Hello community, here is the log from the commit of package nagios-plugins-zypper for openSUSE:Factory checked in at 2013-01-17 09:50:27 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/nagios-plugins-zypper (Old) and /work/SRC/openSUSE:Factory/.nagios-plugins-zypper.new (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "nagios-plugins-zypper", Maintainer is "[email protected]" Changes: -------- --- /work/SRC/openSUSE:Factory/nagios-plugins-zypper/nagios-plugins-zypper.changes 2012-06-29 13:25:43.000000000 +0200 +++ /work/SRC/openSUSE:Factory/.nagios-plugins-zypper.new/nagios-plugins-zypper.changes 2013-01-17 09:50:29.000000000 +0100 @@ -1,0 +2,10 @@ +Tue Jan 15 19:24:16 UTC 2013 - [email protected] + +- update to 1.44: + + openSUSE 11.4 are unsupported + + openSUSE 12.3 becomes supported +- improved apparmor profile: thanks to Marcus Rückert +- place apparmor profile for older distributions (using sudo) in + the extras directory as we did not test it there + +------------------------------------------------------------------- ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ nagios-plugins-zypper.spec ++++++ --- /var/tmp/diff_new_pack.F6QnxM/_old 2013-01-17 09:50:30.000000000 +0100 +++ /var/tmp/diff_new_pack.F6QnxM/_new 2013-01-17 09:50:30.000000000 +0100 @@ -20,7 +20,7 @@ Summary: Nagios plugin for checking software updates License: BSD-4-Clause Group: System/Monitoring -Version: 1.42 +Version: 1.44 Release: 0 Url: http://en.opensuse.org/Nagios-plugins-zypper Source0: check_zypper.pl @@ -58,7 +58,11 @@ %install install -D -m755 %{SOURCE0} %buildroot/%{nagios_plugindir}/check_zypper +%if 0%{?suse_version} > 01100 install -D -m644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_zypper +%else +install -D -m644 %{SOURCE1} %{buildroot}%{_sysconfdir}/apparmor/profiles/extras/usr.lib.nagios.plugins.check_zypper +%endif %clean rm -rf %buildroot @@ -68,8 +72,15 @@ # avoid build dependecy of nagios - own the dirs %dir %{nagios_libdir} %dir %{nagios_plugindir} +%if 0%{?suse_version} > 01100 %dir %{_sysconfdir}/apparmor.d %config(noreplace) %{_sysconfdir}/apparmor.d/usr.lib.nagios.plugins.check_zypper +%else +%dir %{_sysconfdir}/apparmor +%dir %{_sysconfdir}/apparmor/profiles +%dir %{_sysconfdir}/apparmor/profiles/extras +%config %{_sysconfdir}/apparmor/profiles/extras/usr.lib.nagios.plugins.check_zypper +%endif %{nagios_plugindir}/check_zypper %changelog ++++++ check_zypper.pl ++++++ --- /var/tmp/diff_new_pack.F6QnxM/_old 2013-01-17 09:50:30.000000000 +0100 +++ /var/tmp/diff_new_pack.F6QnxM/_new 2013-01-17 09:50:30.000000000 +0100 @@ -4,7 +4,7 @@ # check_zypper - nagios plugin # # Copyright (C) 2008-2010, Novell, Inc. -# Copyright (C) 2011-2012, SUSE Linux Products GmbH +# Copyright (C) 2011-2013, SUSE Linux Products GmbH # Author: Lars Vogdt # # All rights reserved. @@ -50,7 +50,7 @@ # constants $PROGNAME = "check_zypper"; -$VERSION = '1.42'; +$VERSION = '1.44'; $DEBUG = 0; # variables @@ -85,7 +85,7 @@ 0 => 'OK', ); our %supported_release = ( - 'openSUSE' => [ '11.4', '12.1', '12.2' ], + 'openSUSE' => [ '12.1', '12.2', '12.3' ], 'SLE' => [ '10.4', '11.1', '11.2' ], ); $opt_w = 'recommended,optional,unsupported'; @@ -172,8 +172,8 @@ print " Print detailed help screen\n"; print " -i, --ignore <file>\n"; print " Ignore patches/packages that are mentioned in <file>\n"; - print " Place the file in /etc/nagios/ and/or adapt the apparmor profile\n"; - print " before using this feature!\n"; + print " Place the file in /etc/nagios/ and/or adapt the apparmor profile\n"; + print " before using this feature!\n"; print " Just list one patch/package per line - example:\n\n"; print " patch:libtiff-devel\n"; print " # comment\n"; @@ -233,7 +233,7 @@ } sub refresh_zypper($) { - my ($dist) = @_; + my ($dist) = @_; if ( -x "$refresh_wrapper" ) { print STDERR "Trying: $refresh_wrapper 2>/dev/null 1>&2\n" if ($DEBUG); if ( open( WRAPPER, "$refresh_wrapper 2>&1 |" ) ) { @@ -243,9 +243,10 @@ chomp $line; print STDERR "LINE: $line\n" if ($DEBUG); # error handling - return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Could not refresh repository.*/ ); - return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Digest verification failed.*/ ); - return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /refusing file.*wrong digest.*/ ); + return ( "ERROR: " . xml_re_escape($line), $ERRORS{'CRITICAL'} ) if ( $line =~ /Could not refresh repository.*/ ); + return ( "ERROR: " . xml_re_escape($line), $ERRORS{'CRITICAL'} ) if ( $line =~ /There are no enabled repositories defined.*/ ); + return ( "ERROR: " . xml_re_escape($line), $ERRORS{'CRITICAL'} ) if ( $line =~ /Digest verification failed.*/ ); + return ( "ERROR: " . xml_re_escape($line), $ERRORS{'CRITICAL'} ) if ( $line =~ /refusing file.*wrong digest.*/ ); } return ( "Refresh OK", $ERRORS{'OK'} ); } @@ -255,7 +256,7 @@ if ( ( ( "$dist->{'name'}" eq "openSUSE" ) && ( "$dist->{'version'}" eq "10.2" ) ) || ( ( "$dist->{'name'}" eq "SLE" ) && ( "$dist->{'version'}" eq "10" ) ) ) { my $res = system("$sudo $zypper ref 2>/dev/null 1>&2"); - return ( "ERROR: Unable to refresh the repositories", $ERRORS{'ERROR'} ) if !($res); + return ( "ERROR: Unable to refresh the repositories", $ERRORS{'CRITICAL'} ) if !($res); } elsif ( open( ZYPPER, "$sudo $zypper ref 2>&1 |" ) ) { my @wrapper_out = <ZYPPER>; @@ -263,13 +264,16 @@ foreach my $line (@wrapper_out) { chomp $line; print STDERR "LINE: $line\n" if ($DEBUG); - return ( "ERROR: " . xml_re_escape($line), $ERRORS{'ERROR'} ) if ( $line =~ /Could not refresh repository.*/ ); + return ( "ERROR: " . xml_re_escape($line), $ERRORS{'CRITICAL'} ) if ( $line =~ /Could not refresh repository.*/ ); + return ( "ERROR: " . xml_re_escape($line), $ERRORS{'CRITICAL'} ) if ( $line =~ /There are no enabled repositories defined.*/ ); + return ( "ERROR: " . xml_re_escape($line), $ERRORS{'CRITICAL'} ) if ( $line =~ /Digest verification failed.*/ ); + return ( "ERROR: " . xml_re_escape($line), $ERRORS{'CRITICAL'} ) if ( $line =~ /refusing file.*wrong digest.*/ ); } return ( "Refresh OK", $ERRORS{'OK'} ); } } else { - return ( "ERROR: Could not refresh the repositories - binary not found", $ERRORS{'ERROR'} ); + return ( "ERROR: Could not refresh the repositories - binary not found", $ERRORS{'CRITICAL'} ); } } ++++++ usr.lib.nagios.plugins.check_zypper ++++++ --- /var/tmp/diff_new_pack.F6QnxM/_old 2013-01-17 09:50:30.000000000 +0100 +++ /var/tmp/diff_new_pack.F6QnxM/_new 2013-01-17 09:50:30.000000000 +0100 @@ -4,21 +4,114 @@ /usr/lib/nagios/plugins/check_zypper { #include <abstractions/base> #include <abstractions/perl> - #include <abstractions/wutmp> + #include <abstractions/consoles> + # include <abstractions/wutmp> /etc/SuSE-release r, - /bin/grep PUx, - /bin/awk PUx, - /bin/rpm PUx, - /bin/bash PUx, - /usr/bin/sudo PUx, - /usr/bin/zypper PUx, - /usr/sbin/zypp-refresh-wrapper PUx, + /bin/grep rix, + /bin/awk rix, + /bin/gawk rix, + /bin/rpm px -> /usr/lib/nagios/plugins/check_zypper//rpm, + /bin/bash rix, +# /usr/bin/sudo rix, # as we do not know how people name the ignore file, we # allow read access to everything below /etc/nagios here # feel free to limit this to exactly the file you need /etc/nagios/** r, + /usr/sbin/zypp-refresh-wrapper px -> /usr/lib/nagios/plugins/check_zypper//zypp-refresh-wrapper, + /usr/bin/zypper px -> /usr/lib/nagios/plugins/check_zypper//zypper, + + profile zypp-refresh-wrapper { + #include <abstractions/base> + #include <abstractions/nameservice> + capability setuid, + capability setgid, + /usr/sbin/zypp-refresh-wrapper rmix, + /usr/sbin/zypp-refresh px -> /usr/lib/nagios/plugins/check_zypper//zypp-refresh, + } + profile zypp-refresh { + #include <abstractions/base> + #include <abstractions/bash> + #include <abstractions/consoles> + #include <abstractions/user-tmp> + #include <abstractions/zypp> + + /var/log/zypp-refresh.log w, + /usr/sbin/zypp-refresh rmix, + + /bin/cp rix, + /bin/bash rix, + /usr/bin/rpmdb2solv rix, + /usr/bin/zypper px -> /usr/lib/nagios/plugins/check_zypper//zypper, + /usr/bin/gpg2 px -> /usr/lib/nagios/plugins/check_zypper//gpg, + /usr/bin/uuidgen px -> /usr/lib/nagios/plugins/check_zypper//uuidgen, + /usr/bin/repo2solv.sh px -> /usr/lib/nagios/plugins/check_zypper//repo2solv, + } + profile repo2solv { + #include <abstractions/base> + #include <abstractions/consoles> + #include <abstractions/user-tmp> + #include <abstractions/nameservice> + + /usr/bin/repo2solv.sh rmix, + /usr/bin/repomdxml2solv rix, + /usr/bin/rpmmd2solv rix, + /usr/bin/susetags2solv rix, + /usr/bin/updateinfoxml2solv rix, + /usr/bin/deltainfoxml2solv rix, + /usr/bin/mergesolv rix, + + /usr/bin/find rix, + /bin/bash rix, + /bin/rm rix, + /bin/cat rix, + /bin/sed rix, + /bin/gzip rix, + /bin/grep rix, + /usr/bin/gzip rix, + /usr/bin/bzip2 rix, + /usr/bin/lzma rix, + /usr/bin/xz rix, + /bin/mktemp rix, + + /var/cache/zypp/** rw, + } + profile uuidgen { + #include <abstractions/base> + /usr/bin/uuidgen rmix, + } + profile gpg { + #include <abstractions/base> + capability ipc_lock, + /usr/bin/gpg2 rmix, + /proc/sys/crypto/fips_enabled r, + /var/tmp/TmpFile.* rwk, + /var/tmp/TmpDir.*/* rwlk, + /var/tmp/zypp.*/* rwlk, + /var/tmp/zypp.*/*/* rwlk, + /var/cache/zypp/** r, + } + profile zypper { + #include <abstractions/base> + #include <abstractions/bash> + #include <abstractions/zypp> + #include <abstractions/consoles> + + /bin/bash rix, + /usr/bin/rpmdb2solv rix, + /usr/bin/zypper rmix, + /usr/share/zypper/ r, + /usr/share/zypper/** r, + /usr/bin/gpg2 px -> /usr/lib/nagios/plugins/check_zypper//gpg, + /usr/bin/uuidgen px -> /usr/lib/nagios/plugins/check_zypper//uuidgen, + /var/log/zypper.log w, + } + profile rpm { + #include <abstractions/base> + #include <abstractions/rpm> + /bin/rpm rmix, + } } -- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
