74 lines
2.5 KiB
Plaintext
74 lines
2.5 KiB
Plaintext
--- a/dsa/checks/dsa-check-packages
|
|
+++ b/dsa/checks/dsa-check-packages
|
|
@@ -94,6 +94,7 @@ sub get_packages {
|
|
chomp(@lines);
|
|
|
|
my $pkgname = undef;
|
|
+ my $candidate_found = 0;
|
|
while (defined($line = shift @lines)) {
|
|
if ($line =~ /^([^ ]*):$/) {
|
|
# when we have multi-arch capable fu, we require that
|
|
@@ -132,8 +133,19 @@ sub get_packages {
|
|
} elsif ($line =~ /^ +Installed: (.*)$/) {
|
|
# etch dpkg -l does not print epochs, so use this info, it's better
|
|
$installed->{$pkgname}{'installed'} = $1;
|
|
+ # initialize security-update
|
|
+ $installed->{$pkgname}{'security-update'} = 0;
|
|
} elsif ($line =~ /^ +Candidate: (.*)$/) {
|
|
$installed->{$pkgname}{'candidate'} = $1;
|
|
+ } elsif ($line =~ / ([^ ]+) [0-9]+/) {
|
|
+ # check if the next lines show the sources of our candidate
|
|
+ if ($1 eq $installed->{$pkgname}{'candidate'}) {
|
|
+ $candidate_found = 1;
|
|
+ } else {
|
|
+ $candidate_found = 0;
|
|
+ }
|
|
+ } elsif (($line =~ / +[0-9]+ [^ ]+\/(security\.([^ ]+\.)?debian\.org|debian-security).*\/updates\//) && $candidate_found ) {
|
|
+ $installed->{$pkgname}{'security-update'} = 1;
|
|
} elsif ($line =~ /^ +\*\*\*/) {
|
|
$line = shift @lines;
|
|
my @l = split(/ +/, $line);
|
|
@@ -141,7 +153,7 @@ sub get_packages {
|
|
}
|
|
}
|
|
|
|
- my (%current, %obsolete, %outofdate);
|
|
+ my (%current, %obsolete, %outofdate, %security_outofdate);
|
|
for my $pkgname (keys %$installed) {
|
|
my $pkg = $installed->{$pkgname};
|
|
|
|
@@ -151,7 +163,11 @@ sub get_packages {
|
|
}
|
|
|
|
if ($pkg->{'candidate'} ne $pkg->{'installed'}) {
|
|
- $outofdate{$pkgname} = $pkg;
|
|
+ if ($pkg->{'security-update'}) {
|
|
+ $security_outofdate{$pkgname} = $pkg;
|
|
+ } else {
|
|
+ $outofdate{$pkgname} = $pkg;
|
|
+ }
|
|
next;
|
|
};
|
|
if ($pkg->{'origin'} eq '/var/lib/dpkg/status') {
|
|
@@ -163,6 +179,7 @@ sub get_packages {
|
|
|
|
$pkgs{'current'} = \%current;
|
|
$pkgs{'outofdate'} = \%outofdate;
|
|
+ $pkgs{'security_outofdate'} = \%security_outofdate;
|
|
$pkgs{'obsolete'} = \%obsolete;
|
|
return \%pkgs;
|
|
}
|
|
@@ -298,6 +315,12 @@ my @reportform = (
|
|
'short' => "%d pc",
|
|
'perf' => "prg_conf=%d;1;;0",
|
|
'status' => 'WARNING' },
|
|
+ { 'key' => 'security_outofdate',
|
|
+ 'listpackages' => 1,
|
|
+ 'long' => "%d packages with outstanding security updates: %s",
|
|
+ 'short' => "%d security-updates",
|
|
+ 'perf' => "security_outdated=%d;;1;0",
|
|
+ 'status' => 'CRITICAL' },
|
|
);
|
|
|
|
my @longout;
|