From: Andreas Steffen Date: Thu, 7 Sep 2017 12:50:49 +0000 (+0200) Subject: sec-updater: Write to log only if at least one update is found. X-Git-Tag: 5.6.1dr2~4 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=94bdd463d85b90f16cf41e2b73ec8b115d96626e;p=thirdparty%2Fstrongswan.git sec-updater: Write to log only if at least one update is found. --- diff --git a/src/sec-updater/sec-updater.c b/src/sec-updater/sec-updater.c index d8a9fbb9e8..e6e672d99b 100644 --- a/src/sec-updater/sec-updater.c +++ b/src/sec-updater/sec-updater.c @@ -27,6 +27,8 @@ #include #include +#define EXIT_NO_UPDATES 80 + typedef enum sec_update_state_t sec_update_state_t; enum sec_update_state_t { @@ -227,7 +229,7 @@ static bool update_database(database_t *db, char *package, char *version, /** * Process a package file and store updates in the database */ -static void process_packages(char *filename, char *product, bool security) +static int process_packages(char *filename, char *product, bool security) { char *uri, line[BUF_LEN], *pos, *package = NULL, *version = NULL; sec_update_state_t state; @@ -245,7 +247,6 @@ static void process_packages(char *filename, char *product, bool security) stats.release = time(NULL); /* opening package file */ - DBG1(DBG_IMV, "loading \"%s\"", filename); file = fopen(filename, "r"); if (!file) { @@ -367,9 +368,12 @@ static void process_packages(char *filename, char *product, bool security) DBG1(DBG_IMV, "processed \"%s\": %d packages, %d new versions, " "%d updated versions", filename, stats.packages, stats.new_versions, stats.updated_versions); + + return (stats.new_versions + stats.updated_versions) ? + EXIT_SUCCESS : EXIT_NO_UPDATES; } -static void do_args(int argc, char *argv[]) +static int do_args(int argc, char *argv[]) { char *filename = NULL, *product = NULL; bool security = FALSE; @@ -420,7 +424,7 @@ static void do_args(int argc, char *argv[]) if (filename && product) { - process_packages(filename, product, security); + return process_packages(filename, product, security); } else { @@ -447,8 +451,6 @@ int main(int argc, char *argv[]) { exit(SS_RC_INITIALIZATION_FAILED); } - do_args(argc, argv); - - exit(EXIT_SUCCESS); + exit(do_args(argc, argv)); } diff --git a/src/sec-updater/sec-updater.sh b/src/sec-updater/sec-updater.sh index 1f4b694650..1177c8befa 100755 --- a/src/sec-updater/sec-updater.sh +++ b/src/sec-updater/sec-updater.sh @@ -1,17 +1,23 @@ #!/bin/sh DIR="/etc/pts" +DISTS_DIR="$DIR/dists" DATE=`date +%Y%m%d-%H%M` -UBUNTU="http://security.ubuntu.com/ubuntu/dists" +UBUNTU="http://security.ubuntu.com/ubuntu" UBUNTU_VERSIONS="xenial" UBUNTU_DIRS="main multiverse restricted universe" UBUNTU_ARCH="binary-amd64" -DEBIAN="http://security.debian.org/dists" -DEBIAN_VERSIONS="jessie" +DEBIAN="http://security.debian.org" +DEBIAN_VERSIONS="jessie wheezy" DEBIAN_DIRS="main contrib non-free" DEBIAN_ARCH="binary-amd64" +RASPIAN="http://archive.raspberrypi.org/debian" +RASPIAN_VERSIONS="jessie wheezy" +RASPIAN_DIRS="main" +RASPIAN_ARCH="binary-armhf" CMD=/usr/sbin/sec-updater -CMD_LOG="$DIR/$DATE-sec-update.log" +CMD_LOG="$DIR/logs/$DATE-sec-update.log" +DEL_LOG=1 mkdir -p $DIR/dists cd $DIR/dists @@ -25,11 +31,11 @@ do mkdir -p $v-security/$a $v-updates/$a for d in $UBUNTU_DIRS do - wget $UBUNTU/$v-security/$d/$a/Packages.xz -O $v-security/$a/Packages-$d.xz + wget -nv $UBUNTU/dists/$v-security/$d/$a/Packages.xz -O $v-security/$a/Packages-$d.xz unxz -f $v-security/$a/Packages-$d.xz - wget $UBUNTU/$v-updates/$d/$a/Packages.xz -O $v-updates/$a/Packages-$d.xz + wget -nv $UBUNTU/dists/$v-updates/$d/$a/Packages.xz -O $v-updates/$a/Packages-$d.xz unxz -f $v-updates/$a/Packages-$d.xz - done + done done done @@ -42,9 +48,24 @@ do mkdir -p $v-updates/$a for d in $DEBIAN_DIRS do - wget $DEBIAN/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2 + wget -nv $DEBIAN/dists/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2 bunzip2 -f $v-updates/$a/Packages-$d.bz2 - done + done + done +done + +# Download Raspian distribution information + +for v in $RASPIAN_VERSIONS +do + for a in $RASPIAN_ARCH + do + mkdir -p $v-raspian/$a + for d in $RASPIAN_DIRS + do + wget -nv $RASPIAN/dists/$v/$d/$a/Packages.gz -O $v-raspian/$a/Packages-$d.gz + gunzip -f $v-raspian/$a/Packages-$d.gz + done done done @@ -54,16 +75,72 @@ for f in xenial-security/binary-amd64/* do echo "security: $f" $CMD --product "Ubuntu 16.04 x86_64" --file $f --security >> $CMD_LOG 2>&1 + if [ $? -eq 0 ] + then + DEL_LOG=0 + echo $DEL_LOG + fi done -echo + for f in xenial-updates/binary-amd64/* do - echo "updates: $f" + echo "updates: $f" $CMD --product "Ubuntu 16.04 x86_64" --file $f >> $CMD_LOG 2>&1 + if [ $? -eq 0 ] + then + DEL_LOG=0 + echo $DEL_LOG + fi done -echo + for f in jessie-updates/binary-amd64/* do echo "security: $f" $CMD --product "Debian 8.0 x86_64" --file $f --security >> $CMD_LOG 2>&1 + if [ $? -eq 0 ] + then + DEL_LOG=0 + echo $DEL_LOG + fi done + +for f in wheezy-updates/binary-amd64/* +do + echo "security: $f" + $CMD --product "Debian 7.0 x86_64" --file $f --security >> $CMD_LOG 2>&1 + if [ $? -eq 0 ] + then + DEL_LOG=0 + echo $DEL_LOG + fi +done + +for f in jessie-raspian/binary-armhf/* +do + echo "security: $f" + $CMD --product "Debian 8.0 armv7l" --file $f --security >> $CMD_LOG 2>&1 + if [ $? -eq 0 ] + then + DEL_LOG=0 + echo $DEL_LOG + fi +done + +for f in wheezy-raspian/binary-armhf/* +do + echo "security: $f" + $CMD --product "Debian 7.11 armv7l" --file $f --security >> $CMD_LOG 2>&1 + if [ $? -eq 0 ] + then + DEL_LOG=0 + echo $DEL_LOG + fi +done + +# Delete log file if no security updates were found + +if [ $DEL_LOG -eq 1 ] +then + rm $CMD_LOG + echo "no security updates found" +fi