Skip to content
Snippets Groups Projects
Commit fcbef58f authored by Nicolas KAROLAK's avatar Nicolas KAROLAK
Browse files

python test_apt

parent 7ef05368
No related branches found
No related tags found
No related merge requests found
#!/usr/bin/env python3
"""
Criticality: Normal
Check updates, apt state and unattended upgrade config.
"""
import apt_pkg
from pathlib import Path
import sys
sys.path.append(str(Path(__file__).parents[1].resolve()))
import utils as u # noqa: E402
from utils_lib.apt import Apt # noqa: E402
from utils_lib.os import line_in_file # noqa: E402
def main():
warnings = 0
errors = 0
apt = Apt(update=True)
print("Checking APT state:")
upgradable = len(apt.upgradable_packages)
if upgradable:
u.warning("there is {} upgrade pending".format(upgradable))
warnings += 1
else:
u.success("system up-to-date")
removable = len(apt.removable_packages)
if removable:
u.warning("there is {} auto-removable packages".format(removable))
warnings += 1
else:
u.success("system clean")
try:
installed = apt.install("sl")
except apt_pkg.Error as apt_install_err:
u.warning(apt_install_err)
warnings += 1
else:
if installed:
u.success("installation successful")
apt.remove("sl")
else:
u.error("installation failed")
errors += 1
if (
Path("/etc/apt/apt.conf.d/20auto-upgrades").exists()
and Path("/etc/apt/apt.conf.d/50unattended-upgrades").exists()
and line_in_file(
'APT::Periodic::Update-Package-Lists "1";',
"/etc/apt/apt.conf.d/20auto-upgrades",
)
and line_in_file(
'APT::Periodic::Unattended-Upgrade "1";',
"/etc/apt/apt.conf.d/20auto-upgrades",
)
and line_in_file(
"Unattended-Upgrade::(?:(?:Allowed-Origins)|(?:Origins-Pattern)) {",
"/etc/apt/apt.conf.d/50unattended-upgrades",
)
):
u.success("automatic security updates enabled")
else:
u.warning("automatic security updates not enabled")
warnings += 1
if errors:
return 1
elif warnings:
return 3
else:
return 0
if __name__ == "__main__":
exit(main())
#!/bin/bash
# Criticality: Normal
# Check that updates can be installed and that automatic security updates are enabled.
set -e
PATH=/usr/bin:/bin:/usr/sbin:/sbin
DEBIAN_FRONTEND=noninteractive
echo "Testing apt-get install."
lock_timeout=120
lock_counter=0
tput sc
set +e
while fuser /var/lib/dpkg/lock >/dev/null 2>&1 ; do
sleep 1 && echo -n $lock_counter && (( lock_counter++ ))
tput rc
if (( $lock_counter > $lock_timeout )); then
echo "APT is reported as locked for more than $lock_timeout seconds now..."
echo "Either a big upgrade is running or it is hung, please take a look"
exit 3
fi
done
set -e
echo "Clean repository."
apt-get clean
# Testing if sl package exists and remove it
if ( dpkg -s sl >/dev/null 2>&1 ); then
echo "Removing already installed testing package."
apt-get remove -y sl
fi
# Installation testing package sl
apt-get update
apt-get install -y sl
apt-get remove -y sl
if [ ! -f /etc/apt/apt.conf.d/20auto-upgrades ]; then
if [ ! -f /etc/apt/apt.conf.d/50unattended-upgrades ]; then
echo "Automatic security updates not enabled."
echo "Perhaps the unattended-upgrades package is not installed."
exit 3
fi
fi
echo "Automatic security updates enabled."
...@@ -4,6 +4,7 @@ ...@@ -4,6 +4,7 @@
from configparser import ConfigParser from configparser import ConfigParser
from pathlib import Path from pathlib import Path
import re
SUPPORTED_PLATFORMS = (("debian", "10"), ("ubuntu", "18.04")) SUPPORTED_PLATFORMS = (("debian", "10"), ("ubuntu", "18.04"))
...@@ -42,3 +43,26 @@ def supported_platform() -> bool: ...@@ -42,3 +43,26 @@ def supported_platform() -> bool:
""" """
return dist() in SUPPORTED_PLATFORMS return dist() in SUPPORTED_PLATFORMS
def line_in_file(line: str, file: str) -> bool:
"""Search for a line in the given file.
:param line: String or pattern to search
:type line: str
:param file: File to check
:type file: str
:return: Wether the line is present or not
:rtype: bool
"""
with open(file) as fh:
file_lines = fh.readlines()
regex = re.compile(line)
for file_line in file_lines:
if regex.match(file_line):
return True
return False
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment