Comparing installed packages with the changelog...

dunric · 01-07-2008, 12:29 PM

I think comparing installed packages with relatively vague format of changelog is not too reliable way. In root of repositories there are files named FILE_LIST containing all file names of the given repository so making a comparison with this list is IMHO a better idea.

For illustration purposes real example code of a small bash script using the above described fact follows. It's used for syncing patches of installed only packages. It even checks their GPG signatures and removes obosleted packages.

Code:

#!/bin/sh
# Syncpkgs - fetch updated packages from repository

# Repository URL with Slackware packages
MIRROR="http://<some.slackware.mirror>/slackware-12.0/patches"

# Directory where packages are stored
PACKAGES_CACHE=${PACKAGES_CACHE:-~/var/cache/slackware}
[ -d ${PACKAGES_CACHE} ] || mkdir -p ${PACKAGES_CACHE}

# Wheter to check gpg-signatures of packages
VERIFY_SIG="y"

# Create list of localy installed packages
FLIST_LOCAL=$(ls -1 /var/log/packages/)

# Create list of available packages in repository
wget -O ${PACKAGES_CACHE}/FILE_LIST ${MIRROR}/FILE_LIST || { echo "Error at fetching filelist !" >&2; exit 1; }
FLIST_REMOTE=$(sed -n 's/.*\s\.\/\([^\/]*\/.*\)\.tgz$/\1/p' ${PACKAGES_CACHE}/FILE_LIST)

# Fetch packages not yet in the local cache
for pkg in $FLIST_REMOTE;do
	pkg_name=$(basename $pkg)
	pkg_subdir=$(dirname $pkg)
	pkgname_re='(^|\s)(('$(expr $pkg_name : '\(.*\)-.*-.*-.*$')')-[^-]*-[^-]*-[^-]*)(\s|$)'
	if [[ ${FLIST_LOCAL} =~ ${pkgname_re} ]]; then
		if [[ ! ${EXCLUDE} =~ ${BASH_REMATCH[3]} ]]; then
			if [ ! -r ${PACKAGES_CACHE}/${pkg}.tgz ]; then
				[ -d ${PACKAGES_CACHE}/${pkg_subdir} ] ||
					mkdir -p ${PACKAGES_CACHE}/${pkg_subdir}
				wget -c -O ${PACKAGES_CACHE}/$pkg.tgz $MIRROR/$pkg.tgz
				[ $? -ne 0 ] &&
					{ echo "Failed to download $pkg.tgz !" >&2; \
					rm -f ${PACKAGES_CACHE}/$pkg.tgz; exit 1; }
			fi
			if [ ! -r ${PACKAGES_CACHE}/${pkg}.tgz.asc ]; then
				wget -O ${PACKAGES_CACHE}/$pkg.tgz.asc $MIRROR/$pkg.tgz.asc
				[ $? -ne 0 ] &&
					{ echo "Failed to download $pkg.tgz.asc !" >&2; \
					rm -f ${PACKAGES_CACHE}/$pkg.tgz.asc; exit 1; }
				[ $VERIFY_SIG == "y" ] &&
					gpg --verify ${PACKAGES_CACHE}/$pkg.tgz.asc &> /dev/null
				[ $? -ne 0 ] &&
					{ echo "Wrong signature for $pkg.tgz !" >&2; \
					rm -f ${PACKAGES_CACHE}/$pkg.tgz*; \
					exit 1; }
			fi
		fi
	fi
done
                          
# Remove all outdated packages - not available in repository
for pkgfile in $(find ${PACKAGES_CACHE} -type f -name '*.tgz'); do
	if [[ ! ${FLIST_REMOTE} =~ $(basename $pkgfile .tgz) ]]; then
		rm -f ${pkgfile}
		rm -f ${pkgfile}.asc
	fi
done

BCarey · 01-07-2008, 01:09 PM

Quote:

Originally Posted by acummings

Brian,

Yes. By early this morning it occurred to me to reverse the array (after I'd done it the hard way). And it simultaneously I also realize (most likely) what's happening is that hash key (and value) (keys must be unique) -- as in like or same key gets overwritten (for instance for the four versions of mkinitrd (the mkinitrd [due to like keys] key-value got overwritten four times) so that *only the last written* is the content that that particular key-value pair ends up with.

Am I on the trail now?

That's right. When we were looping, we checked to see if the key already existed in the hash, and if so we skipped straight on to the next line. With the non-looping method, the value will automatically overwrite if the key already exists, so we want to be sure that the "latest" version is the last to be processed.

As you are building your toolkit, take some time to look around CPAN. CPAN is the key to perl's longevity, with the thousands of utilities available so you don't have to reinvent any wheels.

Brian

Lufbery · 02-26-2008, 12:00 PM

Quote:

Originally Posted by dunric

I think comparing installed packages with relatively vague format of changelog is not too reliable way. In root of repositories there are files named FILE_LIST containing all file names of the given repository so making a comparison with this list is IMHO a better idea.

For illustration purposes real example code of a small bash script using the above described fact follows. It's used for syncing patches of installed only packages. It even checks their GPG signatures and removes obosleted packages.

I'm resurrecting this thread because I'd like to try this script and I'll report back on how it words for me.

I'm also interested in how the Perl script turned out.

Regards,

-Drew

acummings · 02-26-2008, 11:09 PM

http://www.linuxquestions.org/questi...ml#post3005790

http://www.linuxquestions.org/questi...7/#post3028757

Unfortunately too much on plate elsewhere keep (still) Perl script on the back burner.

I like to not use bandwidth unless it's necessary to do so. So, I'll likely use Perl and/or Perl calling Wget to check datestamp on the remote packages.txt (or changelog). If that file has not been updated since the last time that I checked that file means there are no new updates (end, done)
OTOH if that file has been updated -- now we can say yes updates available and have the script check and list what the new updates are.
BTW, of course, on the very first or initial run it would list what's available remotely that's not up to date on the sys (and record the datestamp of packages.txt (or changelog). Any subsequent run now uses datestamp method I mentioned earlier. datestamp check is fast and doesn't use much bandwidth except if updates are available then uses the needed bandwidth to check and say which/what list the updates.

--
Alan.

Lufbery · 02-27-2008, 07:05 AM

Alan,

Thanks for the update.

Regards,

-Drew

acummings · 02-08-2009, 03:52 PM

(Bump)

Perl (unfortunately) is still remains on the back burner here. I *must* turn that around!

Here's a (cross reference) link to a newer but nonetheless a very similar thread:

http://www.linuxquestions.org/questi...kages.-702952/

Thanks to all.

Alan.