sablink/entropy
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

[equo] add --assimilate support to "equo security oscheck" to save checksums and mtimes of altered files

Browse Source
This commit is contained in:
Fabio Erculiani
2010-11-28 13:12:34 +01:00
parent 50fa121180
commit ccf38fd5e2
4 changed files with 53 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
client/equo.py
View File

@@ -104,7 +104,8 @@ help_opts = [
None,
(1, 'security', 1, _('security infrastructure functions')),
(2, 'oscheck', 1, _('verify installed files using stored checksums')),
(3, '--mtime', 1, _('verify using mtime instead of SHA256 (false positives ahead)')),
(3, '--mtime', 1, _('consider mtime instead of SHA256 (false positives ahead)')),
(3, '--assimilate', 1, _('update hashes and mtime (useful after editing config files)')),
(3, '--reinstall', 1, _('reinstall faulty packages')),
(3, '--quiet', 1, _('show less details (useful for scripting)')),
(3, '--verbose', 1, _('also list removed files')),

40
client/text_security.py
View File

@@ -31,6 +31,7 @@ def security(options):
force = False
mtime = False
reinstall = False
assimilate = False
for opt in options:
if opt == "--affected":
only_affected = True
@@ -44,6 +45,8 @@ def security(options):
mtime = True
elif opt == "--reinstall":
reinstall = True
elif opt == "--assimilate":
assimilate = True
cmd = options[0]
from entropy.client.interfaces import Client
@@ -71,7 +74,7 @@ def security(options):
print_error(er_txt)
return 1
rc = oscheck(entropy_client, mtime_only = mtime,
reinstall = reinstall)
reinstall = reinstall, assimilate = assimilate)
elif cmd == "install":
@@ -284,7 +287,8 @@ def list_advisories(security_intf, only_affected = False,
print_info(description)
return 0
def oscheck(entropy_client, mtime_only = False, reinstall = False):
def oscheck(entropy_client, mtime_only = False, reinstall = False,
assimilate = False):
import text_ui
@@ -295,12 +299,6 @@ def oscheck(entropy_client, mtime_only = False, reinstall = False):
_("Installed packages repository is not available"),)))
return 1
def _valid_sha256(path, sha256):
return entropy.tools.sha256(path) == sha256
def _valid_mtime(path, mtime):
return os.path.getmtime(path) == mtime
if not etpUi['quiet']:
print_info(red(" @@ ")+blue("%s..." % (_("Checking system files"),)))
pkg_ids = installed_repo.listAllPackageIds()
@@ -328,6 +326,9 @@ def oscheck(entropy_client, mtime_only = False, reinstall = False):
paths_unavailable = []
for path, safety_data in cont_s.items():
tainted = False
mtime = None
sha256 = None
if not os.path.lexists(path):
# file does not exist
# NOTE: current behaviour is to ignore file not available
@@ -337,10 +338,22 @@ def oscheck(entropy_client, mtime_only = False, reinstall = False):
elif not mtime_only:
# verify sha256
tainted = not _valid_sha256(path, safety_data['sha256'])
sha256 = entropy.tools.sha256(path)
tainted = sha256 != safety_data['sha256']
if tainted:
cont_s[path]['sha256'] = sha256
else:
# mtime only
tainted = not _valid_mtime(path, safety_data['mtime'])
# verify mtime
mtime = os.path.getmtime(path)
tainted = mtime != safety_data['mtime']
if tainted:
cont_s[path]['mtime'] = mtime
if assimilate:
if mtime is None:
cont_s[path]['mtime'] = os.path.getmtime(path)
elif sha256 is None:
cont_s[path]['sha256'] = entropy.tools.sha256(path)
if tainted:
paths_tainted.append(path)
@@ -357,6 +370,11 @@ def oscheck(entropy_client, mtime_only = False, reinstall = False):
else:
txt = " %s" % (purple(path),)
print_info(txt)
if assimilate:
if not etpUi['quiet']:
print_info(blue("@@") + " " + sts_txt + ", " + \
teal(_("assimilated new hashes and mtime")),)
installed_repo.setContentSafety(pkg_id, cont_s)
if paths_unavailable:
paths_unavailable.sort()

8
docs/man/equo.pod
View File

@@ -210,7 +210,13 @@ verify installed files using stored checksums
=item B<--mtime>
verify using mtime instead of SHA256 (false positives ahead)
consider mtime instead of SHA256 (false positives ahead)
=back
=item B<--assimilate>
update hashes and mtime (useful after editing config files)
=back

24
docs/man/man1/equo.1
View File

@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EQUO 1"
.TH EQUO 1 "2010-11-26" "perl v5.12.2" "Entropy"
.TH EQUO 1 "2010-11-27" "perl v5.12.2" "Entropy"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
@@ -293,16 +293,19 @@ verify installed files using stored checksums
.RS 4
.IP "\fB\-\-mtime\fR" 4
.IX Item "--mtime"
verify using mtime instead of \s-1SHA256\s0 (false positives ahead)
consider mtime instead of \s-1SHA256\s0 (false positives ahead)
.RE
.RS 4
.RE
.IP "\fB\-\-assimilate\fR" 4
.IX Item "--assimilate"
update hashes and mtime (useful after editing config files)
.RE
.RS 4
.RE
.IP "\fB\-\-quiet\fR" 4
.IX Item "--quiet"
show less details (useful for scripting)
.RE
.RS 4
.RE
.IP "\fB\-\-verbose\fR" 4
.IX Item "--verbose"
also list removed files
@@ -1206,9 +1209,12 @@ Fabio Erculiani <lxnay@sabayon.org>
.SH "POD ERRORS"
.IX Header "POD ERRORS"
Hey! \fBThe above document had some coding errors, which are explained below:\fR
.IP "Around line 237:" 4
.IX Item "Around line 237:"
.IP "Around line 229:" 4
.IX Item "Around line 229:"
\&'=item' outside of any '=over'
.IP "Around line 287:" 4
.IX Item "Around line 287:"
.IP "Around line 243:" 4
.IX Item "Around line 243:"
\&'=item' outside of any '=over'
.IP "Around line 293:" 4
.IX Item "Around line 293:"
\&'=item' outside of any '=over'