Linux update server
Getting the script
To obtain the files needed on the update server, we provide a Bash script. You can download it in your browser or from a terminal:
- curl
- wget
curl -O https://repos.passwork.pro/repository/linux/scripts/get_desktops.sh
wget -O get_desktops.sh https://repos.passwork.pro/repository/linux/scripts/get_desktops.sh
Benefits
- Downloads only the required version from our repository — the one that matches your backend. The remote repository is used as the file source, not the version source: it hosts all desktop application versions. Which
XXYYto download is determined by the script from the API or a local file. - Supports proxy (
HTTP_PROXY/HTTPS_PROXY), which is important in air-gapped networks that reach the internet via a proxy. - Can be run on a schedule (cron / Task Scheduler) so the update server stays in sync with your backend.
Where the version (which XXYY to download) comes from:
- Backend API — if
PASSWORK_DOMAINis set, the script requests the available desktop version via your Passwork server API and downloads the correspondingXXYY. - Local file — the
LOCAL_VERSIONS_FILEfile contains a line with the version.
No other version sources are used: the file repository is used only for downloading, not for determining the version.
Each run downloads one XXYY version. If the backend switches to a new version — on the next run the script will get the new XXYY (from the API or updated file) and download the update files.
Variables
| Variable | Description |
|---|---|
REPO_BASE_URL | URL of the repository with built desktop installers (file source). |
OUTPUT_DIR | Directory for saved files (update server root or a copy). |
PASSWORK_DOMAIN | Backend URL for version request via API (recommended if accessible). |
LOCAL_VERSIONS_FILE | Path to the versions file when API is not used. |
HTTP_PROXY | Proxy for outbound requests (e.g. http://proxy:3128). |
LOG_FILE | Path to the log file (optional). |
STATUS_FILE | Path to the status file for monitoring (optional, see “Monitoring”). |
KEEP_RELEASES | How many old XXYY directories to keep in OUTPUT_DIR (default 2). |
LOCK_FILE | Lock file to prevent concurrent runs (cron); empty string to disable. |
Dry run
- shell
./get_desktops.sh --dry-run
Running
- shell
# Once or via cron
export PASSWORK_DOMAIN="https://your-backend.example.com"
export OUTPUT_DIR="/var/www/updates"
export HTTP_PROXY="http://proxy.example.com:3128" # if needed
./get_desktops.sh
The script checks disk space, creates a lock if needed to avoid two instances running at once (e.g. from cron), compares manifests with already downloaded files, and downloads only when something changed.
Monitoring
To verify that synchronization ran and content is up to date:
-
Script exit code
0— success; no update needed or update completed, or--dry-run.1— error (network, repository, disk space, etc.).
Monitoring systems (cron + check script, Zabbix, Prometheus, etc.) can use the script exit code.
-
Status file (STATUS_FILE)
IfSTATUS_FILEis set, the script overwrites this file after each run with lines inkey=valueformat:status—okorerror;version— current XXYY version (or empty if error before version was determined);timestamp— time in UTC (ISO);message— short message (e.g. “Update complete for version 0002” or “All latest YAML unchanged”).
Example content after a successful run:
- shell
status=ok
version=0002
timestamp=2025-02-17T12:00:00Z
message=Update complete for version 0002
On error (including before version is determined), the script writes status=error and optionally message=exit N. For monitoring: read STATUS_FILE, ensure status=ok, and optionally check freshness via timestamp or presence of OUTPUT_DIR/<version>/latest.yml.
- Log (LOG_FILE)
IfLOG_FILEis set, all script messages are written there. You can scan the log for errors or lines like “Update complete” / “Repository unreachable”.
Example check for monitoring (Bash):
- shell
STATUS_FILE="/var/www/updates/.sync_status"
export STATUS_FILE
./get_desktops.sh
# Check after run (or from another scheduled script):
grep -q '^status=ok$' "$STATUS_FILE" && echo "Sync OK" || echo "Sync FAIL"
# or by freshness (e.g. not older than 25 hours):
ts=$(grep '^timestamp=' "$STATUS_FILE" | cut -d= -f2)