From 405c1d5acc0ba39e8450c068bc36ac9eb6953c9e Mon Sep 17 00:00:00 2001 From: Stephane Gourichon Date: Wed, 27 Mar 2024 22:31:07 +0100 Subject: [PATCH] If given no argument, process all running containers. Rationale: this is about security of any currently running service, not about keeping services up. Any service might have been put down for any reason. --- .../containers_check_update_rebuild_switch.sh | 27 ++++++++++++++++--- 1 file changed, 23 insertions(+), 4 deletions(-) diff --git a/tools/containers_check_update_rebuild_switch.sh b/tools/containers_check_update_rebuild_switch.sh index 3659e92..55bdc0d 100755 --- a/tools/containers_check_update_rebuild_switch.sh +++ b/tools/containers_check_update_rebuild_switch.sh @@ -1,6 +1,6 @@ #!/bin/bash -set -euxv +set -eu function fail_one() { @@ -8,12 +8,32 @@ function fail_one() RC=1 } +cd -P "$(dirname "$(readlink -f "$0")" )" + +if [[ "$PWD" != "$(printf %q "$PWD" )" ]] +then + echo >&2 "WARNING: path seems unsafe: $PWD" +fi + +SCRIPT_ROOT="$PWD" +cd .. +INFRA_ROOT="$PWD" + +CONTAINER_IDS=( "$@" ) + +if [[ "${#CONTAINER_IDS[@]}" == 0 ]] +then + echo "No container ID supplied on command line, doing them all." + mapfile -t CONTAINER_IDS < <( docker ps --format "{{.ID}}" ) +fi RC=0 -for CONTAINER_ID -do +echo Will process these containers: +printf '%s\n' "${CONTAINER_IDS[@]}" +for CONTAINER_ID in "${CONTAINER_IDS[@]}" +do echo "Processing $CONTAINER_ID" TMPFILE=$(mktemp) docker exec -u root $CONTAINER_ID bash -c "export LC_ALL=C ; apt-get update ; apt-get upgrade --dry-run" | tee $TMPFILE @@ -30,5 +50,4 @@ do docker-compose pull || { fail_one "pull" ; continue ; } docker-compose build --no-cache || { fail_one "build" ; continue ; } docker-compose up -d || { fail_one "switch to newly built container" ; continue ; } - done