LibrePortal/scripts/cli/commands/artifact/cli_artifact_commands.sh
librelad 96b04392dc feat(distribution): Phase 3 — hotfix scan generator + severity-split auto-apply
- CFG_HOTFIX_AUTO (security-breakage|all|off, default security-breakage) seeded in
  general_terminal; reaches existing installs via the add-only config reconciler.
- webui_artifact_scan.sh (webuiArtifactScan): fetch+verify the signed index, write
  artifacts_available.json ATOMICALLY (build in temp → jq-validate → one write;
  keep the prior file on any failure — never emits broken JSON). Annotates each
  artifact with applied (a per-id record exists) + applicable (target installed).
- artifactApplyAuto + `libreportal artifact apply-auto`: enqueue apply tasks for
  the eligible signed hotfixes — only when the index is VERIFIED-signed, only
  auto==true + in the severity policy + applicable + not already applied. Each
  apply is its own task (visible in the log + History), never applied inline.
- `updater check` now also refreshes the index (webuiArtifactScan) and runs
  artifactApplyAuto — one front door, no second phone-home.

Unit-tested 13/13: policy filtering (security-breakage / off / all), auto:false
exclusion, already-applied skip, non-installed-app skip, unsigned-index fail-closed,
and the scan transform's signed/applied/applicable fields.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
Signed-off-by: librelad <librelad@digitalangels.vip>
2026-05-31 20:53:54 +01:00

140 lines
5.5 KiB
Bash

#!/bin/bash
# Artifact command handler — `libreportal artifact <sub>`
# ---------------------------------------------------------------------------
# Dispatched automatically by cli_initialize.sh (category -> cliHandleArtifactCommands).
#
# The unified distribution primitive. The READ side (`index`/`applied`) fetches +
# verifies the team-signed artifact index (hotfixes today; apps/themes/components
# later — all one envelope) and lists what's available/applied; it changes nothing,
# so — like `updater check` — it runs directly. The state-changing `apply`/`revert`
# verbs route through the TASK system (snapshot → bounded declarative ops →
# auto-rollback → History), never a mutating API. See docs/roadmap/updates-and-
# distribution.md and cli_artifact_apply.sh.
cliHandleArtifactCommands()
{
local sub="$initial_command2"
local id="$initial_command3"
# Lazy-loader gap: ensure the read primitives + apply pipeline are defined.
# These are new files; the array/manifest regen self-heals them on deploy,
# but this covers the window before that. Source CHECKED — a missing/corrupt
# file must surface a clear error, not degrade to a bare "command not found".
if ! declare -F lpFetchIndex >/dev/null 2>&1; then
local _f
for _f in source/fetch.sh source/artifacts.sh; do
if [[ ! -f "$install_scripts_dir/$_f" ]] || ! source "$install_scripts_dir/$_f"; then
isError "artifact: failed to load the read pipeline ($_f) — try: libreportal regen"; return 1
fi
done
fi
if ! declare -F artifactApply >/dev/null 2>&1; then
local _af="cli/commands/artifact/cli_artifact_apply.sh"
if [[ ! -f "$install_scripts_dir/$_af" ]] || ! source "$install_scripts_dir/$_af"; then
isError "artifact: failed to load the apply pipeline ($_af) — try: libreportal regen"; return 1
fi
fi
case "$sub" in
""|"index"|"list")
artifactListIndex
;;
"applied")
artifactListApplied
;;
"apply")
if [[ -z "$id" ]]; then isError "Usage: libreportal artifact apply <id>"; return 1; fi
if [[ "$LIBREPORTAL_TASK_EXEC" == "1" ]]; then
artifactApply "$id"
else
cliTaskRun "libreportal artifact apply $id" "artifact_apply" "$id" ""
fi
;;
"revert"|"rollback")
if [[ -z "$id" ]]; then isError "Usage: libreportal artifact revert <id>"; return 1; fi
if [[ "$LIBREPORTAL_TASK_EXEC" == "1" ]]; then
artifactRevert "$id"
else
cliTaskRun "libreportal artifact revert $id" "artifact_revert" "$id" ""
fi
;;
"apply-auto")
# Decide + enqueue (gated by CFG_HOTFIX_AUTO); each apply is its own task.
artifactApplyAuto
;;
*)
cliShowArtifactHelp
;;
esac
}
# List the applied hotfixes (read-only) from the per-id applied records.
artifactListApplied()
{
isHeader "Applied hotfixes"
local dir; dir="${containers_dir%/}/libreportal/frontend/data/updater/generated/applied"
if ! compgen -G "$dir/*.json" >/dev/null 2>&1; then
isSuccessful "0 hotfixes applied."
return 0
fi
local n=0 f id title app
for f in "$dir"/*.json; do
n=$((n+1))
if command -v jq >/dev/null 2>&1; then
id="$(jq -r '.id' "$f" 2>/dev/null)"; title="$(jq -r '.title // ""' "$f" 2>/dev/null)"; app="$(jq -r '.app // ""' "$f" 2>/dev/null)"
echo "$id${app:+ [$app]}$title"
else
echo "$(basename "$f" .json)"
fi
done
isSuccessful "$n hotfix(es) applied. Revert with: libreportal artifact revert <id>"
}
# Fetch + verify the signed index and print a human summary. Read-only.
artifactListIndex()
{
isHeader "Artifact index ($(lpReleaseChannel))"
local json
if ! json="$(lpFetchIndex)"; then
isError "Could not fetch or verify the artifact index from $(lpArtifactIndexUrl)."
isNotice "Nothing is published yet, or the channel is unreachable. (This is expected before the first index ships.)"
return 1
fi
local serial generated_at
serial="$(_lpJsonNum "$json" index_serial)"
generated_at="$(lpIndexTop generated_at "$json")"
# Report the ACTUAL signature state — never claim "verified" when the feed was
# only accepted because signing isn't activated (dev/placeholder key).
if [[ "$LP_INDEX_SIGSTATE" == "verified" ]]; then
isNotice "Signed + verified. serial=${serial:-?} generated=${generated_at:-?}"
else
isNotice "UNSIGNED (signing not activated — dev/placeholder key). serial=${serial:-?} generated=${generated_at:-?}"
fi
local ids; ids="$(lpIndexArtifactIds "$json")"
if [[ -z "$ids" ]]; then
isSuccessful "0 artifacts available — the index is empty (nothing to apply)."
return 0
fi
local n=0 id obj title type sev
while IFS= read -r id; do
[[ -z "$id" ]] && continue
n=$((n + 1))
obj="$(lpArtifactById "$json" "$id")"
if [[ -n "$obj" ]]; then
title="$(_lpJsonStr "$obj" title)"
type="$(_lpJsonStr "$obj" type)"
sev="$(_lpJsonStr "$obj" severity)"
echo " • [${type:-?}/${sev:-info}] $id${title:-}"
else
echo "$id"
fi
done <<< "$ids"
isSuccessful "$n artifact(s) available."
}