Release 22.05 #155
|
@ -20,7 +20,7 @@ The **patch** part changes is incremented if multiple releases happen the same m
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
* evocheck: upstream release 22.03.1
|
* evocheck: upstream release 22.04
|
||||||
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
|
* evolinux-base: Add non-free repos & install non-free firmware on dedicated hardware
|
||||||
* evolinux-base: rename backup-server-state to dump-server-state
|
* evolinux-base: rename backup-server-state to dump-server-state
|
||||||
* dump-server-state: upstream release 22.04.1
|
* dump-server-state: upstream release 22.04.1
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
# Script to verify compliance of a Debian/OpenBSD server
|
# Script to verify compliance of a Debian/OpenBSD server
|
||||||
# powered by Evolix
|
# powered by Evolix
|
||||||
|
|
||||||
VERSION="22.03.1"
|
VERSION="22.04"
|
||||||
readonly VERSION
|
readonly VERSION
|
||||||
|
|
||||||
# base functions
|
# base functions
|
||||||
|
@ -234,7 +234,8 @@ check_syslogconf() {
|
||||||
check_debiansecurity() {
|
check_debiansecurity() {
|
||||||
if is_debian_bullseye; then
|
if is_debian_bullseye; then
|
||||||
# https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.html#security-archive
|
# https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.html#security-archive
|
||||||
pattern="^deb https://deb\.debian\.org/debian-security/? bullseye-security main"
|
# https://www.debian.org/security/
|
||||||
|
pattern="^deb https://(deb|security)\.debian\.org/debian-security/? bullseye-security main"
|
||||||
elif is_debian_buster; then
|
elif is_debian_buster; then
|
||||||
pattern="^deb http://security\.debian\.org/debian-security/? buster/updates main"
|
pattern="^deb http://security\.debian\.org/debian-security/? buster/updates main"
|
||||||
elif is_debian_stretch; then
|
elif is_debian_stretch; then
|
||||||
|
@ -600,7 +601,11 @@ check_evobackup_exclude_mount() {
|
||||||
|
|
||||||
# shellcheck disable=SC2044
|
# shellcheck disable=SC2044
|
||||||
for evobackup_file in $(find /etc/cron* -name '*evobackup*' | grep -v -E ".disabled$"); do
|
for evobackup_file in $(find /etc/cron* -name '*evobackup*' | grep -v -E ".disabled$"); do
|
||||||
grep -- "--exclude " "${evobackup_file}" | grep -E -o "\"[^\"]+\"" | tr -d '"' > "${excludes_file}"
|
# If rsync is not limited by "one-file-system"
|
||||||
|
# then we verify that every mount is excluded
|
||||||
|
grep -q -- "^\s*--one-file-system" "${evobackup_file}" \
|
||||||
|
|| grep -- "--exclude " "${evobackup_file}" | grep -E -o "\"[^\"]+\"" | tr -d '"' \
|
||||||
|
> "${excludes_file}"
|
||||||
not_excluded=$(findmnt --type nfs,nfs4,fuse.sshfs, -o target --noheadings | grep -v -f "${excludes_file}")
|
not_excluded=$(findmnt --type nfs,nfs4,fuse.sshfs, -o target --noheadings | grep -v -f "${excludes_file}")
|
||||||
for mount in ${not_excluded}; do
|
for mount in ${not_excluded}; do
|
||||||
failed "IS_EVOBACKUP_EXCLUDE_MOUNT" "${mount} is not excluded from ${evobackup_file} backup script"
|
failed "IS_EVOBACKUP_EXCLUDE_MOUNT" "${mount} is not excluded from ${evobackup_file} backup script"
|
||||||
|
@ -1374,7 +1379,7 @@ download_versions() {
|
||||||
elif is_openbsd; then
|
elif is_openbsd; then
|
||||||
versions_url="https://upgrades.evolix.org/versions-${OPENBSD_RELEASE}"
|
versions_url="https://upgrades.evolix.org/versions-${OPENBSD_RELEASE}"
|
||||||
else
|
else
|
||||||
failed "IS_VERSIONS_CHECK" "error determining os release"
|
failed "IS_CHECK_VERSIONS" "error determining os release"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# fetch timeout, in seconds
|
# fetch timeout, in seconds
|
||||||
|
@ -1387,9 +1392,9 @@ download_versions() {
|
||||||
elif command -v GET; then
|
elif command -v GET; then
|
||||||
GET -t ${timeout}s "${versions_url}" > "${versions_file}"
|
GET -t ${timeout}s "${versions_url}" > "${versions_file}"
|
||||||
else
|
else
|
||||||
failed "IS_VERSIONS_CHECK" "failed to find curl, wget or GET"
|
failed "IS_CHECK_VERSIONS" "failed to find curl, wget or GET"
|
||||||
fi
|
fi
|
||||||
test "$?" -eq 0 || failed "IS_VERSIONS_CHECK" "failed to download ${versions_url} to ${versions_file}"
|
test "$?" -eq 0 || failed "IS_CHECK_VERSIONS" "failed to download ${versions_url} to ${versions_file}"
|
||||||
}
|
}
|
||||||
get_command() {
|
get_command() {
|
||||||
local program
|
local program
|
||||||
|
@ -1451,11 +1456,11 @@ check_version() {
|
||||||
actual_version=$(get_version "${program}" "${command}")
|
actual_version=$(get_version "${program}" "${command}")
|
||||||
# printf "program:%s expected:%s actual:%s\n" "${program}" "${expected_version}" "${actual_version}"
|
# printf "program:%s expected:%s actual:%s\n" "${program}" "${expected_version}" "${actual_version}"
|
||||||
if [ -z "${actual_version}" ]; then
|
if [ -z "${actual_version}" ]; then
|
||||||
failed "IS_VERSIONS_CHECK" "failed to lookup actual version of ${program}"
|
failed "IS_CHECK_VERSIONS" "failed to lookup actual version of ${program}"
|
||||||
elif dpkg --compare-versions "${actual_version}" lt "${expected_version}"; then
|
elif dpkg --compare-versions "${actual_version}" lt "${expected_version}"; then
|
||||||
failed "IS_VERSIONS_CHECK" "${program} version ${actual_version} is older than expected version ${expected_version}"
|
failed "IS_CHECK_VERSIONS" "${program} version ${actual_version} is older than expected version ${expected_version}"
|
||||||
elif dpkg --compare-versions "${actual_version}" gt "${expected_version}"; then
|
elif dpkg --compare-versions "${actual_version}" gt "${expected_version}"; then
|
||||||
failed "IS_VERSIONS_CHECK" "${program} version ${actual_version} is newer than expected version ${expected_version}, you should update tour index."
|
failed "IS_CHECK_VERSIONS" "${program} version ${actual_version} is newer than expected version ${expected_version}, you should update your index."
|
||||||
else
|
else
|
||||||
: # Version check OK
|
: # Version check OK
|
||||||
fi
|
fi
|
||||||
|
@ -1484,7 +1489,7 @@ check_versions() {
|
||||||
if [ -n "${version}" ]; then
|
if [ -n "${version}" ]; then
|
||||||
check_version "${program}" "${version}"
|
check_version "${program}" "${version}"
|
||||||
else
|
else
|
||||||
failed "IS_VERSIONS_CHECK" "failed to lookup expected version for ${program}"
|
failed "IS_CHECK_VERSIONS" "failed to lookup expected version for ${program}"
|
||||||
fi
|
fi
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
Loading…
Reference in a new issue