Hello community,
here is the log from the commit of package monitoring-plugins-zypper for
openSUSE:Factory checked in at 2018-08-20 16:21:28
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/monitoring-plugins-zypper (Old)
and /work/SRC/openSUSE:Factory/.monitoring-plugins-zypper.new (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "monitoring-plugins-zypper"
Mon Aug 20 16:21:28 2018 rev:14 rq:630430 version:1.96
Changes:
--------
---
/work/SRC/openSUSE:Factory/monitoring-plugins-zypper/monitoring-plugins-zypper.changes
2018-03-06 10:49:27.963563198 +0100
+++
/work/SRC/openSUSE:Factory/.monitoring-plugins-zypper.new/monitoring-plugins-zypper.changes
2018-08-20 16:21:35.845007028 +0200
@@ -1,0 +2,16 @@
+Fri Aug 3 10:41:10 UTC 2018 - [email protected]
+
+- add suggested changes in sudoers file (bnc#1103590)
+- cleanup the help output of the plugin
+
+-------------------------------------------------------------------
+Tue Jul 17 12:22:55 UTC 2018 - [email protected]
+
+- as newer zypper versions always require root rights to refresh
+ the repositories, add a working sudoers file right from the
+ beginning that allows to execute the needed zypper commands
+- Update to 1.96
+ + SLE-12-SP2 is deprecated
+ + add SLE-15-SP1 and SLE-12-SP4 as supported
+
+-------------------------------------------------------------------
New:
----
sudo-profile-check_zypper
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ monitoring-plugins-zypper.spec ++++++
--- /var/tmp/diff_new_pack.A6ZNJ0/_old 2018-08-20 16:21:36.353007747 +0200
+++ /var/tmp/diff_new_pack.A6ZNJ0/_new 2018-08-20 16:21:36.357007752 +0200
@@ -26,7 +26,7 @@
Summary: Check for software updates via zypper
License: BSD-3-Clause
Group: System/Monitoring
-Version: 1.95
+Version: 1.96
Release: 0
Url: http://en.opensuse.org/Monitoring-plugins-zypper
Source0: check_zypper.pl
@@ -37,6 +37,11 @@
Requires: gawk
Requires: grep
Requires: rpm
+%if 0%{?suse_version} > 1310
+BuildRequires: sudo
+Requires: sudo
+Source5: sudo-profile-check_zypper
+%endif
%if 0%{?suse_version} > 1010
# nagios can execute the script with embedded perl
Recommends: perl
@@ -99,6 +104,9 @@
%else
install -D -m644 %{SOURCE1}
%{buildroot}%{_sysconfdir}/apparmor/profiles/extras/usr.lib.nagios.plugins.check_zypper
%endif
+%if 0%{?suse_version} > 1310
+install -Dm400 %{SOURCE5} %{buildroot}%{_sysconfdir}/sudoers.d/check_zypper
+%endif
%check
# generic test if check_zypper is working at all
@@ -150,5 +158,8 @@
%config(noreplace)
%{_sysconfdir}/apparmor/profiles/extras/usr.lib.nagios.plugins.check_zypper
%endif
%{nagios_plugindir}/check_zypper
+%if 0%{?suse_version} > 1310
+%config(noreplace) %{_sysconfdir}/sudoers.d/check_zypper
+%endif
%changelog
++++++ check_zypper.pl ++++++
--- /var/tmp/diff_new_pack.A6ZNJ0/_old 2018-08-20 16:21:36.401007815 +0200
+++ /var/tmp/diff_new_pack.A6ZNJ0/_new 2018-08-20 16:21:36.405007821 +0200
@@ -5,7 +5,7 @@
#
# Copyright (C) 2008-2010, Novell, Inc.
# Copyright (C) 2011-2014, SUSE Linux Products GmbH
-# Copyright (C) 2015-2016, SUSE Linux GmbH
+# Copyright (C) 2015-2018, SUSE Linux GmbH
# Author: Lars Vogdt
#
# All rights reserved.
@@ -51,7 +51,7 @@
# constants
$PROGNAME = "check_zypper";
-$VERSION = '1.95';
+$VERSION = '1.97';
$DEBUG = 0;
# variables
@@ -62,7 +62,7 @@
our $zypper = '/usr/bin/zypper';
our $zypperopt = '--non-interactive --no-gpg-checks list-updates';
our $sudo = '/usr/bin/sudo';
-our $zypp_refresh = '/usr/sbin/zypp-refresh';
+our $zypp_refresh = '/usr/sbin/zypp-refresh ""';
our $refresh_wrapper = '/usr/sbin/zypp-refresh-wrapper';
our $use_sudo = 'unset LANG; ';
our $releasefile = '/etc/SuSE-release';
@@ -94,7 +94,7 @@
);
our %supported_release = (
'openSUSE' => [ '42.3', '15.0', '15.1' ],
- 'SLE' => [ '11.4', '12.2', '12.3', '15.0' ],
+ 'SLE' => [ '11.4', '12.3', '12.4', '15.0', '15.1' ],
'Tumbleweed' => [ '2019*'],
);
$opt_w = 'recommended,optional,unsupported,local_package';
@@ -223,21 +223,16 @@
}
sub print_usage () {
- print "This plugin checks for software updates on systems that ";
- print "use package\n";
- print "management systems based on the zypper command found in ";
- print "openSUSE.\n\n";
- print "It checks for security, recommended and optional patches ";
- print "and also for\n";
- print "optional package updates.\n\n";
- print "You can define the status by patch category. Use a ";
- print "commata to list more\n";
- print "than one category to a state. Possible values are ";
- print "recommended,optional,security\n";
- print "and packages\n\n";
- print "If you like to know the names of available patches and ";
- print "packages, use\n";
- print "the \"-v\" option.\n\n";
+ print "This plugin checks for software updates on systems that \n";
+ print "use package management systems based on the zypper command \n";
+ print "found in (open)SUSE.\n\n";
+ print "It checks for security, recommended and optional patches \n";
+ print "and also for optional package updates.\n\n";
+ print "You can define the status by patch category. Use a commata to\n";
+ print "list more than one category to a state. Possible values are: \n";
+ print " recommended,optional,security and packages\n\n";
+ print "If you like to know the names of available patches and packages,
\n";
+ print "use the \"-v\" option.\n\n";
print "Usage:\n";
print " $PROGNAME [-w <category>] [-c <category>] [-t <timeout>] [-v]\n";
print " $PROGNAME [-h | --help]\n";
@@ -247,16 +242,14 @@
print " A patch with this category result in critical status.\n";
print " Default: $opt_c\n";
print " -f, --releasefile\n";
- print " Use the given file to get informations about the ";
- print "distribution.\n";
+ print " Use the given file to get informations about the
distribution.\n";
print " Default: $alt_releasefile (fallback: $releasefile)\n";
print " -h, --help\n";
print " Print detailed help screen\n";
print " -i, --ignore <file>\n";
print " Ignore patches/packages that are mentioned in <file>\n";
- print " Place the file in /etc/nagios/ and/or adapt the ";
- print "apparmor profile\n";
- print " before using this feature!\n";
+ print " Place the file in /etc/nagios/ or /etc/monitoring-plugins/
\n";
+ print " and/or adapt the apparmor profile before using this
feature!\n";
print " Just list one patch/package per line - example:\n\n";
print " patch:libtiff-devel\n";
print " # comment\n";
@@ -271,35 +264,32 @@
print " -p, --no_perfdata\n";
print " Print no perfdata\n";
print " -r, --refresh_repos\n";
- print " Tries to refresh the repositories before checking ";
- print "for updates.\n";
+ print " Tries to refresh the repositories before checking for
updates.\n";
print " Note: this maybe needs an entry in /etc/sudoers like:\n";
- print " nagios ALL = NOPASSWD: /usr/bin/zypper ref\n";
- print " (and additional lines for the \'-s\' Option) if no ";
- print "check-zypp-wrapper is available.\n";
+ print " nagios ALL = NOPASSWD: /usr/bin/zypper ref\n";
+ print " (and additional lines for the \'-s\' Option) if no \n";
+ print " check-zypp-wrapper is available.\n";
print " -s, --use_sudo\n";
- print " Zypper needs root privileges on some distributions ";
- print "known: 10.1, SLE10 and SLE12).\n";
+ print " Zypper needs root privileges on some distributions \n";
+ print " known: 10.1, SLE10, SLE12 and beyond).\n";
print " You can enable the script to use $sudo to start zypper.\n";
- print " But don't forget to enable nopasswd sudo for the user ";
- print "starting $PROGNAME\n";
+ print " But don't forget to enable nopasswd sudo for the user \n";
+ print " starting $PROGNAME\n";
print " Via lines like the two below on in /etc/sudoers:\n";
- print " nagios ALL = NOPASSWD: /usr/bin/zypper sl, \\ \n";
+ print " nagios ALL = NOPASSWD: /usr/bin/zypper services, \\ \n";
print " /usr/bin/zypper $zypperopt\n";
print " -t, --timeout\n";
- print " Just in case of problems, let's not hang Nagios and ";
- print "define a timeout.\n";
+ print " Just in case of problems, let's not hang Nagios and define a
timeout.\n";
print " Default value is: $opt_t seconds\n";
print " -u, --check-vendor\n";
- print " Check if installed packages are not from a ";
- print "supported vendor.\n";
+ print " Check if installed packages are not from a supported
vendor.\n";
print " -l, --check-local\n";
- print " Check for local packages that are not in any ";
- print "repository. NOTE: zypper just searches for\n";
- print " exact the same version-release in the repositories, ";
- print "so if the repositories do not contain\n";
- print " old versions of the packages, this check may always ";
- print "produce a warning.\n";
+ print " Check for local packages that are not in any \n";
+ print " repository. NOTE: zypper just searches for\n";
+ print " exact the same version-release in the repositories, \n";
+ print " so if the repositories do not contain\n";
+ print " old versions of the packages, this check may always \n";
+ print " produce a warning.\n";
print " This check does not work on SLE-10\n";
print " -v, --verbose_output\n";
print " Print more information (useful only with Nagios v3.x).\n";
@@ -314,15 +304,16 @@
print " Print debug output to STDERR\n";
print "\n";
print " The lines below contain all entries for your sudoers ";
- print "file, if needed:\n";
- print " nagios ALL = NOPASSWD: /usr/bin/zypper sl, \\ \n";
- print " /usr/bin/zypper ref, \\ \n";
+ print " file, if needed:\n";
+ print " nagios ALL = NOPASSWD: /usr/sbin/zypp-refresh \"\",\\ \n";
+ print " /usr/bin/zypper refresh,\\ \n";
+ print " /usr/bin/zypper services,\\ \n";
print " /usr/bin/zypper $zypperopt\n";
}
sub print_help {
my $exit = shift || undef;
- print "Copyright (c) 2009-2016, SUSE, Inc.\n\n";
+ print "Copyright (c) 2009-2018, SUSE Linux GmbH\n\n";
print_usage();
print "\n";
mysupport();
@@ -331,9 +322,9 @@
sub check_zypper() {
if ( -x "$zypper" ) {
- print STDERR "INFO: Trying $use_sudo $zypper sl 2>/dev/null 1>&2\n"
+ print STDERR "INFO: Trying $use_sudo $zypper services 2>/dev/null
1>&2\n"
if ($DEBUG);
- return ( system("$use_sudo $zypper sl 2>/dev/null 1>&2") );
+ return ( system("$use_sudo $zypper services 2>/dev/null 1>&2") );
}
else {
return 1;
@@ -401,7 +392,7 @@
}
}
elsif ( -x "$zypper" ) {
- print STDERR "INFO: Trying $sudo $zypper ref 2>/dev/null 1>&2\n"
+ print STDERR "INFO: Trying $sudo $zypper refresh 2>/dev/null 1>&2\n"
if ($DEBUG);
if (( ( "$dist->{'name'}" eq "openSUSE" )
&& ( "$dist->{'version'}" eq "10.2" )
@@ -410,12 +401,12 @@
&& ( "$dist->{'version'}" eq "10" ) )
)
{
- my $res = system("$sudo $zypper ref 2>/dev/null 1>&2");
+ my $res = system("$sudo $zypper refresh 2>/dev/null 1>&2");
return ( "ERROR: Unable to refresh the repositories",
$ERRORS{'CRITICAL'} )
if !($res);
}
- elsif ( open( ZYPPER, "$sudo $zypper ref 2>&1 |" ) ) {
+ elsif ( open( ZYPPER, "$sudo $zypper refresh 2>&1 |" ) ) {
my @wrapper_out = <ZYPPER>;
close(ZYPPER);
foreach my $line (@wrapper_out) {
@@ -512,11 +503,9 @@
}
if ( ($opt_l) && ( $dist->{'version'} gt 10.4 ) ) {
- print STDERR
- "INFO: checking for local packages not referenced in
repositories\n"
+ print STDERR "INFO: checking for local packages not referenced in
repositories\n"
if ($DEBUG);
- @loc_packagelist
- = `$zypper search --details --installed-only | $grep '(System
Packages)' | $awk '" " { print \$3 }'`;
+ @loc_packagelist = `$zypper search --details --installed-only | $grep
'(System Packages)' | $awk '" " { print \$3 }'`;
my $category = 'local_package';
my $status = 'new';
foreach my $name ( sort(@loc_packagelist) ) {
@@ -566,8 +555,7 @@
if ($DEBUG);
if ( !$opt_o ) {
$error = check_errorcode('security');
- $warnstr
- = "At least one of your Repositories might be out of
date. Please run \"zypper refresh\" as root to update it. ";
+ $warnstr = "At least one of your Repositories might be out
of date. Please run \"zypper refresh\" as root to update it. ";
$warnstr .= "\n" if ($opt_v);
next;
}
@@ -590,8 +578,7 @@
; # just for reference - perhaps we need the variables
later
if ( defined($name) ) {
if ( grep { $_ eq $name } @patchignore ) {
- print STDERR
- "WARNING: ignoring $name as it is in
\@patchignore\n"
+ print STDERR "WARNING: ignoring $name as it is in
\@patchignore\n"
if ($DEBUG);
next;
}
@@ -613,40 +600,34 @@
my ($edition) = $_ =~ /edition="(.*?)"/;
if (/kind="patch"/) { # line contains patch
if ( grep { $_ eq $name } @patchignore ) {
- print STDERR
- "WARNING: ignoring $name as it is in
\@patchignore\n"
+ print STDERR "WARNING: ignoring $name as it is in
\@patchignore\n"
if ($DEBUG);
next;
}
if ( grep { $_ eq "$name-$edition" } @patchignore ) {
- print STDERR
- "WARNING: ignoring $name-$edition as it is in
\@patchignore\n"
+ print STDERR "WARNING: ignoring $name-$edition as
it is in \@patchignore\n"
if ($DEBUG);
next;
}
$category = 'optional' if (/category="optional"/);
- $category = 'recommended'
- if (/category="recommended"/);
+ $category = 'recommended' if
(/category="recommended"/);
$category = 'security' if (/category="security"/);
}
elsif (/kind="package"/) {
if ( grep { $_ eq $name } @packageignore ) {
- print STDERR
- "WARNING: ignoring $name as it is in
\@packageignore\n"
+ print STDERR "WARNING: ignoring $name as it is in
\@packageignore\n"
if ($DEBUG);
next;
}
if ( grep { $_ eq "$name-$edition" } @packageignore )
{
- print STDERR
- "WARNING: ignoring $name-$edition as it is in
\@packageignore\n"
+ print STDERR "WARNING: ignoring $name-$edition as
it is in \@packageignore\n"
if ($DEBUG);
next;
}
$category = 'package';
}
- $packagelist{"$category"}{"$name"}{'category'}
- = "$category";
+ $packagelist{"$category"}{"$name"}{'category'} =
"$category";
$packagelist{"$category"}{"$name"}{'name'} = "$name";
$packagelist{"$category"}{"$name"}{'status'} = "Needed";
}
@@ -721,10 +702,7 @@
}
if ($update_avail) {
- $ret_str
- .= trim(
- "$warnstr $secstr $recstr $optstr $pacstr $unsupstr
$local_pacstr"
- ) . " ";
+ $ret_str .= trim("$warnstr $secstr $recstr $optstr $pacstr
$unsupstr $local_pacstr")." ";
my @packagelist = ();
my @unsupported_packagelist = ();
@loc_packagelist = ();
@@ -930,7 +908,7 @@
$zypperopt = '--non-interactive --no-gpg-checks list-updates'
if ( "$dist->{'version'}" eq "10.2" );
-$zypperopt = '--xmlout --non-interactive list-updates -t package -t patch'
+$zypperopt = '--xmlout --non-interactive list-updates --type package --type
patch'
if ( $dist->{'version'} gt 11.0 );
if ( "$dist->{'name'}" eq "SLE" ) {
@@ -940,7 +918,7 @@
}
else {
$zypperopt
- = '--xmlout --non-interactive list-updates -t package -t patch';
+ = '--xmlout --non-interactive list-updates --type package --type
patch';
}
}
@@ -1017,7 +995,7 @@
print STDERR
"http://download.opensuse.org/tumbleweed/repo/oss/media.1/media ";
print STDERR "I can not say more\n";
print STDERR "INFO: at the moment. So a FIXME for the script - ";
- print STDERR "but until then, don't be evil and say OK.\n";
+ print STDERR "but until then, I don't be evil and say OK.\n";
}
elsif ( grep {/\Q$dist->{'name'}\E/} keys %supported_release ) {
print STDERR "INFO: found $dist->{'name'} - checking supportstatus\n"
++++++ sudo-profile-check_zypper ++++++
nagios ALL=(ALL) NOPASSWD: /usr/sbin/zypp-refresh "",\
/usr/bin/zypper refresh,\
/usr/bin/zypper services,\
/usr/bin/zypper --xmlout --non-interactive
list-updates --type package --type patch
