cmd/tailscale/cli: implement update for arch-based distros #8655
Conversation
cmd/tailscale/cli/update.go
Outdated
| @@ -44,8 +44,8 @@ var updateCmd = &ffcli.Command{ | |||
| fs := newFlagSet("update") | |||
| fs.BoolVar(&updateArgs.yes, "yes", false, "update without interactive prompts") | |||
| fs.BoolVar(&updateArgs.dryRun, "dry-run", false, "print what update would do without doing it, or prompts") | |||
| fs.StringVar(&updateArgs.track, "track", "", `which track to check for updates: "stable" or "unstable" (dev); empty means same as current`) | |||
| fs.StringVar(&updateArgs.version, "version", "", `explicit version to update/downgrade to`) | |||
| fs.StringVar(&updateArgs.track, "track", "", `which track to check for updates: "stable" or "unstable" (dev); empty means same as current; ignored on Arch-based distros`) | |||
There was a problem hiding this comment.
I wonder if we can gate printing this additional caveat on GOOS=linux? It won't mean anything to Windows or macOS people, and might even confuse them.
There was a problem hiding this comment.
Added a condition for these flags to only register on non-Arch hosts 👍
awly
force-pushed
the
awly/tailscale-update-arch
branch
from
34a060d
to
3ebbda1
Compare
Arch version of tailscale is not maintained by us, but is generally up-to-date with our releases. Therefore "tailscale update" is just a thin wrapper around "pacman -Sy tailscale" with different flags. Updates #6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com>
awly
force-pushed
the
awly/tailscale-update-arch
branch
from
3ebbda1
to
7012f3d
Compare
| } | ||
| }() | ||
|
|
||
| out, err := exec.Command("pacman", "--sync", "--refresh", "--info", "tailscale").CombinedOutput() |
There was a problem hiding this comment.
This is going to break peoples systems as partial updates are not supported on Arch, it's everything or nothing. This will at some point lead to someone installing incompatible so-name updates on their system and hose it.
You have access to a reasonably responsive Arch maintainer, please reach out before implementing things like this.
There was a problem hiding this comment.
As this command in short it is the prime example for a partial update pacman -Syi tailscale, more info on that here: https://wiki.archlinux.org/title/System_maintenance#Partial_upgrades_are_unsupported
There was a problem hiding this comment.
Alternatively you don't have to parse the whole information snippet but instead use --print-format.
pacman -S tailscale --print-format "%v"
1.48.0-1
There was a problem hiding this comment.
Thanks for your comments!
https://wiki.archlinux.org/title/System_maintenance#Partial_upgrades_are_unsupported talks mostly about libraries. AFAIK the tailscale package itself doesn't contain any shared libraries and only depends on libc.
Is it still risky to update this kind of "leaf" package?
As for the general topic of auto-updates, is there any "standard" way to apply updates in the background for a rolling release like Arch? Other than writing a cronjob, of course.
We would really like to keep all tailscale clients on recent-ish versions, both for general bug/security fixes and for reducing the backwards-compatibility kludges in APIs that tailscale clients talk to.
But we also want to play nice with the package ecosystem of the distro that people use. So if we can't help users keep tailscale up-to-date on Arch without breaking stuff, then we'll have to resort to docs and hope people read them.
There was a problem hiding this comment.
https://wiki.archlinux.org/title/System_maintenance#Partial_upgrades_are_unsupported talks mostly about libraries. AFAIK the tailscale package itself doesn't contain any shared libraries and only depends on libc.
Is it still risky to update this kind of "leaf" package?
The command is not acting on the package at all.
pacman -Sy tailscale is the same as pacman -Sy; pacman -S tailscale. You are refreshing the databases and will pull inn updates relevant for the tailscale package. Currently tailscale depends on glibc so if you are so unlucky there is a new glibc version (which your system does not yet support), you are pulling inn both.
This will break your system.
As for the general topic of auto-updates, is there any "standard" way to apply updates in the background for a rolling release like Arch? Other than writing a cronjob, of course.
You just don't do this at all on Arch. Arch is a rolling release distro where users needs to resolve the result of any updates. Stuffing this into a cronjob is just a disaster waiting to happen. Unattended upgrades has the same issue.
We would really like to keep all tailscale clients on recent-ish versions, both for general bug/security fixes and for reducing the backwards-compatibility kludges in APIs that tailscale clients talk to.
But we also want to play nice with the package ecosystem of the distro that people use.
On Linux distros, how would implementing a completely new command encourage people to update more frequently? People are lazy when things work and updating unattended is bad behavior. Telling users to update more often is not really going to make them do it either.
. So if we can't help users keep tailscale up-to-date on Arch without breaking stuff, then we'll have to resort to docs and hope people read them.
Arch assumes competent users, so this is completely fine to expect of them.
There was a problem hiding this comment.
To be clear, pacman -Sy tailscale is going to make all the next pacman -S operations dangerous until a full upgrade , pacman -Syu, is completed.
| // Trim the Arch patch version. | ||
| ver = strings.Split(ver, "-")[0] | ||
| if ver == "" { | ||
| return "", fmt.Errorf("version output from pacman is malformed: %q, cannot determine upgrade version", line) | ||
| } | ||
| return ver, nil |
There was a problem hiding this comment.
This misses versions like 1:1.4.2-1 which would be a valid version if we where to preform a downgrade on the package.
…#8655) Arch version of tailscale is not maintained by us, but is generally up-to-date with our releases. Therefore "tailscale update" is just a thin wrapper around "pacman -Sy tailscale" with different flags. Updates tailscale#6995 Signed-off-by: Andrew Lytvynov <awly@tailscale.com> Signed-off-by: Alex Paguis <alex@windscribe.com>
Arch version of tailscale is not maintained by us, but is generally up-to-date with our releases. Therefore "tailscale update" is just a thin wrapper around "pacman -Sy tailscale" with different flags.
Updates #6995