#!/usr/bin/env python3
"""
Criticality: Normal
Check updates, apt state and unattended upgrade config.
"""
import apt_pkg
from pathlib import Path
import requests
import sys
try:
from requests.packages.urllib3.exceptions import InsecureRequestWarning
requests.packages.urllib3.disable_warnings(InsecureRequestWarning)
except ImportError:
requests.packages.urllib3.disable_warnings()
sys.path.append(str(Path(__file__).parents[1].resolve()))
import utils as u # noqa: E402
from utils_lib.apt import Apt # noqa: E402
from utils_lib.os import line_in_file # noqa: E402
def main():
warnings = 0
errors = 0
apt = Apt(update=True)
print("Checking APT state:")
# detect pending upgrade
upgradable = len(apt.upgradable_packages)
if upgradable:
u.warning("there is {} upgrade pending".format(upgradable))
warnings += 1
else:
u.success("system up-to-date")
# detect pending auto-remove
removable = len(apt.removable_packages)
if removable:
u.warning("there is {} auto-removable packages".format(removable))
warnings += 1
else:
u.success("system clean")
# installation
try:
installed = apt.install("sl")
except apt_pkg.Error as apt_install_err:
u.warning(apt_install_err)
warnings += 1
else:
if installed:
u.success("installation successful")
apt.remove("sl")
else:
u.error("installation failed")
errors += 1
# unattended-upgrades
if (
Path("/etc/apt/apt.conf.d/20auto-upgrades").exists()
and Path("/etc/apt/apt.conf.d/50unattended-upgrades").exists()
and line_in_file(
r'^APT::Periodic::Update-Package-Lists "1";$',
"/etc/apt/apt.conf.d/20auto-upgrades",
)
and line_in_file(
r'^APT::Periodic::Unattended-Upgrade "1";$',
"/etc/apt/apt.conf.d/20auto-upgrades",
)
and line_in_file(
r"^Unattended-Upgrade::(?:(?:Allowed-Origins)|(?:Origins-Pattern)) {$",
"/etc/apt/apt.conf.d/50unattended-upgrades",
)
):
u.success("automatic security updates enabled")
else:
u.warning("automatic security updates not enabled")
warnings += 1
# check ubicast repository presence
ubicast_repo = Path("/etc/apt/sources.list.d/skyreach.list").exists()
ubicast_package = (
True
if apt.is_installed("ubicast-mediaserver")
or apt.is_installed("ubicast-monitor")
or apt.is_installed("ubicast-skyreach")
or apt.is_installed("ubicast-skyreach-erp")
or apt.is_installed("celerity-workers")
else False
)
if ubicast_repo and ubicast_package:
u.success("ubicast repository present")
elif not ubicast_repo and ubicast_package:
u.error("ubicast repository missing")
errors += 1
elif not ubicast_repo and not ubicast_package:
u.info("no ubicast repository and service installed")
exit(2)
else:
u.info("no ubicast service installed")
# check ubicast repository url
regexp_repo = (
r"^deb (http[s]?://[A-Za-z0-9\.\-\_]+) packaging/apt/([A-Za-z0-9\.\-\_]+)/$"
)
repo_url_match = line_in_file(regexp_repo, "/etc/apt/sources.list.d/skyreach.list")
if repo_url_match:
url, apt_token = repo_url_match.groups()
u.success("url: {}, token: {}[...]".format(url, apt_token[:8]))
else:
url, apt_token = None, None
u.error("incorrect ubicast repository url or token")
errors += 1
# check server avalability
if url:
server_response = requests.get(url, verify=False)
if server_response.ok:
u.success("request to {} succeeded".format(url))
else:
u.error("request to {} failed: {}".format(url, server_response.text))
errors += 1
# check repository avalability
if url and apt_token:
apt_url = "{}/packaging/apt/{}/Packages".format(url, apt_token)
repo_response = requests.get(apt_url, verify=False)
apt_url = "{}/packaging/apt/{}[...]/Packages".format(url, apt_token[:8])
if repo_response.ok:
u.success("request to {} succeeded".format(apt_url))
else:
u.error("request to {} failed: {}".format(apt_url, repo_response.text))
errors += 1
if errors:
return 1
elif warnings:
return 3
else:
return 0
if __name__ == "__main__":
exit(main())