1 /******************************************************************************
2 * check_apt.c: check for available updates in apt package management systems
3 * original author: sean finney <seanius@seanius.net>
4 * (with some common bits stolen from check_nagios.c)
5 ******************************************************************************
7 This program is free software; you can redistribute it and/or modify
8 it under the terms of the GNU General Public License as published by
9 the Free Software Foundation; either version 2 of the License, or
10 (at your option) any later version.
12 This program is distributed in the hope that it will be useful,
13 but WITHOUT ANY WARRANTY; without even the implied warranty of
14 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 GNU General Public License for more details.
17 You should have received a copy of the GNU General Public License
18 along with this program; if not, write to the Free Software
19 Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21 $Id$
23 ******************************************************************************/
25 const char *progname = "check_apt";
26 const char *revision = "$Revision$";
27 const char *copyright = "2006";
28 const char *email = "nagiosplug-devel@lists.sourceforge.net";
30 #include "common.h"
31 #include "runcmd.h"
32 #include "utils.h"
33 #include <regex.h>
35 /* for now define the various apt calls as constants. this may need
36 * to change later. */
37 #define APTGET_UPGRADE "/usr/bin/apt-get -o 'Debug::NoLocking=true' -s -qq upgrade"
38 #define APTGET_DISTUPGRADE "/usr/bin/apt-get -o 'Debug::NoLocking=true' -s -qq dist-upgrade"
39 #define APTGET_UPDATE "/usr/bin/apt-get -q update"
41 #define SECURITY_RE "^[^\\(]*\\([^ ]* (Debian-Security:|Ubuntu:[^/]*/[^-]*-security)"
43 /* some standard functions */
44 int process_arguments(int, char **);
45 void print_help(void);
46 void print_usage(void);
48 /* run an apt-get update */
49 int run_update(void);
50 /* run an apt-get upgrade */
51 int run_upgrade(int *pkgcount, int *secpkgcount);
52 /* add another clause to a regexp */
53 char* add_to_regexp(char *expr, const char *next);
55 /* configuration variables */
56 static int verbose = 0; /* -v */
57 static int do_update = 0; /* whether to call apt-get update */
58 static int dist_upgrade = 0; /* whether to call apt-get dist-upgrade */
59 static char* do_include = NULL; /* regexp to only include certain packages */
60 static char* do_exclude = NULL; /* regexp to only exclude certain packages */
62 /* other global variables */
63 static int stderr_warning = 0; /* if a cmd issued output on stderr */
64 static int exec_warning = 0; /* if a cmd exited non-zero */
66 int main (int argc, char **argv) {
67 int result=STATE_UNKNOWN, packages_available=0, sec_count=0;
69 if (process_arguments(argc, argv) == ERROR)
70 usage_va(_("Could not parse arguments"));
72 /* Set signal handling and alarm timeout */
73 if (signal (SIGALRM, timeout_alarm_handler) == SIG_ERR) {
74 usage_va(_("Cannot catch SIGALRM"));
75 }
77 /* handle timeouts gracefully... */
78 alarm (timeout_interval);
80 /* if they want to run apt-get update first... */
81 if(do_update) result = run_update();
83 /* apt-get upgrade */
84 result = max_state(result, run_upgrade(&packages_available, &sec_count));
86 if(sec_count > 0){
87 result = max_state(result, STATE_CRITICAL);
88 } else if(packages_available > 0){
89 result = max_state(result, STATE_WARNING);
90 } else {
91 result = max_state(result, STATE_OK);
92 }
94 printf("APT %s: %d packages available for %s (%d critical updates). %s%s%s%s\n",
95 state_text(result),
96 packages_available,
97 (dist_upgrade)?"dist-upgrade":"upgrade",
98 sec_count,
99 (stderr_warning)?" warnings detected":"",
100 (stderr_warning && exec_warning)?",":"",
101 (exec_warning)?" errors detected":"",
102 (stderr_warning||exec_warning)?". run with -v for information.":""
103 );
105 return result;
106 }
108 /* process command-line arguments */
109 int process_arguments (int argc, char **argv) {
110 int c;
112 static struct option longopts[] = {
113 {"version", no_argument, 0, 'V'},
114 {"help", no_argument, 0, 'h'},
115 {"verbose", no_argument, 0, 'v'},
116 {"timeout", required_argument, 0, 't'},
117 {"update", no_argument, 0, 'u'},
118 {"dist-upgrade", no_argument, 0, 'd'},
119 {"include", no_argument, 0, 'i'},
120 {"exclude", no_argument, 0, 'e'},
121 {0, 0, 0, 0}
122 };
124 while(1) {
125 c = getopt_long(argc, argv, "hVvt:udi:e:", longopts, NULL);
127 if(c == -1 || c == EOF || c == 1) break;
129 switch(c) {
130 case 'h':
131 print_help();
132 exit(STATE_OK);
133 case 'V':
134 print_revision(progname, revision);
135 exit(STATE_OK);
136 case 'v':
137 verbose++;
138 break;
139 case 't':
140 timeout_interval=atoi(optarg);
141 break;
142 case 'd':
143 dist_upgrade=1;
144 break;
145 case 'u':
146 do_update=1;
147 break;
148 case 'i':
149 do_include=add_to_regexp(do_include, optarg);
150 break;
151 case 'e':
152 do_exclude=add_to_regexp(do_exclude, optarg);
153 break;
154 default:
155 /* print short usage statement if args not parsable */
156 usage_va(_("Unknown argument - %s"), optarg);
157 }
158 }
160 return OK;
161 }
164 /* informative help message */
165 void print_help(void){
166 print_revision(progname, revision);
167 printf(_(COPYRIGHT), copyright, email);
168 printf(_("\
169 This plugin checks for software updates on systems that use\n\
170 package management systems based on the apt-get(8) command\n\
171 found in Debian GNU/Linux\n\
172 \n\n"));
173 print_usage();
174 printf(_(UT_HELP_VRSN));
175 printf(_(UT_TIMEOUT), timeout_interval);
176 printf(_("\n\
177 -d, --dist-upgrade\n\
178 Perform a dist-upgrade instead of normal upgrade.\n\
179 -i, --include=REGEXP\n\
180 Include only packages matching REGEXP. Can be specified multiple times;\n\
181 the values will be combined together. Default is to include all packages.\n\
182 -e, --exclude=REGEXP\n\
183 Exclude packages matching REGEXP from the list of packages that would\n\
184 otherwise be excluded. Can be specified multiple times; the values\n\
185 will be combined together. Default is to exclude no packages.\n\n"));
186 printf(_("\
187 The following options require root privileges and should be used with care: \
188 \n\n"));
189 printf(_("\
190 -u, --update\n\
191 First perform an 'apt-get update' (note: you may also need to use -t)\
192 \n\n"));
193 }
195 /* simple usage heading */
196 void print_usage(void){
197 printf ("Usage: %s [-du] [-t timeout]\n", progname);
198 }
200 /* run an apt-get upgrade */
201 int run_upgrade(int *pkgcount, int *secpkgcount){
202 int i=0, result=STATE_UNKNOWN, regres=0, pc=0, spc=0;
203 struct output chld_out, chld_err;
204 regex_t ireg, ereg, sreg;
205 char rerrbuf[64];
206 const char *default_include_expr="^Inst";
208 /* compile the regexps */
209 if(do_include!=NULL){
210 regres=regcomp(&ireg, do_include, REG_EXTENDED);
211 if(regres!=0) {
212 regerror(regres, &ireg, rerrbuf, 64);
213 die(STATE_UNKNOWN, "%s: Error compiling regexp: %s",
214 progname, rerrbuf);
215 }
216 } else {
217 regres=regcomp(&ireg, default_include_expr, REG_EXTENDED);
218 if(regres!=0) {
219 regerror(regres, &ireg, rerrbuf, 64);
220 die(STATE_UNKNOWN, "%s: Error compiling regexp: %s",
221 progname, rerrbuf);
222 }
223 }
224 if(do_exclude!=NULL){
225 regres=regcomp(&ereg, do_exclude, REG_EXTENDED);
226 if(regres!=0) {
227 regerror(regres, &ereg, rerrbuf, 64);
228 die(STATE_UNKNOWN, "%s: Error compiling regexp: %s",
229 progname, rerrbuf);
230 }
231 }
232 regres=regcomp(&sreg, SECURITY_RE, REG_EXTENDED);
233 if(regres!=0) {
234 regerror(regres, &ereg, rerrbuf, 64);
235 die(STATE_UNKNOWN, "%s: Error compiling regexp: %s",
236 progname, rerrbuf);
237 }
241 /* run the upgrade */
242 if(dist_upgrade==0){
243 result = np_runcmd(APTGET_UPGRADE, &chld_out, &chld_err, 0);
244 } else {
245 result = np_runcmd(APTGET_DISTUPGRADE, &chld_out, &chld_err, 0);
246 }
247 /* apt-get upgrade only changes exit status if there is an
248 * internal error when run in dry-run mode. therefore we will
249 * treat such an error as UNKNOWN */
250 if(result != 0){
251 exec_warning=1;
252 result = STATE_UNKNOWN;
253 fprintf(stderr, "'%s' exited with non-zero status.\n",
254 APTGET_UPGRADE);
255 }
257 /* parse the output, which should only consist of lines like
258 *
259 * Inst package ....
260 * Conf package ....
261 *
262 * so we'll filter based on "Inst" for the time being. later
263 * we may need to switch to the --print-uris output format,
264 * in which case the logic here will slightly change.
265 */
266 for(i = 0; i < chld_out.lines; i++) {
267 if(verbose){
268 printf("%s\n", chld_out.line[i]);
269 }
270 /* if it is a package we care about */
271 if(regexec(&ireg, chld_out.line[i], 0, NULL, 0)==0){
272 /* if we're not excluding, or it's not in the
273 * list of stuff to exclude */
274 if(do_exclude==NULL ||
275 regexec(&ereg, chld_out.line[i], 0, NULL, 0)!=0){
276 pc++;
277 if(regexec(&sreg, chld_out.line[i], 0, NULL, 0)==0){
278 spc++;
279 }
280 if(verbose){
281 printf("*%s\n", chld_out.line[i]);
282 }
283 }
284 }
285 }
286 *pkgcount=pc;
287 *secpkgcount=spc;
289 /* If we get anything on stderr, at least set warning */
290 if(chld_err.buflen){
291 stderr_warning=1;
292 result = max_state(result, STATE_WARNING);
293 if(verbose){
294 for(i = 0; i < chld_err.lines; i++) {
295 fprintf(stderr, "%s\n", chld_err.line[i]);
296 }
297 }
298 }
299 return result;
300 }
302 /* run an apt-get update (needs root) */
303 int run_update(void){
304 int i=0, result=STATE_UNKNOWN;
305 struct output chld_out, chld_err;
307 /* run the upgrade */
308 result = np_runcmd(APTGET_UPDATE, &chld_out, &chld_err, 0);
309 /* apt-get update changes exit status if it can't fetch packages.
310 * since we were explicitly asked to do so, this is treated as
311 * a critical error. */
312 if(result != 0){
313 exec_warning=1;
314 result = STATE_CRITICAL;
315 fprintf(stderr, "'%s' exited with non-zero status.\n",
316 APTGET_UPDATE);
317 }
319 if(verbose){
320 for(i = 0; i < chld_out.lines; i++) {
321 printf("%s\n", chld_out.line[i]);
322 }
323 }
325 /* If we get anything on stderr, at least set warning */
326 if(chld_err.buflen){
327 stderr_warning=1;
328 result = max_state(result, STATE_WARNING);
329 if(verbose){
330 for(i = 0; i < chld_err.lines; i++) {
331 fprintf(stderr, "%s\n", chld_err.line[i]);
332 }
333 }
334 }
335 return result;
336 }
338 char* add_to_regexp(char *expr, const char *next){
339 char *re=NULL;
341 if(expr==NULL){
342 re=malloc(sizeof(char)*(strlen("^Inst () ")+strlen(next)+1));
343 if(!re) die(STATE_UNKNOWN, "malloc failed!\n");
344 sprintf(re, "^Inst (%s) ", next);
345 } else {
346 /* resize it, adding an extra char for the new '|' separator */
347 re=realloc(expr, sizeof(char)*strlen(expr)+1+strlen(next)+1);
348 if(!re) die(STATE_UNKNOWN, "realloc failed!\n");
349 /* append it starting at ')' in the old re */
350 sprintf((char*)(re+strlen(re)-2), "|%s) ", next);
351 }
353 return re;
354 }