diff options
author | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-08-25 11:23:20 +0200 |
---|---|---|
committer | Andreas Steffen <andreas.steffen@strongswan.org> | 2017-09-01 11:19:40 +0200 |
commit | b84817375d1cb2a40f6f004ea619e4f7cfab6da5 (patch) | |
tree | 2129f9264e6543f197fa4da3f740a736f3bb4e66 /src/sec-updater/sec-updater.sh | |
parent | 076aac70693d7e49c1357cee406ad21ca98000bc (diff) | |
download | strongswan-b84817375d1cb2a40f6f004ea619e4f7cfab6da5.tar.bz2 strongswan-b84817375d1cb2a40f6f004ea619e4f7cfab6da5.tar.xz |
sec-updater: Checks for security updates
sec-updater checks for security updates and backports in Debian/
Ubuntu repositories and sets the security flags in the strongTNC
policy database accordingly.
Diffstat (limited to 'src/sec-updater/sec-updater.sh')
-rwxr-xr-x | src/sec-updater/sec-updater.sh | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/src/sec-updater/sec-updater.sh b/src/sec-updater/sec-updater.sh new file mode 100755 index 000000000..1f4b69465 --- /dev/null +++ b/src/sec-updater/sec-updater.sh @@ -0,0 +1,69 @@ +#!/bin/sh + +DIR="/etc/pts" +DATE=`date +%Y%m%d-%H%M` +UBUNTU="http://security.ubuntu.com/ubuntu/dists" +UBUNTU_VERSIONS="xenial" +UBUNTU_DIRS="main multiverse restricted universe" +UBUNTU_ARCH="binary-amd64" +DEBIAN="http://security.debian.org/dists" +DEBIAN_VERSIONS="jessie" +DEBIAN_DIRS="main contrib non-free" +DEBIAN_ARCH="binary-amd64" +CMD=/usr/sbin/sec-updater +CMD_LOG="$DIR/$DATE-sec-update.log" + +mkdir -p $DIR/dists +cd $DIR/dists + +# Download Ubuntu distribution information + +for v in $UBUNTU_VERSIONS +do + for a in $UBUNTU_ARCH + do + mkdir -p $v-security/$a $v-updates/$a + for d in $UBUNTU_DIRS + do + wget $UBUNTU/$v-security/$d/$a/Packages.xz -O $v-security/$a/Packages-$d.xz + unxz -f $v-security/$a/Packages-$d.xz + wget $UBUNTU/$v-updates/$d/$a/Packages.xz -O $v-updates/$a/Packages-$d.xz + unxz -f $v-updates/$a/Packages-$d.xz + done + done +done + +# Download Debian distribution information + +for v in $DEBIAN_VERSIONS +do + for a in $DEBIAN_ARCH + do + mkdir -p $v-updates/$a + for d in $DEBIAN_DIRS + do + wget $DEBIAN/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2 + bunzip2 -f $v-updates/$a/Packages-$d.bz2 + done + done +done + +# Run sec-updater in distribution information + +for f in xenial-security/binary-amd64/* +do + echo "security: $f" + $CMD --product "Ubuntu 16.04 x86_64" --file $f --security >> $CMD_LOG 2>&1 +done +echo +for f in xenial-updates/binary-amd64/* +do + echo "updates: $f" + $CMD --product "Ubuntu 16.04 x86_64" --file $f >> $CMD_LOG 2>&1 +done +echo +for f in jessie-updates/binary-amd64/* +do + echo "security: $f" + $CMD --product "Debian 8.0 x86_64" --file $f --security >> $CMD_LOG 2>&1 +done |