From ccf38fd5e2fdc90ed438c442579b81c67d43924a Mon Sep 17 00:00:00 2001 From: Fabio Erculiani Date: Sun, 28 Nov 2010 13:12:34 +0100 Subject: [PATCH] [equo] add --assimilate support to "equo security oscheck" to save checksums and mtimes of altered files --- client/equo.py | 3 ++- client/text_security.py | 40 +++++++++++++++++++++++++++++----------- docs/man/equo.pod | 8 +++++++- docs/man/man1/equo.1 | 24 +++++++++++++++--------- 4 files changed, 53 insertions(+), 22 deletions(-) diff --git a/client/equo.py b/client/equo.py index 887ce87bd..c567eacd6 100644 --- a/client/equo.py +++ b/client/equo.py @@ -104,7 +104,8 @@ help_opts = [ None, (1, 'security', 1, _('security infrastructure functions')), (2, 'oscheck', 1, _('verify installed files using stored checksums')), - (3, '--mtime', 1, _('verify using mtime instead of SHA256 (false positives ahead)')), + (3, '--mtime', 1, _('consider mtime instead of SHA256 (false positives ahead)')), + (3, '--assimilate', 1, _('update hashes and mtime (useful after editing config files)')), (3, '--reinstall', 1, _('reinstall faulty packages')), (3, '--quiet', 1, _('show less details (useful for scripting)')), (3, '--verbose', 1, _('also list removed files')), diff --git a/client/text_security.py b/client/text_security.py index 8a2703a7d..186c4edf9 100644 --- a/client/text_security.py +++ b/client/text_security.py @@ -31,6 +31,7 @@ def security(options): force = False mtime = False reinstall = False + assimilate = False for opt in options: if opt == "--affected": only_affected = True @@ -44,6 +45,8 @@ def security(options): mtime = True elif opt == "--reinstall": reinstall = True + elif opt == "--assimilate": + assimilate = True cmd = options[0] from entropy.client.interfaces import Client @@ -71,7 +74,7 @@ def security(options): print_error(er_txt) return 1 rc = oscheck(entropy_client, mtime_only = mtime, - reinstall = reinstall) + reinstall = reinstall, assimilate = assimilate) elif cmd == "install": @@ -284,7 +287,8 @@ def list_advisories(security_intf, only_affected = False, print_info(description) return 0 -def oscheck(entropy_client, mtime_only = False, reinstall = False): +def oscheck(entropy_client, mtime_only = False, reinstall = False, + assimilate = False): import text_ui @@ -295,12 +299,6 @@ def oscheck(entropy_client, mtime_only = False, reinstall = False): _("Installed packages repository is not available"),))) return 1 - def _valid_sha256(path, sha256): - return entropy.tools.sha256(path) == sha256 - - def _valid_mtime(path, mtime): - return os.path.getmtime(path) == mtime - if not etpUi['quiet']: print_info(red(" @@ ")+blue("%s..." % (_("Checking system files"),))) pkg_ids = installed_repo.listAllPackageIds() @@ -328,6 +326,9 @@ def oscheck(entropy_client, mtime_only = False, reinstall = False): paths_unavailable = [] for path, safety_data in cont_s.items(): tainted = False + mtime = None + sha256 = None + if not os.path.lexists(path): # file does not exist # NOTE: current behaviour is to ignore file not available @@ -337,10 +338,22 @@ def oscheck(entropy_client, mtime_only = False, reinstall = False): elif not mtime_only: # verify sha256 - tainted = not _valid_sha256(path, safety_data['sha256']) + sha256 = entropy.tools.sha256(path) + tainted = sha256 != safety_data['sha256'] + if tainted: + cont_s[path]['sha256'] = sha256 else: - # mtime only - tainted = not _valid_mtime(path, safety_data['mtime']) + # verify mtime + mtime = os.path.getmtime(path) + tainted = mtime != safety_data['mtime'] + if tainted: + cont_s[path]['mtime'] = mtime + + if assimilate: + if mtime is None: + cont_s[path]['mtime'] = os.path.getmtime(path) + elif sha256 is None: + cont_s[path]['sha256'] = entropy.tools.sha256(path) if tainted: paths_tainted.append(path) @@ -357,6 +370,11 @@ def oscheck(entropy_client, mtime_only = False, reinstall = False): else: txt = " %s" % (purple(path),) print_info(txt) + if assimilate: + if not etpUi['quiet']: + print_info(blue("@@") + " " + sts_txt + ", " + \ + teal(_("assimilated new hashes and mtime")),) + installed_repo.setContentSafety(pkg_id, cont_s) if paths_unavailable: paths_unavailable.sort() diff --git a/docs/man/equo.pod b/docs/man/equo.pod index 6b7d70baf..736520338 100644 --- a/docs/man/equo.pod +++ b/docs/man/equo.pod @@ -210,7 +210,13 @@ verify installed files using stored checksums =item B<--mtime> -verify using mtime instead of SHA256 (false positives ahead) +consider mtime instead of SHA256 (false positives ahead) + +=back + +=item B<--assimilate> + +update hashes and mtime (useful after editing config files) =back diff --git a/docs/man/man1/equo.1 b/docs/man/man1/equo.1 index fcf3691ab..799cbd11b 100644 --- a/docs/man/man1/equo.1 +++ b/docs/man/man1/equo.1 @@ -124,7 +124,7 @@ .\" ======================================================================== .\" .IX Title "EQUO 1" -.TH EQUO 1 "2010-11-26" "perl v5.12.2" "Entropy" +.TH EQUO 1 "2010-11-27" "perl v5.12.2" "Entropy" .\" For nroff, turn off justification. Always turn off hyphenation; it makes .\" way too many mistakes in technical documents. .if n .ad l @@ -293,16 +293,19 @@ verify installed files using stored checksums .RS 4 .IP "\fB\-\-mtime\fR" 4 .IX Item "--mtime" -verify using mtime instead of \s-1SHA256\s0 (false positives ahead) +consider mtime instead of \s-1SHA256\s0 (false positives ahead) +.RE +.RS 4 +.RE +.IP "\fB\-\-assimilate\fR" 4 +.IX Item "--assimilate" +update hashes and mtime (useful after editing config files) .RE .RS 4 .RE .IP "\fB\-\-quiet\fR" 4 .IX Item "--quiet" show less details (useful for scripting) -.RE -.RS 4 -.RE .IP "\fB\-\-verbose\fR" 4 .IX Item "--verbose" also list removed files @@ -1206,9 +1209,12 @@ Fabio Erculiani .SH "POD ERRORS" .IX Header "POD ERRORS" Hey! \fBThe above document had some coding errors, which are explained below:\fR -.IP "Around line 237:" 4 -.IX Item "Around line 237:" +.IP "Around line 229:" 4 +.IX Item "Around line 229:" \&'=item' outside of any '=over' -.IP "Around line 287:" 4 -.IX Item "Around line 287:" +.IP "Around line 243:" 4 +.IX Item "Around line 243:" +\&'=item' outside of any '=over' +.IP "Around line 293:" 4 +.IX Item "Around line 293:" \&'=item' outside of any '=over'