[26594] in Source-Commits
Re: /svn/athena r25637 - in trunk/debathena/debathena: . verify verify/debian
daemon@ATHENA.MIT.EDU (Jonathon Weiss)
Wed Jul 18 14:56:21 2012
Message-Id: <201207181856.q6IIuI63016961@outgoing.mit.edu>
To: Jonathan D Reed <jdreed@MIT.EDU>
cc: source-commits@MIT.EDU
In-reply-to: <201207131545.q6DFjweI018034@drugstore.mit.edu>
Date: Wed, 18 Jul 2012 14:56:18 -0400
From: Jonathon Weiss <jweiss@MIT.EDU>
I've only skimmed this. I was surprised to see you use desync2cron
rather than just invoking desync in the cron job. I see how your
approach is better, but thought the former approach wa our standard. Is
that changing?
Jonathon
Jonathan D Reed <jdreed@MIT.EDU> wrote:
> Author: jdreed
> Date: 2012-07-13 11:45:57 -0400 (Fri, 13 Jul 2012)
> New Revision: 25637
>
> Added:
> trunk/debathena/debathena/verify/
> trunk/debathena/debathena/verify/debian/
> trunk/debathena/debathena/verify/debian/changelog
> trunk/debathena/debathena/verify/debian/compat
> trunk/debathena/debathena/verify/debian/control.in
> trunk/debathena/debathena/verify/debian/copyright
> trunk/debathena/debathena/verify/debian/debathena-verify.install
> trunk/debathena/debathena/verify/debian/debathena-verify.manpages
> trunk/debathena/debathena/verify/debian/debathena-verify.postinst
> trunk/debathena/debathena/verify/debian/debathena-verify.postrm
> trunk/debathena/debathena/verify/debian/debathena-verify.prerm
> trunk/debathena/debathena/verify/debian/rules
> trunk/debathena/debathena/verify/debian/verify_ws
> trunk/debathena/debathena/verify/debian/verify_ws.8
> trunk/debathena/debathena/verify/debian/verify_ws.pl
> Log:
> In verify:
> * Initial release.
>
>
> Added: trunk/debathena/debathena/verify/debian/changelog
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/changelog (rev 0)
> +++ trunk/debathena/debathena/verify/debian/changelog 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,5 @@
> +debathena-verify (1.0) unstable; urgency=low
> +
> + * Initial release.
> +
> + -- Jonathan Reed <jdreed@mit.edu> Fri, 13 Jul 2012 11:07:35 -0400
>
> Added: trunk/debathena/debathena/verify/debian/compat
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/compat (rev 0)
> +++ trunk/debathena/debathena/verify/debian/compat 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1 @@
> +6
>
> Added: trunk/debathena/debathena/verify/debian/control.in
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/control.in (rev 0)
> +++ trunk/debathena/debathena/verify/debian/control.in 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,14 @@
> +Source: debathena-verify
> +Section: debathena/base
> +Priority: extra
> +Maintainer: Debathena Project <debathena@mit.edu>
> +Build-Depends: @cdbs@
> +Standards-Version: 3.9.1
> +
> +Package: debathena-verify
> +Architecture: all
> +Depends: ${misc:Depends}
> +Description: Public workstation verification script
> + This package does some periodic verification of public workstations.
> + It is intended for workstation using the debathena-cluster
> + metapackage.
>
> Added: trunk/debathena/debathena/verify/debian/copyright
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/copyright (rev 0)
> +++ trunk/debathena/debathena/verify/debian/copyright 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,31 @@
> +This software and its Debian packaging are licensed as follows:
> +
> +Copyright (c) 2012, Massachusetts Institute of Technology
> +All rights reserved.
> +
> +Redistribution and use in source and binary forms, with or without
> +modification, are permitted provided that the following conditions are
> +met:
> + * Redistributions of source code must retain the above copyright
> + notice, this list of conditions and the following disclaimer.
> + * Redistributions in binary form must reproduce the above
> + copyright notice, this list of conditions and the following
> + disclaimer in the documentation and/or other materials provided
> + with the distribution.
> + * Neither the name of the Massachusetts Institute of Technology
> + nor the names of its contributors may be used to endorse or
> + promote products derived from this software without specific
> + prior written permission.
> +
> +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MASSACHUSETTS
> +INSTITUTE OF TECHNOLOGY BE LIABLE FOR ANY DIRECT, INDIRECT,
> +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
> +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
> +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
> +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
> +TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
> +USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
> +DAMAGE.
>
> Added: trunk/debathena/debathena/verify/debian/debathena-verify.install
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/debathena-verify.install (rev 0)
> +++ trunk/debathena/debathena/verify/debian/debathena-verify.install 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,2 @@
> +debian/verify_ws usr/sbin
> +debian/verify_ws.pl usr/lib/debathena-verify
>
> Added: trunk/debathena/debathena/verify/debian/debathena-verify.manpages
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/debathena-verify.manpages (rev 0)
> +++ trunk/debathena/debathena/verify/debian/debathena-verify.manpages 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,2 @@
> +debian/verify_ws.8
> +
>
> Added: trunk/debathena/debathena/verify/debian/debathena-verify.postinst
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/debathena-verify.postinst (rev 0)
> +++ trunk/debathena/debathena/verify/debian/debathena-verify.postinst 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,63 @@
> +#!/bin/sh
> +# postinst script for debathena-verify
> +#
> +# see: dh_installdeb(1)
> +
> +set -e
> +
> +# summary of how this script can be called:
> +# * <postinst> `configure' <most-recently-configured-version>
> +# * <old-postinst> `abort-upgrade' <new version>
> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
> +# <new-version>
> +# * <postinst> `abort-remove'
> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
> +# <failed-install-package> <version> `removing'
> +# <conflicting-package> <version>
> +# for details, see http://www.debian.org/doc/debian-policy/ or
> +# the debian-policy package
> +
> +desync2cron() {
> + hour=$1
> + interval=$2
> + shift 2
> + desync=`desync -n $interval`
> + mins=`echo $desync % 60 | bc`
> + hours=`echo "$hour + ($desync / 60)" | bc`
> + if [ $hours -ge 24 ]; then
> + hours=`echo $hours - 24 | bc`
> + fi
> + echo "$mins $hours * * * $*"
> +}
> +
> +CRONFILE=/etc/cron.d/verify_ws
> +
> +case "$1" in
> + configure)
> + if [ ! -f /var/lib/verify_ws-status ]; then
> + echo "$(date +"%s")|ok|Package configured" > /var/lib/verify_ws-status
> + fi
> +
> + rm -f $CRONFILE
> +
> + echo "# Automatically generated by debathena-verify postinst" > $CRONFILE
> + echo "SHELL=/bin/sh" >> $CRONFILE
> + echo "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" >> $CRONFILE
> + desync2cron 3 120 root /usr/sbin/verify_ws >> $CRONFILE
> + ;;
> +
> + abort-upgrade|abort-remove|abort-deconfigure)
> + ;;
> +
> + *)
> + echo "postinst called with unknown argument \`$1'" >&2
> + exit 1
> + ;;
> +esac
> +
> +# dh_installdeb will replace this with shell code automatically
> +# generated by other debhelper scripts.
> +
> +#DEBHELPER#
> +
> +exit 0
>
> Added: trunk/debathena/debathena/verify/debian/debathena-verify.postrm
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/debathena-verify.postrm (rev 0)
> +++ trunk/debathena/debathena/verify/debian/debathena-verify.postrm 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,40 @@
> +#!/bin/sh
> +# postrm script for debathena-verify
> +#
> +# see: dh_installdeb(1)
> +
> +set -e
> +
> +# summary of how this script can be called:
> +# * <postrm> `remove'
> +# * <postrm> `purge'
> +# * <old-postrm> `upgrade' <new-version>
> +# * <new-postrm> `failed-upgrade' <old-version>
> +# * <new-postrm> `abort-install'
> +# * <new-postrm> `abort-install' <old-version>
> +# * <new-postrm> `abort-upgrade' <old-version>
> +# * <disappearer's-postrm> `disappear' <overwriter>
> +# <overwriter-version>
> +# for details, see http://www.debian.org/doc/debian-policy/ or
> +# the debian-policy package
> +
> +case "$1" in
> + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
> + if [ -z "$2" ]; then
> + # Cleanup status file
> + rm -f /var/lib/verify_ws-status
> + fi
> + ;;
> +
> + *)
> + echo "postrm called with unknown argument \`$1'" >&2
> + exit 1
> + ;;
> +esac
> +
> +# dh_installdeb will replace this with shell code automatically
> +# generated by other debhelper scripts.
> +
> +#DEBHELPER#
> +
> +exit 0
>
> Added: trunk/debathena/debathena/verify/debian/debathena-verify.prerm
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/debathena-verify.prerm (rev 0)
> +++ trunk/debathena/debathena/verify/debian/debathena-verify.prerm 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,44 @@
> +#!/bin/sh
> +# prerm script for debathena-verify
> +#
> +# see: dh_installdeb(1)
> +
> +set -e
> +
> +# summary of how this script can be called:
> +# * <prerm> `remove'
> +# * <old-prerm> `upgrade' <new-version>
> +# * <new-prerm> `failed-upgrade' <old-version>
> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
> +# * <deconfigured's-prerm> `deconfigure' `in-favour'
> +# <package-being-installed> <version> `removing'
> +# <conflicting-package> <version>
> +# for details, see http://www.debian.org/doc/debian-policy/ or
> +# the debian-policy package
> +
> +CRONFILE=/etc/cron.d/verify_ws
> +
> +case "$1" in
> + remove)
> + rm -f $CRONFILE
> + ;;
> +
> + upgrade|deconfigure)
> +
> + ;;
> +
> + failed-upgrade)
> + ;;
> +
> + *)
> + echo "prerm called with unknown argument \`$1'" >&2
> + exit 1
> + ;;
> +esac
> +
> +# dh_installdeb will replace this with shell code automatically
> +# generated by other debhelper scripts.
> +
> +#DEBHELPER#
> +
> +exit 0
>
> Added: trunk/debathena/debathena/verify/debian/rules
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/rules (rev 0)
> +++ trunk/debathena/debathena/verify/debian/rules 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,3 @@
> +#!/usr/bin/make -f
> +
> +include /usr/share/cdbs/1/rules/debhelper.mk
>
>
> Property changes on: trunk/debathena/debathena/verify/debian/rules
> ___________________________________________________________________
> Added: svn:executable
> + *
>
> Added: trunk/debathena/debathena/verify/debian/verify_ws
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/verify_ws (rev 0)
> +++ trunk/debathena/debathena/verify/debian/verify_ws 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,61 @@
> +#!/bin/sh
> +
> +statfile=/var/lib/verify_ws-status
> +nologinfile=/var/run/athena-nologin
> +updstatus=unknown
> +updmsg=unknown
> +
> +[ -e /var/run/athena-login ] && exit || touch $nologinfile
> +
> +save_state() {
> + rm -f $statfile
> + echo "$(date +"%s")|$updstatus|$updmsg" > $statfile
> +}
> +
> +cleanup() {
> + rm -f $nologinfile
> + save_state
> + exit
> +}
> +
> +trap cleanup EXIT
> +
> +fail() {
> + logger -t "verify_ws" -p user.notice "$*"
> + updstatus=failed
> + updmsg="$*"
> + exit
> +}
> +
> +warn() {
> + updstatus=warning
> + updmsg="$*"
> + exit
> +}
> +
> +succeed() {
> + updstatus=ok
> + updmsg="$*"
> + exit
> +}
> +
> +if ! [ -x /usr/lib/debathena-verify/verify_ws.pl ]; then
> + fail "Can't execute /usr/lib/debathena-verify/verify_ws.pl"
> +fi
> +
> +if /usr/lib/debathena-verify/verify_ws.pl; then
> + succeed "Verification passed"
> +else
> + case $? in
> + 1)
> + fail "Verification failed"
> + ;;
> + 2)
> + warn "Non-fatal errors found"
> + ;;
> + *)
> + fail "unknown error"
> + ;;
> + esac
> +fi
> +exit
>
> Added: trunk/debathena/debathena/verify/debian/verify_ws.8
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/verify_ws.8 (rev 0)
> +++ trunk/debathena/debathena/verify/debian/verify_ws.8 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,20 @@
> +.TH VERIFY_WS 8 "13 July 2012" "debathena-verify" "Public Workstation Verification"
> +.SH NAME
> +verify_ws \- A public workstation verification script
> +.SH SYNOPSIS
> +.nf
> +.B verify_ws [-d] [-s check1,check2,]
> +.sp
> +.SH DESCRIPTION
> +.BR verify_ws
> +attempts to do some verification of public workstations.
> +
> +.I -d
> +will enable debug mode.
> +
> +.I -s
> +will enable you to provide a list comma-separated checks to skip.
> +
> +.SH AUTHOR
> +Jonathan Reed <jdreed@mit.edu>, Debathena Project
> +
>
> Added: trunk/debathena/debathena/verify/debian/verify_ws.pl
> ===================================================================
> --- trunk/debathena/debathena/verify/debian/verify_ws.pl (rev 0)
> +++ trunk/debathena/debathena/verify/debian/verify_ws.pl 2012-07-13 15:45:57 UTC (rev 25637)
> @@ -0,0 +1,284 @@
> +#!/usr/bin/perl -w
> +#
> +# Workstation "verification" script
> +#
> +
> +use strict;
> +use Getopt::Std;
> +use File::Basename;
> +use AptPkg::Config '$_config';
> +use AptPkg::Cache;
> +
> +my $logfile = "/var/log/verify_ws.log";
> +my $verify_dir = "/afs/athena.mit.edu/system/athena10/verify";
> +
> +#($> == 0) || die "You must be root to run this.\n";
> +
> +our ($opt_d,$opt_s) = (0,'');
> +
> +getopts('ds:') || die "Usage: $0 [-d]\n";
> +
> +if ($opt_d) {
> + open(LOG, ">&STDOUT") || die "Can't dup stdout";
> +} else {
> + open(LOG, ">>$logfile") || die "Cannot append to logfile: $!";
> +}
> +
> +my %MIRRORS_OK = ();
> +my %COMPONENTS_OK = ();
> +my %SUITES_OK = ();
> +my %DA_MIRRORS_OK = ();
> +my %DA_COMPONENTS_OK = ();
> +my %DA_SUITES_OK = ();
> +my %APTKEYS_OK = ();
> +my %DEBSUMS_MISSING_PKG_OK = ();
> +my %DEBSUMS_MISSING_FILE_OK = ();
> +my %DEBSUMS_CHANGED_FILE_OK = ();
> +
> +my $errors = 0;
> +my $warns = 0;
> +my %checks = ('sources' => 1,
> + 'keys' => 1,
> + 'debsums' => 1,
> + 'policy', => 1 );
> +
> +
> +# Initialize the APT configuration
> +$_config->init;
> +my $cache = AptPkg::Cache->new;
> +my $policy = $cache->policy;
> +
> +# Basic setup
> +my $codename = `/usr/bin/lsb_release -sc`;
> +die "Can't determine codename" unless ($? == 0);
> +chomp($codename);
> +
> +if ($opt_s) {
> + foreach my $skip (split(',', $opt_s)) {
> + die "Can't skip unknown check '$skip'" unless exists($checks{$skip});
> + warn("Skipping check '$skip'");
> + $checks{$skip} = 0;
> + }
> +}
> +
> +sub debug {
> + $opt_d && print LOG "DEBUG: ", @_, "\n";
> +}
> +
> +sub error {
> + $errors = 1;
> + print LOG "ERROR: ", @_, "\n";
> +}
> +
> +sub wank {
> + $warns = 1;
> + print LOG "WARNING: ", @_, "\n";
> +}
> +
> +sub loadConfigFile {
> + my ($filename, $hashref) = @_;
> + open(F, join('/', $verify_dir, $codename, $filename)) ||
> + die "Can't open '$filename' file: $!";
> + foreach my $line (<F>) {
> + next if ($line =~ /^#/);
> + next unless ($line =~ /\w/);
> + chomp $line;
> + $hashref->{$line} = 1;
> + }
> + close(F);
> +}
> +
> +sub checkSourcesList {
> + my ($filename, $mirrorsok, $suitesok, $componentsok) = @_;
> + if (open(SLIST, $filename)) {
> + while (<SLIST>) {
> + next if /^#/;
> + next unless /\w/;
> + my ($type, $mirror, $suite, @components) = split(' ', $_);
> + error($filename, ":", $., " Unknown first field ($type)") unless
> + ($type =~ /^deb(-src){0,1}$/);
> + $mirror =~ s|/+$||g;
> + error($filename, ":", $., " Unknown mirror ($mirror)") unless
> + exists($mirrorsok->{$mirror});
> + error($filename, ":", $., " Unknown suite ($suite)") unless
> + exists($suitesok->{$suite});
> + foreach my $c (@components) {
> + error($filename, ":", $., " Unknown component ($c)") unless
> + exists($componentsok->{$c});
> + }
> + }
> + close(SLIST);
> + } else {
> + error("Couldn't open file ($filename): $!");
> + }
> +}
> +
> +sub checkAptSources {
> + my $sourceslist = join('', $_config->get('Dir'),
> + $_config->get('Dir::Etc'),
> + $_config->get('Dir::Etc::sourcelist'));
> +
> + wank("sources.list ($sourceslist) looks funny") unless
> + ((-f $sourceslist) && ($sourceslist eq "/etc/apt/sources.list"));
> +
> +
> + my $sourceslistd = join('', $_config->get('Dir'),
> + $_config->get('Dir::Etc'),
> + $_config->get('Dir::Etc::sourceparts'));
> +
> + wank("sources.list.d ($sourceslistd) looks funny") unless
> + ((-d $sourceslistd ) && ($sourceslistd eq "/etc/apt/sources.list.d"));
> +
> + debug("Looking at sources.list ($sourceslist)");
> + checkSourcesList($sourceslist, \%MIRRORS_OK, \%SUITES_OK, \%COMPONENTS_OK);
> +
> + foreach my $file (glob '/etc/apt/sources.list.d/*.list') {
> + debug("Looking at $file");
> + if (basename($file) eq "debathena.list") {
> + checkSourcesList($file,
> + \%DA_MIRRORS_OK,
> + { $codename => 1 },
> + \%DA_COMPONENTS_OK);
> + } elsif (basename($file) eq "debathena.clusterinfo.list") {
> + checkSourcesList($file,
> + \%DA_MIRRORS_OK,
> + \%DA_SUITES_OK,
> + \%DA_COMPONENTS_OK);
> + } else {
> + error("Unknown additional sources.list file ($file)");
> + }
> + }
> +}
> +
> +sub checkAptKeys {
> + debug("Checking apt keys...");
> + my $apt_keys = qx'/usr/bin/apt-key finger';
> + die "Can't run apt-key" unless ($? == 0);
> + $apt_keys =~ s/^.*?\n(?=pub)//s;
> + foreach my $k (split(/\n\n/, $apt_keys)) {
> + if ($k =~ /^\s+Key fingerprint = (.*)\nuid\s+(\S.*)$/m) {
> + error("Unknown fingerprint ($1) for key ($2)") unless exists($APTKEYS_OK{$1});
> + }
> + }
> +}
> +
> +sub debsums {
> + debug("Running debsums");
> + # Bad-ideas: Since debsums is itself written in Perl...
> + open(DEBSUMS, "/usr/bin/debsums -as 2>&1 |") || die "Can't run debsums";
> + foreach my $sum (<DEBSUMS>) {
> + chomp $sum;
> + if ($sum =~ /^debsums: no md5sums for (\S+)/) {
> + error("$sum") unless exists($DEBSUMS_MISSING_PKG_OK{$1});
> + } elsif ($sum =~ /^debsums: changed file (\S+)/) {
> + error("$sum") unless exists($DEBSUMS_CHANGED_FILE_OK{$1});
> + } elsif ($sum =~ /^debsums: missing file (\S+)/) {
> + error("$sum") unless exists($DEBSUMS_MISSING_FILE_OK{$1});
> + } else {
> + error("Unexpected debsums output: $sum");
> + }
> + }
> + close(DEBSUMS);
> +}
> +
> +sub checkPackage {
> + my $pkgname = shift;
> + debug("Checking package $pkgname");
> + my $pkg = $cache->{$pkgname};
> + unless ($pkg) {
> + error("Can't find $pkgname in cache");
> + return 0;
> + }
> +# use Data::Dumper;
> +# $Data::Dumper::Maxdepth = 2;
> +# print Dumper($pkg);
> +# exit;
> + if ($pkg->{CurrentState} ne 'Installed') {
> + if ($pkg->{CurrentState} eq 'ConfigFiles') {
> + wank("Package $pkgname still has config files");
> + } elsif ($pkg->{CurrentState} eq 'NotInstalled') {
> + wank("Package $pkgname should have been autoremoved.");
> + } else {
> + error("Package $pkgname in weird state " . $pkg->{CurrentState});
> + }
> + return 0;
> + }
> + my $currver = '';
> + if ($pkg->{CurrentVer}) {
> + $currver = $pkg->{CurrentVer}{VerStr};
> + }
> + my $fromrepo = 0;
> + foreach my $file (@{$pkg->{CurrentVer}{FileList}}) {
> + next if ($file->{File}->{IndexType} ne 'Debian Package Index');
> + if ($file->{File}->{Origin} =~ /^(Ubuntu|Debathena)$/) {
> + $fromrepo = 1;
> + }
> + }
> + if ($pkgname =~ /^linux-(headers|image)-/) {
> + wank("Old kernel package ($pkgname) needs cleanup!");
> + } else {
> + error("$pkgname ($currver) cannot be installed from a repository!") unless ($fromrepo);
> + }
> +}
> +
> +sub checkInstallability {
> + debug("Checking installability of installed packages");
> + # Todo: multiarch
> + my %seen = ();
> + # Seriously, why can't I do this natively?
> + open(PKGLIST, '/usr/bin/dpkg-query -W -f \'${Package}\n\' |') || die "Can't run dpkg-query";
> + while (<PKGLIST>) {
> + chomp;
> + next if exists($seen{$_});
> + $seen{$_} = 1;
> + checkPackage($_);
> + }
> + close(PKGLIST);
> +}
> +
> +# __main__
> +
> +defined($ENV{'APT_CONFIG'}) && wank("APT_CONFIG is defined and shouldn't be");
> +
> +print LOG "Workstation verification beginning at ",
> + scalar(localtime()), "\n";
> +
> +# Load configuration from AFS
> +foreach ('', '-updates', '-security') {
> + $SUITES_OK{join('', $codename, $_)} = 1;
> +}
> +$DA_SUITES_OK{$codename} = 1;
> +if (-s "/var/run/athena-clusterinfo.sh") {
> + my $apt_release = qx'. /var/run/athena-clusterinfo.sh && echo -n $APT_RELEASE';
> + if ($apt_release !~ /^(production|proposed|development)$/) {
> + error("Unknown APT_RELEASE value ($apt_release)");
> + } elsif ($apt_release ne "production") {
> + $DA_SUITES_OK{join('', $codename, '-', $apt_release)} = 1;
> + if ($apt_release eq "development") {
> + $DA_SUITES_OK{join('', $codename, '-', 'proposed')} = 1;
> + }
> + }
> +} else {
> + warn("No clusterinfo!");
> +}
> +loadConfigFile('mirrors', \%MIRRORS_OK);
> +loadConfigFile('components', \%COMPONENTS_OK);
> +loadConfigFile('debathena-mirrors', \%DA_MIRRORS_OK);
> +loadConfigFile('debathena-components', \%DA_COMPONENTS_OK);
> +loadConfigFile('aptkeys', \%APTKEYS_OK);
> +loadConfigFile('debsums-missing-packages', \%DEBSUMS_MISSING_PKG_OK);
> +loadConfigFile('debsums-missing-files', \%DEBSUMS_MISSING_FILE_OK);
> +loadConfigFile('debsums-changed-files', \%DEBSUMS_CHANGED_FILE_OK);
> +
> +$checks{'keys'} && checkAptKeys();
> +$checks{'sources'} && checkAptSources();
> +$checks{'debums'} && debsums();
> +$checks{'policy'} && checkInstallability();
> +close(LOG);
> +if ($errors) {
> + exit 1;
> +}
> +if ($warns) {
> + exit 2;
> +}
> +exit 0;
>
>
> Property changes on: trunk/debathena/debathena/verify/debian/verify_ws.pl
> ___________________________________________________________________
> Added: svn:executable
> + *
>
