Merge pull request 'feat ✨: NAG checksum-based detection (auto-repatch after upgrades)' (#1) from dev into main
Reviewed-on: #1
This commit was merged in pull request #1.
This commit is contained in:
@@ -1,7 +1,26 @@
|
||||
---
|
||||
- name: subscription | Ensure nag patch state directory exists
|
||||
ansible.builtin.file:
|
||||
path: /var/lib/proxmox-nag-patch
|
||||
state: directory
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0755"
|
||||
|
||||
############################
|
||||
# Legacy proxmoxlib.js
|
||||
############################
|
||||
- name: subscription | Read stored checksum (legacy)
|
||||
ansible.builtin.slurp:
|
||||
src: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256
|
||||
register: proxmoxlib_js_checksum_stored
|
||||
when: proxmoxlib_js.stat.exists
|
||||
failed_when: false
|
||||
|
||||
- name: subscription | Check for legacy proxmoxlib.js
|
||||
ansible.builtin.stat:
|
||||
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
|
||||
checksum_algorithm: sha256
|
||||
register: proxmoxlib_js
|
||||
|
||||
- name: subscription | Remove subscription nag (legacy proxmoxlib.js)
|
||||
@@ -9,26 +28,68 @@
|
||||
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js
|
||||
regexp: "if \\(data.status !== 'Active'\\)"
|
||||
replace: "if (false)"
|
||||
when: proxmoxlib_js.stat.exists
|
||||
when:
|
||||
- proxmoxlib_js.stat.exists
|
||||
- proxmoxlib_js_checksum_stored.content is not defined
|
||||
or (proxmoxlib_js.stat.checksum
|
||||
!= (proxmoxlib_js_checksum_stored.content | b64decode | trim))
|
||||
register: patch_legacy
|
||||
failed_when:
|
||||
- proxmoxlib_js.stat.exists
|
||||
- patch_legacy.matched == 0
|
||||
notify: restart pveproxy
|
||||
|
||||
- name: subscription | Store patched checksum (legacy)
|
||||
ansible.builtin.copy:
|
||||
dest: /var/lib/proxmox-nag-patch/proxmoxlib.js.sha256
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
content: "{{ proxmoxlib_js.stat.checksum }}\n"
|
||||
when:
|
||||
- proxmoxlib_js.stat.exists
|
||||
- patch_legacy is changed
|
||||
|
||||
############################
|
||||
# Minified proxmoxlib.min.js (VE 8/9)
|
||||
############################
|
||||
|
||||
- name: subscription | Check for minified proxmoxlib.min.js (VE 8/9)
|
||||
ansible.builtin.stat:
|
||||
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js
|
||||
checksum_algorithm: sha256
|
||||
register: proxmoxlib_min_js
|
||||
|
||||
- name: subscription | Read stored checksum (minified)
|
||||
ansible.builtin.slurp:
|
||||
src: /var/lib/proxmox-nag-patch/proxmoxlib.min.js.sha256
|
||||
register: proxmoxlib_min_checksum_stored
|
||||
when: proxmoxlib_min_js.stat.exists
|
||||
failed_when: false
|
||||
|
||||
- name: subscription | Remove subscription nag (minified bundle for VE 8/9)
|
||||
ansible.builtin.replace:
|
||||
path: /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.min.js
|
||||
regexp: "data.status!=='Active'"
|
||||
replace: "false"
|
||||
when: proxmoxlib_min_js.stat.exists
|
||||
when:
|
||||
- proxmoxlib_min_js.stat.exists
|
||||
- proxmoxlib_min_checksum_stored.content is not defined
|
||||
or (proxmoxlib_min_js.stat.checksum
|
||||
!= (proxmoxlib_min_checksum_stored.content | b64decode | trim))
|
||||
register: patch_minified
|
||||
failed_when:
|
||||
- proxmoxlib_min_js.stat.exists
|
||||
- patch_minified.matched == 0
|
||||
notify: restart pveproxy
|
||||
|
||||
- name: subscription | Store patched checksum (minified)
|
||||
ansible.builtin.copy:
|
||||
dest: /var/lib/proxmox-nag-patch/proxmoxlib.min.js.sha256
|
||||
owner: root
|
||||
group: root
|
||||
mode: "0644"
|
||||
content: "{{ proxmoxlib_min_js.stat.checksum }}\n"
|
||||
when:
|
||||
- proxmoxlib_min_js.stat.exists
|
||||
- patch_minified is changed
|
||||
|
||||
Reference in New Issue
Block a user