Radish alpha
H
HardenedBSD-pkg
rad:z3QDZAW2FAfuLvihrhiyDC9fAD8G9
HardenedBSD Package Manager
Radicle
Git
Commits 716ffe7
Merge pull request #428 from aklv/periodic
Baptiste Daroussin committed 13 years ago
commit 716ffe7b5614094713bed14d0c6a5fca549c8ab2
parent b7e6937
6 files changed +123 -100
modified scripts/periodic/400.status-pkg
@@ -9,18 +9,25 @@ if [ -r /etc/defaults/periodic.conf ]; then
fi



case "$weekly_status_pkg_enable" in
- 
    [Yy][Ee][Ss])
- 
	echo ''
+ 
	[Yy][Ee][Ss])
+ 
	pkgcmd=/usr/local/sbin/pkg
+
+ 
	echo

	echo 'Checking for out of date packages:'
- 
	rc=$(pkg version -v ${pkg_version_index} |
- 
	    sed -n -e '/up-to-date/d' \
- 
	    -e 's/^\([^[:space:]]*\)[[:space:]]*[<>=!?][[:space:]]*\(.*\)$/\1 \2/p' |
- 
	    tee /dev/stderr |
- 
	    wc -l)
- 
	[ $rc -gt 1 ] && rc=1
+ 
	if ${pkgcmd} -N >/dev/null 2>&1 ; then
+ 
	    echo 'status-pkg is enabled but pkg is not used'
+ 
	    rc=2
+ 
	else
+ 
		rc=$(${pkgcmd} version -v ${pkg_version_index} |
+ 
			sed -n -e '/up-to-date/d' \
+ 
			-e 's/^\([^[:space:]]*\)[[:space:]]*[<>=!?][[:space:]]*\(.*\)$/\1 \2/p' |
+ 
			tee /dev/stderr |
+ 
			wc -l)
+ 
		[ $rc -gt 1 ] && rc=1
+ 
	fi

	;;
- 
    *)
+ 
	*)

	rc=0

	;;

esac
modified scripts/periodic/410.pkg-audit
@@ -31,8 +31,6 @@
# $FreeBSD$

#
- 
# If there is a global system configuration file, suck it in.
- 
#

if [ -r /etc/defaults/periodic.conf ]; then

    . /etc/defaults/periodic.conf

    source_periodic_confs
@@ -40,36 +38,41 @@ fi


# Compute PKG_DBDIR from the config file.

if [ -z "${PKG_DBDIR}" ] && [ -f /usr/local/etc/pkg.conf ]; then
- 
  PKG_DBDIR=`awk 'toupper($1) ~ /PKG_DBDIR/ { print $3 }' \
- 
             < /usr/local/etc/pkg.conf`
+ 
	PKG_DBDIR=`awk 'toupper($1) ~ /PKG_DBDIR/ { print $3 }' \
+ 
		< /usr/local/etc/pkg.conf`

fi

: ${PKG_DBDIR="/var/db/pkg"}

auditfile="${PKG_DBDIR}/auditfile"



rc=0
+ 


case "${daily_status_security_pkgaudit_enable:-YES}" in

	[Nn][Oo])
- 
		;;
+ 
	;;

	*)
- 
		echo
- 
                echo "Checking for packages with security vulnerabilities:"
+ 
	pkgcmd=/usr/local/sbin/pkg
+
+ 
	echo
+ 
	echo 'Checking for packages with security vulnerabilities:'
+
+ 
	if ${pkgcmd} -N >/dev/null 2>&1 ; then
+ 
		echo 'pkg-audit is enabled but pkg is not used'
+ 
		rc=2
+ 
	else

		then=`stat -f '%m' "${auditfile}" 2> /dev/null` || rc=3

		now=`date +%s` || rc=3

		# Add 10 minutes of padding since the check is in seconds.

		if [ $rc -ne 0 -o \

			$(( 86400 \* "${daily_status_security_pkgaudit_expiry:-2}" )) \

			-le $(( ${now} - ${then} + 600 )) ]; then
- 
			/usr/local/sbin/pkg audit -Fq || {
- 
			  rc=$?; [ $rc -lt 3 ] && rc=3
- 
			}
+ 
			${pkgcmd} audit -Fq || { rc=$?; [ $rc -lt 3 ] && rc=3; }

		else
- 
			echo -n "Database fetched: ";
+ 
			echo -n 'Database fetched: '

			date -r "${then}" || rc=3
- 
			/usr/local/sbin/pkg audit || {
- 
			  rc=$?; [ $rc -lt 3 ] && rc=3
- 
			}
+ 
			${pkgcmd} audit || { rc=$?; [ $rc -lt 3 ] && rc=3; }

		fi
- 
		;;
+ 
	fi
+ 
	;;

esac



exit "$rc"
modified scripts/periodic/411.pkg-backup
@@ -1,47 +1,48 @@
- 
#!/bin/sh
+ 
#!/bin/sh -

#

# $FreeBSD$

#
- 
# If there is a global system configuration file, suck it in.
- 
#
- 
if [ -r /etc/defaults/periodic.conf ]
- 
then
- 
    . /etc/defaults/periodic.conf
- 
    source_periodic_confs
+ 
if [ -r /etc/defaults/periodic.conf ]; then
+ 
	. /etc/defaults/periodic.conf
+ 
	source_periodic_confs

fi



rc=0



case "${daily_backup_pkgng_enable:-YES}" in
- 
    [Nn][Oo])
- 
        ;;
- 
    *)
+ 
	[Nn][Oo])
+ 
	;;
+ 
	*)

	bak="${daily_backup_pkgng_dir:-/var/backups}"

	bak_file="${bak}/pkgng.db"
- 
	pkgcmd="/usr/local/sbin/pkg"
-
- 
	if [ ! -d "$bak" ]
- 
	then
- 
	    install -d -o root -g wheel -m 750 $bak || {
- 
		echo '$daily_backup_pkgng_enable is enabled but' \
- 
		    "$daily_backup_pkgng_dbdir doesn't exist" ;
- 
		exit 2 ; }
- 
	fi
-
- 
	echo ''
- 
	echo 'Backing up pkgng database:'
-
- 
	if [ -e "${bak_file}.txz" ]; then
- 
	    unlink "${bak_file}.txz.2"
- 
	    mv "${bak_file}.txz" "${bak_file}.txz.2"
- 
	fi
-
- 
	if ${pkgcmd} backup -d ${bak_file} 2>/dev/null; then
- 
	    rc=0
- 
	else
- 
	    rc=3
+ 
	pkgcmd=/usr/local/sbin/pkg
+
+ 
	if ${pkgcmd} -N >/dev/null 2>&1 ; then
+ 
		echo 'pkg-backup is enabled but pkg is not used'
+ 
		rc=2
+ 
 	else
+ 
		if [ ! -d "$bak" ]
+ 
		then
+ 
			install -d -o root -g wheel -m 750 $bak || {
+ 
			echo 'pkg-backup is enabled but' \
+ 
				"$daily_backup_pkgng_dbdir doesn't exist" ;
+ 
			exit 2 ; }
+ 
		fi
+
+ 
		echo
+ 
		echo 'Backing up pkgng database:'
+
+ 
		[ -e "${bak_file}.txz" ] && \
+ 
			mv -f "${bak_file}.txz" "${bak_file}.txz.2"
+
+ 
		if ${pkgcmd} backup -d ${bak_file} 2>/dev/null; then
+ 
			rc=0
+ 
		else
+ 
			rc=3
+ 
		fi

	fi
+ 
	;;

esac



exit $rc
deleted scripts/periodic/460.chkpkgsum
@@ -1,27 +0,0 @@
- 
#!/bin/sh -
- 
#
- 
# $FreeBSD$
- 
#
-
- 
if [ -r /etc/defaults/periodic.conf ]; then
- 
    . /etc/defaults/periodic.conf
- 
    source_periodic_confs
- 
fi
-
- 
. /etc/periodic/security/security.functions
-
- 
case "${daily_status_security_chkpkgsum_enable}" in
- 
    [Yy][Ee][Ss])
- 
	echo ''
- 
	echo 'Checking for packages with mismatched checksums:'
- 
	n=$(pkg check -sa 2>&1 |
- 
	sed -e 's/ checksum mismatch for//' |
- 
	tee /dev/stderr | wc -l)
- 
	[ $n -gt 0 ] && rc=1 || rc=0
- 
	;;
- 
    *)
- 
	rc=0
- 
	;;
- 
esac
-
- 
exit $rc
added scripts/periodic/460.pkg-checksum
@@ -0,0 +1,36 @@
+ 
#!/bin/sh -
+ 
#
+ 
# $FreeBSD$
+ 
#
+
+ 
if [ -r /etc/defaults/periodic.conf ]; then
+ 
	. /etc/defaults/periodic.conf
+ 
	source_periodic_confs
+ 
fi
+
+ 
. /etc/periodic/security/security.functions
+
+ 
case "${daily_status_security_pkg_checksum_enable}" in
+ 
	[Yy][Ee][Ss])
+ 
	pkgcmd=/usr/local/sbin/pkg
+
+ 
	echo
+ 
	echo 'Checking for packages with mismatched checksums:'
+
+ 
	if ${pkgcmd} -N >/dev/null 2>&1 ; then
+ 
		echo 'pkg-checksum is enabled but pkg is not used'
+ 
		rc=2
+ 
	else
+ 
		rc=$(${pkgcmd} check -sa 2>&1 |
+ 
		sed -e 's/ checksum mismatch for//' |
+ 
		tee /dev/stderr |
+ 
		wc -l)
+ 
		[ $rc -gt 1 ] && rc=1
+ 
	fi
+ 
	;;
+ 
	*)
+ 
	rc=0
+ 
	;;
+ 
esac
+
+ 
exit $rc
modified scripts/periodic/490.status-pkg-changes
@@ -4,32 +4,35 @@
#



if [ -r /etc/defaults/periodic.conf ]; then
- 
    . /etc/defaults/periodic.conf
- 
    source_periodic_confs
+ 
	. /etc/defaults/periodic.conf
+ 
	source_periodic_confs

fi



case "$daily_status_pkg_changes_enable" in
- 
    [Yy][Ee][Ss])
- 
	echo ''
+ 
	[Yy][Ee][Ss])
+ 
	pkgcmd=/usr/local/sbin/pkg
+
+ 
	echo

	echo 'Changes in installed packages:'
- 
	if pkg -N >/dev/null 2>&1 ; then
- 
	    echo 'status-pkg-changes is enabled but pkg is not used'
- 
	    rc=2
+
+ 
	if ${pkgcmd} -N >/dev/null 2>&1 ; then
+ 
		echo 'status-pkg-changes is enabled but pkg is not used'
+ 
		rc=2

	else
- 
	    bak=/var/backups
- 
	    rc=0
+ 
		bak=/var/backups
+ 
		rc=0
- 
	    [ -r $bak/pkg.bak ] && mv -f $bak/pkg.bak $bak/pkg.bak2
- 
	    pkg info > $bak/pkg.bak
+ 
		[ -r $bak/pkg.bak ] && mv -f $bak/pkg.bak $bak/pkg.bak2
+ 
		${pkgcmd} info > $bak/pkg.bak
- 
	    cmp -sz $bak/pkg.bak $bak/pkg.bak2
- 
	    if [ $? -eq 1 ]; then
- 
		diff -U 0 $bak/pkg.bak2 $bak/pkg.bak \
- 
		| grep '^[-+][^-+]' | sort -k 1.2
- 
	    fi
+ 
		cmp -sz $bak/pkg.bak $bak/pkg.bak2
+ 
		if [ $? -eq 1 ]; then
+ 
			diff -U 0 $bak/pkg.bak2 $bak/pkg.bak | \
+ 
			grep '^[-+][^-+]' | sort -k 1.2
+ 
		fi

	fi

	;;
- 
    *)
+ 
	*)

	rc=0

	;;

esac