictable failure mode --- tasks/subscription.yml | 65 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 63 insertions(+), 2 deletions(-) diff --git a/tasks/subscription.yml b/tasks/subscription.yml index 009bed0..6832651 100644 --- a/tasks/subscription.yml +++ b/tasks/subscription.yml @@ -1,7 +1,26 @@ --- +- name: subscription | Ensure nag patch state directory exists + ansible.builtin.file: + path: /var/lib/proxmox-nag-patch + state: directory + owner: root + group: root + mode: "0755" + +############################ +# Legacy proxmoxlib.js +############################ +- name: subscription | Read stored checksum (legacy) + slurp: + src: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256 + register: proxmoxlib_js_checksum_stored + when: proxmoxlib_js.stat.exists + failed_when: false + - name: subscription | Check for legacy proxmoxlib.js ansible.builtin.stat: path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js + checksum_algorithm: sha256 register: proxmoxlib_js - name: subscription | Remove subscription nag (legacy proxmoxlib.js) @@ -9,26 +28,68 @@ path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js regexp: "if \\(data.status !== 'Active'\\)" replace: "if (false)" - when: proxmoxlib_js.stat.exists + when: + - proxmoxlib_js.stat.exists + - proxmoxlib_js_checksum_stored.content is not defined + or (proxmoxlib_js.stat.checksum + != (proxmoxlib_js_checksum_stored.content | b64decode | trim)) register: patch_legacy failed_when: - proxmoxlib_js.stat.exists - patch_legacy.matched == 0 notify: restart pveproxy +- name: subscription | Store patched checksum (legacy) + ansible.builtin.copy: + dest: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256 + owner: root + group: root + mode: "0644" + content: "{{ proxmoxlib_js.stat.checksum }}\n" + when: + - proxmoxlib_js.stat.exists + - patch_legacy is changed + +############################ +# Minified proxmoxlib.min.js (VE 8/9) +############################ + - name: subscription | Check for minified proxmoxlib.min.js (VE 8/9) ansible.builtin.stat: path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js + checksum_algorithm: sha256 register: proxmoxlib_min_js +- name: subscription | Read stored checksum (minified) + ansible.builtin.slurp: + src: /var/lib/proxmox-nag-patch/proxmoxlib.min.js.sha256 + register: proxmoxlib_min_checksum_stored + when: proxmoxlib_min_js.stat.exists + failed_when: false + - name: subscription | Remove subscription nag (minified bundle for VE 8/9) ansible.builtin.replace: path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js regexp: "data.status!=='Active'" replace: "false" - when: proxmoxlib_min_js.stat.exists + when: + - proxmoxlib_min_js.stat.exists + - proxmoxlib_min_checksum_stored.content is not defined + or (proxmoxlib_min_js.stat.checksum + != (proxmoxlib_min_checksum_stored.content | b64decode | trim)) register: patch_minified failed_when: - proxmoxlib_min_js.stat.exists - patch_minified.matched == 0 notify: restart pveproxy + +- name: subscription | Store patched checksum (minified) + ansible.builtin.copy: + dest: /var/lib/proxmox-nag-patch/proxmoxlib.min.js.sha256 + owner: root + group: root + mode: "0644" + content: "{{ proxmoxlib_min_js.stat.checksum }}\n" + when: + - proxmoxlib_min_js.stat.exists + - patch_minified is changed