/[secure-testing]/bin/checklist
ViewVC logotype

Contents of /bin/checklist

Parent Directory Parent Directory | Revision Log Revision Log

Revision 657 - (show annotations) (download)
Fri Mar 25 17:03:01 2005 UTC (8 years, 1 month ago) by joeyh
Original Path: sarge-checks/checklist
File size: 5027 byte(s) 
- e robust when madison segfaults
- deal better with arches that are not keeping up in testing (like arm)
1 #!/usr/bin/perl
2 # Must run on a machine with madison.
3 #
4 # To check for un-updated binary kernel packages, also needs grep-dctrl
5 # and a Sources file for the distribution. Set the location of the Sources
6 # file in SOURCES_FILE in the environment.
7 #
8 use URI::Escape;
9
10 my $html=0;
11 if ($ARGV[0] eq 'html') {
12 shift;
13 $html=1;
14 }
15
16 if (! @ARGV) {
17 die "usage: $0 [html] list\n";
18 }
19
20
21 my %data;
22 my %needkernel=qw/2.4.27 0 2.6.8 0/;
23 my $list_unknown=0; #set to 1 to display kernel images with unknown source version
24 my $sources=$ENV{SOURCES_FILE};
25 my $need_rebuild=0;
26
27 my $unprop = my $unfixed = my $todos = 0;
28
29 sub record {
30 my ($package, $condition, $item)=@_;
31
32 if ($html) {
33 $condition=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g;
34 $condition=~s{unfixed}{<b>unfixed</b>}g;
35 $item=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g;
36 }
37
38 push @{$data{$package}{$condition}}, $item;
39 }
40
41 foreach my $list (@ARGV) {
42 if (-d $list) {
43 $list="$list/list";
44 }
45
46 open (IN, $list) || die "open $list: $!";
47 while (<IN>) {
48 chomp;
49 if (/^\[/) {
50 ($id)=m/((?:DSA|CAN|CVE)-[^\s]+) /;
51 }
52 elsif (/^((?:DSA|CAN|CVE)-[^\s]+)/) {
53 $id=$1;
54 }
55 elsif (/^\s+[!-]\s+(\S+)\s+(.*?)\s*$/) {
56 my $package=$1;
57 my $version=$2;
58
59 if ($package=~/kernel-source-([0-9.]+)/) {
60 my $kernversion=$1;
61 if (exists $needkernel{$kernversion} &&
62 $version!~/\(/ ) {
63 $needkernel{$kernversion}=$version if !system("dpkg --compare-versions $needkernel{$kernversion} lt $version");
64 }
65 }
66
67 my @maddy;
68 for (1..5) {
69 @maddy=`madison -s testing '$package'`;
70 if ($? & 127) {
71 # segfult. good old newraff..
72 next;
73 }
74 last;
75 }
76 if ($? & 127) {
77 record($package, "<em>[madison segfaulted 5 times in a row.. Medic!]</em>", $id);
78 }
79 elsif ($? >> 8 != 0 && $? >> 8 != 1) {
80 record($package, "<em>[madison exited with ".($? >> 8)."]</em>", $id);
81 }
82 if (! @maddy) {
83 next;
84 }
85
86 if ($version=~/unfixed/ || $version=~/pending/) {
87 record($package, $version, $id);
88 $unfixed++;
89 }
90 else {
91 foreach my $maddy (@maddy) {
92 my @fields = split(/\s*\|\s*/, $maddy);
93 my $havver=$fields[1];
94 my $arches=$fields[3];
95 $version=~s/\s+//; # strip whitespace
96 $arches=~s/\s+$//;
97 my $cmp=system("dpkg --compare-versions '$havver' '>=' '$version'");
98 if ($cmp != 0) {
99 if ($html) {
100 $havver='<a href="http://bjorn.haxx.se/debian/testing.pl?package='.uri_escape($package).'">'.$havver.'</a>';
101 }
102 record($package, "$version needed, have $havver".(@maddy > 1 ? " [$arches]" : ""), $id);
103 $unprop++;
104 }
105 }
106 }
107 }
108 elsif (/\s+TODO/) {
109 $todos++;
110 }
111 }
112 }
113
114
115 if ($html) {
116 print "<html><title>testing security issues</title>\n";
117 print "<ul>\n";
118 }
119
120 foreach my $package (sort keys %data) {
121 foreach my $condition (sort keys %{$data{$package}}) {
122 print "<li>" if $html;
123 print "$package $condition for ";
124 my $items=0;
125 foreach my $item (sort @{$data{$package}{$condition}}) {
126 print ", " if $items > 0;
127 print $item;
128 $items++;
129 }
130 print "\n";
131 }
132 }
133
134 foreach my $version (sort keys %needkernel) {
135 my %images;
136
137 if ($needkern{$version} eq "0") {
138 next;
139 }
140
141 my @dctrl;
142 if (defined $sources && length $sources) {
143 my $cat=($sources=~/\.gz/) ? "zcat" : "cat";
144 @dctrl=`$cat $sources | grep-dctrl -F Binary kernel-image-$version -s Package,Build-Depends -`;
145 }
146
147 my $package="";
148 my $haveversion;
149
150 foreach my $line (@dctrl) {
151 chomp;
152 if ($line=~/Package:\s*(\S+)/) {
153 $package=$1;
154 $haveversion="0";
155 } elsif ($line=~/Build-Depends/) {
156 if ($line=~/kernel-tree-$version-([^,\s]+)/) {
157 $haveversion="$version-$1";
158 } elsif ($line=~/kernel-source-$version\s+\(>=\s*([^\s\)])\)/) {
159 $haveversion="$1";
160 }
161 } else {
162 if ($package=~/linux-kernel-di/ || $package eq "") {
163 next;
164 }
165 $images{$package}=$haveversion;
166 $package="";
167 }
168 }
169
170 foreach $package (sort keys %images) {
171 if ($images{$package} eq "0") {
172 print "<li>" if ($html && $list_unknown);
173 print "$package built from kernel-source-$version $needkernel{$version} needed, current version unknown\n" if $list_unknown;
174 } elsif (!system("dpkg --compare-versions $needkernel{$version} gt $images{$package}")) {
175 print "<li>" if $html;
176 print "$package built from kernel-source-$version $needkernel{$version} needed, have $images{$package}\n";
177 $need_rebuild++;
178 }
179 }
180
181
182 }
183
184
185 if ($html) {
186 print "</ul>\n";
187 print "<hr>\n";
188 print "Total holes unfixed: $unfixed<br>\n";
189 print "Total holes fixed in unstable but not testing: $unprop<br>\n";
190 print "Total number of kernel image source packages not up to date: $need_rebuild<br>\n";
191 print "Number of TODO lines in <a href=\"http://svn.debian.org/wsvn/secure-testing/sarge-checks/?rev=0&sc=0\">records</a>: $todos<br>\n";
192 print "Maintained by the <a href=\"http://secure-testing.alioth.debian.org/\">testing security team</a><br>\n";
193 print "Last update: ".`date`."<br>\n";
194 print "</html>\n";
195 }

Properties

Name Value
svn:executable *
  ViewVC Help
Powered by ViewVC 1.1.5