fix(installer): enhance post-installation error handling and Docker shutdown for security risks

osmontero · osmontero · commit eab295c2f225 · 2026-04-01T12:28:53.000+01:00
diff --git a/installer/install.go b/installer/install.go
@@ -2,6 +2,7 @@ package main
 
 import (
 	"fmt"
+	"os"
 	"time"
 
 	"github.com/utmstack/UTMStack/installer/config"
@@ -45,7 +46,15 @@ func Install() error {
 
 	fmt.Println("Running post installation scripts. This may take a while.")
 	if err := docker.PostInstallation(); err != nil {
-		return err
+		fmt.Printf("\nCRITICAL ERROR: Post-installation failed: %v\n", err)
+		fmt.Println("Stopping Docker service to prevent security risk (ports may be left open).")
+		if stopErr := utils.StopService("docker"); stopErr != nil {
+			fmt.Printf("WARNING: Failed to stop Docker service: %v\n", stopErr)
+		} else {
+			fmt.Println("Docker service has been stopped. Manual intervention required.")
+			fmt.Println("Please check /var/log/utmstack-installer.log for details.")
+		}
+		os.Exit(1)
 	}
 
 	fmt.Println("Installation fisnished successfully. We have generated a configuration file for you, please do not modify or remove it. You can find it at /root/utmstack.yml.")
diff --git a/installer/updater/service.go b/installer/updater/service.go
@@ -8,6 +8,7 @@ import (
 
 	"github.com/kardianos/service"
 	"github.com/utmstack/UTMStack/installer/config"
+	"github.com/utmstack/UTMStack/installer/docker"
 	"github.com/utmstack/UTMStack/installer/setup"
 	"github.com/utmstack/UTMStack/installer/utils"
 )
@@ -59,6 +60,21 @@ func (p *program) run() {
 		} else {
 			config.Logger().Info("Successfully applied update %s", pendingUpdate.Version)
 
+			// Close ports after update (same as initial installation)
+			config.Logger().Info("Running post-installation scripts to secure ports...")
+			if err := docker.PostInstallation(); err != nil {
+				config.Logger().ErrorF("error running post-installation: %v", err)
+				config.Logger().ErrorF("CRITICAL: Post-installation failed. Stopping Docker to prevent security risk.")
+				// Stop Docker to prevent leaving ports open
+				if stopErr := utils.StopService("docker"); stopErr != nil {
+					config.Logger().ErrorF("Failed to stop Docker service: %v", stopErr)
+				} else {
+					config.Logger().ErrorF("Docker service has been stopped. Manual intervention required.")
+				}
+				// Stop the updater service to prevent further processing
+				return
+			}
+
 			// Mark as sent in CM after successful apply
 			if pendingUpdate.ID != "offline" {
 				client := GetUpdaterClient()
