Making pepperflash update automatically was on my to-do list for quite some time and finally I had an opportunity to work on that. But I must warn you that this message is rather long, so you might want to come back to it when you have more time.
First and foremost, I felt a huge urge to rewrite some part of update-pepperflashplugin-nonfree script. Rationale for this is simple: current version of script tempers with apt config, asks Google about latest known version of Chrome and then compares that with version number downloaded from Bart Martens' website. Only if version numbers don't match, it downloads newer file from Bart's website. BUT: 1. running apt-get update is expensive (both in terms of time and computational power), while downloading file from website is cheap 2. No matter what happens, we depend on Chrome version number read from file downloaded from Bart's website. If that file ever stop to be updated, we will be overwriting pepperflash.so file over and over again. My version of script takes different approach: - we unconditionally download file with upstream flash version from Bart's website. Downloading a file is cheap. - if version of pepperflash is the same as the version indicated by Bart's file, stop any further work. - only now we ask Google about latest version of Chrome. If that version is the same as the version we have seen when we used the script for the last time, stop any further work. - if we have went that far, proceed with downloading Chrome binary and extracting pepperflash.so file. So, for most users, checking for newer version of flash will mean that they only have to download one two-line text file from Internet. If that file ever stop to be updated or will appear to be broken, we are falling back to comparing current Google Chrome version with latest version known by this system. This is expensive, but authoritative - we always know what version of Google Chrome was used to extract pepperflash.so file that we have available (we don't depend on Bart's website for telling us that). Unfortunately, there are two main drawbacks of that version of script: 1. If Bart's file ever stop to be updated, users with flashpepper.so file will stop receive updates. They would have to manually run --uninstall and --install commands. That would not affect new users. Perhaps this may be overcome by package update? Or maybe we should check timestamp of file downloaded from Bart's website and act accordingly if it exceeds some threshold (Chrome is updated every six weeks or so, so file older than two months is definitely outdated)? The reason I am putting so much attention to outdated file on Bart's website is that this is happening right now. Without additional options, current version of script will download http://people.debian.org/~bartm/pepperflashplugin-nonfree/latest-stable-verified.txt But current version of Chrome (available as Chromium in both stable and unstable Debian) is 34.0.1847.116, with pepperflash 13.0.0.182. 2. File with latest known Chrome version is kept in /var/cache, which may not be the smartest idea. If Bart's file is outdated and user cleans cache on regular basis (this is not uncommon among users with SSD to keep cache in ramdisk), each launch of `update-pepperflashplugin-nonfree --install` will download Chrome binary and overwrite any pepperflash.so file that might be available. If you are interested in updated script, please see a patch attached. Now, apart from some rewriting, my script also implements one new feature: --updatedupstream command line switch. This is pretty similar to --status, but is aimed towards machines rather than humans. It will return 1 (FALSE) when currently installed pepperflash.so version is the same as upstream version (as advertised by Bart's website), or 0 (TRUE) otherwise. This allows for semi-natural language in scripts, like: #v+ if update-pepperflashplugin-nonfree --updatedupstream then #do something because updated version is available fi #v- That option is core part of system that allows me to do the job required to close this bug report. To implement automatic updates, I decided to go down the cron route. I am attaching preliminary script that is ready to be put in /etc/cron.hourly/. Idea of script is very simple. First, we wait for some random time, but no longer than 59 minutes. This is used to prevent all Debian users from checking for updates all at the same time. Second, we check whether network is working. Finally, we check if new upstream version if available. If everything is correct, we install newer version of pepperflash.so. Comments and improvement proposals are welcome. -- Best regards Mirosław Zalewski
--- /usr/sbin/update-pepperflashplugin-nonfree 2014-04-21 15:30:05.714135887 +0200
+++ update-pepperflashplugin-nonfree 2014-04-21 15:31:35.998583689 +0200
@@ -43,7 +43,7 @@
exit 1
}
-getopt_temp=`getopt -o iusfvq --long install,uninstall,status,fast,verbose,quiet,beta,unstable,unverified \
+getopt_temp=`getopt -o iusfvq --long install,uninstall,status,fast,verbose,quiet,beta,unstable,unverified,updatedupstream \
-n 'update-pepperflashplugin-nonfree' -- "$@"` || show_usage
eval set -- "$getopt_temp" || show_usage
@@ -93,6 +93,10 @@
verified=no
shift
;;
+ --updatedupstream)
+ ACTION="--updatedupstream"
+ shift
+ ;;
--)
shift
break
@@ -111,6 +115,7 @@
latestfile=latest-$variant-verified.txt
[ "$verified" != "no" ] || latestfile=latest-$variant.txt
+lastchromeversionfile=last-known-chrome-version.txt
UNPACKDIR=`mktemp -d /tmp/pepperflashplugin-nonfree.XXXXXXXXXX` || die_hard "mktemp failed"
echo "$UNPACKDIR" | grep -q "^/tmp/pepperflashplugin-nonfree\." || die_hard "paranoia"
@@ -133,6 +138,10 @@
trap "die_hard_with_a_cleanup interrupted" INT
+installed_flash_version() {
+ strings /usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so 2> /dev/null | grep LNX | cut -d ' ' -f 2 | sed -e "s/,/./g"
+}
+
cachedir=/var/cache/pepperflashplugin-nonfree
wgetquiet=' -q '
@@ -140,17 +149,38 @@
wgetalways=' -nd -P . '
wgetprogress=' -v --progress=dot:default '
-if [ "$ACTION" = "--install" -o "$ACTION" = "--status" ]
+if [ "$ACTION" = "--install" -o "$ACTION" = "--status" -o "$ACTION" = "--updatedupstream" ]
then
- installed=`strings /usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so 2> /dev/null | grep LNX | cut -d ' ' -f 2 | sed -e "s/,/./g"`
+ installed=`installed_flash_version`
+ upstream="unknown"
+ lastchromeversion=0
+ if [ -f $cachedir/$lastchromeversionfile ]
+ then
+ lastchromeversion=`head -n 1 $cachedir/$lastchromeversionfile`
+ fi
- if [ -f $cachedir/$latestfile ]
+ downloadurl="http://people.debian.org/~bartm/pepperflashplugin-nonfree/$latestfile";
+ wgetoptions="$wgetquiet $wgetalways"
+ [ "$fast" != "yes" ] || wgetoptions="$wgetoptions $wgetfast"
+
+ [ "$verbose" != "yes" ] || echo "downloading $downloadurl"
+ if HOME=/root wget $wgetoptions $downloadurl
then
- chromeversion=`head -n 1 $cachedir/$latestfile`
- flashversion=`tail -n 1 $cachedir/$latestfile`
- else
- chromeversion=0
- flashversion=0
+ mv $latestfile $cachedir
+ upstream=`tail -n 1 $cachedir/$latestfile`
+ fi
+fi
+
+case "$ACTION" in
+
+ --install)
+ [ "$verbose" != "yes" ] || echo "selected action = $ACTION"
+
+ if [ "$installed" != "" -a "$installed" = "$upstream" ]
+ then
+ echo "upstream version $upstream is already installed"
+ do_cleanup
+ return 0
fi
mkdir -p var/lib/apt/lists var/cache/apt/archives etc/apt/apt.conf.d etc/apt/preferences.d
@@ -181,39 +211,12 @@
debsha1=`APT_CONFIG=apt.conf apt-cache show google-chrome-$variant | grep "^SHA1: " | sed -e "s,^SHA1: ,,"`
debmd5=`APT_CONFIG=apt.conf apt-cache show google-chrome-$variant | grep "^MD5sum: " | sed -e "s,^MD5sum: ,,"`
- if [ "$chromeversion" = "$newchromeversion" ]
+ if [ "$newchromeversion" = "$lastchromeversion" ]
then
- upstream=$flashversion
- else
- downloadurl="http://people.debian.org/~bartm/pepperflashplugin-nonfree/$latestfile";
- wgetoptions="$wgetquiet $wgetalways"
- [ "$fast" != "yes" ] || wgetoptions="$wgetoptions $wgetfast"
-
- [ "$verbose" != "yes" ] || echo "downloading $downloadurl"
- HOME=/root wget $wgetoptions $downloadurl || die_hard_with_a_cleanup "wget failed to download $downloadurl"
-
- mv $latestfile $cachedir
-
- chromeversion=`head -n 1 $cachedir/$latestfile`
- flashversion=`tail -n 1 $cachedir/$latestfile`
-
- upstream=$flashversion
+ echo "upstream version did not change since last execution of script"
+ do_cleanup
+ return 0
fi
-fi
-
-case "$ACTION" in
-
- --install)
- [ "$verbose" != "yes" ] || echo "selected action = $ACTION"
-
- [ "$upstream" != "" ] || die_hard_with_a_cleanup "failed to determine upstream version"
-
- if [ "$installed" != "" -a "$upstream" != "" -a "$installed" = "$upstream" ]
- then
-
- [ "$verbose" != "yes" ] || echo "upstream version $upstream is already installed"
-
- else
if [ -f $cachedir/$debfile ]
then
@@ -244,7 +247,7 @@
chown root:root /usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so
chmod 644 /usr/lib/pepperflashplugin-nonfree/libpepflashplayer.so
mv $debfile $cachedir
- fi
+ echo $newchromeversion > $cachedir/$lastchromeversionfile
[ "$verbose" != "yes" ] || echo "end of action $ACTION"
@@ -272,6 +275,22 @@
[ "$verbose" != "yes" ] || echo "end of action $ACTION"
+ ;;
+
+ --updatedupstream)
+ [ "$verbose" != "yes" ] || echo "selected action = $ACTION"
+
+ [ "$verbose" != "yes" ] || echo "comparing installed version $installed with upstream version $upstream"
+
+ if [ "$installed" = "$upstream" ]
+ then
+ return 1
+ else
+ return 0
+ fi
+
+ [ "$verbose" != "yes" ] || echo "end of action $ACTION"
+
;;
*)
update-pepperflash-nonfree.sh
Description: application/shellscript
