random_username's picture

Hi,

I just installed ghost via proxmox container and noticed a Critical security update available notice at the top of my page.

I'm trying to update my version of Ghost but get the following error:

root@ghost /opt/ghost# su -c "pm2 stop ghost" node
bash: pm2: command not found

Here is my turnkey-version:

root@ghost /opt/ghost# turnkey-version
turnkey-ghost-16.1-buster-amd64

I'm trying to follow the Supervised Manual Ghost Update instructions here.

DIR=/opt/ghost
cd $DIR
su -c "pm2 stop ghost" node
rm -rf core
curl -LOk https://ghost.org/zip/ghost-latest.zip
unzip ghost-latest.zip -d ghost-temp
cd ghost-temp
cp -R core $DIR
cp index.js *.json *.md $DIR
# optional step - update default theme
cp -R content/themes/casper $DIR/content/themes
cd ..
rm -r ghost-temp
rm ghost-latest.zip
chown -R node:node $DIR
su -c "npm install --production" node
su -c "pm2 start ghost" node

Any ideas how to update this version of ghost? 

Forum: 
Jeremy Davis's picture

Hi fleabeard and welcome to TurnKey. :)

Thanks so much for posting! Deep apologies on our old, outdated documentation. You weren't to know, but in the source code the Readme has more up to date documentation on updates.

Having said that, when I double checked to make sure that the instructions from the doc worked, it turns out that there is a little more required. So even that isn't up to date for the current scenario!The node version also needs to be updated and the ghost CLI tool also recommends that it be updated to the latest version.

So first up, update NodeJS itself:

n 14

That should return something like this:

  installing : node-v14.18.2
       mkdir : /usr/local/n/versions/node/14.18.2
       fetch : https://nodejs.org/dist/v14.18.2/node-v14.18.2-linux-x64.tar.xz
   installed : v14.18.2 (with npm 6.14.15)

Then update Ghost CLI:

npm install -g ghost-cli@latest

Then we'll update Ghost itself. We do that as the 'ghost_user' and if it needs root access at any point it will ask for the "sudo password". By default, that is the same as the Ghost Admin password you set at first boot (note the passwords aren't synced after firstboot, so they can be changed independently). If you don't recall what that was, you can update it like this:

passwd ghost_user
So now, update Ghost itself. First become the 'ghost_user':
runuser - ghost_user

That should drop you into the 'ghost-user's home, and you should see a prompt like this:

ghost_user@ghost_hostname ~$

(Where 'ghost_hostname' is whatever the hostname of your instance is).

If for some reason you aren't in the home (aka the '~' between the hostname and the '$'), then change to that (if in doubt run this line, it won't do any harm):

cd ~

Now run the update:

ghost update

It will take a while, but once it's finished you should see something like this:

+ sudo systemctl is-active ghost_localhost
? Sudo Password [hidden]
✔ Checking system Node.js version - found v14.18.2
✔ Ensuring user is not logged in as ghost user
✔ Checking if logged in user is directory owner
✔ Checking current folder permissions
✔ Checking folder permissions
✔ Checking file permissions
✔ Checking content folder ownership
✔ Checking memory availability
✔ Checking free space
✔ Checking for available migrations
+ sudo mkdir -p /opt/ghost/content/media
? Sudo Password [hidden]
+ sudo mkdir -p /opt/ghost/content/files
? Sudo Password [hidden]
+ sudo mkdir -p /opt/ghost/content/public
? Sudo Password [hidden]
✔ Create content/media, content/files and content/public directories
✔ Checking for latest Ghost version

# 4.26.0

* Added toggle card to editor - Rishabh Garg
* Added callout card to editor - Thibaut Patel
* Updated Casper to v4.3.1 - Peter Zimon
* Fixed error when sending messages via bootstrap socket - Daniel Lockyer

---

View the changelogs for full details:
* Ghost - https://github.com/tryghost/ghost/compare/v4.25.1...v4.26.0
* Admin - https://github.com/tryghost/admin/compare/v4.25.1...v4.26.0

✔ Fetched release notes
✔ Downloading and updating Ghost to v4.26.0
+ sudo systemctl stop ghost_localhost
? Sudo Password [hidden]
✔ Stopping Ghost
✔ Linking latest Ghost and recording versions
+ sudo systemctl start ghost_localhost
? Sudo Password [hidden]
✔ Restarting Ghost
 Removing old Ghost versions [skipped]

From what I can gather, it will keep the last 2 old versions, so that you can roll back if needed. Older versions will be auto cleaned up once you have more than 2.

After I completed that, I ran "ghost doctor" (it will whinge that it's not running on Ubuntu - you can safely ignore that) and it discovered some incorrect permissions. I recommend running the commands below on your system before you run 'ghost doctor' yourself (if they aren't required, they won't do any harm).:

sudo find ./ -type d -exec chmod 00775 {} \;
sudo find ./ ! -path "./versions/*" -type f -exec chmod 664 {} \;

Once those have completed (they won't give any output, double check all is well by running 'ghost doctor':

ghost doctor

Here's the output it gave me:

✔ Checking system Node.js version - found v14.18.2
✔ Checking logged in user
✔ Ensuring user is not logged in as ghost user
✔ Checking if logged in user is directory owner
✔ Checking current folder permissions
System checks failed with message: 'Linux version is not Ubuntu 16, 18, or 20'
Some features of Ghost-CLI may not work without additional configuration.
For local installs we recommend using `ghost install local` instead.
? Continue anyway? Yes
System stack check skipped
 Checking system compatibility [skipped]
✔ Checking for a MySQL installation
+ sudo systemctl is-active ghost_localhost
? Sudo Password [hidden]
Instance is currently running
 Validating config [skipped]
✔ Checking folder permissions
✔ Checking file permissions
✔ Checking content folder ownership
✔ Checking memory availability
✔ Checking binary dependencies
✔ Checking free space
✔ Checking systemd unit file
✔ Checking systemd node version - found v14.18.2

Finally, exit back to the root user:

exit

Now I just need to go update the docs...

random_username's picture

Thank you so much for this! I was able to finally get it updated with no issues! Quick question though. In your response you mention doing this:

sudo find ./ -type d -exec chmod 00775 {} \;

Should it instead be sudo find ./ -type d -exec chmod 0775 {} \; instead?

Jeremy Davis's picture

Glad to hear that works.

Re your question/suggestion - no, 00775 is legitimate, albeit possibly unrequired in this instance (but won't do any harm). The leading double zero will clear any sticky bit that has been set. See the relevant gnu coreutils docs for further info.

Jeremy Davis's picture

Thanks for posting back. It's good to know that it was required!

Also FWIW I have now updated the Ghost appliance page. So hopefully the next user won't hit the issue you hit!

Add new comment