From 48193a0f7ab8491e8290777e1cfe0239d82b1034 Mon Sep 17 00:00:00 2001
From: Alexander Couzens <lynxis@fe80.eu>
Date: Fri, 28 Apr 2017 20:13:35 +0200
Subject: rc.local/update_jdn.sh: rework disabling dsa-check-packages

When rc.local was executed, it disables dsa-check-packages via
ln -sf /bin/true /usr/local/bin/dsa-check-packages which disables it.
But when the next time update_jdn.sh run, update_jdn.sh overwrite /bin/true
with the original dsa-check-packages perl script.
All scripts which use /bin/true rather than a built-in (like bash) might
fail if some packages are outdated.
Disabling of dsa-check-packages is done now in update_jdn.sh, but after
dsa-check-packages got overwritten. It's also now using a one line shell
script instead of a symbolic link, which allows to add a comment.
Also add temporary check if /bin/true is a perl script and repair it by
reinstalling coreutils.

Signed-off-by: Holger Levsen <holger@layer-acht.org>
---
 update_jdn.sh | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

(limited to 'update_jdn.sh')

diff --git a/update_jdn.sh b/update_jdn.sh
index 73d8f655..e0c4b3a8 100755
--- a/update_jdn.sh
+++ b/update_jdn.sh
@@ -32,6 +32,21 @@ set_correct_date() {
 		sudo ntpdate -b de.pool.ntp.org
 }
 
+disable_dsa_check_packages() {
+	# disable check for outdated packages as in the future (like this)
+	# packages from security.d.o will appear outdated always…
+	echo -e "#!/bin/sh\n# disabled dsa-check by update_jdn.sh\nexit 0" > /usr/local/bin/dsa-check-packages
+	chmod a+rx /usr/local/bin/dsa-check-packages
+
+	# FIXME: remove the repair of /bin/true when all hosts has been
+	# updated
+	# ln -s /bin/true /usr/local/bin/dsa-check-packages was used which
+	# broke /bin/true by overwriting it with the perl script dsa-check-packages
+	if grep -q '/usr/bin/perl' /bin/true ; then
+		apt-get install --reinstall coreutils
+	fi
+}
+
 echo "--------------------------------------------"
 explain "$(date) - begin deployment update."
 
@@ -785,9 +800,11 @@ explain "$(date) - finished deployment."
 case $HOSTNAME in
 	# set time back to the future
 	profitbricks-build4-amd64|profitbricks-build5-amd64|profitbricks-build6-i386|profitbricks-build15-amd64|profitbricks-build16-i386)
+		disable_dsa_check_packages
 		sudo date --set="+398 days +6 hours + 23 minutes"
 		;;
 	codethink-sled9*|codethink-sled11*|codethink-sled13*|codethink-sled15*)
+		disable_dsa_check_packages
 		sudo date --set="+398 days +6 hours + 23 minutes"
 		;;
 	jenkins)
-- 
cgit v1.2.3-54-g00ecf