From 59700a2f3a910a43cd9b14aba72bdb3036d5ac7c Mon Sep 17 00:00:00 2001 From: Matt Ray Date: Fri, 29 May 2020 22:50:32 +1000 Subject: [PATCH] Updated to use a while loop for releasing "apt update" lock The previous implementation waited for the lock to release, this version retries until a successful exit. The 'ubuntu' names were replaced with 'debian' to reflect the correct origins. Signed-off-by: Matt Ray --- README.md | 1 + libraries/linux_updates.rb | 28 ++++++++++++++++------------ 2 files changed, 17 insertions(+), 12 deletions(-) diff --git a/README.md b/README.md index cb9e0f4..9e3f458 100644 --- a/README.md +++ b/README.md @@ -8,6 +8,7 @@ This [InSpec](http://inspec.io/) profile verifies that all updates have been ins - RHEL 6/7 - CentOS 6/7 +- Debian 8/9/10 - Ubuntu 12.04+ - OpenSUSE, SuSE 11/12 diff --git a/libraries/linux_updates.rb b/libraries/linux_updates.rb index b388c48..b2d6175 100644 --- a/libraries/linux_updates.rb +++ b/libraries/linux_updates.rb @@ -18,7 +18,7 @@ class LinuxUpdateManager < Inspec.resource(1) # if inspec.os.redhat? # @update_mgmt = RHELUpdateFetcher.new(inspec) # elsif inspec.os.debian? - # @update_mgmt = UbuntuUpdateFetcher.new(inspec) + # @update_mgmt = DebianUpdateFetcher.new(inspec) # end # return skip_resource 'The `linux_update` resource is not supported on your OS.' if @update_mgmt.nil? # end @@ -29,7 +29,7 @@ def initialize when 'redhat', 'amazon' @update_mgmt = RHELUpdateFetcher.new(inspec) when 'debian' - @update_mgmt = UbuntuUpdateFetcher.new(inspec) + @update_mgmt = DebianUpdateFetcher.new(inspec) when 'suse' @update_mgmt = SuseUpdateFetcher.new(inspec) end @@ -156,36 +156,40 @@ def extract_xml_updates(updates_el) end end -class UbuntuUpdateFetcher < UpdateFetcher +class DebianUpdateFetcher < UpdateFetcher def packages - ubuntu_packages = ubuntu_base + <<-PRINT_JSON + debian_packages = debian_base + <<-PRINT_JSON echo -n '{"installed":[' dpkg-query -W -f='${Status}\\t${Package}\\t${Version}\\t${Architecture}\\n' |\\ grep '^install ok installed\\s' |\\ awk '{ printf "{\\"name\\":\\""$4"\\",\\"version\\":\\""$5"\\",\\"arch\\":\\""$6"\\"}," }' | rev | cut -c 2- | rev | tr -d '\\n' echo -n ']}' PRINT_JSON - parse_json(ubuntu_packages) + parse_json(debian_packages) end def updates - ubuntu_updates = ubuntu_base + <<-PRINT_JSON + debian_updates = debian_base + <<-PRINT_JSON echo -n '{"available":[' -DEBIAN_FRONTEND=noninteractive apt-get upgrade --dry-run | grep Inst | tr -d '[]()' |\\ +DEBIAN_FRONTEND=noninteractive apt upgrade --dry-run | grep Inst | tr -d '[]()' |\\ awk '{ printf "{\\"name\\":\\""$2"\\",\\"version\\":\\""$4"\\",\\"repo\\":\\""$5"\\",\\"arch\\":\\""$6"\\"}," }' | rev | cut -c 2- | rev | tr -d '\\n' echo -n ']}' PRINT_JSON - parse_json(ubuntu_updates) + parse_json(debian_updates) end private - def ubuntu_base + def debian_base base = <<-PRINT_JSON #!/bin/sh -DEBIAN_FRONTEND=noninteractive apt-get update >/dev/null 2>&1 -readlock() { cat /proc/locks | awk '{print $5}' | grep -v ^0 | xargs -I {1} find /proc/{1}/fd -maxdepth 1 -exec readlink {} \\; | grep '^/var/lib/dpkg/lock$'; } -while test -n "$(readlock)"; do sleep 1; done +COMMAND="DEBIAN_FRONTEND=noninteractive apt update >>/dev/null 2>&1" +eval $COMMAND +while [ $? -ne 0 ] +do +sleep 30s +eval $COMMAND +done echo " " PRINT_JSON base