Working draft of Arachni's auto-update mechanism
Arachni needs an auto-update mechanism so that existing users won't have to keep downloading new packages and enable them to receive bugfixes and features as soon as they become available.
Basing this on Git makes a certain amount of sense as it can update even users who have skipped multiple releases/updates. For the DB side Rails migrations can do the same.
Also, Git hooks can provide some nice possibilities.
The server hosts the Git repositories which contain the updates.
For each supported platform:
mkdir -p <OS>/<arch>.git cd <OS>/<arch>.git git init --bare git update-server-info
The updates should happen over HTTPS with a custom self-signed certificate to prevent MITM attacks.
Creates the self-contained environments for each supported platform, commits them in their relevant local repositories and pushes them to the server.
First of all:
- Remove the
build_all_and_push.shand save it as
- Setup local clones of each server repo.
- Pass the client-side SSL certs for the update server via
.git/config-- enable verify peer for auth and all that.
To push updates/packages for new versions:
- Of course, make sure the packages actually work with some manual testing.
- For each package:
rm -rfeverything from its relevant repo -- ensures that removed system files will be removed from the repo as well.
- Move the contents of the new package into its repo.
git add .-- Git will sort out the diffs/moves/deletes.
git commit -am 'Pushing update for v<version>'
git tag -a v<version> -m 'Version <version>'
- Create super shallow clone of the local repo and package it.
git clone file:///path/<OS>/<arch>.git --depth=1 arachni-version-stuff-<OS>-<arch>
git log --format=%H v<version>^..v<version> > .git/info/grafts-- Set the graft to the latest tag/version.
git reflog expire --expire=now --all
git repack -ad # Remove dangling objects from packfiles
git prune # Remove dangling loose objects
arachni-version-stuff-<OS>-<arch>as a tarball.
git push --tags-- Push update to the server repo.
rsyncpackages to the server's download directory.
Should ping the update server periodically to see if the remote
different than the local one -- get remote
git ls-remote origin -h refs/heads/master.
git pull # Pull the update. # Get rid of all revisions but HEAD to save space. git log --format=%H HEAD^..HEAD > .git/info/grafts git reflog expire --expire=now --all git repack -ad # Remove dangling objects from packfiles git prune # Remove dangling loose objects
Moving the previous HEAD to its own branch as a fallback in case the update fucks up would be a good idea.
After that it should:
- Make a backup of the existing DB.
- Run migrations to bring the DB up to date.