fix: publish script dpkg-name, s3cfg fallback, and --reinstall for apply

2026-03-26 02:11:53 +00:00 · 2026-02-19 23:26:16 -07:00
parent 35f3274f29
commit 135afd0251
3 changed files with 18 additions and 17 deletions
--- a/apt/start9.gpg
+++ b/apt/start9.gpg
--- a/build/apt/publish-deb.sh
+++ b/build/apt/publish-deb.sh
@@ -38,8 +38,9 @@ if [ -n "$GPG_PRIVATE_KEY" ]; then
 fi

 # Configure s3cmd
-S3CMD_CONFIG="$(mktemp)"
-cat > "$S3CMD_CONFIG" <<EOF
+if [ -n "$S3_ACCESS_KEY" ] && [ -n "$S3_SECRET_KEY" ]; then
+    S3CMD_CONFIG="$(mktemp)"
+    cat > "$S3CMD_CONFIG" <<EOF
 [default]
 access_key = ${S3_ACCESS_KEY}
 secret_key = ${S3_SECRET_KEY}
@@ -47,10 +48,16 @@ host_base = $(echo "$ENDPOINT" | sed 's|https://||')
 host_bucket = %(bucket)s.$(echo "$ENDPOINT" | sed 's|https://||')
 use_https = True
 EOF
-
-s3() {
+    s3() {
        s3cmd -c "$S3CMD_CONFIG" "$@"
-}
+    }
+else
+    # Fall back to default ~/.s3cfg
+    S3CMD_CONFIG=""
+    s3() {
+        s3cmd "$@"
+    }
+fi

 # Sync existing repo from S3
 echo "Syncing existing repo from s3://${BUCKET}/ ..."
@@ -75,12 +82,13 @@ if [ ${#DEB_FILES[@]} -eq 0 ]; then
    exit 1
 fi

-# Copy each deb to the pool
+# Copy each deb to the pool, renaming to standard format
 for deb in "${DEB_FILES[@]}"; do
    PKG_NAME="$(dpkg-deb --field "$deb" Package)"
    POOL_DIR="$REPO_DIR/pool/${COMPONENT}/${PKG_NAME:0:1}/${PKG_NAME}"
    mkdir -p "$POOL_DIR"
    cp "$deb" "$POOL_DIR/"
+    dpkg-name -o "$POOL_DIR/$(basename "$deb")" 2>/dev/null || true
    echo "Added: $(basename "$deb") -> pool/${COMPONENT}/${PKG_NAME:0:1}/${PKG_NAME}/"
 done

@@ -126,5 +134,5 @@ fi
 echo "Uploading to s3://${BUCKET}/ ..."
 s3 sync --acl-public --no-mime-magic "$REPO_DIR/" "s3://${BUCKET}/"

-rm -f "$S3CMD_CONFIG"
+[ -n "$S3CMD_CONFIG" ] && rm -f "$S3CMD_CONFIG"
 echo "Done."
--- a/core/src/tunnel/update.rs
+++ b/core/src/tunnel/update.rs
@@ -63,23 +63,16 @@ pub async fn apply_update(_ctx: TunnelContext, _: Empty) -> Result<TunnelUpdateR
    let installed = parse_version_field(&policy_str, "Installed:");
    let candidate = parse_version_field(&policy_str, "Candidate:");

-    if installed == candidate {
-        return Ok(TunnelUpdateResult {
-            status: "up-to-date".to_string(),
-            installed: installed.unwrap_or_default(),
-            candidate: candidate.unwrap_or_default(),
-        });
-    }
-
    // Spawn in a separate cgroup via systemd-run so the process survives
    // when the postinst script restarts start-tunneld.service.
    // After the install completes, reboot the system.
+    // Uses --reinstall so the update applies even when versions match.
    Command::new("systemd-run")
        .arg("--scope")
        .arg("--")
        .arg("sh")
        .arg("-c")
-        .arg("apt-get install --only-upgrade -y start-tunnel && reboot")
+        .arg("apt-get install --reinstall -y start-tunnel && reboot")
        .env("DEBIAN_FRONTEND", "noninteractive")
        .stdin(Stdio::null())
        .stdout(Stdio::null())