feat: auto sign images

files/etc/ublue-update.d/system/00-system-update.sh

@@ -1,3 +1,25 @@
 #!/usr/bin/env bash
 
-/usr/bin/rpm-ostree update
+check_for_rebase() {
+    IMAGE_REF_FILE="$1"
+    if [ -f "$IMAGE_REF_FILE" ]; then
+        LOCAL_IMAGE_REF=$(rpm-ostree status --pending-exit-77 -b --json | jq -r '.deployments[0]["container-image-reference"]')
+        if [[ "$LOCAL_IMAGE_REF" == "null" ]]; then
+            return
+        fi
+        LOCAL_IMAGE_REF_UNTAGGED=$(echo "$LOCAL_IMAGE_REF" | awk -F ":" '{print $1":"$2":"$3}')
+        IMAGE_REF=$(jq -r '."image-ref"' < "$IMAGE_REF_FILE")
+        IMAGE_DEFAULT_TAG=$(jq -r '."image-default-tag"' < "$IMAGE_REF_FILE")
+
+        if [[ "$LOCAL_IMAGE_REF_UNTAGGED" != "$IMAGE_REF" ]]; then
+            /usr/bin/rpm-ostree rebase "$IMAGE_REF:$IMAGE_DEFAULT_TAG"
+            exit
+        fi
+    fi
+}
+
+if [ -x /usr/bin/rpm-ostree ]; then
+    IMAGE_REF_FILE='/usr/share/ublue-os/image-info.json'
+    check_for_rebase "$IMAGE_REF_FILE"
+    /usr/bin/rpm-ostree upgrade
+fi

src/ublue_update/cli.py

@@ -73,7 +73,8 @@ def ask_for_updates():
 def check_for_updates(checks_failed: bool) -> bool:
     """Tracks whether any updates are available"""
     update_available: bool = False
-    system_update_available: bool = system_update_check()
+    system_update_available: bool = False
+    system_update_available = system_update_check()
     if system_update_available:
         update_available = True
     if update_available:

src/ublue_update/update_checks/system.py

@@ -1,4 +1,5 @@
 from json import loads
+from json.decoder import JSONDecodeError
 from logging import getLogger
 from subprocess import PIPE, run
 
@@ -9,19 +10,25 @@
 
 def skopeo_inspect(latest_image: str):
     """Inspect latest image with Skopeo"""
-    inspect = "skopeo inspect " + latest_image
-    out = run(inspect, shell=True, stdout=PIPE).stdout
+    skopeo_inspect = ["skopeo", "inspect", latest_image]
+    inspect = run(skopeo_inspect, stdout=PIPE).stdout
     """Parse and return digest"""
-    digest = loads(out)["Digest"]
+    digest = loads(inspect)["Digest"]
     return digest
 
 
 def system_update_check():
     """Pull deployment status via rpm-ostree"""
-    status = "rpm-ostree status --json"
-    out = run(status, shell=True, stdout=PIPE).stdout
+    rpm_ostree_status = ["rpm-ostree", "status", "--json"]
+    status = run(rpm_ostree_status, stdout=PIPE).stdout
     """Parse installation digest and image"""
-    deployments = loads(out)["deployments"][0]
+    try:
+        deployments = loads(status)["deployments"][0]
+    except (JSONDecodeError, KeyError):
+        log.error(
+            "update check failed, system isn't managed by rpm-ostree container native"
+        )
+        return False
     installation_digest = deployments["base-commit-meta"]["ostree.manifest-digest"]
     current_image = deployments["container-image-reference"].split(":", 1)
 

src/ublue_update/update_checks/wait.py

@@ -1,14 +1,23 @@
 from json import loads
+from json.decoder import JSONDecodeError
 from subprocess import PIPE, run
 from time import sleep
+from logging import getLogger
+
+"""Setup logging"""
+log = getLogger(__name__)
 
 
 def transaction():
-    """Pull deployment status via rpm-ostree"""
-    rpm_ostree_status = ["rpm-ostree", "status", "--json"]
-    status = run(rpm_ostree_status, stdout=PIPE)
-    """Parse transaction state"""
-    return loads(status.stdout)["transaction"]
+    try:
+        """Pull deployment status via rpm-ostree"""
+        rpm_ostree_status = ["/usr/bin/rpm-ostree", "status", "--json"]
+        status = run(rpm_ostree_status, stdout=PIPE)
+        """Parse transaction state"""
+        return loads(status.stdout)["transaction"]
+    except (JSONDecodeError, KeyError):
+        log.error("can't get transaction, system not managed with rpm-ostree container native")
+        return None
 
 
 def transaction_wait():

ublue-update.spec.rpkg

@@ -31,6 +31,7 @@ BuildRequires: python-wheel
 Requires: skopeo
 Requires: libnotify
 Requires: sudo
+Requires: jq
 
 %global sub_name %{lua:t=string.gsub(rpm.expand("%{NAME}"), "^ublue%-", ""); print(t)}