+++ /dev/null
-#!/bin/sh
-
-DIR="/etc/pts"
-DATE=`date +%Y%m%d-%H%M`
-UBUNTU="http://security.ubuntu.com/ubuntu/dists"
-UBUNTU_VERSIONS="trusty saucy raring quantal precise lucid"
-UBUNTU_DIRS="main multiverse restricted universe"
-UBUNTU_ARCH="binary-amd64 binary-i386"
-DEBIAN="http://security.debian.org/dists"
-DEBIAN_VERSIONS="jessie wheezy squeeze"
-DEBIAN_DIRS="main contrib non-free"
-DEBIAN_ARCH="binary-amd64 binary-i386"
-PACMAN=/usr/libexec/ipsec/pacman
-PACMAN_LOG="$DIR/$DATE-pacman.log"
-
-mkdir -p $DIR/dists
-cd $DIR/dists
-
-for v in $UBUNTU_VERSIONS
-do
- for a in $UBUNTU_ARCH
- do
- mkdir -p $v-security/$a $v-updates/$a
- for d in $UBUNTU_DIRS
- do
- wget $UBUNTU/$v-security/$d/$a/Packages.bz2 -O $v-security/$a/Packages-$d.bz2
- bunzip2 -f $v-security/$a/Packages-$d.bz2
- wget $UBUNTU/$v-updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2
- bunzip2 -f $v-updates/$a/Packages-$d.bz2
- done
- done
-done
-
-for v in $DEBIAN_VERSIONS
-do
- for a in $DEBIAN_ARCH
- do
- mkdir -p $v-updates/$a
- for d in $DEBIAN_DIRS
- do
- wget $DEBIAN/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2
- bunzip2 -f $v-updates/$a/Packages-$d.bz2
- done
- done
-done
-
-for f in trusty-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 14.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in trusty-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 14.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in trusty-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 14.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in trusty-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 14.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in saucy-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.10 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in saucy-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.10 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in saucy-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.10 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in saucy-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.10 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in raring-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in raring-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 13.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in raring-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in raring-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 13.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in quantal-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.10 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in quantal-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.10 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in quantal-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.10 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in quantal-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.10 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in precise-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in precise-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 12.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in precise-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in precise-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 12.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in lucid-security/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 10.04 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in lucid-updates/binary-amd64/*
-do
- $PACMAN --product "Ubuntu 10.04 x86_64" --file $f >> $PACMAN_LOG
-done
-echo
-for f in lucid-security/binary-i386/*
-do
- $PACMAN --product "Ubuntu 10.04 i686" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in lucid-updates/binary-i386/*
-do
- $PACMAN --product "Ubuntu 10.04 i686" --file $f >> $PACMAN_LOG
-done
-echo
-
-for f in jessie-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 8.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in jessie-updates/binary-i386/*
-do
- $PACMAN --product "Debian 8.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-for f in wheezy-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 7.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in wheezy-updates/binary-i386/*
-do
- $PACMAN --product "Debian 7.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-for f in squeeze-updates/binary-amd64/*
-do
- $PACMAN --product "Debian 6.0 x86_64" --file $f --security >> $PACMAN_LOG
-done
-echo
-for f in squeeze-updates/binary-i386/*
-do
- $PACMAN --product "Debian 6.0 i686" --file $f --security >> $PACMAN_LOG
-done
-
-cp $DIR/config.db $DIR/config.db-$DATE
/*
- * Copyright (C) 2012 Andreas Steffen
+ * Copyright (C) 2012-2017 Andreas Steffen
* HSR Hochschule fuer Technik Rapperswil
*
* This program is free software; you can redistribute it and/or modify it
#include <syslog.h>
#include <time.h>
#include <sys/stat.h>
-
-#include "imv_os_state.h"
+#include <stdlib.h>
#include <library.h>
#include <utils/debug.h>
-typedef enum pacman_state_t pacman_state_t;
+typedef enum sec_update_state_t sec_update_state_t;
-enum pacman_state_t {
- PACMAN_STATE_BEGIN_PACKAGE,
- PACMAN_STATE_VERSION,
- PACMAN_STATE_END_PACKAGE
+enum sec_update_state_t {
+ SEC_UPDATE_STATE_BEGIN_PACKAGE,
+ SEC_UPDATE_STATE_VERSION,
+ SEC_UPDATE_STATE_END_PACKAGE
};
typedef struct stats_t stats_t;
time_t release;
int product;
int packages;
- int new_packages;
int new_versions;
int updated_versions;
- int deleted_versions;
};
/**
* global debug output variables
*/
static int debug_level = 1;
-static bool stderr_quiet = TRUE;
+static bool stderr_quiet = FALSE;
/**
- * pacman dbg function
+ * sec_updater dbg function
*/
-static void pacman_dbg(debug_t group, level_t level, char *fmt, ...)
+static void sec_updater_dbg(debug_t group, level_t level, char *fmt, ...)
{
int priority = LOG_INFO;
char buffer[8192];
static void usage(void)
{
- printf("Parses package information files from Debian/Ubuntu repositories and\n");
- printf("stores the extracted information in the database used by the OS IMV.\n\n");
- printf("ipsec pacman --product <name> --file <filename> [--security]\n\n");
- printf(" --help print usage information\n");
- printf(" --product <name> name of the Debian/Ubuntu release, as stored in the DB\n");
- printf(" --file <filename> package information file to parse\n");
- printf(" --security set this when parsing a file with security updates\n");
- printf("\n");
+ printf("\
+Usage:\n\
+ sec-updater --help\n\
+ sec-updater [--debug <level>] [--quiet] [--security] --product <name> --file <filename>\n\n\
+ Options:\n\
+ --help print usage information\n\
+ --debug set debug level\n\
+ --quiet suppress debug output to stderr\n\
+ --security set when parsing a file with security updates\n\
+ --product <name> name of the Linux version as stored in the database\n\
+ --file <filename> package information file to parse");
}
/**
static bool update_database(database_t *db, char *package, char *version,
bool security, stats_t *stats)
{
- char *cur_version, *version_update = NULL, *version_delete = NULL;
- int cur_security, security_update = 0, security_delete = 0;
- int pac_id = 0, vid = 0, vid_update = 0, vid_delete = 0;
- u_int cur_time;
- bool add_version = TRUE;
+ int pid = 0, vid = 0, sec_flag;
+ bool first = TRUE, found = FALSE;
+ char *release;
enumerator_t *e;
/* increment package count */
{
return FALSE;
}
- if (!e->enumerate(e, &pac_id))
+ if (!e->enumerate(e, &pid))
{
- pac_id = 0;
+ pid = 0;
}
e->destroy(e);
- if (!pac_id && security)
+ if (!pid)
{
- if (db->execute(db, &pac_id, "INSERT INTO packages (name) VALUES (?)",
- DB_TEXT, package) != 1)
- {
- fprintf(stderr, "could not store package '%s' to database\n",
- package);
- return FALSE;
- }
- stats->new_packages++;
+ return TRUE;
}
- /* check for package versions already in database */
+ /* retrieve all package versions stored in database */
e = db->query(db,
- "SELECT id, release, security, time FROM versions "
- "WHERE package = ? AND product = ?", DB_INT, pac_id,
- DB_INT, stats->product, DB_INT, DB_TEXT, DB_INT, DB_UINT);
+ "SELECT id, release, security FROM versions "
+ "WHERE product = ? AND package = ?",
+ DB_INT, stats->product, DB_INT, pid, DB_INT, DB_TEXT, DB_INT);
if (!e)
{
return FALSE;
}
- while (e->enumerate(e, &vid, &cur_version, &cur_security, &cur_time))
+ while (e->enumerate(e, &vid, &release, &sec_flag))
{
- if (streq(version, cur_version))
+ char command[BUF_LEN];
+ char found_char = ' ';
+ bool update_version = FALSE;
+
+ if (streq(version, release))
{
- /* already in data base */
- add_version = FALSE;
- break;
+ found = TRUE;
+ found_char = '*';
}
- else if (stats->release >= cur_time)
+ else if (security)
{
- if (security)
+ snprintf(command, BUF_LEN, "dpkg --compare-versions %s lt %s",
+ release, version);
+ if (system(command) == 0)
{
- if (cur_security)
+ found_char = '!';
+ if (!sec_flag)
{
- vid_update = vid;
- version_update = strdup(cur_version);
- security_update = cur_security;
- }
- else
- {
- vid_delete = vid;
- version_delete = strdup(cur_version);
- security_delete = cur_security;
- }
- }
- else
- {
- if (!cur_security)
- {
- vid_update = vid;
- version_update = strdup(cur_version);
- security_update = cur_security;
+ if (db->execute(db, NULL, "UPDATE versions "
+ "SET security = 1 WHERE id = ?", DB_INT, vid) != 1)
+ {
+ DBG1(DBG_IMV, " could not update version");
+ e->destroy(e);
+ return FALSE;
+ }
+ update_version = TRUE;
+ stats->updated_versions++;
}
}
}
- else
+ if (debug_level < 2 && !update_version)
{
- if (security == cur_security)
- {
- add_version = FALSE;
- }
+ continue;
}
+ if (first)
+ {
+ DBG1(DBG_IMV, "%s", package);
+ first = FALSE;
+ }
+ DBG1(DBG_IMV, " %c%s %s", found_char , sec_flag ? "s" : " ", release);
}
e->destroy(e);
- if ((!vid && !security) || (vid && !add_version))
- {
- free(version_update);
- free(version_delete);
- return TRUE;
- }
-
- if ((!vid && security) || (vid && !vid_update))
+ if (!found)
{
- printf("%s (%s) %s\n", package, version, security ? "[s]" : "");
+ if (first)
+ {
+ DBG1(DBG_IMV, "%s", package);
+ }
+ DBG1(DBG_IMV, " + %s", version);
if (db->execute(db, &vid,
"INSERT INTO versions "
"(package, product, release, security, time) "
- "VALUES (?, ?, ?, ?, ?)", DB_INT, pac_id, DB_INT, stats->product,
- DB_TEXT, version, DB_INT, security, DB_INT, stats->release) != 1)
+ "VALUES (?, ?, ?, 0, ?)", DB_INT, pid, DB_INT, stats->product,
+ DB_TEXT, version, DB_INT, stats->release) != 1)
{
- fprintf(stderr, "could not store version '%s' to database\n",
- version);
- free(version_update);
- free(version_delete);
+ DBG1(DBG_IMV, " could not store version to database");
return FALSE;
}
stats->new_versions++;
}
- else
- {
- printf("%s (%s) %s updated by\n",
- package, version_update, security_update ? "[s]" : "");
- printf("%s (%s) %s\n", package, version, security ? "[s]" : "");
-
- if (db->execute(db, NULL,
- "UPDATE versions SET release = ?, time = ? WHERE id = ?",
- DB_TEXT, version, DB_INT, stats->release, DB_INT, vid_update) <= 0)
- {
- fprintf(stderr, "could not update version '%s' to database\n",
- version);
- free(version_update);
- free(version_delete);
- return FALSE;
- }
- stats->updated_versions++;
- }
-
- if (vid_delete)
- {
- printf("%s (%s) %s deleted\n",
- package, version_delete, security_delete ? "[s]" : "");
- if (db->execute(db, NULL,
- "DELETE FROM versions WHERE id = ?",
- DB_INT, vid_delete) <= 0)
- {
- fprintf(stderr, "could not delete version '%s' from database\n",
- version_delete);
- free(version_update);
- free(version_delete);
- return FALSE;
- }
- stats->deleted_versions++;
- }
- free(version_update);
- free(version_delete);
return TRUE;
}
static void process_packages(char *filename, char *product, bool security)
{
char *uri, line[BUF_LEN], *pos, *package = NULL, *version = NULL;
- pacman_state_t pacman_state;
+ sec_update_state_t state;
enumerator_t *e;
database_t *db;
int pid;
stats.release = time(NULL);
/* opening package file */
- printf("loading\"%s\"\n", filename);
+ DBG1(DBG_IMV, "loading \"%s\"", filename);
file = fopen(filename, "r");
if (!file)
{
- fprintf(stderr, "could not open \"%s\"\n", filename);
+ DBG1(DBG_IMV, " could not open \"%s\"", filename);
exit(EXIT_FAILURE);
}
/* connect package database */
- uri = lib->settings->get_str(lib->settings, "pacman.database", NULL);
+ uri = lib->settings->get_str(lib->settings, "sec-updater.database", NULL);
if (!uri)
{
- fprintf(stderr, "database URI pacman.database not set\n");
+ DBG1(DBG_IMV, "database URI sec-updater.database not set");
fclose(file);
exit(EXIT_FAILURE);
}
db = lib->db->create(lib->db, uri);
if (!db)
{
- fprintf(stderr, "could not connect to database '%s'\n", uri);
+ DBG1(DBG_IMV, "could not connect to database '%s'", uri);
fclose(file);
exit(EXIT_FAILURE);
}
if (db->execute(db, &pid, "INSERT INTO products (name) VALUES (?)",
DB_TEXT, product) != 1)
{
- fprintf(stderr, "could not store product '%s' to database\n",
+ DBG1(DBG_IMV, "could not store product '%s' to database",
product);
fclose(file);
db->destroy(db);
stats.product = pid;
}
- pacman_state = PACMAN_STATE_BEGIN_PACKAGE;
+ state = SEC_UPDATE_STATE_BEGIN_PACKAGE;
while (fgets(line, sizeof(line), file))
{
/* set read pointer to beginning of line */
pos = line;
- switch (pacman_state)
+ switch (state)
{
- case PACMAN_STATE_BEGIN_PACKAGE:
+ case SEC_UPDATE_STATE_BEGIN_PACKAGE:
pos = strstr(pos, "Package: ");
if (!pos)
{
if (pos)
{
package = strndup(package, pos - package);
- pacman_state = PACMAN_STATE_VERSION;
+ state = SEC_UPDATE_STATE_VERSION;
}
break;
- case PACMAN_STATE_VERSION:
+ case SEC_UPDATE_STATE_VERSION:
pos = strstr(pos, "Version: ");
if (!pos)
{
if (pos)
{
version = strndup(version, pos - version);
- pacman_state = PACMAN_STATE_END_PACKAGE;
+ state = SEC_UPDATE_STATE_END_PACKAGE;
}
break;
- case PACMAN_STATE_END_PACKAGE:
+ case SEC_UPDATE_STATE_END_PACKAGE:
if (*pos != '\n')
{
continue;
db->destroy(db);
exit(EXIT_FAILURE);
}
- pacman_state = PACMAN_STATE_BEGIN_PACKAGE;
+ state = SEC_UPDATE_STATE_BEGIN_PACKAGE;
}
}
- switch (pacman_state)
+ switch (state)
{
- case PACMAN_STATE_END_PACKAGE:
+ case SEC_UPDATE_STATE_END_PACKAGE:
free(version);
/* fall-through */
- case PACMAN_STATE_VERSION:
+ case SEC_UPDATE_STATE_VERSION:
free(package);
break;
default:
fclose(file);
db->destroy(db);
- printf("processed %d packages, %d new packages, %d new versions, "
- "%d updated versions, %d deleted versions\n",
- stats.packages, stats.new_packages, stats.new_versions,
- stats.updated_versions, stats.deleted_versions);
+ DBG1(DBG_IMV, "processed \"%s\": %d packages, %d new versions, "
+ "%d updated versions", filename, stats.packages,
+ stats.new_versions, stats.updated_versions);
}
static void do_args(int argc, char *argv[])
struct option long_opts[] = {
{ "help", no_argument, NULL, 'h' },
+ { "debug", required_argument, NULL, 'd' },
{ "file", required_argument, NULL, 'f' },
{ "product", required_argument, NULL, 'p' },
+ { "quiet", no_argument, NULL, 'q' },
{ "security", no_argument, NULL, 's' },
{ 0,0,0,0 }
};
case 'h':
usage();
exit(EXIT_SUCCESS);
+ case 'd':
+ debug_level = atoi(optarg);
+ continue;
case 'f':
filename = optarg;
continue;
case 'p':
product = optarg;
continue;
+ case 'q':
+ stderr_quiet = TRUE;
+ continue;
case 's':
security = TRUE;
continue;
int main(int argc, char *argv[])
{
/* enable attest debugging hook */
- dbg = pacman_dbg;
- openlog("pacman", 0, LOG_DEBUG);
+ dbg = sec_updater_dbg;
+ openlog("sec-updater", 0, LOG_DEBUG);
atexit(cleanup);
/* initialize library */
- if (!library_init(NULL, "pacman"))
+ if (!library_init(NULL, "sec-updater"))
{
exit(SS_RC_LIBSTRONGSWAN_INTEGRITY);
}
if (!lib->plugins->load(lib->plugins,
- lib->settings->get_str(lib->settings, "pacman.load", "sqlite")))
+ lib->settings->get_str(lib->settings, "sec-updater.load", "sqlite")))
{
exit(SS_RC_INITIALIZATION_FAILED);
}
projects / thirdparty / strongswan.git / commitdiff
