preserves ssh host keys and machine ids

explicitly await unmounts
2026-03-26 02:11:53 +00:00 · 2022-02-09 22:32:01 -07:00
parent f497c1197f
commit 1fa524dfed
1 changed files with 59 additions and 0 deletions
--- a/backend/src/update/mod.rs
+++ b/backend/src/update/mod.rs
@@ -114,6 +114,12 @@ impl WritableDrives {
    fn as_fs(&self) -> impl FileSystem {
        BlockDev::new(self.block_dev())
    }
+    fn invert(&self) -> WritableDrives {
+        match self {
+            Self::Green => Self::Blue,
+            Self::Blue => Self::Green,
+        }
+    }
 }

 /// This will be where we are going to be putting the new update
@@ -251,6 +257,8 @@ async fn do_update(
    new_label: NewLabel,
 ) -> Result<(), Error> {
    download.await?;
+    copy_machine_id(new_label).await?;
+    copy_ssh_host_keys(new_label).await?;
    swap_boot_label(new_label).await?;

    Ok(())
@@ -384,6 +392,57 @@ async fn check_download(hash_from_header: &str, file_digest: Vec<u8>) -> Result<
    Ok(())
 }

+async fn copy_machine_id(new_label: NewLabel) -> Result<(), Error> {
+    let new_guard = TmpMountGuard::mount(&new_label.0.as_fs()).await?;
+    let old_guard = TmpMountGuard::mount(&new_label.0.invert().as_fs()).await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/machine-id"),
+        new_guard.as_ref().join("etc/machine-id"),
+    )
+    .await?;
+    new_guard.unmount().await?;
+    old_guard.unmount().await?;
+    Ok(())
+}
+
+async fn copy_ssh_host_keys(new_label: NewLabel) -> Result<(), Error> {
+    let new_guard = TmpMountGuard::mount(&new_label.0.as_fs()).await?;
+    let old_guard = TmpMountGuard::mount(&new_label.0.invert().as_fs()).await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_rsa_key"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_rsa_key"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_rsa_key.pub"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_rsa_key.pub"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_ecdsa_key"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_ecdsa_key"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_ecdsa_key.pub"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_ecdsa_key.pub"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_ed25519_key"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_ed25519_key"),
+    )
+    .await?;
+    tokio::fs::copy(
+        old_guard.as_ref().join("etc/ssh/ssh_host_ed25519_key.pub"),
+        new_guard.as_ref().join("etc/ssh/ssh_host_ed25519_key.pub"),
+    )
+    .await?;
+    new_guard.unmount().await?;
+    old_guard.unmount().await?;
+    Ok(())
+}
+
 #[instrument]
 async fn swap_boot_label(new_label: NewLabel) -> Result<(), Error> {
    let block_dev = new_label.0.block_dev();