From a3c178b8a154f398465afdcfac7828ffa801f45390058eb033180d7f209c1bec Mon Sep 17 00:00:00 2001 From: Lars Vogdt Date: Sun, 28 Apr 2019 15:29:14 +0000 Subject: [PATCH] - update to 2.1: + be a bit more robust if curl fails or produces unknown output - include abstractions/bash and abstractions/openssl in the apparmor profile to avoid misleading DENIED messages in audit log OBS-URL: https://build.opensuse.org/package/show/server:monitoring/monitoring-plugins-repomd?expand=0&rev=11 --- check_repomd | 18 ++++++++++++------ monitoring-plugins-repomd.changes | 8 ++++++++ monitoring-plugins-repomd.spec | 7 ++++++- usr.lib.nagios.plugins.check_repomd | 2 ++ 4 files changed, 28 insertions(+), 7 deletions(-) diff --git a/check_repomd b/check_repomd index 3301373..a5f83e9 100644 --- a/check_repomd +++ b/check_repomd @@ -31,7 +31,7 @@ # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE # POSSIBILITY OF SUCH DAMAGE. -VERSION="2.0" +VERSION="2.1" DEBUG=0 DAYS=30 @@ -40,11 +40,12 @@ CURL='/usr/bin/curl' CAT='/bin/cat' CUT='/usr/bin/cut' MKTEMP='/bin/mktemp' +UTILS='/usr/lib/nagios/plugins/utils.sh' -if [ -r '/usr/lib/nagios/plugins/utils.sh' ]; then -. /usr/lib/nagios/plugins/utils.sh +if [ -r "$UTILS" ]; then +. "$UTILS" else - cleanup_and_exit "$STATE_UNKNOWN" "UNKOWN: could not read /usr/lib/nagios/plugins/utils.sh" + cleanup_and_exit "$STATE_UNKNOWN" "UNKOWN: could not read $UTILS" fi function print_help(){ @@ -104,9 +105,14 @@ trap 'cleanup_and_exit "$STATE_UNKNOWN" "UNKOWN: received SIGTRAP, SIGBUS, SIGKI RESULTFILE=$($MKTEMP /tmp/check_repomd-XXXXXX) $CURL -s $URL -o "$RESULTFILE" 2>&1 +CURL_EXIT="$?" -if $GREP -q "Error 404" "$RESULTFILE" ; then - cleanup_and_exit "$STATE_UNKNOWN" "UNKOWN: $URL not found" +if [ x"$CURL_EXIT" != "x0" ]; then + cleanup_and_exit "$STATE_UNKNOWN" "UNKOWN: curl returned with error code: $CURL_EXIT" +fi + +if ! $GREP -q "revision" "$RESULTFILE"; then + cleanup_and_exit "$STATE_UNKNOWN" "UNKOWN: needed tag 'revision' not found in output of $URL" fi REVISION=$($GREP revision "$RESULTFILE" | $CUT -d "<" -f2 | $CUT -d ">" -f2) diff --git a/monitoring-plugins-repomd.changes b/monitoring-plugins-repomd.changes index b363cf9..f3eaeea 100644 --- a/monitoring-plugins-repomd.changes +++ b/monitoring-plugins-repomd.changes @@ -1,3 +1,11 @@ +------------------------------------------------------------------- +Sun Apr 28 15:27:58 UTC 2019 - Lars Vogdt + +- update to 2.1: + + be a bit more robust if curl fails or produces unknown output +- include abstractions/bash and abstractions/openssl in the apparmor + profile to avoid misleading DENIED messages in audit log + ------------------------------------------------------------------- Mon Apr 15 18:54:54 UTC 2019 - Jan Engelhardt diff --git a/monitoring-plugins-repomd.spec b/monitoring-plugins-repomd.spec index 3b2e78f..4ab9d98 100644 --- a/monitoring-plugins-repomd.spec +++ b/monitoring-plugins-repomd.spec @@ -20,7 +20,7 @@ Name: monitoring-plugins-repomd Summary: Plugin to check freshness of repomd.xml file License: BSD-3-Clause Group: System/Monitoring -Version: 2.0 +Version: 2.1 Release: 0 Url: http://en.opensuse.org/%{name} Source0: check_repomd @@ -52,6 +52,11 @@ Important options: %install install -D -m755 %{SOURCE0} %buildroot/%{nagios_plugindir}/check_repomd install -D -m644 %{SOURCE1} %buildroot/%{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_repomd +%if 0%{?suse_version} >= 1500 +sed -i "s|/bin/grep|%{_bindir}/grep|g; \ + s|/bin/cat|%{_bindir}/cat|g; \ + s|/bin/mktemp|%{_bindir}|mktemp|g" %buildroot/%{nagios_plugindir}/check_repomd +%endif %clean rm -rf %buildroot diff --git a/usr.lib.nagios.plugins.check_repomd b/usr.lib.nagios.plugins.check_repomd index 081acb1..4f9574a 100644 --- a/usr.lib.nagios.plugins.check_repomd +++ b/usr.lib.nagios.plugins.check_repomd @@ -2,8 +2,10 @@ /usr/lib/nagios/plugins/check_repomd { #include + #include #include #include + #include network inet,