Newer
Older
#!/usr/bin/env python3
"""
Criticality: Normal
Check updates, apt state and unattended upgrade config.
"""
try:
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
except ImportError:
requests.packages.urllib3.disable_warnings()
sys.path.append(str(Path(__file__).parents[1].resolve()))
from utilities import logging as lg # noqa: E402
from utilities.apt import Apt # noqa: E402
from utilities.os import line_in_file # noqa: E402
os.environ["DEBIAN_FRONTEND"] = "noninteractive"
os.environ["PATH"] = "/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
try:
apt = Apt(update=True)
except apt_mod.cache.FetchFailedException as apt_cache_err:
if str(apt_cache_err).endswith("no longer has a Release file."):
lg.error("Apt error: {}".format(apt_cache_err))
errors += 1
apt = Apt()
# detect pending upgrade
upgradable = len(apt.upgradable_packages)
if upgradable:
lg.info("there is {} upgrade pending".format(upgradable))
# detect pending auto-remove
removable = len(apt.removable_packages)
if removable:
lg.info("there is {} auto-removable packages".format(removable))
Stéphane Diemer
committed
for pkg in apt.removable_packages:
if "ubicast" in pkg:
lg.error("the ubicast package '%s' can be auto-removed!" % pkg)
Stéphane Diemer
committed
errors += 1
# detect rc state
purgeable = len(apt.purgeable_packages)
if purgeable:
lg.info("there is {} packages in rc state".format(purgeable))
try:
installed = apt.install("sl")
except apt_pkg.Error as apt_install_err:
if (
Path("/etc/apt/apt.conf.d/20auto-upgrades").exists()
and Path("/etc/apt/apt.conf.d/50unattended-upgrades").exists()
and line_in_file(
r'^APT::Periodic::Update-Package-Lists "1";$',
"/etc/apt/apt.conf.d/20auto-upgrades",
)
and line_in_file(
r'^APT::Periodic::Unattended-Upgrade "1";$',
"/etc/apt/apt.conf.d/20auto-upgrades",
)
and line_in_file(
r"^Unattended-Upgrade::(?:(?:Allowed-Origins)|(?:Origins-Pattern)) {$",
"/etc/apt/apt.conf.d/50unattended-upgrades",
)
):
lg.success("automatic security updates enabled")
lg.warning("automatic security updates not enabled")
# check ubicast repository presence
ubicast_repo = Path("/etc/apt/sources.list.d/skyreach.list").exists()
ubicast_package = (
True
if apt.is_installed("ubicast-mediaserver")
or apt.is_installed("ubicast-monitor")
or apt.is_installed("ubicast-skyreach")
or apt.is_installed("ubicast-skyreach-erp")
or apt.is_installed("celerity-server")
or apt.is_installed("celerity-utils")
or apt.is_installed("celerity-workers")
else False
)
if ubicast_repo and ubicast_package:
lg.success("ubicast repository present")
elif not ubicast_repo and ubicast_package:
lg.warning("ubicast repository missing")
warnings += 1
elif not ubicast_repo and not ubicast_package:
lg.info("no ubicast repository and service installed")
lg.info("no ubicast service installed")
if ubicast_repo:
# check ubicast repository url
regexp_repo = (
r"^deb (http[s]?://[A-Za-z0-9\.\-\_]+) packaging/apt/([A-Za-z0-9\.\-\_]+)/$"
)
repo_url_match = line_in_file(regexp_repo, "/etc/apt/sources.list.d/skyreach.list")
if repo_url_match:
url, apt_token = repo_url_match.groups()
lg.success("url: {}, token: {}[...]".format(url, apt_token[:8]))
url, apt_token = None, None
lg.error("incorrect ubicast repository url or token")
# check server avalability
if url:
server_response = requests.get(url, verify=False)
if server_response.ok:
lg.success("request to {} succeeded".format(url))
else:
lg.error("request to {} failed: {}".format(url, server_response.text))
errors += 1
# check repository avalability
if url and apt_token:
apt_url = "{}/packaging/apt/{}/Packages".format(url, apt_token)
repo_response = requests.get(apt_url, verify=False)
apt_url = "{}/packaging/apt/{}[...]/Packages".format(url, apt_token[:8])
if repo_response.ok:
lg.success("request to {} succeeded".format(apt_url))
else:
lg.error("request to {} failed: {}".format(apt_url, repo_response.text))
errors += 1