[Bug 199776] Quell non-determinisitc output in freebsd-update IDS reports.

bugzilla-noreply at freebsd.org bugzilla-noreply at freebsd.org
Wed Apr 29 12:30:08 UTC 2015 

https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199776

            Bug ID: 199776
           Summary: Quell non-determinisitc output in freebsd-update IDS
                    reports.
           Product: Base System
           Version: 10.1-RELEASE
          Hardware: Any
                OS: Any
            Status: New
          Severity: Affects Only Me
          Priority: ---
         Component: misc
          Assignee: freebsd-bugs at FreeBSD.org
          Reporter: dirkx at webweaving.org

The automated IDS currently (by default) outputs the host from which the
fingerprints where received:


   $ sudo freebsd-update IDS
   ...
   /Fetching metadata signature for 10.1-RELEASE from update1.freebsd.org...
done
   ...
   $

This means that things such as a periodic/security script cannot blindly
compare the output. Hence it would be useful to

1) either have a flag to suppress such non-unique flags
or 
2) modify the IDS periodic script along the lines below; removing such lines.

I guess '1' is a cleaner option. Less ways to abuse.

Dw.

#/bin/sh
set -e

echo IDS - comparing install
echo

DATE=$(/bin/date +%Y%d%m)

/usr/sbin/freebsd-update IDS |/usr/bin/tee /var/db/ids.${DATE} | while read
file a b c hash rest; do
        if [ "$a" != "has" -o "$b" != "SHA256" -o "$c" != "hash" ] || !
/usr/bin/grep -q "${hash}" /var/db/ids.last; then
                echo "$file $a $b $c $hash $rest";
        fi
done

echo
echo
echo Comparing with previous IDS run
echo
for file in /var/db/ids.${DATE} /var/db/ids.last
do
        test -f $file && \
                cat $file | sed -E 's/^Fetching metadata signature for
10.([0-9]+)-RELEASE from update([0-9]+).freebsd.org... done./Fetching metadata
signature for 10.1-RELEASE from updateX.freebsd.org... done./' > $file.tmp
done

if diff /var/db/ids.${DATE}.tmp /var/db/ids.last.tmp; then
        echo No changes.
else
        diff /var/db/ids.${DATE} /var/db/ids.last
fi

rm -f /var/db/ids.${DATE}.tmp /var/db/ids.last.tmp
cp /var/db/ids.${DATE} /var/db/ids.last

exit 0

-- 
You are receiving this mail because:
You are the assignee for the bug.

More information about the freebsd-bugs mailing list