[26595] in Source-Commits
Re: /svn/athena r25637 - in trunk/debathena/debathena: . verify
daemon@ATHENA.MIT.EDU (Jonathan Reed)
Wed Jul 18 15:21:07 2012
Date: Wed, 18 Jul 2012 15:21:03 -0400 (EDT)
From: Jonathan Reed <jdreed@MIT.EDU>
To: Jonathon Weiss <jweiss@MIT.EDU>
cc: source-commits@MIT.EDU
In-Reply-To: <201207181856.q6IIuI63016961@outgoing.mit.edu>
Message-ID: <alpine.DEB.2.02.1207181520100.27410@INFINITE-LOOP.MIT.EDU>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
desync2cron came out because of ticket #something in which it was pointed
out that sleeping in a cron job interferes with modern power-saving
utilities, and running a cron job every 5 minutes to see if it's "time" to
run is obnoxious outside of reactivate.
-Jon
On Wed, 18 Jul 2012, Jonathon Weiss wrote:
>
> I've only skimmed this. I was surprised to see you use desync2cron
> rather than just invoking desync in the cron job. I see how your
> approach is better, but thought the former approach wa our standard. Is
> that changing?
>
> Jonathon
>
>
> Jonathan D Reed <jdreed@MIT.EDU> wrote:
>
>> Author: jdreed
>> Date: 2012-07-13 11:45:57 -0400 (Fri, 13 Jul 2012)
>> New Revision: 25637
>>
>> Added:
>> trunk/debathena/debathena/verify/
>> trunk/debathena/debathena/verify/debian/
>> trunk/debathena/debathena/verify/debian/changelog
>> trunk/debathena/debathena/verify/debian/compat
>> trunk/debathena/debathena/verify/debian/control.in
>> trunk/debathena/debathena/verify/debian/copyright
>> trunk/debathena/debathena/verify/debian/debathena-verify.install
>> trunk/debathena/debathena/verify/debian/debathena-verify.manpages
>> trunk/debathena/debathena/verify/debian/debathena-verify.postinst
>> trunk/debathena/debathena/verify/debian/debathena-verify.postrm
>> trunk/debathena/debathena/verify/debian/debathena-verify.prerm
>> trunk/debathena/debathena/verify/debian/rules
>> trunk/debathena/debathena/verify/debian/verify_ws
>> trunk/debathena/debathena/verify/debian/verify_ws.8
>> trunk/debathena/debathena/verify/debian/verify_ws.pl
>> Log:
>> In verify:
>> * Initial release.
>>
>>
>> Added: trunk/debathena/debathena/verify/debian/changelog
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/changelog (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/changelog 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,5 @@
>> +debathena-verify (1.0) unstable; urgency=low
>> +
>> + * Initial release.
>> +
>> + -- Jonathan Reed <jdreed@mit.edu> Fri, 13 Jul 2012 11:07:35 -0400
>>
>> Added: trunk/debathena/debathena/verify/debian/compat
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/compat (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/compat 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1 @@
>> +6
>>
>> Added: trunk/debathena/debathena/verify/debian/control.in
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/control.in (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/control.in 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,14 @@
>> +Source: debathena-verify
>> +Section: debathena/base
>> +Priority: extra
>> +Maintainer: Debathena Project <debathena@mit.edu>
>> +Build-Depends: @cdbs@
>> +Standards-Version: 3.9.1
>> +
>> +Package: debathena-verify
>> +Architecture: all
>> +Depends: ${misc:Depends}
>> +Description: Public workstation verification script
>> + This package does some periodic verification of public workstations.
>> + It is intended for workstation using the debathena-cluster
>> + metapackage.
>>
>> Added: trunk/debathena/debathena/verify/debian/copyright
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/copyright (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/copyright 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,31 @@
>> +This software and its Debian packaging are licensed as follows:
>> +
>> +Copyright (c) 2012, Massachusetts Institute of Technology
>> +All rights reserved.
>> +
>> +Redistribution and use in source and binary forms, with or without
>> +modification, are permitted provided that the following conditions are
>> +met:
>> + * Redistributions of source code must retain the above copyright
>> + notice, this list of conditions and the following disclaimer.
>> + * Redistributions in binary form must reproduce the above
>> + copyright notice, this list of conditions and the following
>> + disclaimer in the documentation and/or other materials provided
>> + with the distribution.
>> + * Neither the name of the Massachusetts Institute of Technology
>> + nor the names of its contributors may be used to endorse or
>> + promote products derived from this software without specific
>> + prior written permission.
>> +
>> +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
>> +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
>> +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
>> +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MASSACHUSETTS
>> +INSTITUTE OF TECHNOLOGY BE LIABLE FOR ANY DIRECT, INDIRECT,
>> +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
>> +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
>> +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
>> +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
>> +TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
>> +USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
>> +DAMAGE.
>>
>> Added: trunk/debathena/debathena/verify/debian/debathena-verify.install
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/debathena-verify.install (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/debathena-verify.install 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,2 @@
>> +debian/verify_ws usr/sbin
>> +debian/verify_ws.pl usr/lib/debathena-verify
>>
>> Added: trunk/debathena/debathena/verify/debian/debathena-verify.manpages
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/debathena-verify.manpages (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/debathena-verify.manpages 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,2 @@
>> +debian/verify_ws.8
>> +
>>
>> Added: trunk/debathena/debathena/verify/debian/debathena-verify.postinst
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/debathena-verify.postinst (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/debathena-verify.postinst 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,63 @@
>> +#!/bin/sh
>> +# postinst script for debathena-verify
>> +#
>> +# see: dh_installdeb(1)
>> +
>> +set -e
>> +
>> +# summary of how this script can be called:
>> +# * <postinst> `configure' <most-recently-configured-version>
>> +# * <old-postinst> `abort-upgrade' <new version>
>> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
>> +# <new-version>
>> +# * <postinst> `abort-remove'
>> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
>> +# <failed-install-package> <version> `removing'
>> +# <conflicting-package> <version>
>> +# for details, see http://www.debian.org/doc/debian-policy/ or
>> +# the debian-policy package
>> +
>> +desync2cron() {
>> + hour=$1
>> + interval=$2
>> + shift 2
>> + desync=`desync -n $interval`
>> + mins=`echo $desync % 60 | bc`
>> + hours=`echo "$hour + ($desync / 60)" | bc`
>> + if [ $hours -ge 24 ]; then
>> + hours=`echo $hours - 24 | bc`
>> + fi
>> + echo "$mins $hours * * * $*"
>> +}
>> +
>> +CRONFILE=/etc/cron.d/verify_ws
>> +
>> +case "$1" in
>> + configure)
>> + if [ ! -f /var/lib/verify_ws-status ]; then
>> + echo "$(date +"%s")|ok|Package configured" > /var/lib/verify_ws-status
>> + fi
>> +
>> + rm -f $CRONFILE
>> +
>> + echo "# Automatically generated by debathena-verify postinst" > $CRONFILE
>> + echo "SHELL=/bin/sh" >> $CRONFILE
>> + echo "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" >> $CRONFILE
>> + desync2cron 3 120 root /usr/sbin/verify_ws >> $CRONFILE
>> + ;;
>> +
>> + abort-upgrade|abort-remove|abort-deconfigure)
>> + ;;
>> +
>> + *)
>> + echo "postinst called with unknown argument \`$1'" >&2
>> + exit 1
>> + ;;
>> +esac
>> +
>> +# dh_installdeb will replace this with shell code automatically
>> +# generated by other debhelper scripts.
>> +
>> +#DEBHELPER#
>> +
>> +exit 0
>>
>> Added: trunk/debathena/debathena/verify/debian/debathena-verify.postrm
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/debathena-verify.postrm (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/debathena-verify.postrm 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,40 @@
>> +#!/bin/sh
>> +# postrm script for debathena-verify
>> +#
>> +# see: dh_installdeb(1)
>> +
>> +set -e
>> +
>> +# summary of how this script can be called:
>> +# * <postrm> `remove'
>> +# * <postrm> `purge'
>> +# * <old-postrm> `upgrade' <new-version>
>> +# * <new-postrm> `failed-upgrade' <old-version>
>> +# * <new-postrm> `abort-install'
>> +# * <new-postrm> `abort-install' <old-version>
>> +# * <new-postrm> `abort-upgrade' <old-version>
>> +# * <disappearer's-postrm> `disappear' <overwriter>
>> +# <overwriter-version>
>> +# for details, see http://www.debian.org/doc/debian-policy/ or
>> +# the debian-policy package
>> +
>> +case "$1" in
>> + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
>> + if [ -z "$2" ]; then
>> + # Cleanup status file
>> + rm -f /var/lib/verify_ws-status
>> + fi
>> + ;;
>> +
>> + *)
>> + echo "postrm called with unknown argument \`$1'" >&2
>> + exit 1
>> + ;;
>> +esac
>> +
>> +# dh_installdeb will replace this with shell code automatically
>> +# generated by other debhelper scripts.
>> +
>> +#DEBHELPER#
>> +
>> +exit 0
>>
>> Added: trunk/debathena/debathena/verify/debian/debathena-verify.prerm
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/debathena-verify.prerm (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/debathena-verify.prerm 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,44 @@
>> +#!/bin/sh
>> +# prerm script for debathena-verify
>> +#
>> +# see: dh_installdeb(1)
>> +
>> +set -e
>> +
>> +# summary of how this script can be called:
>> +# * <prerm> `remove'
>> +# * <old-prerm> `upgrade' <new-version>
>> +# * <new-prerm> `failed-upgrade' <old-version>
>> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
>> +# * <deconfigured's-prerm> `deconfigure' `in-favour'
>> +# <package-being-installed> <version> `removing'
>> +# <conflicting-package> <version>
>> +# for details, see http://www.debian.org/doc/debian-policy/ or
>> +# the debian-policy package
>> +
>> +CRONFILE=/etc/cron.d/verify_ws
>> +
>> +case "$1" in
>> + remove)
>> + rm -f $CRONFILE
>> + ;;
>> +
>> + upgrade|deconfigure)
>> +
>> + ;;
>> +
>> + failed-upgrade)
>> + ;;
>> +
>> + *)
>> + echo "prerm called with unknown argument \`$1'" >&2
>> + exit 1
>> + ;;
>> +esac
>> +
>> +# dh_installdeb will replace this with shell code automatically
>> +# generated by other debhelper scripts.
>> +
>> +#DEBHELPER#
>> +
>> +exit 0
>>
>> Added: trunk/debathena/debathena/verify/debian/rules
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/rules (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/rules 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,3 @@
>> +#!/usr/bin/make -f
>> +
>> +include /usr/share/cdbs/1/rules/debhelper.mk
>>
>>
>> Property changes on: trunk/debathena/debathena/verify/debian/rules
>> ___________________________________________________________________
>> Added: svn:executable
>> + *
>>
>> Added: trunk/debathena/debathena/verify/debian/verify_ws
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/verify_ws (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/verify_ws 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,61 @@
>> +#!/bin/sh
>> +
>> +statfile=/var/lib/verify_ws-status
>> +nologinfile=/var/run/athena-nologin
>> +updstatus=unknown
>> +updmsg=unknown
>> +
>> +[ -e /var/run/athena-login ] && exit || touch $nologinfile
>> +
>> +save_state() {
>> + rm -f $statfile
>> + echo "$(date +"%s")|$updstatus|$updmsg" > $statfile
>> +}
>> +
>> +cleanup() {
>> + rm -f $nologinfile
>> + save_state
>> + exit
>> +}
>> +
>> +trap cleanup EXIT
>> +
>> +fail() {
>> + logger -t "verify_ws" -p user.notice "$*"
>> + updstatus=failed
>> + updmsg="$*"
>> + exit
>> +}
>> +
>> +warn() {
>> + updstatus=warning
>> + updmsg="$*"
>> + exit
>> +}
>> +
>> +succeed() {
>> + updstatus=ok
>> + updmsg="$*"
>> + exit
>> +}
>> +
>> +if ! [ -x /usr/lib/debathena-verify/verify_ws.pl ]; then
>> + fail "Can't execute /usr/lib/debathena-verify/verify_ws.pl"
>> +fi
>> +
>> +if /usr/lib/debathena-verify/verify_ws.pl; then
>> + succeed "Verification passed"
>> +else
>> + case $? in
>> + 1)
>> + fail "Verification failed"
>> + ;;
>> + 2)
>> + warn "Non-fatal errors found"
>> + ;;
>> + *)
>> + fail "unknown error"
>> + ;;
>> + esac
>> +fi
>> +exit
>>
>> Added: trunk/debathena/debathena/verify/debian/verify_ws.8
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/verify_ws.8 (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/verify_ws.8 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,20 @@
>> +.TH VERIFY_WS 8 "13 July 2012" "debathena-verify" "Public Workstation Verification"
>> +.SH NAME
>> +verify_ws \- A public workstation verification script
>> +.SH SYNOPSIS
>> +.nf
>> +.B verify_ws [-d] [-s check1,check2,]
>> +.sp
>> +.SH DESCRIPTION
>> +.BR verify_ws
>> +attempts to do some verification of public workstations.
>> +
>> +.I -d
>> +will enable debug mode.
>> +
>> +.I -s
>> +will enable you to provide a list comma-separated checks to skip.
>> +
>> +.SH AUTHOR
>> +Jonathan Reed <jdreed@mit.edu>, Debathena Project
>> +
>>
>> Added: trunk/debathena/debathena/verify/debian/verify_ws.pl
>> ===================================================================
>> --- trunk/debathena/debathena/verify/debian/verify_ws.pl (rev 0)
>> +++ trunk/debathena/debathena/verify/debian/verify_ws.pl 2012-07-13 15:45:57 UTC (rev 25637)
>> @@ -0,0 +1,284 @@
>> +#!/usr/bin/perl -w
>> +#
>> +# Workstation "verification" script
>> +#
>> +
>> +use strict;
>> +use Getopt::Std;
>> +use File::Basename;
>> +use AptPkg::Config '$_config';
>> +use AptPkg::Cache;
>> +
>> +my $logfile = "/var/log/verify_ws.log";
>> +my $verify_dir = "/afs/athena.mit.edu/system/athena10/verify";
>> +
>> +#($> == 0) || die "You must be root to run this.\n";
>> +
>> +our ($opt_d,$opt_s) = (0,'');
>> +
>> +getopts('ds:') || die "Usage: $0 [-d]\n";
>> +
>> +if ($opt_d) {
>> + open(LOG, ">&STDOUT") || die "Can't dup stdout";
>> +} else {
>> + open(LOG, ">>$logfile") || die "Cannot append to logfile: $!";
>> +}
>> +
>> +my %MIRRORS_OK = ();
>> +my %COMPONENTS_OK = ();
>> +my %SUITES_OK = ();
>> +my %DA_MIRRORS_OK = ();
>> +my %DA_COMPONENTS_OK = ();
>> +my %DA_SUITES_OK = ();
>> +my %APTKEYS_OK = ();
>> +my %DEBSUMS_MISSING_PKG_OK = ();
>> +my %DEBSUMS_MISSING_FILE_OK = ();
>> +my %DEBSUMS_CHANGED_FILE_OK = ();
>> +
>> +my $errors = 0;
>> +my $warns = 0;
>> +my %checks = ('sources' => 1,
>> + 'keys' => 1,
>> + 'debsums' => 1,
>> + 'policy', => 1 );
>> +
>> +
>> +# Initialize the APT configuration
>> +$_config->init;
>> +my $cache = AptPkg::Cache->new;
>> +my $policy = $cache->policy;
>> +
>> +# Basic setup
>> +my $codename = `/usr/bin/lsb_release -sc`;
>> +die "Can't determine codename" unless ($? == 0);
>> +chomp($codename);
>> +
>> +if ($opt_s) {
>> + foreach my $skip (split(',', $opt_s)) {
>> + die "Can't skip unknown check '$skip'" unless exists($checks{$skip});
>> + warn("Skipping check '$skip'");
>> + $checks{$skip} = 0;
>> + }
>> +}
>> +
>> +sub debug {
>> + $opt_d && print LOG "DEBUG: ", @_, "\n";
>> +}
>> +
>> +sub error {
>> + $errors = 1;
>> + print LOG "ERROR: ", @_, "\n";
>> +}
>> +
>> +sub wank {
>> + $warns = 1;
>> + print LOG "WARNING: ", @_, "\n";
>> +}
>> +
>> +sub loadConfigFile {
>> + my ($filename, $hashref) = @_;
>> + open(F, join('/', $verify_dir, $codename, $filename)) ||
>> + die "Can't open '$filename' file: $!";
>> + foreach my $line (<F>) {
>> + next if ($line =~ /^#/);
>> + next unless ($line =~ /\w/);
>> + chomp $line;
>> + $hashref->{$line} = 1;
>> + }
>> + close(F);
>> +}
>> +
>> +sub checkSourcesList {
>> + my ($filename, $mirrorsok, $suitesok, $componentsok) = @_;
>> + if (open(SLIST, $filename)) {
>> + while (<SLIST>) {
>> + next if /^#/;
>> + next unless /\w/;
>> + my ($type, $mirror, $suite, @components) = split(' ', $_);
>> + error($filename, ":", $., " Unknown first field ($type)") unless
>> + ($type =~ /^deb(-src){0,1}$/);
>> + $mirror =~ s|/+$||g;
>> + error($filename, ":", $., " Unknown mirror ($mirror)") unless
>> + exists($mirrorsok->{$mirror});
>> + error($filename, ":", $., " Unknown suite ($suite)") unless
>> + exists($suitesok->{$suite});
>> + foreach my $c (@components) {
>> + error($filename, ":", $., " Unknown component ($c)") unless
>> + exists($componentsok->{$c});
>> + }
>> + }
>> + close(SLIST);
>> + } else {
>> + error("Couldn't open file ($filename): $!");
>> + }
>> +}
>> +
>> +sub checkAptSources {
>> + my $sourceslist = join('', $_config->get('Dir'),
>> + $_config->get('Dir::Etc'),
>> + $_config->get('Dir::Etc::sourcelist'));
>> +
>> + wank("sources.list ($sourceslist) looks funny") unless
>> + ((-f $sourceslist) && ($sourceslist eq "/etc/apt/sources.list"));
>> +
>> +
>> + my $sourceslistd = join('', $_config->get('Dir'),
>> + $_config->get('Dir::Etc'),
>> + $_config->get('Dir::Etc::sourceparts'));
>> +
>> + wank("sources.list.d ($sourceslistd) looks funny") unless
>> + ((-d $sourceslistd ) && ($sourceslistd eq "/etc/apt/sources.list.d"));
>> +
>> + debug("Looking at sources.list ($sourceslist)");
>> + checkSourcesList($sourceslist, \%MIRRORS_OK, \%SUITES_OK, \%COMPONENTS_OK);
>> +
>> + foreach my $file (glob '/etc/apt/sources.list.d/*.list') {
>> + debug("Looking at $file");
>> + if (basename($file) eq "debathena.list") {
>> + checkSourcesList($file,
>> + \%DA_MIRRORS_OK,
>> + { $codename => 1 },
>> + \%DA_COMPONENTS_OK);
>> + } elsif (basename($file) eq "debathena.clusterinfo.list") {
>> + checkSourcesList($file,
>> + \%DA_MIRRORS_OK,
>> + \%DA_SUITES_OK,
>> + \%DA_COMPONENTS_OK);
>> + } else {
>> + error("Unknown additional sources.list file ($file)");
>> + }
>> + }
>> +}
>> +
>> +sub checkAptKeys {
>> + debug("Checking apt keys...");
>> + my $apt_keys = qx'/usr/bin/apt-key finger';
>> + die "Can't run apt-key" unless ($? == 0);
>> + $apt_keys =~ s/^.*?\n(?=pub)//s;
>> + foreach my $k (split(/\n\n/, $apt_keys)) {
>> + if ($k =~ /^\s+Key fingerprint = (.*)\nuid\s+(\S.*)$/m) {
>> + error("Unknown fingerprint ($1) for key ($2)") unless exists($APTKEYS_OK{$1});
>> + }
>> + }
>> +}
>> +
>> +sub debsums {
>> + debug("Running debsums");
>> + # Bad-ideas: Since debsums is itself written in Perl...
>> + open(DEBSUMS, "/usr/bin/debsums -as 2>&1 |") || die "Can't run debsums";
>> + foreach my $sum (<DEBSUMS>) {
>> + chomp $sum;
>> + if ($sum =~ /^debsums: no md5sums for (\S+)/) {
>> + error("$sum") unless exists($DEBSUMS_MISSING_PKG_OK{$1});
>> + } elsif ($sum =~ /^debsums: changed file (\S+)/) {
>> + error("$sum") unless exists($DEBSUMS_CHANGED_FILE_OK{$1});
>> + } elsif ($sum =~ /^debsums: missing file (\S+)/) {
>> + error("$sum") unless exists($DEBSUMS_MISSING_FILE_OK{$1});
>> + } else {
>> + error("Unexpected debsums output: $sum");
>> + }
>> + }
>> + close(DEBSUMS);
>> +}
>> +
>> +sub checkPackage {
>> + my $pkgname = shift;
>> + debug("Checking package $pkgname");
>> + my $pkg = $cache->{$pkgname};
>> + unless ($pkg) {
>> + error("Can't find $pkgname in cache");
>> + return 0;
>> + }
>> +# use Data::Dumper;
>> +# $Data::Dumper::Maxdepth = 2;
>> +# print Dumper($pkg);
>> +# exit;
>> + if ($pkg->{CurrentState} ne 'Installed') {
>> + if ($pkg->{CurrentState} eq 'ConfigFiles') {
>> + wank("Package $pkgname still has config files");
>> + } elsif ($pkg->{CurrentState} eq 'NotInstalled') {
>> + wank("Package $pkgname should have been autoremoved.");
>> + } else {
>> + error("Package $pkgname in weird state " . $pkg->{CurrentState});
>> + }
>> + return 0;
>> + }
>> + my $currver = '';
>> + if ($pkg->{CurrentVer}) {
>> + $currver = $pkg->{CurrentVer}{VerStr};
>> + }
>> + my $fromrepo = 0;
>> + foreach my $file (@{$pkg->{CurrentVer}{FileList}}) {
>> + next if ($file->{File}->{IndexType} ne 'Debian Package Index');
>> + if ($file->{File}->{Origin} =~ /^(Ubuntu|Debathena)$/) {
>> + $fromrepo = 1;
>> + }
>> + }
>> + if ($pkgname =~ /^linux-(headers|image)-/) {
>> + wank("Old kernel package ($pkgname) needs cleanup!");
>> + } else {
>> + error("$pkgname ($currver) cannot be installed from a repository!") unless ($fromrepo);
>> + }
>> +}
>> +
>> +sub checkInstallability {
>> + debug("Checking installability of installed packages");
>> + # Todo: multiarch
>> + my %seen = ();
>> + # Seriously, why can't I do this natively?
>> + open(PKGLIST, '/usr/bin/dpkg-query -W -f \'${Package}\n\' |') || die "Can't run dpkg-query";
>> + while (<PKGLIST>) {
>> + chomp;
>> + next if exists($seen{$_});
>> + $seen{$_} = 1;
>> + checkPackage($_);
>> + }
>> + close(PKGLIST);
>> +}
>> +
>> +# __main__
>> +
>> +defined($ENV{'APT_CONFIG'}) && wank("APT_CONFIG is defined and shouldn't be");
>> +
>> +print LOG "Workstation verification beginning at ",
>> + scalar(localtime()), "\n";
>> +
>> +# Load configuration from AFS
>> +foreach ('', '-updates', '-security') {
>> + $SUITES_OK{join('', $codename, $_)} = 1;
>> +}
>> +$DA_SUITES_OK{$codename} = 1;
>> +if (-s "/var/run/athena-clusterinfo.sh") {
>> + my $apt_release = qx'. /var/run/athena-clusterinfo.sh && echo -n $APT_RELEASE';
>> + if ($apt_release !~ /^(production|proposed|development)$/) {
>> + error("Unknown APT_RELEASE value ($apt_release)");
>> + } elsif ($apt_release ne "production") {
>> + $DA_SUITES_OK{join('', $codename, '-', $apt_release)} = 1;
>> + if ($apt_release eq "development") {
>> + $DA_SUITES_OK{join('', $codename, '-', 'proposed')} = 1;
>> + }
>> + }
>> +} else {
>> + warn("No clusterinfo!");
>> +}
>> +loadConfigFile('mirrors', \%MIRRORS_OK);
>> +loadConfigFile('components', \%COMPONENTS_OK);
>> +loadConfigFile('debathena-mirrors', \%DA_MIRRORS_OK);
>> +loadConfigFile('debathena-components', \%DA_COMPONENTS_OK);
>> +loadConfigFile('aptkeys', \%APTKEYS_OK);
>> +loadConfigFile('debsums-missing-packages', \%DEBSUMS_MISSING_PKG_OK);
>> +loadConfigFile('debsums-missing-files', \%DEBSUMS_MISSING_FILE_OK);
>> +loadConfigFile('debsums-changed-files', \%DEBSUMS_CHANGED_FILE_OK);
>> +
>> +$checks{'keys'} && checkAptKeys();
>> +$checks{'sources'} && checkAptSources();
>> +$checks{'debums'} && debsums();
>> +$checks{'policy'} && checkInstallability();
>> +close(LOG);
>> +if ($errors) {
>> + exit 1;
>> +}
>> +if ($warns) {
>> + exit 2;
>> +}
>> +exit 0;
>>
>>
>> Property changes on: trunk/debathena/debathena/verify/debian/verify_ws.pl
>> ___________________________________________________________________
>> Added: svn:executable
>> + *
>>
>
