proxmoxPanel/core
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

fix: sudo -n pour pct exec/list (permissions root requises)

Browse source 
Tous les appels pct passent par sudo -n pour les sessions SSH non-root.
GetPackages est résilient : utilise l'output même si exit code != 0.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
enzo 2026-03-21 01:29:07 +01:00
parent 8ff6fb0e8c
commit 7ba0ff143c
1 changed files with 8 additions and 7 deletions
Download patch file Download diff file Expand all files Collapse all files

15
backend/internal/api/updates.go
View file

@ -77,7 +77,7 @@ func (h *UpdatesHandler) GetTargets(w http.ResponseWriter, r *http.Request) {
{ID: "host", Name: "Proxmox Host", Status: "running"}, {ID: "host", Name: "Proxmox Host", Status: "running"},
} }
output, err := h.sshPool.RunCommand(sshHost, sshUser, sshPass, "/usr/sbin/pct list 2>/dev/null") output, err := h.sshPool.RunCommand(sshHost, sshUser, sshPass, "sudo -n /usr/sbin/pct list 2>/dev/null")
if err == nil { if err == nil {
for _, line := range strings.Split(output, "\n") { for _, line := range strings.Split(output, "\n") {
line = strings.TrimSpace(line) line = strings.TrimSpace(line)
@ -130,20 +130,21 @@ func (h *UpdatesHandler) GetPackages(w http.ResponseWriter, r *http.Request) {
command = "apt list --upgradable 2>/dev/null" command = "apt list --upgradable 2>/dev/null"
case len(target) > 4 && target[:4] == "lxc:": case len(target) > 4 && target[:4] == "lxc:":
lxcID := target[4:] lxcID := target[4:]
command = fmt.Sprintf("/usr/sbin/pct exec %s -- apt list --upgradable 2>/dev/null", lxcID) command = fmt.Sprintf("sudo -n /usr/sbin/pct exec %s -- apt list --upgradable 2>/dev/null", lxcID)
default: default:
JSONError(w, "Cible invalide", http.StatusBadRequest) JSONError(w, "Cible invalide", http.StatusBadRequest)
return return
} }
output, err := h.sshPool.RunCommand(sshHost, sshUser, sshPass, command) output, err := h.sshPool.RunCommand(sshHost, sshUser, sshPass, command)
if err != nil { packages := parseAptPackages(output)
if err != nil && len(packages) == 0 {
log.Printf("[updates/packages] Erreur SSH pour %s : %v", target, err) log.Printf("[updates/packages] Erreur SSH pour %s : %v", target, err)
JSONError(w, "Erreur SSH : "+err.Error(), http.StatusBadGateway) JSONError(w, "Erreur SSH : "+err.Error(), http.StatusBadGateway)
return return
} }
JSONResponse(w, http.StatusOK, parseAptPackages(output)) JSONResponse(w, http.StatusOK, packages)
} }
// parseAptPackages analyse la sortie de `apt list --upgradable`. // parseAptPackages analyse la sortie de `apt list --upgradable`.
@ -289,14 +290,14 @@ func (h *UpdatesHandler) executeUpdate(jobID, target, sshHost, sshUser, sshPass
case len(target) > 4 && target[:4] == "lxc:": case len(target) > 4 && target[:4] == "lxc:":
lxcID := target[4:] lxcID := target[4:]
command = fmt.Sprintf( command = fmt.Sprintf(
"/usr/sbin/pct exec %s -- bash -c 'DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y'", "sudo -n /usr/sbin/pct exec %s -- bash -c 'DEBIAN_FRONTEND=noninteractive apt-get update && DEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y'",
lxcID, lxcID,
) )
case target == "all": case target == "all":
command = `for ct in $(/usr/sbin/pct list | awk 'NR>1 {print $1}'); do command = `for ct in $(sudo -n /usr/sbin/pct list | awk 'NR>1 {print $1}'); do
echo "=== LXC $ct ===" echo "=== LXC $ct ==="
/usr/sbin/pct exec $ct -- bash -c 'DEBIAN_FRONTEND=noninteractive apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y' 2>/dev/null || echo "SKIP LXC $ct" sudo -n /usr/sbin/pct exec $ct -- bash -c 'DEBIAN_FRONTEND=noninteractive apt-get update -qq && DEBIAN_FRONTEND=noninteractive apt-get full-upgrade -y' 2>/dev/null || echo "SKIP LXC $ct"
done` done`
default: default: