[26597] in Source-Commits
RE: /svn/athena r25637 - in trunk/debathena/debathena: . verify
daemon@ATHENA.MIT.EDU (Jonathan D Reed)
Wed Jul 18 21:44:17 2012
From: Jonathan D Reed <jdreed@MIT.EDU>
To: Jonathon Weiss <jweiss@MIT.EDU>
CC: Jonathon Weiss <jweiss@MIT.EDU>,
"source-commits@mit.edu"
<source-commits@MIT.EDU>
Date: Thu, 19 Jul 2012 01:44:14 +0000
Message-ID: <3FFC7F4D2201CE49B49E5580FE0B5C0A106B5EBA@OC11expo28.exchange.mit.edu>
In-Reply-To: <201207182337.q6INbp98018542@outgoing.mit.edu>
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 8bit
Yes. I dug through Trac, the relevant original ticket is http://athena10.mit.edu/trac/ticket/309
-Jon
________________________________________
From: Jonathon Weiss [jweiss@MIT.EDU]
Sent: Wednesday, July 18, 2012 7:37 PM
To: Jonathan D Reed
Cc: Jonathon Weiss; source-commits@mit.edu
Subject: Re: /svn/athena r25637 - in trunk/debathena/debathena: . verify verify/debian
OK, so we've consistantly converted to using this approach on cluster
workstations?
Jonathon
Jonathan Reed <jdreed@MIT.EDU> wrote:
> desync2cron came out because of ticket #something in which it was
> pointed out that sleeping in a cron job interferes with modern
> power-saving utilities, and running a cron job every 5 minutes to see
> if it's "time" to run is obnoxious outside of reactivate.
>
> -Jon
>
> On Wed, 18 Jul 2012, Jonathon Weiss wrote:
>
> >
> > I've only skimmed this. I was surprised to see you use desync2cron
> > rather than just invoking desync in the cron job. I see how your
> > approach is better, but thought the former approach wa our standard. Is
> > that changing?
> >
> > Jonathon
> >
> >
> > Jonathan D Reed <jdreed@MIT.EDU> wrote:
> >
> >> Author: jdreed
> >> Date: 2012-07-13 11:45:57 -0400 (Fri, 13 Jul 2012)
> >> New Revision: 25637
> >>
> >> Added:
> >> trunk/debathena/debathena/verify/
> >> trunk/debathena/debathena/verify/debian/
> >> trunk/debathena/debathena/verify/debian/changelog
> >> trunk/debathena/debathena/verify/debian/compat
> >> trunk/debathena/debathena/verify/debian/control.in
> >> trunk/debathena/debathena/verify/debian/copyright
> >> trunk/debathena/debathena/verify/debian/debathena-verify.install
> >> trunk/debathena/debathena/verify/debian/debathena-verify.manpages
> >> trunk/debathena/debathena/verify/debian/debathena-verify.postinst
> >> trunk/debathena/debathena/verify/debian/debathena-verify.postrm
> >> trunk/debathena/debathena/verify/debian/debathena-verify.prerm
> >> trunk/debathena/debathena/verify/debian/rules
> >> trunk/debathena/debathena/verify/debian/verify_ws
> >> trunk/debathena/debathena/verify/debian/verify_ws.8
> >> trunk/debathena/debathena/verify/debian/verify_ws.pl
> >> Log:
> >> In verify:
> >> * Initial release.
> >>
> >>
> >> Added: trunk/debathena/debathena/verify/debian/changelog
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/changelog (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/changelog 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,5 @@
> >> +debathena-verify (1.0) unstable; urgency=low
> >> +
> >> + * Initial release.
> >> +
> >> + -- Jonathan Reed <jdreed@mit.edu> Fri, 13 Jul 2012 11:07:35 -0400
> >>
> >> Added: trunk/debathena/debathena/verify/debian/compat
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/compat (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/compat 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1 @@
> >> +6
> >>
> >> Added: trunk/debathena/debathena/verify/debian/control.in
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/control.in (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/control.in 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,14 @@
> >> +Source: debathena-verify
> >> +Section: debathena/base
> >> +Priority: extra
> >> +Maintainer: Debathena Project <debathena@mit.edu>
> >> +Build-Depends: @cdbs@
> >> +Standards-Version: 3.9.1
> >> +
> >> +Package: debathena-verify
> >> +Architecture: all
> >> +Depends: ${misc:Depends}
> >> +Description: Public workstation verification script
> >> + This package does some periodic verification of public workstations.
> >> + It is intended for workstation using the debathena-cluster
> >> + metapackage.
> >>
> >> Added: trunk/debathena/debathena/verify/debian/copyright
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/copyright (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/copyright 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,31 @@
> >> +This software and its Debian packaging are licensed as follows:
> >> +
> >> +Copyright (c) 2012, Massachusetts Institute of Technology
> >> +All rights reserved.
> >> +
> >> +Redistribution and use in source and binary forms, with or without
> >> +modification, are permitted provided that the following conditions are
> >> +met:
> >> + * Redistributions of source code must retain the above copyright
> >> + notice, this list of conditions and the following disclaimer.
> >> + * Redistributions in binary form must reproduce the above
> >> + copyright notice, this list of conditions and the following
> >> + disclaimer in the documentation and/or other materials provided
> >> + with the distribution.
> >> + * Neither the name of the Massachusetts Institute of Technology
> >> + nor the names of its contributors may be used to endorse or
> >> + promote products derived from this software without specific
> >> + prior written permission.
> >> +
> >> +THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
> >> +"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
> >> +LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
> >> +A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL MASSACHUSETTS
> >> +INSTITUTE OF TECHNOLOGY BE LIABLE FOR ANY DIRECT, INDIRECT,
> >> +INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
> >> +BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
> >> +OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
> >> +ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR
> >> +TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE
> >> +USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH
> >> +DAMAGE.
> >>
> >> Added: trunk/debathena/debathena/verify/debian/debathena-verify.install
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/debathena-verify.install (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/debathena-verify.install 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,2 @@
> >> +debian/verify_ws usr/sbin
> >> +debian/verify_ws.pl usr/lib/debathena-verify
> >>
> >> Added: trunk/debathena/debathena/verify/debian/debathena-verify.manpages
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/debathena-verify.manpages (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/debathena-verify.manpages 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,2 @@
> >> +debian/verify_ws.8
> >> +
> >>
> >> Added: trunk/debathena/debathena/verify/debian/debathena-verify.postinst
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/debathena-verify.postinst (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/debathena-verify.postinst 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,63 @@
> >> +#!/bin/sh
> >> +# postinst script for debathena-verify
> >> +#
> >> +# see: dh_installdeb(1)
> >> +
> >> +set -e
> >> +
> >> +# summary of how this script can be called:
> >> +# * <postinst> `configure' <most-recently-configured-version>
> >> +# * <old-postinst> `abort-upgrade' <new version>
> >> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
> >> +# <new-version>
> >> +# * <postinst> `abort-remove'
> >> +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
> >> +# <failed-install-package> <version> `removing'
> >> +# <conflicting-package> <version>
> >> +# for details, see http://www.debian.org/doc/debian-policy/ or
> >> +# the debian-policy package
> >> +
> >> +desync2cron() {
> >> + hour=$1
> >> + interval=$2
> >> + shift 2
> >> + desync=`desync -n $interval`
> >> + mins=`echo $desync % 60 | bc`
> >> + hours=`echo "$hour + ($desync / 60)" | bc`
> >> + if [ $hours -ge 24 ]; then
> >> + hours=`echo $hours - 24 | bc`
> >> + fi
> >> + echo "$mins $hours * * * $*"
> >> +}
> >> +
> >> +CRONFILE=/etc/cron.d/verify_ws
> >> +
> >> +case "$1" in
> >> + configure)
> >> + if [ ! -f /var/lib/verify_ws-status ]; then
> >> + echo "$(date +"%s")|ok|Package configured" > /var/lib/verify_ws-status
> >> + fi
> >> +
> >> + rm -f $CRONFILE
> >> +
> >> + echo "# Automatically generated by debathena-verify postinst" > $CRONFILE
> >> + echo "SHELL=/bin/sh" >> $CRONFILE
> >> + echo "PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin" >> $CRONFILE
> >> + desync2cron 3 120 root /usr/sbin/verify_ws >> $CRONFILE
> >> + ;;
> >> +
> >> + abort-upgrade|abort-remove|abort-deconfigure)
> >> + ;;
> >> +
> >> + *)
> >> + echo "postinst called with unknown argument \`$1'" >&2
> >> + exit 1
> >> + ;;
> >> +esac
> >> +
> >> +# dh_installdeb will replace this with shell code automatically
> >> +# generated by other debhelper scripts.
> >> +
> >> +#DEBHELPER#
> >> +
> >> +exit 0
> >>
> >> Added: trunk/debathena/debathena/verify/debian/debathena-verify.postrm
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/debathena-verify.postrm (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/debathena-verify.postrm 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,40 @@
> >> +#!/bin/sh
> >> +# postrm script for debathena-verify
> >> +#
> >> +# see: dh_installdeb(1)
> >> +
> >> +set -e
> >> +
> >> +# summary of how this script can be called:
> >> +# * <postrm> `remove'
> >> +# * <postrm> `purge'
> >> +# * <old-postrm> `upgrade' <new-version>
> >> +# * <new-postrm> `failed-upgrade' <old-version>
> >> +# * <new-postrm> `abort-install'
> >> +# * <new-postrm> `abort-install' <old-version>
> >> +# * <new-postrm> `abort-upgrade' <old-version>
> >> +# * <disappearer's-postrm> `disappear' <overwriter>
> >> +# <overwriter-version>
> >> +# for details, see http://www.debian.org/doc/debian-policy/ or
> >> +# the debian-policy package
> >> +
> >> +case "$1" in
> >> + purge|remove|upgrade|failed-upgrade|abort-install|abort-upgrade|disappear)
> >> + if [ -z "$2" ]; then
> >> + # Cleanup status file
> >> + rm -f /var/lib/verify_ws-status
> >> + fi
> >> + ;;
> >> +
> >> + *)
> >> + echo "postrm called with unknown argument \`$1'" >&2
> >> + exit 1
> >> + ;;
> >> +esac
> >> +
> >> +# dh_installdeb will replace this with shell code automatically
> >> +# generated by other debhelper scripts.
> >> +
> >> +#DEBHELPER#
> >> +
> >> +exit 0
> >>
> >> Added: trunk/debathena/debathena/verify/debian/debathena-verify.prerm
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/debathena-verify.prerm (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/debathena-verify.prerm 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,44 @@
> >> +#!/bin/sh
> >> +# prerm script for debathena-verify
> >> +#
> >> +# see: dh_installdeb(1)
> >> +
> >> +set -e
> >> +
> >> +# summary of how this script can be called:
> >> +# * <prerm> `remove'
> >> +# * <old-prerm> `upgrade' <new-version>
> >> +# * <new-prerm> `failed-upgrade' <old-version>
> >> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
> >> +# * <deconfigured's-prerm> `deconfigure' `in-favour'
> >> +# <package-being-installed> <version> `removing'
> >> +# <conflicting-package> <version>
> >> +# for details, see http://www.debian.org/doc/debian-policy/ or
> >> +# the debian-policy package
> >> +
> >> +CRONFILE=/etc/cron.d/verify_ws
> >> +
> >> +case "$1" in
> >> + remove)
> >> + rm -f $CRONFILE
> >> + ;;
> >> +
> >> + upgrade|deconfigure)
> >> +
> >> + ;;
> >> +
> >> + failed-upgrade)
> >> + ;;
> >> +
> >> + *)
> >> + echo "prerm called with unknown argument \`$1'" >&2
> >> + exit 1
> >> + ;;
> >> +esac
> >> +
> >> +# dh_installdeb will replace this with shell code automatically
> >> +# generated by other debhelper scripts.
> >> +
> >> +#DEBHELPER#
> >> +
> >> +exit 0
> >>
> >> Added: trunk/debathena/debathena/verify/debian/rules
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/rules (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/rules 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,3 @@
> >> +#!/usr/bin/make -f
> >> +
> >> +include /usr/share/cdbs/1/rules/debhelper.mk
> >>
> >>
> >> Property changes on: trunk/debathena/debathena/verify/debian/rules
> >> ___________________________________________________________________
> >> Added: svn:executable
> >> + *
> >>
> >> Added: trunk/debathena/debathena/verify/debian/verify_ws
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/verify_ws (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/verify_ws 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,61 @@
> >> +#!/bin/sh
> >> +
> >> +statfile=/var/lib/verify_ws-status
> >> +nologinfile=/var/run/athena-nologin
> >> +updstatus=unknown
> >> +updmsg=unknown
> >> +
> >> +[ -e /var/run/athena-login ] && exit || touch $nologinfile
> >> +
> >> +save_state() {
> >> + rm -f $statfile
> >> + echo "$(date +"%s")|$updstatus|$updmsg" > $statfile
> >> +}
> >> +
> >> +cleanup() {
> >> + rm -f $nologinfile
> >> + save_state
> >> + exit
> >> +}
> >> +
> >> +trap cleanup EXIT
> >> +
> >> +fail() {
> >> + logger -t "verify_ws" -p user.notice "$*"
> >> + updstatus=failed
> >> + updmsg="$*"
> >> + exit
> >> +}
> >> +
> >> +warn() {
> >> + updstatus=warning
> >> + updmsg="$*"
> >> + exit
> >> +}
> >> +
> >> +succeed() {
> >> + updstatus=ok
> >> + updmsg="$*"
> >> + exit
> >> +}
> >> +
> >> +if ! [ -x /usr/lib/debathena-verify/verify_ws.pl ]; then
> >> + fail "Can't execute /usr/lib/debathena-verify/verify_ws.pl"
> >> +fi
> >> +
> >> +if /usr/lib/debathena-verify/verify_ws.pl; then
> >> + succeed "Verification passed"
> >> +else
> >> + case $? in
> >> + 1)
> >> + fail "Verification failed"
> >> + ;;
> >> + 2)
> >> + warn "Non-fatal errors found"
> >> + ;;
> >> + *)
> >> + fail "unknown error"
> >> + ;;
> >> + esac
> >> +fi
> >> +exit
> >>
> >> Added: trunk/debathena/debathena/verify/debian/verify_ws.8
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/verify_ws.8 (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/verify_ws.8 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,20 @@
> >> +.TH VERIFY_WS 8 "13 July 2012" "debathena-verify" "Public Workstation Verification"
> >> +.SH NAME
> >> +verify_ws \- A public workstation verification script
> >> +.SH SYNOPSIS
> >> +.nf
> >> +.B verify_ws [-d] [-s check1,check2,]
> >> +.sp
> >> +.SH DESCRIPTION
> >> +.BR verify_ws
> >> +attempts to do some verification of public workstations.
> >> +
> >> +.I -d
> >> +will enable debug mode.
> >> +
> >> +.I -s
> >> +will enable you to provide a list comma-separated checks to skip.
> >> +
> >> +.SH AUTHOR
> >> +Jonathan Reed <jdreed@mit.edu>, Debathena Project
> >> +
> >>
> >> Added: trunk/debathena/debathena/verify/debian/verify_ws.pl
> >> ===================================================================
> >> --- trunk/debathena/debathena/verify/debian/verify_ws.pl (rev 0)
> >> +++ trunk/debathena/debathena/verify/debian/verify_ws.pl 2012-07-13 15:45:57 UTC (rev 25637)
> >> @@ -0,0 +1,284 @@
> >> +#!/usr/bin/perl -w
> >> +#
> >> +# Workstation "verification" script
> >> +#
> >> +
> >> +use strict;
> >> +use Getopt::Std;
> >> +use File::Basename;
> >> +use AptPkg::Config '$_config';
> >> +use AptPkg::Cache;
> >> +
> >> +my $logfile = "/var/log/verify_ws.log";
> >> +my $verify_dir = "/afs/athena.mit.edu/system/athena10/verify";
> >> +
> >> +#($> == 0) || die "You must be root to run this.\n";
> >> +
> >> +our ($opt_d,$opt_s) = (0,'');
> >> +
> >> +getopts('ds:') || die "Usage: $0 [-d]\n";
> >> +
> >> +if ($opt_d) {
> >> + open(LOG, ">&STDOUT") || die "Can't dup stdout";
> >> +} else {
> >> + open(LOG, ">>$logfile") || die "Cannot append to logfile: $!";
> >> +}
> >> +
> >> +my %MIRRORS_OK = ();
> >> +my %COMPONENTS_OK = ();
> >> +my %SUITES_OK = ();
> >> +my %DA_MIRRORS_OK = ();
> >> +my %DA_COMPONENTS_OK = ();
> >> +my %DA_SUITES_OK = ();
> >> +my %APTKEYS_OK = ();
> >> +my %DEBSUMS_MISSING_PKG_OK = ();
> >> +my %DEBSUMS_MISSING_FILE_OK = ();
> >> +my %DEBSUMS_CHANGED_FILE_OK = ();
> >> +
> >> +my $errors = 0;
> >> +my $warns = 0;
> >> +my %checks = ('sources' => 1,
> >> + 'keys' => 1,
> >> + 'debsums' => 1,
> >> + 'policy', => 1 );
> >> +
> >> +
> >> +# Initialize the APT configuration
> >> +$_config->init;
> >> +my $cache = AptPkg::Cache->new;
> >> +my $policy = $cache->policy;
> >> +
> >> +# Basic setup
> >> +my $codename = `/usr/bin/lsb_release -sc`;
> >> +die "Can't determine codename" unless ($? == 0);
> >> +chomp($codename);
> >> +
> >> +if ($opt_s) {
> >> + foreach my $skip (split(',', $opt_s)) {
> >> + die "Can't skip unknown check '$skip'" unless exists($checks{$skip});
> >> + warn("Skipping check '$skip'");
> >> + $checks{$skip} = 0;
> >> + }
> >> +}
> >> +
> >> +sub debug {
> >> + $opt_d && print LOG "DEBUG: ", @_, "\n";
> >> +}
> >> +
> >> +sub error {
> >> + $errors = 1;
> >> + print LOG "ERROR: ", @_, "\n";
> >> +}
> >> +
> >> +sub wank {
> >> + $warns = 1;
> >> + print LOG "WARNING: ", @_, "\n";
> >> +}
> >> +
> >> +sub loadConfigFile {
> >> + my ($filename, $hashref) = @_;
> >> + open(F, join('/', $verify_dir, $codename, $filename)) ||
> >> + die "Can't open '$filename' file: $!";
> >> + foreach my $line (<F>) {
> >> + next if ($line =~ /^#/);
> >> + next unless ($line =~ /\w/);
> >> + chomp $line;
> >> + $hashref->{$line} = 1;
> >> + }
> >> + close(F);
> >> +}
> >> +
> >> +sub checkSourcesList {
> >> + my ($filename, $mirrorsok, $suitesok, $componentsok) = @_;
> >> + if (open(SLIST, $filename)) {
> >> + while (<SLIST>) {
> >> + next if /^#/;
> >> + next unless /\w/;
> >> + my ($type, $mirror, $suite, @components) = split(' ', $_);
> >> + error($filename, ":", $., " Unknown first field ($type)") unless
> >> + ($type =~ /^deb(-src){0,1}$/);
> >> + $mirror =~ s|/+$||g;
> >> + error($filename, ":", $., " Unknown mirror ($mirror)") unless
> >> + exists($mirrorsok->{$mirror});
> >> + error($filename, ":", $., " Unknown suite ($suite)") unless
> >> + exists($suitesok->{$suite});
> >> + foreach my $c (@components) {
> >> + error($filename, ":", $., " Unknown component ($c)") unless
> >> + exists($componentsok->{$c});
> >> + }
> >> + }
> >> + close(SLIST);
> >> + } else {
> >> + error("Couldn't open file ($filename): $!");
> >> + }
> >> +}
> >> +
> >> +sub checkAptSources {
> >> + my $sourceslist = join('', $_config->get('Dir'),
> >> + $_config->get('Dir::Etc'),
> >> + $_config->get('Dir::Etc::sourcelist'));
> >> +
> >> + wank("sources.list ($sourceslist) looks funny") unless
> >> + ((-f $sourceslist) && ($sourceslist eq "/etc/apt/sources.list"));
> >> +
> >> +
> >> + my $sourceslistd = join('', $_config->get('Dir'),
> >> + $_config->get('Dir::Etc'),
> >> + $_config->get('Dir::Etc::sourceparts'));
> >> +
> >> + wank("sources.list.d ($sourceslistd) looks funny") unless
> >> + ((-d $sourceslistd ) && ($sourceslistd eq "/etc/apt/sources.list.d"));
> >> +
> >> + debug("Looking at sources.list ($sourceslist)");
> >> + checkSourcesList($sourceslist, \%MIRRORS_OK, \%SUITES_OK, \%COMPONENTS_OK);
> >> +
> >> + foreach my $file (glob '/etc/apt/sources.list.d/*.list') {
> >> + debug("Looking at $file");
> >> + if (basename($file) eq "debathena.list") {
> >> + checkSourcesList($file,
> >> + \%DA_MIRRORS_OK,
> >> + { $codename => 1 },
> >> + \%DA_COMPONENTS_OK);
> >> + } elsif (basename($file) eq "debathena.clusterinfo.list") {
> >> + checkSourcesList($file,
> >> + \%DA_MIRRORS_OK,
> >> + \%DA_SUITES_OK,
> >> + \%DA_COMPONENTS_OK);
> >> + } else {
> >> + error("Unknown additional sources.list file ($file)");
> >> + }
> >> + }
> >> +}
> >> +
> >> +sub checkAptKeys {
> >> + debug("Checking apt keys...");
> >> + my $apt_keys = qx'/usr/bin/apt-key finger';
> >> + die "Can't run apt-key" unless ($? == 0);
> >> + $apt_keys =~ s/^.*?\n(?=pub)//s;
> >> + foreach my $k (split(/\n\n/, $apt_keys)) {
> >> + if ($k =~ /^\s+Key fingerprint = (.*)\nuid\s+(\S.*)$/m) {
> >> + error("Unknown fingerprint ($1) for key ($2)") unless exists($APTKEYS_OK{$1});
> >> + }
> >> + }
> >> +}
> >> +
> >> +sub debsums {
> >> + debug("Running debsums");
> >> + # Bad-ideas: Since debsums is itself written in Perl...
> >> + open(DEBSUMS, "/usr/bin/debsums -as 2>&1 |") || die "Can't run debsums";
> >> + foreach my $sum (<DEBSUMS>) {
> >> + chomp $sum;
> >> + if ($sum =~ /^debsums: no md5sums for (\S+)/) {
> >> + error("$sum") unless exists($DEBSUMS_MISSING_PKG_OK{$1});
> >> + } elsif ($sum =~ /^debsums: changed file (\S+)/) {
> >> + error("$sum") unless exists($DEBSUMS_CHANGED_FILE_OK{$1});
> >> + } elsif ($sum =~ /^debsums: missing file (\S+)/) {
> >> + error("$sum") unless exists($DEBSUMS_MISSING_FILE_OK{$1});
> >> + } else {
> >> + error("Unexpected debsums output: $sum");
> >> + }
> >> + }
> >> + close(DEBSUMS);
> >> +}
> >> +
> >> +sub checkPackage {
> >> + my $pkgname = shift;
> >> + debug("Checking package $pkgname");
> >> + my $pkg = $cache->{$pkgname};
> >> + unless ($pkg) {
> >> + error("Can't find $pkgname in cache");
> >> + return 0;
> >> + }
> >> +# use Data::Dumper;
> >> +# $Data::Dumper::Maxdepth = 2;
> >> +# print Dumper($pkg);
> >> +# exit;
> >> + if ($pkg->{CurrentState} ne 'Installed') {
> >> + if ($pkg->{CurrentState} eq 'ConfigFiles') {
> >> + wank("Package $pkgname still has config files");
> >> + } elsif ($pkg->{CurrentState} eq 'NotInstalled') {
> >> + wank("Package $pkgname should have been autoremoved.");
> >> + } else {
> >> + error("Package $pkgname in weird state " . $pkg->{CurrentState});
> >> + }
> >> + return 0;
> >> + }
> >> + my $currver = '';
> >> + if ($pkg->{CurrentVer}) {
> >> + $currver = $pkg->{CurrentVer}{VerStr};
> >> + }
> >> + my $fromrepo = 0;
> >> + foreach my $file (@{$pkg->{CurrentVer}{FileList}}) {
> >> + next if ($file->{File}->{IndexType} ne 'Debian Package Index');
> >> + if ($file->{File}->{Origin} =~ /^(Ubuntu|Debathena)$/) {
> >> + $fromrepo = 1;
> >> + }
> >> + }
> >> + if ($pkgname =~ /^linux-(headers|image)-/) {
> >> + wank("Old kernel package ($pkgname) needs cleanup!");
> >> + } else {
> >> + error("$pkgname ($currver) cannot be installed from a repository!") unless ($fromrepo);
> >> + }
> >> +}
> >> +
> >> +sub checkInstallability {
> >> + debug("Checking installability of installed packages");
> >> + # Todo: multiarch
> >> + my %seen = ();
> >> + # Seriously, why can't I do this natively?
> >> + open(PKGLIST, '/usr/bin/dpkg-query -W -f \'${Package}\n\' |') || die "Can't run dpkg-query";
> >> + while (<PKGLIST>) {
> >> + chomp;
> >> + next if exists($seen{$_});
> >> + $seen{$_} = 1;
> >> + checkPackage($_);
> >> + }
> >> + close(PKGLIST);
> >> +}
> >> +
> >> +# __main__
> >> +
> >> +defined($ENV{'APT_CONFIG'}) && wank("APT_CONFIG is defined and shouldn't be");
> >> +
> >> +print LOG "Workstation verification beginning at ",
> >> + scalar(localtime()), "\n";
> >> +
> >> +# Load configuration from AFS
> >> +foreach ('', '-updates', '-security') {
> >> + $SUITES_OK{join('', $codename, $_)} = 1;
> >> +}
> >> +$DA_SUITES_OK{$codename} = 1;
> >> +if (-s "/var/run/athena-clusterinfo.sh") {
> >> + my $apt_release = qx'. /var/run/athena-clusterinfo.sh && echo -n $APT_RELEASE';
> >> + if ($apt_release !~ /^(production|proposed|development)$/) {
> >> + error("Unknown APT_RELEASE value ($apt_release)");
> >> + } elsif ($apt_release ne "production") {
> >> + $DA_SUITES_OK{join('', $codename, '-', $apt_release)} = 1;
> >> + if ($apt_release eq "development") {
> >> + $DA_SUITES_OK{join('', $codename, '-', 'proposed')} = 1;
> >> + }
> >> + }
> >> +} else {
> >> + warn("No clusterinfo!");
> >> +}
> >> +loadConfigFile('mirrors', \%MIRRORS_OK);
> >> +loadConfigFile('components', \%COMPONENTS_OK);
> >> +loadConfigFile('debathena-mirrors', \%DA_MIRRORS_OK);
> >> +loadConfigFile('debathena-components', \%DA_COMPONENTS_OK);
> >> +loadConfigFile('aptkeys', \%APTKEYS_OK);
> >> +loadConfigFile('debsums-missing-packages', \%DEBSUMS_MISSING_PKG_OK);
> >> +loadConfigFile('debsums-missing-files', \%DEBSUMS_MISSING_FILE_OK);
> >> +loadConfigFile('debsums-changed-files', \%DEBSUMS_CHANGED_FILE_OK);
> >> +
> >> +$checks{'keys'} && checkAptKeys();
> >> +$checks{'sources'} && checkAptSources();
> >> +$checks{'debums'} && debsums();
> >> +$checks{'policy'} && checkInstallability();
> >> +close(LOG);
> >> +if ($errors) {
> >> + exit 1;
> >> +}
> >> +if ($warns) {
> >> + exit 2;
> >> +}
> >> +exit 0;
> >>
> >>
> >> Property changes on: trunk/debathena/debathena/verify/debian/verify_ws.pl
> >> ___________________________________________________________________
> >> Added: svn:executable
> >> + *
> >>
> >
