Adding d/p/12_check_apt_only_crit and d/p/13_check_apt_list_packages

debian/patches/12_check_apt_only_crit

@@ -0,0 +1,123 @@
+From bf18dc42dd16811a3e0f42d4591604a4213afb3e Mon Sep 17 00:00:00 2001
+From: Christian Schmidt <c960657@users.noreply.github.com>
+Date: Thu, 29 Dec 2016 16:09:24 +0100
+Subject: [PATCH] Add --only-critical switch to check_apt
+
+---
+ plugins/check_apt.c   | 15 ++++++++++++---
+ plugins/t/check_apt.t | 18 +++++++++++++++++-
+ 2 files changed, 29 insertions(+), 4 deletions(-)
+
+diff --git a/plugins/check_apt.c b/plugins/check_apt.c
+index a639a41..c90b3df 100644
+--- a/plugins/check_apt.c
++++ b/plugins/check_apt.c
+@@ -73,6 +73,7 @@ char* add_to_regexp(char *expr, const char *next);
+ /* configuration variables */
+ static int verbose = 0;      /* -v */
+ static int do_update = 0;    /* whether to call apt-get update */
++static int only_critical = 0;    /* whether to warn about non-critical updates */
+ static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
+ static char *upgrade_opts = NULL; /* options to override defaults for upgrade */
+ static char *update_opts = NULL; /* options to override defaults for update */
+@@ -110,7 +111,7 @@ int main (int argc, char **argv) {
+ 
+ 	if(sec_count > 0){
+ 		result = max_state(result, STATE_CRITICAL);
+-	} else if(packages_available > 0){
++	} else if(packages_available > 0 && only_critical == 0){
+ 		result = max_state(result, STATE_WARNING);
+ 	} else if(result > STATE_UNKNOWN){
+ 		result = STATE_UNKNOWN;
+@@ -148,12 +149,13 @@ int process_arguments (int argc, char **argv) {
+ 		{"include", required_argument, 0, 'i'},
+ 		{"exclude", required_argument, 0, 'e'},
+ 		{"critical", required_argument, 0, 'c'},
++		{"only-critical", no_argument, 0, 'o'},
+ 		{"input-file", required_argument, 0, INPUT_FILE_OPT},
+ 		{0, 0, 0, 0}
+ 	};
+ 
+ 	while(1) {
+-		c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:", longopts, NULL);
++		c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:o", longopts, NULL);
+ 
+ 		if(c == -1 || c == EOF || c == 1) break;
+ 
+@@ -203,6 +205,9 @@ int process_arguments (int argc, char **argv) {
+ 		case 'c':
+ 			do_critical=add_to_regexp(do_critical, optarg);
+ 			break;
++		case 'o':
++			only_critical=1;
++			break;
+ 		case INPUT_FILE_OPT:
+ 			input_filename = optarg;
+ 			break;
+@@ -463,7 +468,11 @@ print_help (void)
+   printf ("    %s\n", _("upgrades for Debian and Ubuntu:"));
+   printf ("    \t\%s\n", SECURITY_RE);
+   printf ("    %s\n", _("Note that the package must first match the include list before its"));
+-  printf ("    %s\n\n", _("information is compared against the critical list."));
++  printf ("    %s\n", _("information is compared against the critical list."));
++  printf (" %s\n", "-o, --only-critical");
++  printf ("    %s\n", _("Only warn about upgrades matching the critical list.  The total number"));
++  printf ("    %s\n", _("of upgrades will be printed, but any non-critical upgrades will not cause"));
++  printf ("    %s\n\n", _("the plugin to return WARNING status."));
+ 
+   printf ("%s\n\n", _("The following options require root privileges and should be used with care:"));
+   printf (" %s\n", "-u, --update=OPTS");
+diff --git a/plugins/t/check_apt.t b/plugins/t/check_apt.t
+index 9ba0ff8..430eb53 100644
+--- a/plugins/t/check_apt.t
++++ b/plugins/t/check_apt.t
+@@ -23,7 +23,7 @@ sub make_result_regexp {
+ }
+ 
+ if (-x "./check_apt") {
+-	plan tests => 28;
++	plan tests => 36;
+ } else {
+ 	plan skip_all => "No check_apt compiled";
+ }
+@@ -40,10 +40,18 @@ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian2") );
+ is( $result->return_code, 1, "Debian apt output, warning" );
+ like( $result->output, make_result_regexp(13, 0), "Output correct" );
+ 
++$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian2") );
++is( $result->return_code, 0, "Debian apt output, no critical" );
++like( $result->output, make_result_regexp(13, 0), "Output correct" );
++
+ $result = NPTest->testCmd( sprintf($testfile_command, "", "debian3") );
+ is( $result->return_code, 2, "Debian apt output, some critical" );
+ like( $result->output, make_result_regexp(19, 4), "Output correct" );
+ 
++$result = NPTest->testCmd( sprintf($testfile_command, "-o", "debian3") );
++is( $result->return_code, 2, "Debian apt output, some critical" );
++like( $result->output, make_result_regexp(19, 4), "Output correct" );
++
+ $result = NPTest->testCmd( sprintf($testfile_command, "-c '^[^\\(]*\\(.* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)'", "debian3") );
+ is( $result->return_code, 2, "Debian apt output - should have same result when default security regexp specified via -c" );
+ like( $result->output, make_result_regexp(19, 4), "Output correct" );
+@@ -52,6 +60,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
+ is( $result->return_code, 1, "Debian apt output, filter for libc6" );
+ like( $result->output, make_result_regexp(3, 0), "Output correct" );
+ 
++$result = NPTest->testCmd( sprintf($testfile_command, "-i libc6", "debian3") );
++is( $result->return_code, 1, "Debian apt output, filter for libc6, not critical" );
++like( $result->output, make_result_regexp(3, 0), "Output correct" );
++
+ $result = NPTest->testCmd( sprintf($testfile_command, "-i libc6 -i xen", "debian3") );
+ is( $result->return_code, 2, "Debian apt output, filter for libc6 and xen" );
+ like( $result->output, make_result_regexp(9, 4), "Output correct" );
+@@ -64,6 +76,10 @@ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6", "debian3") );
+ is( $result->return_code, 2, "Debian apt output, filter out libc6" );
+ like( $result->output, make_result_regexp(16, 4), "Output correct" );
+ 
++$result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -o", "debian3") );
++is( $result->return_code, 2, "Debian apt output, filter out libc6, critical" );
++like( $result->output, make_result_regexp(16, 4), "Output correct" );
++
+ $result = NPTest->testCmd( sprintf($testfile_command, "-e libc6 -e xen", "debian3") );
+ is( $result->return_code, 1, "Debian apt output, filter out libc6 and xen" );
+ like( $result->output, make_result_regexp(10, 0), "Output correct" );

debian/patches/13_check_apt_list_packages

@@ -0,0 +1,180 @@
+From 43ce70bcdbebb0b699bf936ac1763c423cd7f069 Mon Sep 17 00:00:00 2001
+From: Valentin Vidic <Valentin.Vidic@CARNet.hr>
+Date: Mon, 16 Jan 2017 10:43:15 +0100
+Subject: [PATCH] check_apt: Add -l/--list option to print packages
+
+---
+ plugins/check_apt.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++------
+ 1 file changed, 65 insertions(+), 7 deletions(-)
+
+diff --git a/plugins/check_apt.c b/plugins/check_apt.c
+index c90b3df..b69680c 100644
+--- a/plugins/check_apt.c
++++ b/plugins/check_apt.c
+@@ -66,12 +66,17 @@ char* construct_cmdline(upgrade_type u, const char *opts);
+ /* run an apt-get update */
+ int run_update(void);
+ /* run an apt-get upgrade */
+-int run_upgrade(int *pkgcount, int *secpkgcount);
++int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist);
+ /* add another clause to a regexp */
+ char* add_to_regexp(char *expr, const char *next);
++/* extract package name from Inst line */
++char* pkg_name(char *line);
++/* string comparison function for qsort */
++int cmpstringp(const void *p1, const void *p2);
+ 
+ /* configuration variables */
+ static int verbose = 0;      /* -v */
++static int list = 0;         /* list packages available for upgrade */
+ static int do_update = 0;    /* whether to call apt-get update */
+ static int only_critical = 0;    /* whether to warn about non-critical updates */
+ static upgrade_type upgrade = UPGRADE; /* which type of upgrade to do */
+@@ -87,7 +92,8 @@ static int stderr_warning = 0;   /* if a cmd issued output on stderr */
+ static int exec_warning = 0;     /* if a cmd exited non-zero */
+ 
+ int main (int argc, char **argv) {
+-	int result=STATE_UNKNOWN, packages_available=0, sec_count=0;
++	int result=STATE_UNKNOWN, packages_available=0, sec_count=0, i=0;
++	char **packages_list=NULL, **secpackages_list=NULL;
+ 
+ 	/* Parse extra opts if any */
+ 	argv=np_extra_opts(&argc, argv, progname);
+@@ -107,7 +113,7 @@ int main (int argc, char **argv) {
+ 	if(do_update) result = run_update();
+ 
+ 	/* apt-get upgrade */
+-	result = max_state(result, run_upgrade(&packages_available, &sec_count));
++	result = max_state(result, run_upgrade(&packages_available, &sec_count, &packages_list, &secpackages_list));
+ 
+ 	if(sec_count > 0){
+ 		result = max_state(result, STATE_CRITICAL);
+@@ -130,6 +136,18 @@ int main (int argc, char **argv) {
+ 		   sec_count
+ 	       );
+ 
++	if(list) {
++		qsort(secpackages_list, sec_count, sizeof(char*), cmpstringp);
++		qsort(packages_list, packages_available-sec_count, sizeof(char*), cmpstringp);
++
++		for(i = 0; i < sec_count; i++)
++			printf("%s (security)\n", secpackages_list[i]);
++		if (only_critical == 0) {
++			for(i = 0; i < packages_available - sec_count; i++)
++				printf("%s\n", packages_list[i]);
++		}
++	}
++
+ 	return result;
+ }
+ 
+@@ -146,6 +164,7 @@ int process_arguments (int argc, char **argv) {
+ 		{"upgrade", optional_argument, 0, 'U'},
+ 		{"no-upgrade", no_argument, 0, 'n'},
+ 		{"dist-upgrade", optional_argument, 0, 'd'},
++		{"list", no_argument, 0, 'l'},
+ 		{"include", required_argument, 0, 'i'},
+ 		{"exclude", required_argument, 0, 'e'},
+ 		{"critical", required_argument, 0, 'c'},
+@@ -155,7 +174,7 @@ int process_arguments (int argc, char **argv) {
+ 	};
+ 
+ 	while(1) {
+-		c = getopt_long(argc, argv, "hVvt:u::U::d::ni:e:c:o", longopts, NULL);
++		c = getopt_long(argc, argv, "hVvt:u::U::d::nli:e:c:o", longopts, NULL);
+ 
+ 		if(c == -1 || c == EOF || c == 1) break;
+ 
+@@ -196,6 +215,9 @@ int process_arguments (int argc, char **argv) {
+ 				if(update_opts==NULL) die(STATE_UNKNOWN, "strdup failed");
+ 			}
+ 			break;
++		case 'l':
++			list=1;
++			break;
+ 		case 'i':
+ 			do_include=add_to_regexp(do_include, optarg);
+ 			break;
+@@ -222,7 +244,7 @@ int process_arguments (int argc, char **argv) {
+ 
+ 
+ /* run an apt-get upgrade */
+-int run_upgrade(int *pkgcount, int *secpkgcount){
++int run_upgrade(int *pkgcount, int *secpkgcount, char ***pkglist, char ***secpkglist){
+ 	int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0;
+ 	struct output chld_out, chld_err;
+ 	regex_t ireg, ereg, sreg;
+@@ -278,6 +300,11 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
+ 		    cmdline);
+ 	}
+ 
++	*pkglist=malloc(sizeof(char *) * chld_out.lines);
++	if(!pkglist) die(STATE_UNKNOWN, "malloc failed!\n");
++	*secpkglist=malloc(sizeof(char *) * chld_out.lines);
++	if(!secpkglist) die(STATE_UNKNOWN, "malloc failed!\n");
++
+ 	/* parse the output, which should only consist of lines like
+ 	 *
+ 	 * Inst package ....
+@@ -302,6 +329,9 @@ int run_upgrade(int *pkgcount, int *secpkgcount){
+ 				if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){
+ 					spc++;
+ 					if(verbose) printf("*");
++					(*secpkglist)[spc-1] = pkg_name(chld_out.line[i]);
++				} else {
++					(*pkglist)[pc-spc-1] = pkg_name(chld_out.line[i]);
+ 				}
+ 				if(verbose){
+ 					printf("*%s\n", chld_out.line[i]);
+@@ -368,6 +398,31 @@ int run_update(void){
+ 	return result;
+ }
+ 
++char* pkg_name(char *line){
++	char *start=NULL, *space=NULL, *pkg=NULL;
++	int len=0;
++
++	start = line + strlen(PKGINST_PREFIX);
++	len = strlen(start);
++
++	space = index(start, ' ');
++	if(space!=NULL){
++		len = space - start;
++	}
++
++	pkg=malloc(sizeof(char)*(len+1));
++	if(!pkg) die(STATE_UNKNOWN, "malloc failed!\n");
++
++	strncpy(pkg, start, len);
++	pkg[len]='\0';
++
++	return pkg;
++}
++
++int cmpstringp(const void *p1, const void *p2){
++	return strcmp(* (char * const *) p1, * (char * const *) p2);
++}
++
+ char* add_to_regexp(char *expr, const char *next){
+ 	char *re=NULL;
+ 
+@@ -450,8 +505,11 @@ print_help (void)
+   printf (" %s\n", "-d, --dist-upgrade=OPTS");
+   printf ("    %s\n", _("Perform a dist-upgrade instead of normal upgrade. Like with -U OPTS"));
+   printf ("    %s\n", _("can be provided to override the default options."));
+-  printf (" %s\n", " -n, --no-upgrade");
++  printf (" %s\n", "-n, --no-upgrade");
+   printf ("    %s\n", _("Do not run the upgrade.  Probably not useful (without -u at least)."));
++  printf (" %s\n", "-l, --list");
++  printf ("    %s\n", _("List packages available for upgrade.  Packages are printed sorted by"));
++  printf ("    %s\n", _("name with security packages listed first."));
+   printf (" %s\n", "-i, --include=REGEXP");
+   printf ("    %s\n", _("Include only packages matching REGEXP.  Can be specified multiple times"));
+   printf ("    %s\n", _("the values will be combined together.  Any packages matching this list"));
+@@ -490,5 +548,5 @@ void
+ print_usage(void)
+ {
+   printf ("%s\n", _("Usage:"));
+-  printf ("%s [[-d|-u|-U]opts] [-n] [-t timeout]\n", progname);
++  printf ("%s [[-d|-u|-U]opts] [-n] [-l] [-t timeout]\n", progname);
+ }

debian/patches/series

@@ -2,3 +2,5 @@
 # commited upstream
 10_spell_fixes
 11_check_dhcp_MSG_PEAK
+12_check_apt_only_crit
+13_check_apt_list_packages