Merge pull request #2520 from freifunk-gluon/check-updater-branch

gluon-autoupdater: check default branch name, check number of pubkeys, revert invalid branch on update/reconfigure

.luacheckrc

@@ -25,6 +25,7 @@ files["package/**/check_site.lua"] = {
 		"extend",
 		"in_domain",
 		"in_site",
+		"value",
 		"need",
 		"need_alphanumeric_key",
 		"need_array",

contrib/ci/minimal-site/site.conf

@@ -145,7 +145,7 @@
         -- Have multiple maintainers sign your build and only
         -- accept it when a sufficient number of them have
         -- signed it.
-        good_signatures = 2,
+        good_signatures = 0,
 
         -- List of public keys of maintainers.
         pubkeys = {

package/gluon-autoupdater/check_site.lua

@@ -1,11 +1,25 @@
-need_string(in_site({'autoupdater', 'branch'}), false)
+local branches = table_keys(need_table({'autoupdater', 'branches'}, function(branch)
-
-need_table({'autoupdater', 'branches'}, function(branch)
 	need_alphanumeric_key(branch)
 
 	need_string(in_site(extend(branch, {'name'})))
 	need_string_array_match(extend(branch, {'mirrors'}), '^http://')
+
+	local pubkeys = need_string_array_match(in_site(extend(branch, {'pubkeys'})), '^%x+$')
 	need_number(in_site(extend(branch, {'good_signatures'})))
-	need_string_array_match(in_site(extend(branch, {'pubkeys'})), '^%x+$')
+	need(in_site(extend(branch, {'good_signatures'})), function(good_signatures)
+		return good_signatures <= #pubkeys
+	end, nil, string.format('be less than or equal to the number of public keys (%d)', #pubkeys))
+
 	obsolete(in_site(extend(branch, {'probability'})), 'Use GLUON_PRIORITY in site.mk instead.')
-end)
+end))
+
+need_one_of(in_site({'autoupdater', 'branch'}), branches, false)
+
+-- Check GLUON_AUTOUPDATER_BRANCH
+local default_branch
+local f = io.open((os.getenv('IPKG_INSTROOT') or '') .. '/lib/gluon/autoupdater/default_branch')
+if f then
+	default_branch = f:read('*line')
+	f:close()
+end
+need_one_of(value('GLUON_AUTOUPDATER_BRANCH', default_branch), branches, false)

package/gluon-autoupdater/luasrc/lib/gluon/upgrade/500-autoupdater

@@ -21,26 +21,35 @@ for name, config in pairs(site.autoupdater.branches()) do
 	end
 end
 
-if not uci:get('autoupdater', 'settings') then
+local function default_branch()
-	local enabled = unistd.access('/lib/gluon/autoupdater/default_enabled') ~= nil
-
-	local branch = site.autoupdater.branch(min_branch)
 	local f = io.open('/lib/gluon/autoupdater/default_branch')
 	if f then
-		branch = f:read('*line')
+		local ret = f:read('*line')
 		f:close()
+		return ret
 	end
 
+	return site.autoupdater.branch(min_branch)
+end
+
+local enabled, branch
+if not uci:get('autoupdater', 'settings') then
+	enabled = unistd.access('/lib/gluon/autoupdater/default_enabled') ~= nil
+end
+
+local old_branch = uci:get('autoupdater', 'settings', 'branch')
+if not old_branch or not uci:get('autoupdater', old_branch) then
+	branch = default_branch()
 	if not branch then
 		enabled = false
 	end
-
-	uci:section('autoupdater', 'autoupdater', 'settings', {
-		enabled = enabled,
-		branch = branch,
-	})
 end
 
+uci:section('autoupdater', 'autoupdater', 'settings', {
+	enabled = enabled,
+	branch = branch,
+})
+
 uci:set('autoupdater', 'settings', 'version_file', '/lib/gluon/release')
 
 uci:save('autoupdater')

package/gluon-core/luasrc/lib/gluon/check-site.lua

@@ -57,6 +57,10 @@ end
 
 
 local function path_to_string(path)
+	if path.is_value then
+		return path.label
+	end
+
 	return table.concat(path, '.')
 end
 
@@ -96,6 +100,10 @@ local function domain_src()
 end
 
 local function conf_src(path)
+	if path.is_value then
+		return 'Configuration'
+	end
+
 	local src
 
 	if has_domains then
@@ -138,6 +146,14 @@ function M.in_domain(path)
 	return path
 end
 
+function M.value(label, value)
+	return {
+		is_value = true,
+		label = label,
+		value = value,
+	}
+end
+
 function M.this_domain()
 	return domain_code
 end
@@ -171,6 +187,10 @@ function loadpath(path, base, c, ...)
 end
 
 local function loadvar(path)
+	if path.is_value then
+		return path.value
+	end
+
 	return loadpath({}, conf, unpack(path))
 end