ike-sa-manager: Extract IKE SPI labeling feature from charon-tkm
[strongswan.git] / src / sec-updater / sec-updater.sh
1 #!/bin/sh
2
3 DIR="/etc/pts"
4 DISTS_DIR="$DIR/dists"
5 DATE=`date +%Y%m%d-%H%M`
6 UBUNTU="http://security.ubuntu.com/ubuntu"
7 UBUNTU_VERSIONS="bionic xenial"
8 UBUNTU_DIRS="main multiverse restricted universe"
9 UBUNTU_ARCH="binary-amd64"
10 DEBIAN="http://security.debian.org"
11 DEBIAN_VERSIONS="stretch jessie wheezy"
12 DEBIAN_DIRS="main contrib non-free"
13 DEBIAN_ARCH="binary-amd64 binary-armhf"
14 RASPIAN="http://archive.raspberrypi.org/debian"
15 RASPIAN_VERSIONS="jessie wheezy"
16 RASPIAN_DIRS="main"
17 RASPIAN_ARCH="binary-armhf"
18 CMD=/usr/sbin/sec-updater
19 CMD_LOG="$DIR/logs/$DATE-sec-update.log"
20 DEL_LOG=1
21
22 mkdir -p $DIR/dists
23 cd $DIR/dists
24
25 # Download Ubuntu distribution information
26
27 for v in $UBUNTU_VERSIONS
28 do
29 for a in $UBUNTU_ARCH
30 do
31 mkdir -p $v-security/$a $v-updates/$a
32 for d in $UBUNTU_DIRS
33 do
34 wget -nv $UBUNTU/dists/$v-security/$d/$a/Packages.xz -O $v-security/$a/Packages-$d.xz
35 unxz -f $v-security/$a/Packages-$d.xz
36 wget -nv $UBUNTU/dists/$v-updates/$d/$a/Packages.xz -O $v-updates/$a/Packages-$d.xz
37 unxz -f $v-updates/$a/Packages-$d.xz
38 done
39 done
40 done
41
42 # Download Debian distribution information
43
44 for v in $DEBIAN_VERSIONS
45 do
46 for a in $DEBIAN_ARCH
47 do
48 mkdir -p $v-updates/$a
49 for d in $DEBIAN_DIRS
50 do
51 if [ $v = "stretch" ]
52 then
53 wget -nv $DEBIAN/dists/$v/updates/$d/$a/Packages.xz -O $v-updates/$a/Packages-$d.xz
54 unxz -f $v-updates/$a/Packages-$d.xz
55 else
56 wget -nv $DEBIAN/dists/$v/updates/$d/$a/Packages.bz2 -O $v-updates/$a/Packages-$d.bz2
57 bunzip2 -f $v-updates/$a/Packages-$d.bz2
58 fi
59 done
60 done
61 done
62
63 # Download Raspian distribution information
64
65 for v in $RASPIAN_VERSIONS
66 do
67 for a in $RASPIAN_ARCH
68 do
69 mkdir -p $v-raspian/$a
70 for d in $RASPIAN_DIRS
71 do
72 wget -nv $RASPIAN/dists/$v/$d/$a/Packages.gz -O $v-raspian/$a/Packages-$d.gz
73 gunzip -f $v-raspian/$a/Packages-$d.gz
74 done
75 done
76 done
77
78 # Run sec-updater in distribution information
79
80 for f in bionic-security/binary-amd64/*
81 do
82 echo "security: $f"
83 $CMD --os "Ubuntu 18.04" --arch "x86_64" --file $f --security \
84 --uri $UBUNTU >> $CMD_LOG 2>&1
85 if [ $? -eq 0 ]
86 then
87 DEL_LOG=0
88 fi
89 done
90
91 for f in bionic-updates/binary-amd64/*
92 do
93 echo "updates: $f"
94 $CMD --os "Ubuntu 18.04" --arch "x86_64" --file $f \
95 --uri $UBUNTU >> $CMD_LOG 2>&1
96 if [ $? -eq 0 ]
97 then
98 DEL_LOG=0
99 fi
100 done
101
102 for f in xenial-security/binary-amd64/*
103 do
104 echo "security: $f"
105 $CMD --os "Ubuntu 16.04" --arch "x86_64" --file $f --security \
106 --uri $UBUNTU >> $CMD_LOG 2>&1
107 if [ $? -eq 0 ]
108 then
109 DEL_LOG=0
110 fi
111 done
112
113 for f in xenial-updates/binary-amd64/*
114 do
115 echo "updates: $f"
116 $CMD --os "Ubuntu 16.04" --arch "x86_64" --file $f \
117 --uri $UBUNTU >> $CMD_LOG 2>&1
118 if [ $? -eq 0 ]
119 then
120 DEL_LOG=0
121 fi
122 done
123
124 for f in stretch-updates/binary-amd64/*
125 do
126 echo "security: $f"
127 $CMD --os "Debian 9.0" --arch "x86_64" --file $f --security \
128 --uri $DEBIAN >> $CMD_LOG 2>&1
129 if [ $? -eq 0 ]
130 then
131 DEL_LOG=0
132 fi
133 done
134
135 for f in jessie-updates/binary-amd64/*
136 do
137 echo "security: $f"
138 $CMD --os "Debian 8.0" --arch "x86_64" --file $f --security \
139 --uri $DEBIAN >> $CMD_LOG 2>&1
140 if [ $? -eq 0 ]
141 then
142 DEL_LOG=0
143 fi
144 done
145
146 for f in wheezy-updates/binary-amd64/*
147 do
148 echo "security: $f"
149 $CMD --os "Debian 7.0" --arch "x86_64" --file $f --security \
150 --uri $DEBIAN >> $CMD_LOG 2>&1
151 if [ $? -eq 0 ]
152 then
153 DEL_LOG=0
154 fi
155 done
156
157 for f in stretch-updates/binary-armhf/*
158 do
159 echo "security: $f"
160 $CMD --os "Debian 9.0" --arch "armhf" --file $f --security \
161 --uri $DEBIAN >> $CMD_LOG 2>&1
162 if [ $? -eq 0 ]
163 then
164 DEL_LOG=0
165 fi
166 done
167
168 for f in jessie-updates/binary-armhf/*
169 do
170 echo "security: $f"
171 $CMD --os "Debian 8.0" --arch "armhf" --file $f --security \
172 --uri $DEBIAN >> $CMD_LOG 2>&1
173 if [ $? -eq 0 ]
174 then
175 DEL_LOG=0
176 fi
177 done
178
179 for f in wheezy-updates/binary-armhf/*
180 do
181 echo "security: $f"
182 $CMD --os "Debian 7.0" --arch "armhf" --file $f --security \
183 --uri $DEBIAN >> $CMD_LOG 2>&1
184 if [ $? -eq 0 ]
185 then
186 DEL_LOG=0
187 fi
188 done
189
190 for f in jessie-raspian/binary-armhf/*
191 do
192 echo "security: $f"
193 $CMD --os "Debian 8.0" --arch "armv7l" --file $f --security \
194 --uri $RASPIAN >> $CMD_LOG 2>&1
195 if [ $? -eq 0 ]
196 then
197 DEL_LOG=0
198 fi
199 done
200
201 for f in wheezy-raspian/binary-armhf/*
202 do
203 echo "security: $f"
204 $CMD --os "Debian 7.11" --arch "armv7l" --file $f --security \
205 --uri $RASPIAN >> $CMD_LOG 2>&1
206 if [ $? -eq 0 ]
207 then
208 DEL_LOG=0
209 fi
210 done
211
212 # Delete log file if no security updates were found
213
214 if [ $DEL_LOG -eq 1 ]
215 then
216 rm $CMD_LOG
217 echo "no security updates found"
218 fi