-
-
Save neilmayhew/358abe8f1a4d023b0e4fe49c8fc58acb to your computer and use it in GitHub Desktop.
| #!/usr/bin/env bash | |
| # Update a Flatcar installation on VMWare to use the latest OEM content | |
| # | |
| # Copyright 2020, Neil Mayhew <[email protected]> | |
| # LICENSE: MIT | |
| set -ex | |
| shopt -s extglob nullglob | |
| OEMCONTENT=oem-vmware.tgz | |
| KEEPCONTENT= | |
| if [ -n "$1" ] | |
| then | |
| OEMCONTENT=$1 | |
| KEEPCONTENT=yes | |
| fi | |
| # Cache sudo credentials | |
| sudo true | |
| if [ ! -f "$OEMCONTENT" ] | |
| then | |
| # Fetch the release-signing public key | |
| KEYID=F88CFEDEFF29A5B4D9523864E25D9AED0593B34A | |
| KEYSERVER=keyserver.ubuntu.com | |
| gpg --keyserver $KEYSERVER --recv-key $KEYID | |
| # Download the current stable VMWare Flatcar release | |
| IMGNAME=flatcar_production_vmware_raw_image.bin | |
| wget -N https://stable.release.flatcar-linux.net/amd64-usr/current/${IMGNAME}.bz2{,.sig} | |
| gpg --verify ${IMGNAME}.bz2{.sig,} | |
| bunzip2 -k ${IMGNAME}.bz2 | |
| # Mount the OEM image partition via loopback | |
| MNT=$(mktemp -d) && trap 'rmdir "$MNT"' 0 | |
| LOOPDEV=$(sudo losetup -f --show -P ${IMGNAME}) | |
| sudo mount -r "${LOOPDEV}p6" "$MNT" | |
| # Save the content | |
| tar -cvzf "$OEMCONTENT" --exclude=lost+found -C "$MNT" . | |
| # Unmount the OEM image partition | |
| sudo umount "$MNT" | |
| sudo losetup -d "${LOOPDEV}" | |
| # Remove the downloaded image files | |
| rm -f ${IMGNAME}{,.bz2{.sig,}} | |
| fi | |
| # Stop existing services and remove them | |
| if [ -d /usr/share/oem/units/ ] | |
| then | |
| cd /usr/share/oem/units/ | |
| UNITS=(*) | |
| cd "$OLDPWD" | |
| sudo systemctl stop -- "${UNITS[@]}" || true | |
| cd /etc/systemd/system/ | |
| sudo rm -f "${UNITS[@]}" | |
| cd "$OLDPWD" | |
| sudo systemctl daemon-reload | |
| fi | |
| # Remove the exiting content | |
| sudo rm -rf /usr/share/oem/!(lost+found) | |
| # Install the new content | |
| sudo tar -xf "$OEMCONTENT" -C /usr/share/oem | |
| [ -n "$KEEPCONTENT" ] || rm -f "$OEMCONTENT" | |
| # Install new services and start them | |
| if [ -d /usr/share/oem/units/ ] | |
| then | |
| cd /usr/share/oem/units/ | |
| UNITS=(*) | |
| [ "${#UNITS[@]}" -gt 0 ] && | |
| sudo cp -p -- "${UNITS[@]}" /etc/systemd/system/ | |
| cd "$OLDPWD" | |
| sudo systemctl daemon-reload | |
| sudo systemctl start -- "${UNITS[@]}" | |
| fi | |
| # Inform the user | |
| set +x | |
| echo "New OEM content was installed and services were restarted" |
I changed the keyid to be the id of the main key instead of the id of the subkey that was in use at the time this script was written. This should be future-proof since Flatcar doesn't change to a different main key, it only adds new subkeys to it.
Also, note that the key id is the full-length id rather than the abbreviated one that's reported by gpg and shown on the Flatcar web page. (The abbreviated version is a suffix of the full one.)
Reran the script without commenting out verify. Successfully updated 5 vms a second time. Thanks for making this robust.
@bignay2000 Thanks for reporting back!
Hopefully Flatcar will always push the key to the key servers from now on and this, together with my recent changes, will prevent people from running into this problem again.
@bignay2000 Glad you were able to get it working for now