#!/bin/bash

# Check if the running kernel has the same version string as the on-disk
# kernel image.

# Copyright 2008,2009,2011,2012,2013,2014 Peter Palfrader
# Copyright 2009 Stephen Gran
# Copyright 2010,2012,2013 Uli Martens
# Copyright 2011 Alexander Reichle-Schmehl
#
# Permission is hereby granted, free of charge, to any person obtaining
# a copy of this software and associated documentation files (the
# "Software"), to deal in the Software without restriction, including
# without limitation the rights to use, copy, modify, merge, publish,
# distribute, sublicense, and/or sell copies of the Software, and to
# permit persons to whom the Software is furnished to do so, subject to
# the following conditions:
#
# The above copyright notice and this permission notice shall be
# included in all copies or substantial portions of the Software.
#
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

OK=0;
WARNING=1;
CRITICAL=2;
UNKNOWN=3;

get_offset() {
	local file needle

	file="$1"
	needle="$2"

	perl -e '
		undef $/;
		$i = 0; $k=<>;
		while (($i = index($k, "'"$needle"'", $i)) >= 0) {
			print $i++,"\n";
		}; ' < "$file"
}

get_avail() {
	# This is wrong, but leaves room for when we have to care for machines running
	# myfirstunix-image-0.1-dsa-arm
	local prefix="$1"; shift

	local kervers=$(uname -r)

	local metavers=''

	# DSA uses kernel versions of the form 2.6.29.3-dsa-dl380-oldxeon, where
	# Debian uses versions of the form 2.6.29-2-amd64
	if [ "${kervers#2}" != "$kervers" ]; then
		if [ "${kervers//dsa}" != "$kervers" ]; then
			metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+([\.0-9]+?)-(.*)/2.\1-\3/')
		else
			metavers=$(echo $kervers | sed -r -e 's/^2\.(4|6)\.[0-9]+-[A-Za-z0-9\.]+-(.*)/2.\1-\2/')
		fi
	else
		metavers=$(echo $kervers | sed -r -e 's/^[0-9]+\.[0-9]+(\.[0-9])?+-[A-Za-z0-9\.]+-(.*)/\2/')
	fi

	# Attempt to track back to a metapackage failed.  bail
	if [ "$metavers" = "$kervers" ]; then
		return 2
	fi

	# We're just going to give up if we can't find a matching metapackage
	# I tried being strict once, and it just caused a lot of headaches.  We'll see how
	# being lax does for us

	local output=$(apt-cache policy ${prefix}-image-${metavers} 2>/dev/null)
	local metaavailvers=$(echo "$output" | grep '^  Candidate:' | awk '{print $2}')
	local metainstavers=$(echo "$output" | grep '^  Installed:' | awk '{print $2}')

	if [ -z "$metaavailvers" ] || [ "$metaavailvers" = '(none)' ]; then
		return 2
	fi
	if [ -z "$metainstavers" ] || [ "$metainstavers" = '(none)' ]; then
		return 2
	fi

	if [ "$metaavailvers" != "$metainstavers" ] ; then
		echo "${prefix}-image-${metavers} $metaavailvers available but $metainstavers installed"
		return 1
	fi

	local imagename=0
	# --no-all-versions show shows only the candidate
	for vers in $(apt-cache --no-all-versions show ${prefix}-image-${metavers} | sed -n 's/^Depends: //p' | tr ',' '\n' | tr -d ' ' | grep ${prefix}-image | awk '{print $1}' | sort -u); do
		if dpkg --compare-versions "1.$vers" gt "1.$imagename"; then
			imagename=$vers
		fi
	done

	if [ -z "$imagename" ] || [ "$imagename" = 0 ]; then
		return 2
	fi

	if [ "$imagename" != "${prefix}-image-${kervers}" ]; then
		if dpkg --compare-versions 1."$imagename" lt 1."${prefix}-image-${kervers}"; then
			return 2
		fi
		echo "$imagename" != "${prefix}-image-${kervers}"
		return 1
	fi

	local availvrs=$(apt-cache policy ${imagename} 2>/dev/null | grep '^  Candidate' | awk '{print $2}')
	local kernelversion=$(apt-cache policy ${prefix}-image-${kervers} 2>/dev/null | grep '^  Installed:' | awk '{print $2}')

	if [ "$availvrs" = "$kernelversion" ]; then
		return 0
	fi

	echo "$kernelversion != $availvrs"
	return 1
}

cat_vmlinux() {
	local image header filter hdroff

	image="$1"
	header="$2"
	filter="$3"
	hdroff="$4"

	get_offset "$image" $header | head -n 5 | while read off; do
		(if [ "$off" != 0 ]; then
		   dd ibs="$((off+hdroff))" skip=1 count=0
		 fi &&
		 dd bs=512k) < "$image"  2>/dev/null | $filter 2>/dev/null
	done
}

get_image_linux() {
	local image

	image="$1"

	# gzip compressed image
	cat_vmlinux "$image" "\x1f\x8b\x08\x00"      "zcat"   0
	cat_vmlinux "$image" "\x1f\x8b\x08\x08"      "zcat"   0
	# lzma compressed image
	cat_vmlinux "$image" "\x00\x00\x00\x02\xff"  "xzcat" -1
	cat_vmlinux "$image" "\x00\x00\x00\x04\xff"  "xzcat" -1
	# xz compressed image
	cat_vmlinux "$image" "\xfd\x37\x7a\x58\x5a " "xzcat"  0

	echo "ERROR: Unable to extract kernel image." 2>&1
	exit 1
}


freebsd_check_running_version() {
	local imagefile="$1"; shift

	local r="$(uname -r)"
	local v="$(uname -v| sed -e 's/^#[0-9]*/&:/')"

	local q='@(#)FreeBSD '"$r $v"

	if zcat "$imagefile" | $STRINGS | grep -F -q "$q"; then
		echo "OK"
	else
		echo "not OK"
	fi
}

STRINGS="";
if [ -x "$(which strings)" ]; then
	STRINGS="$(which strings)"
elif [ -x "$(which busybox)" -a "$( echo foobar | $(which busybox) strings 2>/dev/null)" = "foobar" ]; then
	STRINGS="$(which busybox) strings"
fi

searched=""
for on_disk in \
	"/boot/vmlinuz-`uname -r`"\
	"/boot/vmlinux-`uname -r`"\
	"/boot/kfreebsd-`uname -r`.gz"; do

	if [ -e "$on_disk" ]; then
		if [ -z "$STRINGS" ]; then
			echo "UNKNOWN: 'strings' command missing, perhaps install binutils or busybox?"
			exit $UNKNOWN
		fi
		if [ "${on_disk/vmlinu}" != "$on_disk" ]; then
			on_disk_version="`get_image_linux "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`"
			if [ -x /usr/bin/lsb_release ] ; then
				vendor=$(lsb_release -i -s)
				if [ -n "$vendor" ] && [ "xDebian" != "x$vendor" ] ; then
					on_disk_version=$( echo $on_disk_version|sed -e "s/ ($vendor [[:alnum:]\.-]\+ [[:alnum:]\.]\+)//")
				fi
			fi
			[ -z "$on_disk_version" ] || break
			on_disk_version="`cat "$on_disk" | $STRINGS | grep 'Linux version' | head -n1`"
			[ -z "$on_disk_version" ] || break

			echo "UNKNOWN: Failed to get a version string from image $on_disk"
			exit $UNKNOWN
		else
			on_disk_version="$(zcat $on_disk | $STRINGS | grep Debian | head -n 1 | sed -e 's/Debian [[:alnum:]]\+ (\(.*\))/\1/')"
		fi
	fi
	searched="$searched $on_disk"
done

if ! [ -e "$on_disk" ]; then
	echo "WARNING: Did not find a kernel image (checked$searched) - I have no idea which kernel I am running"
	exit $WARNING
fi

if [ "$(uname -s)" = "Linux" ]; then
	running_version="`cat /proc/version`"
	if [ -z "$running_version" ] ; then
		echo "UNKNOWN: Failed to get a version string from running system"
		exit $UNKNOWN
	fi

	if [ "$running_version" != "$on_disk_version" ]; then
		echo "WARNING: Running kernel does not match on-disk kernel image: [$running_version != $on_disk_version]"
		exit $WARNING
	fi

	ret="$(get_avail linux)"
	if [ $? = 1 ]; then
		echo "WARNING: Kernel needs upgrade [$ret]"
		exit $WARNING
	fi
else
	image_current=$(freebsd_check_running_version $on_disk)
	running_version="`uname -s` `uname -r` `uname -v`"
	if [ "$image_current" != "OK" ]; then
		approx_time="$(date -d "@`stat -c '%Y' "$on_disk"`" +"%Y-%m-%d %H:%M:%S")"
		echo "WARNING: Currently running kernel ($running_version) does not match on disk image (~ $approx_time)"
		exit $WARNING;
	fi

	ret="$(get_avail linux)"
	if [ $? = 1 ]; then
		echo "WARNING: Kernel needs upgrade [$ret]"
		exit $WARNING
	fi
fi

echo "OK: Running kernel matches on disk image: [$running_version]"
exit $OK