[Pkg-wmaker-commits] [wmbiff] 15/19: new scripts directory to hold debian security checker and install it.
Doug Torrance
dtorrance-guest at moszumanska.debian.org
Thu Aug 20 03:02:27 UTC 2015
This is an automated email from the git hooks/post-receive script.
dtorrance-guest pushed a commit to tag wmbiff_0_4_11
in repository wmbiff.
commit f117f8be96fbf9d3f476ca4a734f91072f14a805
Author: bluehal <bluehal>
Date: Sun Dec 29 04:54:16 2002 +0000
new scripts directory to hold debian security checker and install it.
---
scripts/.cvsignore | 3 +
scripts/Makefile.am | 2 +
scripts/security.debian.rb | 174 +++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 179 insertions(+)
diff --git a/scripts/.cvsignore b/scripts/.cvsignore
new file mode 100644
index 0000000..e995588
--- /dev/null
+++ b/scripts/.cvsignore
@@ -0,0 +1,3 @@
+.deps
+Makefile
+Makefile.in
diff --git a/scripts/Makefile.am b/scripts/Makefile.am
new file mode 100644
index 0000000..2cd7c0a
--- /dev/null
+++ b/scripts/Makefile.am
@@ -0,0 +1,2 @@
+pkglib_SCRIPTS = security.debian.rb
+EXTRA_DIST = security.debian.rb
diff --git a/scripts/security.debian.rb b/scripts/security.debian.rb
new file mode 100755
index 0000000..f47bd31
--- /dev/null
+++ b/scripts/security.debian.rb
@@ -0,0 +1,174 @@
+#! /usr/bin/ruby
+
+# Copyright 2002 Neil Spring <nspring at cs.washington.edu>
+# GPL
+
+# Based on security-update-check.py by Rob Bradford
+
+require 'net/http'
+
+#require 'profile'
+
+# re-fetch interval - only bug the server once every hour.
+# allows wmbiff to ask us often how many packages have been
+# updated so that the number goes back to cyan (old) from
+# yellow (new) quickly on upgrade.
+
+# this doesn't mean we grab the whole file. we get if-modified-since.
+Refetch_Interval_Sec = 6 * 60
+
+# as an ordinary user, we store Packages in the home directory.
+Cachedir = ENV['HOME'] + '/.wmbiff-sdr'
+
+# look for updates from this server. This script is designed around
+# (and simplified greatly by) using just a single server.
+Server = 'security.debian.org'
+
+# extend the Array class with a max method.
+class Array
+ def inject(n)
+ each { |value| n = yield(n, value) }
+ n
+ end
+ def max
+ inject(0) { |n, value| ((n > value) ? n : value) }
+ end
+end
+
+def debugmsg(str)
+ # $stderr.puts str
+end
+
+# to be reimplemented without execing touch.
+def touch(filename)
+ debugmsg "touching #{filename}"
+ Kernel.system('/usr/bin/touch ' + filename)
+end
+
+# to be reimplemented without execing dpkg, though running
+# dpkg excessively doesn't seem to be a bottleneck.
+def version_a_gt_b(a, b)
+ cmd = "/usr/bin/dpkg --compare-versions %s le %s" % [ a, b ]
+ # $stderr.puts cmd
+ if(!Kernel.system(cmd)) then
+ return true
+ else
+ return false
+ end
+end
+
+# figure out which lists to check
+# there can be many implementations of
+# this behavior, this seemed simplest.
+
+
+# we're going to make an array of arrays, for each package
+# file, the url, the system's cache of the file, and a
+# per-user cache of the file.
+packagelists = Dir.glob("/var/lib/apt/lists/#{Server}*Packages").map { |pkgfile|
+ [ pkgfile.gsub(".*#{Server}", '').tr('_','/'), # the url path
+ pkgfile, # the system cache of the packages file. probably up-to-date.
+ # and finally, a user's cache of the page, if needed.
+ "%s/%s" % [ Cachedir, pkgfile.gsub(".*#{Server}_",'') ]
+ ]
+}
+
+# we'll open a persistent session, but only if we need it.
+session = nil
+
+# update the user's cache if necessary.
+packagelists.each { |urlpath, sc, uc|
+ sctime = File.stat(sc).mtime
+ cached_time =
+ if(test(?e, uc)) then
+ uctime = File.stat(uc).mtime
+ if ( uctime < sctime ) then
+ # we have a user cache, but it is older than the system cache
+ File.unlink(uc) # delete the obsolete user cache.
+ sctime
+ else
+ uctime
+ end
+ else
+ # the user cache doesn't exist, but we might have
+ # talked to the server recently.
+ if(test(?e, uc + '.stamp')) then
+ File.stat(uc + '.stamp').mtime
+ else
+ sctime
+ end
+ end
+ if(Time.now > cached_time + Refetch_Interval_Sec) then
+ debugmsg "fetching #{urlpath} %s > %s + %d" % [Time.now, cached_time, Refetch_Interval_Sec]
+ begin
+ if(session == nil) then
+ session = Net::HTTP.new(Server)
+ # session.set_pipe($stderr);
+ end
+ resp, data = session.get(urlpath,
+ { 'If-Modified-Since' =>
+ cached_time.strftime( "%a, %d %b %Y %H:%M:%S GMT" ) })
+ test(?e, Cachedir) or Dir.mkdir(Cachedir)
+ File.open(uc, 'w') { |o| o.puts data }
+ test(?e, uc + '.stamp') and File.unlink(uc + '.stamp') # we have a copy, don't need the stamp.
+ debugmsg "urlpath updated"
+ rescue Net::ProtoRetriableError => detail
+ head = detail.data
+ if head.code != "304"
+ raise "unexpected error occurred: " + detail
+ end
+ if(test(?e, uc)) then
+ touch(uc)
+ else
+ # we didn't get an update, but we don't have a cached
+ # copy in the user directory.
+ touch(uc + '.stamp')
+ end
+ end
+ else
+ debugmsg "skipping #{urlpath}"
+ end
+}
+
+available = Hash.new
+package = nil
+packagelists.each { |url, sc, uc|
+ File.open( (test(?e, uc)) ? uc : sc, 'r').each { |ln|
+ if(m = /^Package: (.*)/.match(ln)) then
+ package = m[1]
+ elsif(m = /^Version: (.*)/.match(ln)) then
+ available[package] = m[1]
+ end
+ }
+}
+
+installed = Hash.new
+package = nil
+isinstalled = false
+File.open('/var/lib/dpkg/status').each { |ln|
+ if(m = /^Package: (.*)$/.match(ln)) then
+ package = m[1]
+ isinstalled = false # reset
+ elsif(m = /^Status: install ok installed/.match(ln)) then
+ isinstalled = true
+ elsif(m = /^Version: (.*)$/.match(ln)) then
+ isinstalled && installed[package] = m[1]
+ end
+}
+
+debugmsg "%d installed, %d available" % [ installed.length, available.length ]
+
+updatedcount = 0
+( installed.keys & available.keys ).each { |pkg|
+ if(version_a_gt_b(available[pkg], installed[pkg])) then
+ updatedcount += 1
+ end
+}
+
+# we're done. output a count in the format expected by wmbiff.
+puts (if(updatedcount > 0) then
+ "%d new" % updatedcount
+ else
+ "%d old" % installed.length
+ end
+ )
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-wmaker/wmbiff.git
More information about the Pkg-wmaker-commits
mailing list