From 58a97812c6adb9d49bd2378cadf061c20a4d408a Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Fri, 11 Nov 2022 10:18:12 +0100 Subject: [PATCH] Check Debian Security repository from apt-cache policy output Instead of parsing files,we can ask apt-cache to list the enabled repository and look for one labeled "Debian-Security" provided by Debian. --- linux/CHANGELOG | 2 ++ linux/evocheck.sh | 17 +++-------------- 2 files changed, 5 insertions(+), 14 deletions(-) diff --git a/linux/CHANGELOG b/linux/CHANGELOG index d3e694d..8610ced 100644 --- a/linux/CHANGELOG +++ b/linux/CHANGELOG @@ -9,6 +9,8 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp ### Changed +* IS_DEBIANSECURITY: check Debian Security repository from apt-cache policy output + ### Deprecated ### Removed diff --git a/linux/evocheck.sh b/linux/evocheck.sh index fb7da68..cddb101 100755 --- a/linux/evocheck.sh +++ b/linux/evocheck.sh @@ -226,20 +226,9 @@ check_syslogconf() { || failed "IS_SYSLOGCONF" "syslog evolix config file missing" } check_debiansecurity() { - if is_debian_bullseye; then - # https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.html#security-archive - # https://www.debian.org/security/ - pattern="^deb ?(\[.*\])? ?http://security\.debian\.org/debian-security/? bullseye-security main" - elif is_debian_buster; then - pattern="^deb ?(\[.*\])? ?http://security\.debian\.org/debian-security/? buster/updates main" - elif is_debian_stretch; then - pattern="^deb ?(\[.*\])? ?http://security\.debian\.org/debian-security/? stretch/updates main" - else - pattern="^deb.*security" - fi - - source_file="/etc/apt/sources.list" - grep -qE "${pattern}" "${source_file}" || failed "IS_DEBIANSECURITY" "missing debian security repository" + # Look for enabled "Debian-Security" sources from the "Debian" origin + apt-cache policy | grep "\bl=Debian-Security\b" | grep "\bo=Debian\b" | grep --quiet "\bc=main\b" + test $? -eq 0 || failed "IS_DEBIANSECURITY" "missing Debian-Security repository" } check_aptitudeonly() { if is_debian_squeeze || is_debian_wheezy; then