/[secure-testing]/bin/checklist
ViewVC logotype

Contents of /bin/checklist

Parent Directory Parent Directory | Revision Log Revision Log

Revision 688 - (show annotations) (download)
Wed Mar 30 14:56:53 2005 UTC (8 years, 2 months ago) by stef-guest
Original Path: sarge-checks/checklist
File size: 5093 byte(s) 
show kernel-images with unknown source version
1 #!/usr/bin/perl
2 # Must run on a machine with madison.
3 #
4 # To check for un-updated binary kernel packages, also needs grep-dctrl
5 # and a Sources file for the distribution. Set the location of the Sources
6 # file in SOURCES_FILE in the environment.
7 #
8 use URI::Escape;
9
10 my $html=0;
11 if ($ARGV[0] eq 'html') {
12 shift;
13 $html=1;
14 }
15
16 if (! @ARGV) {
17 die "usage: $0 [html] list\n";
18 }
19
20
21 my %data;
22 my %needkernel=qw/2.4.27 0 2.6.8 0/;
23 my $list_unknown=1; #set to 1 to display kernel images with unknown source version
24 my $sources=$ENV{SOURCES_FILE};
25 my $need_rebuild=0;
26
27 my $unprop = my $unfixed = my $todos = 0;
28
29 sub record {
30 my ($package, $condition, $item)=@_;
31
32 if ($html) {
33 $condition=~s{bug #(\d+)}{<a href="http://bugs.debian.org/$1">bug #$1</a>}g;
34 $condition=~s{unfixed}{<b>unfixed</b>}g;
35 $item=~s#((?:CAN|CVE)-\d+-\d+)#<a href="http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=$1">$1</a>#g;
36 }
37
38 push @{$data{$package}{$condition}}, $item;
39 }
40
41 foreach my $list (@ARGV) {
42 if (-d $list) {
43 $list="$list/list";
44 }
45
46 open (IN, $list) || die "open $list: $!";
47 while (<IN>) {
48 chomp;
49 if (/^\[/) {
50 ($id)=m/((?:DSA|CAN|CVE)-[^\s]+) /;
51 }
52 elsif (/^((?:DSA|CAN|CVE)-[^\s]+)/) {
53 $id=$1;
54 }
55 elsif (/^\s+[!-]\s+(\S+)\s+(.*?)\s*$/) {
56 my $package=$1;
57 my $version=$2;
58
59 if ($package=~/kernel-source-([0-9.]+)/) {
60 my $kernversion=$1;
61 if (exists $needkernel{$kernversion} &&
62 $version!~/\(/ ) {
63 $needkernel{$kernversion}=$version if !system("dpkg --compare-versions $needkernel{$kernversion} lt $version");
64 }
65 }
66
67 my @maddy;
68 for (1..5) {
69 @maddy=`madison -s testing '$package'`;
70 if ($? & 127 || ($? >> 8 != 0 && $? >> 8 != 1)) {
71 # good old unrelaible newraff,
72 # home of our archive..
73 next;
74 }
75 last;
76 }
77 if ($? & 127) {
78 record($package, "<em>[madison segfaulted 5 times in a row.. Medic!]</em>", $id);
79 }
80 elsif ($? >> 8 != 0 && $? >> 8 != 1) {
81 record($package, "<em>[madison exited with ".($? >> 8)."]</em>", $id);
82 }
83 if (! @maddy) {
84 next;
85 }
86
87 if ($version=~/unfixed/ || $version=~/pending/) {
88 record($package, $version, $id);
89 $unfixed++;
90 }
91 else {
92 foreach my $maddy (@maddy) {
93 my @fields = split(/\s*\|\s*/, $maddy);
94 my $havver=$fields[1];
95 my $arches=$fields[3];
96 $version=~s/\s+//; # strip whitespace
97 $arches=~s/\s+$//;
98 my $cmp=system("dpkg --compare-versions '$havver' '>=' '$version'");
99 if ($cmp != 0) {
100 if ($html) {
101 $havver='<a href="http://bjorn.haxx.se/debian/testing.pl?package='.uri_escape($package).'">'.$havver.'</a>';
102 }
103 record($package, "$version needed, have $havver".(@maddy > 1 ? " [$arches]" : ""), $id);
104 $unprop++;
105 }
106 }
107 }
108 }
109 elsif (/\s+TODO/) {
110 $todos++;
111 }
112 }
113 }
114
115
116 if ($html) {
117 print "<html><title>testing security issues</title>\n";
118 print "<ul>\n";
119 }
120
121 foreach my $package (sort keys %data) {
122 foreach my $condition (sort keys %{$data{$package}}) {
123 print "<li>" if $html;
124 print "$package $condition for ";
125 my $items=0;
126 foreach my $item (sort @{$data{$package}{$condition}}) {
127 print ", " if $items > 0;
128 print $item;
129 $items++;
130 }
131 print "\n";
132 }
133 }
134
135 foreach my $version (sort keys %needkernel) {
136 my %images;
137
138 if ($needkern{$version} eq "0") {
139 next;
140 }
141
142 my @dctrl;
143 if (defined $sources && length $sources) {
144 my $cat=($sources=~/\.gz/) ? "zcat" : "cat";
145 @dctrl=`$cat $sources | grep-dctrl -F Binary kernel-image-$version -s Package,Build-Depends -`;
146 }
147
148 my $package="";
149 my $haveversion;
150
151 foreach my $line (@dctrl) {
152 chomp;
153 if ($line=~/Package:\s*(\S+)/) {
154 $package=$1;
155 $haveversion="0";
156 } elsif ($line=~/Build-Depends/) {
157 if ($line=~/kernel-tree-$version-([^,\s]+)/) {
158 $haveversion="$version-$1";
159 } elsif ($line=~/kernel-source-$version\s+\(>?=\s*([^\s\)]+)\)/) {
160 $haveversion="$1";
161 }
162 } else {
163 if ($package=~/linux-kernel-di/ || $package eq "") {
164 next;
165 }
166 $images{$package}=$haveversion;
167 $package="";
168 }
169 }
170
171 foreach $package (sort keys %images) {
172 if ($images{$package} eq "0") {
173 print "<li>" if ($html && $list_unknown);
174 print "$package built from kernel-source-$version $needkernel{$version} needed, current version unknown\n" if $list_unknown;
175 } elsif (!system("dpkg --compare-versions $needkernel{$version} gt $images{$package}")) {
176 print "<li>" if $html;
177 print "$package built from kernel-source-$version $needkernel{$version} needed, have $images{$package}\n";
178 $need_rebuild++;
179 }
180 }
181
182
183 }
184
185
186 if ($html) {
187 print "</ul>\n";
188 print "<hr>\n";
189 print "Total holes unfixed: $unfixed<br>\n";
190 print "Total holes fixed in unstable but not testing: $unprop<br>\n";
191 print "Total number of kernel image source packages not up to date: $need_rebuild<br>\n";
192 print "Number of TODO lines in <a href=\"http://svn.debian.org/wsvn/secure-testing/sarge-checks/?rev=0&sc=0\">records</a>: $todos<br>\n";
193 print "Maintained by the <a href=\"http://secure-testing.alioth.debian.org/\">testing security team</a><br>\n";
194 print "Last update: ".`date`."<br>\n";
195 print "</html>\n";
196 }

Properties

Name Value
svn:executable *
  ViewVC Help
Powered by ViewVC 1.1.5