From 094efe447195bf8c8ecbd2041c6b28bf0f14a748 Mon Sep 17 00:00:00 2001 From: Jan Wagner Date: Tue, 10 Jan 2017 21:42:22 +0100 Subject: [PATCH] Adding d/p/12_check_apt_only_crit and d/p/13_check_apt_list_packages --- debian/patches/12_check_apt_only_crit | 123 +++++++++++++++ debian/patches/13_check_apt_list_packages | 180 ++++++++++++++++++++++ debian/patches/series | 2 + 3 files changed, 305 insertions(+) create mode 100644 debian/patches/12_check_apt_only_crit create mode 100644 debian/patches/13_check_apt_list_packages diff --git a/debian/patches/12_check_apt_only_crit b/debian/patches/12_check_apt_only_crit new file mode 100644 index 0000000..768cd08 --- /dev/null +++ b/debian/patches/12_check_apt_only_crit @@ -0,0 +1,123 @@ +From bf18dc42dd16811a3e0f42d4591604a4213afb3e Mon Sep 17 00:00:00 2001 +From: Christian Schmidt +Date: Thu, 29 Dec 2016 16:09:24 +0100 +Subject: [PATCH] Add --only-critical switch to check_apt + +--- + plugins/check_apt.c | 15 ++++++++++++--- + plugins/t/check_apt.t | 18 +++++++++++++++++- + 2 files changed, 29 insertions(+), 4 deletions(-) + +diff --git a/plugins/check_apt.c b/plugins/check_apt.c +index a639a41..c90b3df 100644 +--- a/plugins/check_apt.c ++++ b/plugins/check_apt.c +@@ -73,6 +73,7 @@ char* add_to_regexp(char *expr, const char *next); + /* configuration variables */ + static int verbose = 0; /* -v */ + static int do_update = 0; /* whether to call apt-get update */ ++static int only_critical = 0; /* whether to warn about non-critical updates */ + static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */ + static char *upgrade_opts = NULL; /* options to override defaults for upgrade */ + static char *update_opts = NULL; /* options to override defaults for update */ +@@ -110,7 +111,7 @@ int main (int argc, char **argv) { + + if(sec_count > 0){ + result = max_state(result, STATE_CRITICAL); +- } else if(packages_available > 0){ ++ } else if(packages_available > 0 && only_critical == 0){ + result = max_state(result, STATE_WARNING); + } else if(result > STATE_UNKNOWN){ + result = STATE_UNKNOWN; +@@ -148,12 +149,13 @@ int process_arguments (int argc, char **argv) { + {"include", required_argument, 0, 'i'}, + {"exclude", required_argument, 0, 'e'}, + {"critical", required_argument, 0, 'c'}, ++ {"only-critical", no_argument, 0, 'o'}, + {"input-file", required_argument, 0, INPUT_FILE_OPT}, + {0, 0, 0, 0} + }; + + while(1) { +- c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL); ++ c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:o", longopts, NULL); + + if(c == -1 || c == EOF || c == 1) break; + +@@ -203,6 +205,9 @@ int process_arguments (int argc, char **argv) { + case 'c': + do_critical=add_to_regexp(do_critical, optarg); + break; ++ case 'o': ++ only_critical=1; ++ break; + case INPUT_FILE_OPT: + input_filename = optarg; + break; +@@ -463,7 +468,11 @@ print_help (void) + printf (" %s\n", _("upgrades for Debian and Ubuntu:")); + printf (" \t\%s\n", SECURITY_RE); + printf (" %s\n", _("Note that the package must first match the include list before its")); +- printf (" %s\n\n", _("information is compared against the critical list.")); ++ printf (" %s\n", _("information is compared against the critical list.")); ++ printf (" %s\n", "-o, --only-critical"); ++ printf (" %s\n", _("Only warn about upgrades matching the critical list. The total number")); ++ printf (" %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause")); ++ printf (" %s\n\n", _("the plugin to return WARNING status.")); + + printf ("%s\n\n", _("The following options require root privileges and should be used with care:")); + printf (" %s\n", "-u, --update=OPTS"); +diff --git a/plugins/t/check_apt.t b/plugins/t/check_apt.t +index 9ba0ff8..430eb53 100644 +--- a/plugins/t/check_apt.t ++++ b/plugins/t/check_apt.t +@@ -23,7 +23,7 @@ sub make_result_regexp { + } + + if (-x "./check_apt") { +- plan tests => 28; ++ plan tests => 36; + } else { + plan skip_all => "No check_apt compiled"; + } +@@ -40,10 +40,18 @@ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian2") ); + is( $result->return_code, 1, "Debian apt output, warning" ); + like( $result->output, make_result_regexp(13, 0), "Output correct" ); + ++$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian2") ); ++is( $result->return_code, 0, "Debian apt output, no critical" ); ++like( $result->output, make_result_regexp(13, 0), "Output correct" ); ++ + $result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") ); + is( $result->return_code, 2, "Debian apt output, some critical" ); + like( $result->output, make_result_regexp(19, 4), "Output correct" ); + ++$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian3") ); ++is( $result->return_code, 2, "Debian apt output, some critical" ); ++like( $result->output, make_result_regexp(19, 4), "Output correct" ); ++ + $result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") ); + is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" ); + like( $result->output, make_result_regexp(19, 4), "Output correct" ); +@@ -52,6 +60,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") ); + is( $result->return_code, 1, "Debian apt output, filter for libc6" ); + like( $result->output, make_result_regexp(3, 0), "Output correct" ); + ++$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") ); ++is( $result->return_code, 1, "Debian apt output, filter for libc6, not critical" ); ++like( $result->output, make_result_regexp(3, 0), "Output correct" ); ++ + $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") ); + is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" ); + like( $result->output, make_result_regexp(9, 4), "Output correct" ); +@@ -64,6 +76,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6", "debian3") ); + is( $result->return_code, 2, "Debian apt output, filter out libc6" ); + like( $result->output, make_result_regexp(16, 4), "Output correct" ); + ++$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -o", "debian3") ); ++is( $result->return_code, 2, "Debian apt output, filter out libc6, critical" ); ++like( $result->output, make_result_regexp(16, 4), "Output correct" ); ++ + $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") ); + is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" ); + like( $result->output, make_result_regexp(10, 0), "Output correct" ); diff --git a/debian/patches/13_check_apt_list_packages b/debian/patches/13_check_apt_list_packages new file mode 100644 index 0000000..3a1dc84 --- /dev/null +++ b/debian/patches/13_check_apt_list_packages @@ -0,0 +1,180 @@ +From 43ce70bcdbebb0b699bf936ac1763c423cd7f069 Mon Sep 17 00:00:00 2001 +From: Valentin Vidic +Date: Mon, 16 Jan 2017 10:43:15 +0100 +Subject: [PATCH] check_apt: Add -l/--list option to print packages + +--- + plugins/check_apt.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++------ + 1 file changed, 65 insertions(+), 7 deletions(-) + +diff --git a/plugins/check_apt.c b/plugins/check_apt.c +index c90b3df..b69680c 100644 +--- a/plugins/check_apt.c ++++ b/plugins/check_apt.c +@@ -66,12 +66,17 @@ char* construct_cmdline(upgrade_type u, const char *opts); + /* run an apt-get update */ + int run_update(void); + /* run an apt-get upgrade */ +-int run_upgrade(int *pkgcount, int *secpkgcount); ++int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist); + /* add another clause to a regexp */ + char* add_to_regexp(char *expr, const char *next); ++/* extract package name from Inst line */ ++char* pkg_name(char *line); ++/* string comparison function for qsort */ ++int cmpstringp(const void *p1, const void *p2); + + /* configuration variables */ + static int verbose = 0; /* -v */ ++static int list = 0; /* list packages available for upgrade */ + static int do_update = 0; /* whether to call apt-get update */ + static int only_critical = 0; /* whether to warn about non-critical updates */ + static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */ +@@ -87,7 +92,8 @@ static int stderr_warning = 0; /* if a cmd issued output on stderr */ + static int exec_warning = 0; /* if a cmd exited non-zero */ + + int main (int argc, char **argv) { +- int result=STATE_UNKNOWN, packages_available=0, sec_count=0; ++ int result=STATE_UNKNOWN, packages_available=0, sec_count=0, i=0; ++ char **packages_list=NULL, **secpackages_list=NULL; + + /* Parse extra opts if any */ + argv=np_extra_opts(&argc, argv, progname); +@@ -107,7 +113,7 @@ int main (int argc, char **argv) { + if(do_update) result = run_update(); + + /* apt-get upgrade */ +- result = max_state(result, run_upgrade(&packages_available, &sec_count)); ++ result = max_state(result, run_upgrade(&packages_available, &sec_count, &packages_list, &secpackages_list)); + + if(sec_count > 0){ + result = max_state(result, STATE_CRITICAL); +@@ -130,6 +136,18 @@ int main (int argc, char **argv) { + sec_count + ); + ++ if(list) { ++ qsort(secpackages_list, sec_count, sizeof(char*), cmpstringp); ++ qsort(packages_list, packages_available-sec_count, sizeof(char*), cmpstringp); ++ ++ for(i = 0; i < sec_count; i++) ++ printf("%s (security)\n", secpackages_list[i]); ++ if (only_critical == 0) { ++ for(i = 0; i < packages_available - sec_count; i++) ++ printf("%s\n", packages_list[i]); ++ } ++ } ++ + return result; + } + +@@ -146,6 +164,7 @@ int process_arguments (int argc, char **argv) { + {"upgrade", optional_argument, 0, 'U'}, + {"no-upgrade", no_argument, 0, 'n'}, + {"dist-upgrade", optional_argument, 0, 'd'}, ++ {"list", no_argument, 0, 'l'}, + {"include", required_argument, 0, 'i'}, + {"exclude", required_argument, 0, 'e'}, + {"critical", required_argument, 0, 'c'}, +@@ -155,7 +174,7 @@ int process_arguments (int argc, char **argv) { + }; + + while(1) { +- c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:o", longopts, NULL); ++ c = getopt_long(argc, argv, "hVvt:u::U::d::nli:e:c:o", longopts, NULL); + + if(c == -1 || c == EOF || c == 1) break; + +@@ -196,6 +215,9 @@ int process_arguments (int argc, char **argv) { + if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed"); + } + break; ++ case 'l': ++ list=1; ++ break; + case 'i': + do_include=add_to_regexp(do_include, optarg); + break; +@@ -222,7 +244,7 @@ int process_arguments (int argc, char **argv) { + + + /* run an apt-get upgrade */ +-int run_upgrade(int *pkgcount, int *secpkgcount){ ++int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist){ + int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0; + struct output chld_out, chld_err; + regex_t ireg, ereg, sreg; +@@ -278,6 +300,11 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ + cmdline); + } + ++ *pkglist=malloc(sizeof(char *) * chld_out.lines); ++ if(!pkglist) die(STATE_UNKNOWN, "malloc failed!\n"); ++ *secpkglist=malloc(sizeof(char *) * chld_out.lines); ++ if(!secpkglist) die(STATE_UNKNOWN, "malloc failed!\n"); ++ + /* parse the output, which should only consist of lines like + * + * Inst package .... +@@ -302,6 +329,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){ + if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){ + spc++; + if(verbose) printf("*"); ++ (*secpkglist)[spc-1] = pkg_name(chld_out.line[i]); ++ } else { ++ (*pkglist)[pc-spc-1] = pkg_name(chld_out.line[i]); + } + if(verbose){ + printf("*%s\n", chld_out.line[i]); +@@ -368,6 +398,31 @@ int run_update(void){ + return result; + } + ++char* pkg_name(char *line){ ++ char *start=NULL, *space=NULL, *pkg=NULL; ++ int len=0; ++ ++ start = line + strlen(PKGINST_PREFIX); ++ len = strlen(start); ++ ++ space = index(start, ' '); ++ if(space!=NULL){ ++ len = space - start; ++ } ++ ++ pkg=malloc(sizeof(char)*(len+1)); ++ if(!pkg) die(STATE_UNKNOWN, "malloc failed!\n"); ++ ++ strncpy(pkg, start, len); ++ pkg[len]='\0'; ++ ++ return pkg; ++} ++ ++int cmpstringp(const void *p1, const void *p2){ ++ return strcmp(* (char * const *) p1, * (char * const *) p2); ++} ++ + char* add_to_regexp(char *expr, const char *next){ + char *re=NULL; + +@@ -450,8 +505,11 @@ print_help (void) + printf (" %s\n", "-d, --dist-upgrade=OPTS"); + printf (" %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS")); + printf (" %s\n", _("can be provided to override the default options.")); +- printf (" %s\n", " -n, --no-upgrade"); ++ printf (" %s\n", "-n, --no-upgrade"); + printf (" %s\n", _("Do not run the upgrade. Probably not useful (without -u at least).")); ++ printf (" %s\n", "-l, --list"); ++ printf (" %s\n", _("List packages available for upgrade. Packages are printed sorted by")); ++ printf (" %s\n", _("name with security packages listed first.")); + printf (" %s\n", "-i, --include=REGEXP"); + printf (" %s\n", _("Include only packages matching REGEXP. Can be specified multiple times")); + printf (" %s\n", _("the values will be combined together. Any packages matching this list")); +@@ -490,5 +548,5 @@ void + print_usage(void) + { + printf ("%s\n", _("Usage:")); +- printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout]\n", progname); ++ printf ("%s [[-d|-u|-U]opts] [-n] [-l] [-t timeout]\n", progname); + } diff --git a/debian/patches/series b/debian/patches/series index dd728fd..ac7d715 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -2,3 +2,5 @@ # commited upstream 10_spell_fixes 11_check_dhcp_MSG_PEAK +12_check_apt_only_crit +13_check_apt_list_packages