From: Fabian Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Subject: [pve-devel] [PATCH manager] pve6to7: add check for Debian security repository
Date: Tue, 6 Jul 2021 14:31:55 +0200 [thread overview]
Message-ID: <20210706123155.9724-1-f.ebner@proxmox.com> (raw)
since the pattern for the suite changed.
Signed-off-by: Fabian Ebner <f.ebner@proxmox.com>
---
PVE/CLI/pve6to7.pm | 71 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 71 insertions(+)
diff --git a/PVE/CLI/pve6to7.pm b/PVE/CLI/pve6to7.pm
index 163f5e4a..6c1c3726 100644
--- a/PVE/CLI/pve6to7.pm
+++ b/PVE/CLI/pve6to7.pm
@@ -1016,6 +1016,76 @@ sub check_containers_cgroup_compat {
}
};
+sub check_security_repo {
+ log_info("Checking if the suite for the Debian security repository is correct..");
+
+ my $found = 0;
+
+ my $dir = '/etc/apt/sources.list.d';
+ my $in_dir = 0;
+
+ my $check_file = sub {
+ my ($file) = @_;
+
+ $file = "${dir}/${file}" if $in_dir;
+
+ my $raw = eval { PVE::Tools::file_get_contents($file) };
+ return if !defined($raw);
+ my @lines = split(/\n/, $raw);
+
+ my $number = 0;
+ for my $line (@lines) {
+ $number++;
+
+ next if length($line) == 0; # split would result in undef then...
+
+ ($line) = split(/#/, $line);
+
+ next if $line !~ m/^deb/; # is case sensitive
+
+ my $suite;
+
+ # catch any of
+ # https://deb.debian.org/debian-security
+ # http://security.debian.org/debian-security
+ # http://security.debian.org/
+ if ($line =~ m|https?://deb\.debian\.org/debian-security/?\s+(\S*)|i) {
+ $suite = $1;
+ } elsif ($line =~ m|https?://security\.debian\.org(?:.*?)\s+(\S*)|i) {
+ $suite = $1;
+ } else {
+ next;
+ }
+
+ $found = 1;
+
+ my $where = "in ${file}:${number}";
+
+ if ($suite eq 'buster/updates') {
+ log_info("Make sure to change the suite of the Debian security repository " .
+ "from 'buster/updates' to 'bullseye-security' - $where");
+ } elsif ($suite eq 'bullseye-security') {
+ log_pass("already using 'bullseye-security'");
+ } else {
+ log_fail("The new suite of the Debian security repository should be " .
+ "'bullseye-security' - $where");
+ }
+ }
+ };
+
+ $check_file->("/etc/apt/sources.list");
+
+ $in_dir = 1;
+
+ PVE::Tools::dir_glob_foreach($dir, '^.*\.list$', $check_file);
+
+ if (!$found) {
+ # only warn, it might be defined in a .sources file or in a way not catched above
+ log_warn("No Debian security repository detected in /etc/apt/sources.list and " .
+ "/etc/apt/sources.list.d/*.list");
+ }
+}
+
sub check_misc {
print_header("MISCELLANEOUS CHECKS");
my $ssh_config = eval { PVE::Tools::file_get_contents('/root/.ssh/config') };
@@ -1118,6 +1188,7 @@ sub check_misc {
check_custom_pool_roles();
check_description_lengths();
check_storage_content();
+ check_security_repo();
}
__PACKAGE__->register_method ({
--
2.20.1
next reply other threads:[~2021-07-06 12:32 UTC|newest]
Thread overview: 2+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-07-06 12:31 Fabian Ebner [this message]
2021-07-07 16:37 ` [pve-devel] applied: " Thomas Lamprecht
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20210706123155.9724-1-f.ebner@proxmox.com \
--to=f.ebner@proxmox.com \
--cc=pve-devel@lists.proxmox.com \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.
Service provided by Proxmox Server Solutions GmbH | Privacy | Legal