984dc6f Add the capability to track package changes in chroots and jails — HardenedBSD-pkg

HardenedBSD Package Manager

Add the capability to track package changes in chroots and jails

Matthew Seaman committed 11 years ago

commit 984dc6f10e85078c63338b639b01300bd0848199
parent 16d75e8efb16673b70568b378493213a9240822f

1 file changed +76 -11

modified scripts/periodic/490.status-pkg-changes.in

@@ -8,6 +8,81 @@ if [ -r /etc/defaults/periodic.conf ]; then

 	source_periodic_confs
 fi
 list_pkgs() {
     local pkgargs="$1"
     local bak_file="$2"
     local rc
     bak=/var/backups
     [ -r $bak/$bak_file ] && mv -f $bak/$bak_file $bak/${bak_file}2
     ${pkgcmd} ${pkgargs} info > $bak/$bak_file
     rc=$?
     cmp -sz $bak/$bak_file $bak/${bak_file}2
     if [ $? -eq 1 ]; then
 	diff -U 0 $bak/${bak_file}2 $bak/${bak_file} | \
 	    grep '^[-+][^-+]' | sort -k 1.2
     fi
     return $rc
 }
 list_pkgs_all() {
     local rc
     local jails
     local bak_file
     local rc=0
     : ${daily_status_pkg_changes_chroots=$pkg_chroots}
     : ${daily_status_pkg_changes_jails=$pkg_jails}
     # We always show pkg changes for the base system, but only print a
     # banner line if we're also going to show pkg changes for any
     # chroots or jails.
     if [ -n "${daily_status_pkg_changes_chroots}" -o \
 	 -n "${daily_status_pkg_changes_jails}" ];
     then
 	echo "Host system:"
     fi
     list_pkgs '' pkg.bak
     [ $? -ne 0 ] && rc=1
     for c in $daily_status_pkg_changes_chroots ; do
 	echo
 	echo "chroot: $c"
 	bak_file="pkg.chroot-$(echo $c | tr -C a-zA-Z0-9.- _).bak"
 	list_pkgs "-c $c" $bak_file
 	[ $? -ne 0 ] && rc=1
     done
     case $daily_status_pkg_changes_jails in
 	\*)
 	    jails=$(jls -q -h name | sed -e 1d)
 	    ;;
 	'')
 	    jails=
 	    ;;
 	*)
 	    jails=$daily_status_pkg_changes_jails
 	    ;;
     esac
     for j in $jails ; do
 	echo
 	echo "jail: $j"
 	bak_file="pkg.jail-$(echo $j | tr -C a-zA-Z0-9.- _).bak"
 	list_pkgs "-j $j" $bak_file
 	[ $? -ne 0 ] && rc=1
     done
     return $rc
 }
 # On 9.x or lower, 490.status-pkg-changes exists in the base system,
 # but using the old pkg_tools commands.  Unfortunately it uses the
 # same configuration variables, so allow the setting of

@@ -34,17 +109,7 @@ case "$daily_status_pkg_changes_enable" in

 		echo 'status-pkg-changes is enabled but pkg is not used'
 		rc=2
 	else
 		bak=/var/backups
 		rc=0
 		[ -r $bak/pkg.bak ] && mv -f $bak/pkg.bak $bak/pkg.bak2
 		${pkgcmd} info > $bak/pkg.bak
 		cmp -sz $bak/pkg.bak $bak/pkg.bak2
 		if [ $? -eq 1 ]; then
 			diff -U 0 $bak/pkg.bak2 $bak/pkg.bak | \
 			grep '^[-+][^-+]' | sort -k 1.2
 		fi
 	    list_pkgs_all
 	fi
 	;;
 	*)