Handle RPM upgrade in %postun script

[edwardsb]

This pull request addresses a key aspect of the RPM upgrade process - handling of scripts during upgrades vice pure deletion events.

An RPM upgrade operation consists of both an Install and an Uninstall operation, meaning that during an upgrade, our %postun script is run and previously, it was causing the accidental deletion of binaries needed for the upgrade.

To prevent this unwanted removal during upgrade scenarios, the %postun script now checks for the execution scenario in which it finds itself.

Checklist for submitter

If some of the following don't apply, delete the relevant line.

• Changes file added for user-visible changes in changes/ or orbit/changes/.
  See Changes files for more information.
• Manual QA for all new/changed functionality
  • For Orbit and Fleet Desktop changes:
    • Manual QA must be performed in the three main OSs, macOS, Windows and Linux.

[edwardsb]

relates to #14380

[codecov]

Codecov Report

Attention: 5 lines in your changes are missing coverage. Please review.

Comparison is base (ae669e1) 58.87% compared to head (916e2e5) 58.87%.

Additional details and impacted files

@@           Coverage Diff           @@
##             main   #14379   +/-   ##
=======================================
  Coverage   58.87%   58.87%           
=======================================
  Files         925      925           
  Lines       77319    77333   +14     
  Branches     2222     2222           
=======================================
+ Hits        45521    45531   +10     
- Misses      28186    28190    +4     
  Partials     3612     3612           

Flag	Coverage Δ
backend	59.57% <0.00%> (+<0.01%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files	Coverage Δ
orbit/pkg/packaging/linux_shared.go	0.00% <0.00%> (ø)

... and 2 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[mostlikelee]

I'm not too familiar with this part of the code, can you point me to where this script is being called?

[edwardsb]

@mostlikelee hey this is used as a template file for the RPM/DEB package post run script.

We use https://github.com/goreleaser/nfpm to create RPM/DEB installers of fleetd so this is getting used during fleetctl package -type=rpm

This particular script is executed during the %postun phase of a RPM upgrade/uninstall.

The problem here is that when upgrading, I think the %postun phase is executed and will remove the binary files. This conditional checks to see if we are actually doing a real uninstall before removing the files.

[mostlikelee]

thanks for that! do we need to change where this script is called to pass the new argument, or is that handled natively by the installer?

[edwardsb]

The system package manager is handling passing the args, yum, rpm, etc.

[mostlikelee]

LGTM!

[edwardsb]

@mostlikelee I added some details in the issue #14380

[lucasmrod]

Have we checked that with deb packages this works the same way? (code is shared for rpm/deb)

[lucasmrod]

it was causing the accidental deletion of binaries needed for the upgrade.

What binaries were needed for the upgrade? The new package should have all binaries that it needs. Maybe I'm missing some scenario.

[lucasmrod]

Left a few questions

[edwardsb]

it was causing the accidental deletion of binaries needed for the upgrade.

What binaries were needed for the upgrade? The new package should have all binaries that it needs. Maybe I'm missing some scenario.

All of them. The script is run on upgrade and all of the binaries listed in the script are removed.

[edwardsb]

Have we checked that with deb packages this works the same way? (code is shared for rpm/deb)

I tested RPM but still need to test DEB.

[lucasmrod]

All of them. The script is run on upgrade and all of the binaries listed in the script are removed.

Gotcha, but why is that an issue?

[lucasmrod]

I tested RPM but still need to test DEB.

OK, let me know if you need a hand (I have an Ubuntu VM.)

[edwardsb]

All of them. The script is run on upgrade and all of the binaries listed in the script are removed.

Gotcha, but why is that an issue?

Because it runs as the final step of the upgrade, thus removing the files it just got finished upgrading. When the service attempts to start, the files don't exist.

[lucasmrod]

All of them. The script is run on upgrade and all of the binaries listed in the script are removed.

Gotcha, but why is that an issue?

Because it runs as the final step of the upgrade, thus removing the files it just got finished upgrading. When the service attempts to start, the files don't exist.

Oh! I missed the fact that this is the "post" part.

Thanks for the clarification.

[ksatter]

@edwardsb Do you need a hand getting this tested for deb?

[edwardsb]

@edwardsb Do you need a hand getting this tested for deb?

Yes please

[lucasmrod]

#14380 (comment)

[edwardsb]

@lucasmrod when you have a moment can you retest on debian?

[lucasmrod]

@lucasmrod when you have a moment can you retest on debian?

Works now! (Haven't tested with dnf)

I've tested the following on Ubuntu 22.04:

• Installing and uninstalling a deb package via sudo dpkg --install fleet-osquery_1.17.0_amd64.deb and sudo apt remove fleet-osquery -y works as expected.
• Installing sudo dpkg --install fleet-osquery_1.16.0_amd64.deb and then installing sudo dpkg --install fleet-osquery_1.17.0_amd64.deb works as expected.

On my CentOS 7:

• Installing and uninstalling a rpm package via sudo rpm --install fleet-osquery-1.16.0.x86_64.rpm and sudo yum remove fleet-osquery works as expected.
• Installing sudo rpm --install fleet-osquery-1.16.0.x86_64.rpm and then installing sudo dpkg --install fleet-osquery-1.17.0.x86_64.rpm doesn't work, probably not supported by rpm (same behavior on main so nothing to do here).