forked from evolix/evocheck
Check Debian Security repository from apt-cache policy output
Instead of parsing files,we can ask apt-cache to list the enabled repository and look for one labeled "Debian-Security" provided by Debian.
This commit is contained in:
parent
55b08445a7
commit
58a97812c6
|
@ -9,6 +9,8 @@ and this project **does not adhere to [Semantic Versioning](http://semver.org/sp
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
||||||
|
* IS_DEBIANSECURITY: check Debian Security repository from apt-cache policy output
|
||||||
|
|
||||||
### Deprecated
|
### Deprecated
|
||||||
|
|
||||||
### Removed
|
### Removed
|
||||||
|
|
|
@ -226,20 +226,9 @@ check_syslogconf() {
|
||||||
|| failed "IS_SYSLOGCONF" "syslog evolix config file missing"
|
|| failed "IS_SYSLOGCONF" "syslog evolix config file missing"
|
||||||
}
|
}
|
||||||
check_debiansecurity() {
|
check_debiansecurity() {
|
||||||
if is_debian_bullseye; then
|
# Look for enabled "Debian-Security" sources from the "Debian" origin
|
||||||
# https://www.debian.org/releases/bullseye/amd64/release-notes/ch-information.html#security-archive
|
apt-cache policy | grep "\bl=Debian-Security\b" | grep "\bo=Debian\b" | grep --quiet "\bc=main\b"
|
||||||
# https://www.debian.org/security/
|
test $? -eq 0 || failed "IS_DEBIANSECURITY" "missing Debian-Security repository"
|
||||||
pattern="^deb ?(\[.*\])? ?http://security\.debian\.org/debian-security/? bullseye-security main"
|
|
||||||
elif is_debian_buster; then
|
|
||||||
pattern="^deb ?(\[.*\])? ?http://security\.debian\.org/debian-security/? buster/updates main"
|
|
||||||
elif is_debian_stretch; then
|
|
||||||
pattern="^deb ?(\[.*\])? ?http://security\.debian\.org/debian-security/? stretch/updates main"
|
|
||||||
else
|
|
||||||
pattern="^deb.*security"
|
|
||||||
fi
|
|
||||||
|
|
||||||
source_file="/etc/apt/sources.list"
|
|
||||||
grep -qE "${pattern}" "${source_file}" || failed "IS_DEBIANSECURITY" "missing debian security repository"
|
|
||||||
}
|
}
|
||||||
check_aptitudeonly() {
|
check_aptitudeonly() {
|
||||||
if is_debian_squeeze || is_debian_wheezy; then
|
if is_debian_squeeze || is_debian_wheezy; then
|
||||||
|
|
Loading…
Reference in a new issue