Last active
July 22, 2023 21:42
-
-
Save neilmayhew/358abe8f1a4d023b0e4fe49c8fc58acb to your computer and use it in GitHub Desktop.
Update a Flatcar installation on VMWare to use the latest OEM content
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Update a Flatcar installation on VMWare to use the latest OEM content | |
| # | |
| # Copyright 2020, Neil Mayhew <neil@kerith.ca> | |
| # LICENSE: MIT | |
| set -ex | |
| shopt -s extglob nullglob | |
| OEMCONTENT=oem-vmware.tgz | |
| KEEPCONTENT= | |
| if [ -n "$1" ] | |
| then | |
| OEMCONTENT=$1 | |
| KEEPCONTENT=yes | |
| fi | |
| # Cache sudo credentials | |
| sudo true | |
| if [ ! -f "$OEMCONTENT" ] | |
| then | |
| # Fetch the release-signing public key | |
| KEYID=F88CFEDEFF29A5B4D9523864E25D9AED0593B34A | |
| KEYSERVER=keyserver.ubuntu.com | |
| gpg --keyserver $KEYSERVER --recv-key $KEYID | |
| # Download the current stable VMWare Flatcar release | |
| IMGNAME=flatcar_production_vmware_raw_image.bin | |
| wget -N https://stable.release.flatcar-linux.net/amd64-usr/current/${IMGNAME}.bz2{,.sig} | |
| gpg --verify ${IMGNAME}.bz2{.sig,} | |
| bunzip2 -k ${IMGNAME}.bz2 | |
| # Mount the OEM image partition via loopback | |
| MNT=$(mktemp -d) && trap 'rmdir "$MNT"' 0 | |
| LOOPDEV=$(sudo losetup -f --show -P ${IMGNAME}) | |
| sudo mount -r "${LOOPDEV}p6" "$MNT" | |
| # Save the content | |
| tar -cvzf "$OEMCONTENT" --exclude=lost+found -C "$MNT" . | |
| # Unmount the OEM image partition | |
| sudo umount "$MNT" | |
| sudo losetup -d "${LOOPDEV}" | |
| # Remove the downloaded image files | |
| rm -f ${IMGNAME}{,.bz2{.sig,}} | |
| fi | |
| # Stop existing services and remove them | |
| if [ -d /usr/share/oem/units/ ] | |
| then | |
| cd /usr/share/oem/units/ | |
| UNITS=(*) | |
| cd "$OLDPWD" | |
| sudo systemctl stop -- "${UNITS[@]}" || true | |
| cd /etc/systemd/system/ | |
| sudo rm -f "${UNITS[@]}" | |
| cd "$OLDPWD" | |
| sudo systemctl daemon-reload | |
| fi | |
| # Remove the exiting content | |
| sudo rm -rf /usr/share/oem/!(lost+found) | |
| # Install the new content | |
| sudo tar -xf "$OEMCONTENT" -C /usr/share/oem | |
| [ -n "$KEEPCONTENT" ] || rm -f "$OEMCONTENT" | |
| # Install new services and start them | |
| if [ -d /usr/share/oem/units/ ] | |
| then | |
| cd /usr/share/oem/units/ | |
| UNITS=(*) | |
| [ "${#UNITS[@]}" -gt 0 ] && | |
| sudo cp -p -- "${UNITS[@]}" /etc/systemd/system/ | |
| cd "$OLDPWD" | |
| sudo systemctl daemon-reload | |
| sudo systemctl start -- "${UNITS[@]}" | |
| fi | |
| # Inform the user | |
| set +x | |
| echo "New OEM content was installed and services were restarted" |
Also, note that the key id is the full-length id rather than the abbreviated one that's reported by gpg and shown on the Flatcar web page. (The abbreviated version is a suffix of the full one.)
Reran the script without commenting out verify. Successfully updated 5 vms a second time. Thanks for making this robust.
@bignay2000 Thanks for reporting back!
Hopefully Flatcar will always push the key to the key servers from now on and this, together with my recent changes, will prevent people from running into this problem again.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I changed the keyid to be the id of the main key instead of the id of the subkey that was in use at the time this script was written. This should be future-proof since Flatcar doesn't change to a different main key, it only adds new subkeys to it.