Skip to content
This repository was archived by the owner on May 22, 2026. It is now read-only.

Fix offline rpm/dpkg install status when piping to tee.#805

Open
sercanokur wants to merge 2 commits into
cisagov:developfrom
sercanokur:sercanokur-804-pipefail-rpm-dpkg-tee
Open

Fix offline rpm/dpkg install status when piping to tee.#805
sercanokur wants to merge 2 commits into
cisagov:developfrom
sercanokur:sercanokur-804-pipefail-rpm-dpkg-tee

Conversation

@sercanokur

@sercanokur sercanokur commented May 12, 2026
edited
Loading

Copy link
Copy Markdown

Pull request description — #804 (install.sh pipefail + tee)

Suggested PR title: install.sh: use pipefail for offline rpm/dpkg pipelines with tee

Base branch: develop · Compare branch: sercanokur-804-pipefail-rpm-dpkg-tee

🗣 Description

During offline installs, install.sh pipes rpm and dpkg output through tee (for example sudo rpm … | tee /tmp/rpm_install.log and sudo dpkg … | tee /tmp/dpkg_install.log). In Bash, unless pipefail is enabled, the pipeline’s exit status is that of tee, which almost always exits 0. That means rpm or dpkg can fail while the enclosing if still takes the success path, skipping failure handling (exit 1, dependency diagnostics, etc.).

Both pipelines are wrapped in a subshell with set -o pipefail so only those commands are affected:

  • ( set -o pipefail; sudo rpm … | tee … )
  • ( set -o pipefail; sudo dpkg … | tee … )

💭 Motivation and context

  • Problem: Logging with | tee is useful, but without pipefail the pipeline can report success even when rpm/dpkg failed.
  • Fix: Apply the subshell set -o pipefail pattern at those two locations in install.sh.
  • Related issue: Closes #804

(If merging to develop does not auto-close issues, link issue #804 in the PR sidebar Development section, per the repo PR template.)

🧪 Testing

Local

  • Ran bash -n install.sh — syntax OK.

Docker

  • ubuntu:22.04, repo mounted read-only: bash -n on install.sh; reproduced dpkg failure on a missing .deb. Without pipefail, dpkg … | tee behaved as success; with ( set -o pipefail; … ), the pipeline failed correctly.
  • rockylinux:9: same comparison for failing rpm with a missing RPM file — pipefail correctly surfaced the failure.

How someone else can verify

  • Re-run the same Docker checks, or in a real offline run use a deliberate package failure and confirm install.sh now stops in the intended error path.

✅ Pre-approval checklist

  • Changes are limited to a single goal AND the title reflects this in a clear human readable format
  • Issue that this PR solves has been selected in the Development section
  • I have read and agree to LME's CONTRIBUTING.md document.
  • The PR adheres to LME's requirements in RELEASES.md
  • These code changes follow cisagov code standards.
  • All relevant repo and/or project documentation has been updated to reflect the changes in this PR (N/A — no doc updates required)

✅ Pre-merge Checklist

  • All tests pass (CI green)
  • PR has been tested and the documentation for testing is above
  • Squash and merge all commits into one PR level commit

✅ Post-merge Checklist

  • Delete the branch to keep down number of branches

@sercanokur @cursoragent
Fix offline rpm/dpkg install status when piping to tee.
d248f62 
Without pipefail, the exit status of a pipeline was that of tee, so a
failed rpm or dpkg run could still be treated as success. Run each
pipeline in a subshell with set -o pipefail so failures propagate.

Co-authored-by: Cursor <cursoragent@cursor.com>
@github-project-automation github-project-automation Bot moved this to 🆕 Product Backlog in LME-Development May 12, 2026
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

LME-Development
Status: 🆕 Product Backlog

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@sercanokur