Support in-place upgrades of new minio binary and releases. (#4961)

This PR allows 'minio update' to not only shows update banner but also allows for in-place upgrades. Updates are done safely by validating the downloaded sha256 of the binary. Fixes #4781
2025-11-06 20:33:07 -05:00 · 2017-12-16 02:03:42 +05:30
parent 8c08571cd9
commit eb7c690ea9
55 changed files with 4027 additions and 47 deletions
--- a/cmd/common-main.go
+++ b/cmd/common-main.go
@@ -29,10 +29,12 @@ import (

 // Check for updates and print a notification message
 func checkUpdate(mode string) {
-	// Its OK to ignore any errors during getUpdateInfo() here.
-	if older, downloadURL, err := getUpdateInfo(1*time.Second, mode); err == nil {
-		if updateMsg := computeUpdateMessage(downloadURL, older); updateMsg != "" {
+	// Its OK to ignore any errors during doUpdate() here.
+	if updateMsg, _, currentReleaseTime, latestReleaseTime, err := getUpdateInfo(2*time.Second, mode); err == nil {
+		if globalInplaceUpdateDisabled {
 			log.Println(updateMsg)
+		} else {
+			log.Println(prepareUpdateMessage("Run `minio update`", latestReleaseTime.Sub(currentReleaseTime)))
 		}
 	}
 }
@@ -106,4 +108,9 @@ func handleCommonEnvVars() {
 	if globalDomainName != "" {
 		globalIsEnvDomainName = true
 	}
+
+	// In place update is true by default if the MINIO_UPDATE is not set
+	// or is not set to 'off', if MINIO_UPDATE is set to 'off' then
+	// in-place update is off.
+	globalInplaceUpdateDisabled = strings.EqualFold(os.Getenv("MINIO_UPDATE"), "off")
 }
--- a/cmd/gateway/azure/gateway-azure.go
+++ b/cmd/gateway/azure/gateway-azure.go
@@ -71,6 +71,9 @@ ENVIRONMENT VARIABLES:
  BROWSER:
     MINIO_BROWSER: To disable web browser access, set this value to "off".

+  UPDATE:
+     MINIO_UPDATE: To turn off in-place upgrades, set this value to "off".
+
 EXAMPLES:
  1. Start minio gateway server for Azure Blob Storage backend.
      $ export MINIO_ACCESS_KEY=azureaccountname
--- a/cmd/gateway/b2/gateway-b2.go
+++ b/cmd/gateway/b2/gateway-b2.go
@@ -23,6 +23,7 @@ import (
 	"hash"
 	"io"
 	"io/ioutil"
+
 	"net/http"
 	"strings"
 	"sync"
@@ -63,6 +64,9 @@ ENVIRONMENT VARIABLES:
  BROWSER:
     MINIO_BROWSER: To disable web browser access, set this value to "off".

+  UPDATE:
+     MINIO_UPDATE: To turn off in-place upgrades, set this value to "off".
+
 EXAMPLES:
  1. Start minio gateway server for B2 backend.
      $ export MINIO_ACCESS_KEY=accountID
--- a/cmd/gateway/gcs/gateway-gcs.go
+++ b/cmd/gateway/gcs/gateway-gcs.go
@@ -23,6 +23,7 @@ import (
 	"fmt"
 	"io"
 	"io/ioutil"
+
 	"math"
 	"os"
 	"regexp"
@@ -109,6 +110,9 @@ ENVIRONMENT VARIABLES:
  BROWSER:
     MINIO_BROWSER: To disable web browser access, set this value to "off".

+  UPDATE:
+     MINIO_UPDATE: To turn off in-place upgrades, set this value to "off".
+
  GCS credentials file:
     GOOGLE_APPLICATION_CREDENTIALS: Path to credentials.json

--- a/cmd/gateway/s3/gateway-s3.go
+++ b/cmd/gateway/s3/gateway-s3.go
@@ -55,6 +55,9 @@ ENVIRONMENT VARIABLES:
  BROWSER:
     MINIO_BROWSER: To disable web browser access, set this value to "off".

+  UPDATE:
+     MINIO_UPDATE: To turn off in-place upgrades, set this value to "off".
+
 EXAMPLES:
  1. Start minio gateway server for AWS S3 backend.
      $ export MINIO_ACCESS_KEY=accesskey
--- a/cmd/gateway/sia/gateway-sia.go
+++ b/cmd/gateway/sia/gateway-sia.go
@@ -69,6 +69,12 @@ ENVIRONMENT VARIABLES: (Default values in parenthesis)
     MINIO_ACCESS_KEY: Custom access key (Do not reuse same access keys on all instances)
     MINIO_SECRET_KEY: Custom secret key (Do not reuse same secret keys on all instances)

+  BROWSER:
+     MINIO_BROWSER: To disable web browser access, set this value to "off".
+
+  UPDATE:
+     MINIO_UPDATE: To turn off in-place upgrades, set this value to "off".
+
  SIA_TEMP_DIR:        The name of the local Sia temporary storage directory. (.sia_temp)
  SIA_API_PASSWORD:    API password for Sia daemon. (default is empty)

--- a/cmd/globals.go
+++ b/cmd/globals.go
@@ -89,9 +89,12 @@ var (
 	// Set to true if credentials were passed from env, default is false.
 	globalIsEnvCreds = false

-	// This flag is set to 'true' wen MINIO_REGION env is set.
+	// This flag is set to 'true' when MINIO_REGION env is set.
 	globalIsEnvRegion = false

+	// This flag is set to 'true' when MINIO_UPDATE env is set to 'off'. Default is false.
+	globalInplaceUpdateDisabled = false
+
 	// This flag is set to 'us-east-1' by default
 	globalServerRegion = globalMinioDefaultRegion

--- a/cmd/server-main.go
+++ b/cmd/server-main.go
@@ -62,6 +62,9 @@ ENVIRONMENT VARIABLES:
  REGION:
     MINIO_REGION: To set custom region. By default it is "us-east-1".

+  UPDATE:
+     MINIO_UPDATE: To turn off in-place upgrades, set this value to "off".
+
 EXAMPLES:
  1. Start minio server on "/home/shared" directory.
      $ {{.HelpName}} /home/shared
--- a/cmd/update-main.go
+++ b/cmd/update-main.go
@@ -18,6 +18,9 @@ package cmd

 import (
 	"bufio"
+	"crypto"
+	_ "crypto/sha256" // Needed for sha256 hash verifier.
+	"encoding/hex"
 	"fmt"
 	"io/ioutil"
 	"net/http"
@@ -28,7 +31,9 @@ import (
 	"time"

 	"github.com/fatih/color"
+	"github.com/inconshreveable/go-update"
 	"github.com/minio/cli"
+	"github.com/segmentio/go-prompt"
 )

 // Check for new software updates.
@@ -53,18 +58,19 @@ FLAGS:
  {{end}}{{end}}
 EXIT STATUS:
   0 - You are already running the most recent version.
-   1 - New update is available.
+   1 - New update was applied successfully.
  -1 - Error in getting update information.

 EXAMPLES:
-   1. Check if there is a new update available:
-       $ {{.HelpName}}
+   1. Check and update minio:
+       $ {{.HelpName}
 `,
 }

 const (
 	minioReleaseTagTimeLayout = "2006-01-02T15-04-05Z"
-	minioReleaseURL           = "https://dl.minio.io/server/minio/release/" + runtime.GOOS + "-" + runtime.GOARCH + "/"
+	minioOSARCH               = runtime.GOOS + "-" + runtime.GOARCH
+	minioReleaseURL           = "https://dl.minio.io/server/minio/release/" + minioOSARCH + "/"
 )

 var (
@@ -335,23 +341,24 @@ func DownloadReleaseData(timeout time.Duration, mode string) (data string, err e
 // fbe246edbd382902db9a4035df7dce8cb441357d minio.RELEASE.2016-10-07T01-16-39Z
 //
 // The second word must be `minio.` appended to a standard release tag.
-func parseReleaseData(data string) (releaseTime time.Time, err error) {
+func parseReleaseData(data string) (sha256Hex string, releaseTime time.Time, err error) {
 	fields := strings.Fields(data)
 	if len(fields) != 2 {
 		err = fmt.Errorf("Unknown release data `%s`", data)
-		return releaseTime, err
+		return sha256Hex, releaseTime, err
 	}

+	sha256Hex = fields[0]
 	releaseInfo := fields[1]

 	fields = strings.SplitN(releaseInfo, ".", 2)
 	if len(fields) != 2 {
 		err = fmt.Errorf("Unknown release information `%s`", releaseInfo)
-		return releaseTime, err
+		return sha256Hex, releaseTime, err
 	}
 	if fields[0] != "minio" {
 		err = fmt.Errorf("Unknown release `%s`", releaseInfo)
-		return releaseTime, err
+		return sha256Hex, releaseTime, err
 	}

 	releaseTime, err = releaseTagToReleaseTime(fields[1])
@@ -359,13 +366,13 @@ func parseReleaseData(data string) (releaseTime time.Time, err error) {
 		err = fmt.Errorf("Unknown release tag format. %s", err)
 	}

-	return releaseTime, err
+	return sha256Hex, releaseTime, err
 }

-func getLatestReleaseTime(timeout time.Duration, mode string) (releaseTime time.Time, err error) {
+func getLatestReleaseTime(timeout time.Duration, mode string) (sha256Hex string, releaseTime time.Time, err error) {
 	data, err := DownloadReleaseData(timeout, mode)
 	if err != nil {
-		return releaseTime, err
+		return sha256Hex, releaseTime, err
 	}

 	return parseReleaseData(data)
@@ -406,49 +413,105 @@ func getDownloadURL(releaseTag string) (downloadURL string) {
 	return minioReleaseURL + "minio"
 }

-func getUpdateInfo(timeout time.Duration, mode string) (older time.Duration, downloadURL string, err error) {
-	var currentReleaseTime, latestReleaseTime time.Time
+func getUpdateInfo(timeout time.Duration, mode string) (updateMsg string, sha256Hex string, currentReleaseTime, latestReleaseTime time.Time, err error) {
 	currentReleaseTime, err = GetCurrentReleaseTime()
 	if err != nil {
-		return older, downloadURL, err
+		return updateMsg, sha256Hex, currentReleaseTime, latestReleaseTime, err
 	}

-	latestReleaseTime, err = getLatestReleaseTime(timeout, mode)
+	sha256Hex, latestReleaseTime, err = getLatestReleaseTime(timeout, mode)
 	if err != nil {
-		return older, downloadURL, err
+		return updateMsg, sha256Hex, currentReleaseTime, latestReleaseTime, err
 	}

+	var older time.Duration
+	var downloadURL string
 	if latestReleaseTime.After(currentReleaseTime) {
 		older = latestReleaseTime.Sub(currentReleaseTime)
 		downloadURL = getDownloadURL(releaseTimeToReleaseTag(latestReleaseTime))
 	}

-	return older, downloadURL, nil
+	return prepareUpdateMessage(downloadURL, older), sha256Hex, currentReleaseTime, latestReleaseTime, nil
 }

-func mainUpdate(ctx *cli.Context) {
+func doUpdate(sha256Hex string, latestReleaseTime time.Time, ok bool) (successMsg string, err error) {
+	if !ok {
+		successMsg = greenColorSprintf("Minio update to version RELEASE.%s cancelled.",
+			latestReleaseTime.Format(minioReleaseTagTimeLayout))
+		return successMsg, nil
+	}
+	var sha256Sum []byte
+	sha256Sum, err = hex.DecodeString(sha256Hex)
+	if err != nil {
+		return successMsg, err
+	}
+
+	resp, err := http.Get(getDownloadURL(releaseTimeToReleaseTag(latestReleaseTime)))
+	if err != nil {
+		return successMsg, err
+	}
+	defer resp.Body.Close()
+
+	// FIXME: add support for gpg verification as well.
+	if err = update.RollbackError(update.Apply(resp.Body,
+		update.Options{
+			Hash:     crypto.SHA256,
+			Checksum: sha256Sum,
+		},
+	)); err != nil {
+		return successMsg, err
+	}
+
+	return greenColorSprintf("Minio updated to version RELEASE.%s successfully.",
+		latestReleaseTime.Format(minioReleaseTagTimeLayout)), nil
+}
+
+func shouldUpdate(quiet bool, sha256Hex string, latestReleaseTime time.Time) (ok bool) {
+	ok = true
+	if !quiet {
+		ok = prompt.Confirm(greenColorSprintf("Update to RELEASE.%s [%s]", latestReleaseTime.Format(minioReleaseTagTimeLayout), "yes"))
+	}
+	return ok
+}
+
+var greenColorSprintf = color.New(color.FgGreen, color.Bold).SprintfFunc()
+
+func mainUpdate(ctx *cli.Context) error {
 	if len(ctx.Args()) != 0 {
 		cli.ShowCommandHelpAndExit(ctx, "update", -1)
 	}

+	handleCommonEnvVars()
+
 	quiet := ctx.Bool("quiet") || ctx.GlobalBool("quiet")
 	if quiet {
 		log.EnableQuiet()
 	}

 	minioMode := ""
-	older, downloadURL, err := getUpdateInfo(10*time.Second, minioMode)
+	updateMsg, sha256Hex, _, latestReleaseTime, err := getUpdateInfo(10*time.Second, minioMode)
 	if err != nil {
 		log.Println(err)
 		os.Exit(-1)
 	}

-	if updateMsg := computeUpdateMessage(downloadURL, older); updateMsg != "" {
-		log.Println(updateMsg)
-		os.Exit(1)
+	// Nothing to update running the latest release.
+	if updateMsg == "" {
+		log.Println(greenColorSprintf("You are already running the most recent version of ‘minio’."))
+		return nil
 	}

-	colorSprintf := color.New(color.FgGreen, color.Bold).SprintfFunc()
-	log.Println(colorSprintf("You are already running the most recent version of ‘minio’."))
-	os.Exit(0)
+	log.Println(updateMsg)
+	// if the in-place update is disabled then we shouldn't ask the
+	// user to update the binaries.
+	if strings.Contains(updateMsg, minioReleaseURL) && !globalInplaceUpdateDisabled {
+		var successMsg string
+		successMsg, err = doUpdate(sha256Hex, latestReleaseTime, shouldUpdate(quiet, sha256Hex, latestReleaseTime))
+		if err != nil {
+			log.Println(err)
+			os.Exit(-1)
+		}
+		log.Println(successMsg)
+	}
+	return nil
 }
--- a/cmd/update-main_test.go
+++ b/cmd/update-main_test.go
@@ -263,20 +263,21 @@ func TestDownloadReleaseData(t *testing.T) {
 func TestParseReleaseData(t *testing.T) {
 	releaseTime, _ := releaseTagToReleaseTime("RELEASE.2016-10-07T01-16-39Z")
 	testCases := []struct {
-		data           string
-		expectedResult time.Time
-		expectedErr    error
+		data              string
+		expectedResult    time.Time
+		expectedSha256hex string
+		expectedErr       error
 	}{
-		{"more than two fields", time.Time{}, fmt.Errorf("Unknown release data `more than two fields`")},
-		{"more than", time.Time{}, fmt.Errorf("Unknown release information `than`")},
-		{"more than.two.fields", time.Time{}, fmt.Errorf("Unknown release `than.two.fields`")},
-		{"more minio.RELEASE.fields", time.Time{}, fmt.Errorf(`Unknown release tag format. parsing time "fields" as "2006-01-02T15-04-05Z": cannot parse "fields" as "2006"`)},
-		{"more minio.RELEASE.2016-10-07T01-16-39Z", releaseTime, nil},
-		{"fbe246edbd382902db9a4035df7dce8cb441357d minio.RELEASE.2016-10-07T01-16-39Z\n", releaseTime, nil},
+		{"more than two fields", time.Time{}, "", fmt.Errorf("Unknown release data `more than two fields`")},
+		{"more than", time.Time{}, "", fmt.Errorf("Unknown release information `than`")},
+		{"more than.two.fields", time.Time{}, "", fmt.Errorf("Unknown release `than.two.fields`")},
+		{"more minio.RELEASE.fields", time.Time{}, "", fmt.Errorf(`Unknown release tag format. parsing time "fields" as "2006-01-02T15-04-05Z": cannot parse "fields" as "2006"`)},
+		{"more minio.RELEASE.2016-10-07T01-16-39Z", releaseTime, "more", nil},
+		{"fbe246edbd382902db9a4035df7dce8cb441357d minio.RELEASE.2016-10-07T01-16-39Z\n", releaseTime, "fbe246edbd382902db9a4035df7dce8cb441357d", nil},
 	}

 	for i, testCase := range testCases {
-		result, err := parseReleaseData(testCase.data)
+		sha256Hex, result, err := parseReleaseData(testCase.data)
 		if testCase.expectedErr == nil {
 			if err != nil {
 				t.Errorf("error case %d: expected: %v, got: %v", i+1, testCase.expectedErr, err)
@@ -286,9 +287,13 @@ func TestParseReleaseData(t *testing.T) {
 		} else if testCase.expectedErr.Error() != err.Error() {
 			t.Errorf("error case %d: expected: %v, got: %v", i+1, testCase.expectedErr, err)
 		}
-
-		if !testCase.expectedResult.Equal(result) {
-			t.Errorf("case %d: result: expected: %v, got: %v", i+1, testCase.expectedResult, result)
+		if err == nil {
+			if sha256Hex != testCase.expectedSha256hex {
+				t.Errorf("case %d: result: expected: %v, got: %v", i+1, testCase.expectedSha256hex, sha256Hex)
+			}
+			if !testCase.expectedResult.Equal(result) {
+				t.Errorf("case %d: result: expected: %v, got: %v", i+1, testCase.expectedResult, result)
+			}
 		}
 	}
 }
--- a/cmd/update-notifier.go
+++ b/cmd/update-notifier.go
@@ -28,9 +28,9 @@ import (
 	"github.com/fatih/color"
 )

-// computeUpdateMessage - calculates the update message, only if a
+// prepareUpdateMessage - prepares the update message, only if a
 // newer version is available.
-func computeUpdateMessage(downloadURL string, older time.Duration) string {
+func prepareUpdateMessage(downloadURL string, older time.Duration) string {
 	if downloadURL == "" || older <= 0 {
 		return ""
 	}
--- a/cmd/update-notifier_test.go
+++ b/cmd/update-notifier_test.go
@@ -26,7 +26,7 @@ import (
 )

 // Tests update notifier string builder.
-func TestComputeUpdateMessage(t *testing.T) {
+func TestPrepareUpdateMessage(t *testing.T) {
 	testCases := []struct {
 		older time.Duration
 		dlURL string
@@ -71,7 +71,7 @@ func TestComputeUpdateMessage(t *testing.T) {
 	cyan := color.New(color.FgCyan, color.Bold).SprintFunc()

 	for i, testCase := range testCases {
-		output := computeUpdateMessage(testCase.dlURL, testCase.older)
+		output := prepareUpdateMessage(testCase.dlURL, testCase.older)
 		line1 := fmt.Sprintf("%s %s", plainMsg, yellow(testCase.expectedSubStr))
 		line2 := fmt.Sprintf("Update: %s", cyan(testCase.dlURL))
 		// Uncomment below to see message appearance: