Open
Conversation
adds `ipfs update` command tree that downloads pre-built Kubo binaries from GitHub Releases, verifies SHA-512 checksums, and replaces the running binary in place. subcommands: - `ipfs update check` -- query GitHub for newer versions - `ipfs update versions` -- list available releases - `ipfs update install [version]` -- download, verify, backup, and atomically replace the current binary - `ipfs update revert` -- restore the previously backed up binary from `$IPFS_PATH/old-bin/` read-only subcommands (check, versions) work while the daemon is running. install and revert require the daemon to be stopped first. design decisions: - uses GitHub Releases API instead of dist.ipfs.tech because GitHub is harder to censor in regions that block IPFS infrastructure - honors GITHUB_TOKEN/GH_TOKEN to avoid unauthenticated rate limits - backs up the current binary before replacing, with permission-error fallback that saves to a temp dir with manual `sudo mv` instructions - `KUBO_UPDATE_GITHUB_URL` env var redirects API calls for integration testing; `IPFS_VERSION_FAKE` overrides the reported version - unit tests use mock HTTP servers and the var override; CLI tests use the env vars with a temp binary copy so the real build is never touched resolves #10937
Resolve changelog conflict by placing the update command entry after the cid inspect section.
- cap decompressed binary at 1 GB to block zip/tar bombs - propagate tar.gz/zip errors instead of swallowing them - fall back to 1h context timeout when --timeout is not set - warn on stderr when daemon lock check fails - clarify that fetch+verify+extract complete before touching binary
The test harness hardcodes the binary path as `cmd/ipfs/ipfs` without the `.exe` suffix. On Windows the built binary is `ipfs.exe`, so copyBuiltBinary needs to append the extension.
On Windows the OS locks the running executable, so atomicfile cannot rename over it. The install command falls back to saving the new binary to a temp path. Accept both outcomes in TestUpdateInstall: in-place replacement (Unix) or permission-denied fallback (Windows). Also fix stash path to include .exe suffix on Windows. - test/cli/update_test.go: branch on runtime.GOOS for install assertions - test/sharness/t0063-external.sh: remove, tested the old ExternalBinary delegation which is replaced by the built-in update command - .github/workflows/test-migrations.yml: pass GITHUB_TOKEN to avoid rate limits
lidel
force-pushed
the
feat/builtin-update-command
branch
from
da9c63c to
cd16d29
Compare
On Windows, Process.Wait() sets the handle state to "released" rather than "done", so a subsequent Signal() returns syscall.EINVAL instead of os.ErrProcessDone. This caused StopDaemon cleanup to panic on Windows CI. Treat both errors as "process already exited".
lidel
force-pushed
the
feat/builtin-update-command
branch
from
cd16d29 to
6fb1eb6
Compare
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Warning
Not finished yet, parking here until we work on 0.41
ipfs update: add built-in command, sunsetipfs-update#10937adds
ipfs updatecommand tree that downloads pre-built Kubo binaries from GitHub Releases, verifies SHA-512 checksums, and replaces the running binary in place.ipfs update: add built-in command, sunsetipfs-update#10937subcommands:
ipfs update check-- query GitHub for newer versionsipfs update versions-- list available releasesipfs update install [version]-- download, verify, backup, and atomically replace the current binaryipfs update revert-- restore the previously backed up binary from$IPFS_PATH/old-bin/read-only subcommands (check, versions) work while the daemon is running. install and revert require the daemon to be stopped first.
design decisions:
sudo mvinstructionsKUBO_UPDATE_GITHUB_URLenv var redirects API calls for integration testing;IPFS_VERSION_FAKEoverrides the reported version