Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Allow downgrades using RPM and DEB packages #2885

Merged
merged 6 commits into from
Mar 27, 2024
Merged

Allow downgrades using RPM and DEB packages #2885

merged 6 commits into from
Mar 27, 2024

Conversation

jr0me
Copy link
Member

@jr0me jr0me commented Mar 19, 2024
edited by TomasTurina
Loading

Related issue
wazuh/wazuh#22522

Description

This PR modifies RPM and DEB scripts for Wazuh agent's packages.

The modifications make it possible to downgrade Wazuh to earlier versions, allowing to rollback upgrades or to undo transactions via package managers across more versions.

Tests

  • Build the package in any supported platform
    • Linux
  • Package installation
  • Package upgrade
  • Package downgrade
  • Package remove
  • Package install/remove/install
  • Change added to CHANGELOG.md

@jr0me jr0me changed the title 22522 dev allow rpm and deb downgrades Allow downgrades using RPM and DEB packages Mar 19, 2024
@jr0me jr0me added the type/enhancement Enhancement issue label Mar 19, 2024
@jr0me jr0me linked an issue Mar 19, 2024 that may be closed by this pull request
Allow downgrades using RPM and DEB packages and adapt WPK script wazuh/wazuh#22522
Closed
@jr0me jr0me marked this pull request as draft March 19, 2024 13:02
@jr0me jr0me requested a review from TomasTurina March 19, 2024 13:02
jr0me added 3 commits March 22, 2024 13:57
@jr0me
Fix user and group deletion during upgrade/downgrade
110acd5 
In order to succesfuly downgrade to earlier versions of Wazuh, we need
to restore ownership of files to the ossec group and user.

RPM may also backup the client.keys file, making it impossible for the
agent to reconnect, for this reason we try to restore this backup of
the client.keys if none is found.
@jr0me
Add files orphaned files to Wazuh user and group.
a1a4f28 
The removal of a previous installed pacakge can result in the ossec
group and user being deleted, leaving files orphaned.

Some of these files are needed to be owned by Wazuh to guarantee
the agent connection.
@jr0me
Ensure the service has been stopped.
95fbee3 
In soeme cases the service lingers and doesn't respond to more graceful attempts.

We then try kill the process if previous attempts didn't work.
@jr0me jr0me force-pushed the 22522-dev-allow-rpm-and-deb-downgrades branch from 11176d1 to 3b31814 Compare March 22, 2024 13:00
@jr0me jr0me mentioned this pull request Mar 22, 2024
Merged
2 tasks
@jr0me jr0me changed the base branch from master to 4.9.0 March 22, 2024 13:06
@TomasTurina TomasTurina removed the type/enhancement Enhancement issue label Mar 25, 2024
@jr0me jr0me force-pushed the 22522-dev-allow-rpm-and-deb-downgrades branch from 3b31814 to 27f61ec Compare March 25, 2024 15:58
@jr0me jr0me changed the base branch from 4.9.0 to 21152-improve-wpks March 26, 2024 19:21
@jr0me jr0me marked this pull request as ready for review March 27, 2024 10:51
TomasTurina
TomasTurina reviewed Mar 27, 2024
View reviewed changes
debs/SPECS/wazuh-agent/debian/postrm Show resolved Hide resolved
debs/SPECS/wazuh-agent/debian/postrm Show resolved Hide resolved
wpk/run.sh Show resolved Hide resolved
@TomasTurina TomasTurina linked an issue Mar 27, 2024 that may be closed by this pull request
Adapt WPK script for Windows and MacOS wazuh/wazuh#22669
Closed
@jr0me jr0me force-pushed the 22522-dev-allow-rpm-and-deb-downgrades branch from ed90d71 to c52cb29 Compare March 27, 2024 21:05
jr0me added 3 commits March 27, 2024 22:54
@jr0me
When downgrading the postrm deb script is run as an upgrade.
153d5e1 
This works fine with newer versions of Wazuh that follow the same paths structure.

Older versions (ones with ossec group and user) require that we restore that expected
paths and ownership.
@jr0me
Wazuh agents on mac now use the same script as Linux for upgrades. We…
1c3a711 
… need to reflect this on wazuh packages as well to find the correct script.
@jr0me
Add support for building WPKs with APK packages
8e72c3a
@jr0me jr0me force-pushed the 22522-dev-allow-rpm-and-deb-downgrades branch from c52cb29 to 8e72c3a Compare March 27, 2024 21:55
@TomasTurina TomasTurina merged commit e590d26 into 21152-improve-wpks Mar 27, 2024
48 checks passed
@TomasTurina TomasTurina deleted the 22522-dev-allow-rpm-and-deb-downgrades branch March 27, 2024 23:00
@jr0me jr0me mentioned this pull request Apr 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@TomasTurina TomasTurina TomasTurina approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Adapt WPK script for Windows and MacOS Allow downgrades using RPM and DEB packages and adapt WPK script
2 participants
@jr0me @TomasTurina