Suggestion: script for tracking upstream updates
Hello all,
I am a long time user of Slackware, and some things makes me think a little about things that may be lacking. One of them is how to keep the system up and running with the latest upstream version, mainly because of security concerns. Of course Slackware security group delivers new versions when security issues hit packages Slackware packages. However, the system I typically use has some packages which come from other sources, mainly slackbuilds.org. And there are some packages which I managed to create my own slackbuild scripts, which don't have security updates, or a service which provides them in a timely manner. The bottom line is that these packages represent a hole in the whole system in terms of security. The idea I could suggest is to build scripts which could be run for each of these packages, showing the currently installed version, the latest stable version delivered by upstream and, if possible, the URL with the latest upstream source package. Running these scripts for some or all the packages, and checking one version against the other could deliver to the system administrator a picture of what is going on in the system. The trick is that these scripts should hint the latest version automatically, based on the upstream home page, or download page, or whatever. I tried to test this concept making such scripts for two packages I have installed in my machine (wireshark and gparted), and it seems they worked quite well for current versions. They download the "downloads" page for each project, and use 'sed' to extract the version from the contents (see below). Now, I noticed that these scripts may be interesting also for folks which build packages for the distribution. They may help them to track upstream versions and to provide the latest packages. I called such scripts "SlackTrackUpstream", borrowing the concept of the "SlackBuild" scripts which are coupled with (almost) every Slackware package. As the SlackBuilds, I called them <package>.SlackTrackUpstream, and assumed they should give outputs like these: Code:
[user@machine:/home/user/gparted-0.16.2/slackbuild] $ ./gparted.SlackTrackUpstream It's quite easy to a "supervisor" script call the SlackTrackUpdate for each package of a list and check the local version to the upstream latest version for each of them. If both differ, a yellow light could be switched on, and this specific package may be subject to upgrade. Below I provide the two scripts I built. Hope it may help somebody. Also, if someone finds it useful, and know something about legalese, please could advise me about licences, etc. Thanks, Luiz Ramos lramos dot prof at yahoo dot com dot br São Paulo - Brazil === wireshark.SlackTrackUpstream ===================== Code:
#!/bin/sh Code:
#!/bin/sh |
I tried to experiment your script on the first file in the a series "acl" but can't get anything interesting (no last version): see acl.SlackTrackUpstream.
I'm not as experimented as you, so the reason for the failure? Code:
#!/bin/sh |
Not supposed to work unless hinting is adapted
Quote:
I managed to tweak your script, and it seems to work now. See below: Code:
#!/bin/sh Both assumptions may not hold forever, but until forever don't come, we'll save some time trying to catch up with the latest developments... And one last thing: I think this case you brought to discuss seems to be a specific instance of the more general case of a project which puts all versions in a directory accessible by http (or even ftp). The script above seem to be proper for a number of other packages. Thanks, and hopes it works fine. Luiz |
Thanks for debugging my script.
I tried with one other package from sourceforge (acpid2), where the latest is at the top and not at the bottom, the result is an empty line (for the latest), and packages from sourceforge are not so rare. |
A workaround
Hello, nobodino.
Quote:
For acpid2, I managed to do one other trick as a good workaround. If you check this URL: http://sourceforge.net/projects/acpid2/files, there is a phrase telling explictly what the latest version is. I changed your script to get into this page and extract information from that phrase. It worked! However, doing so, the more general case pictured above will be left for the next days... Code:
#!/bin/sh Luiz |
All times are GMT -5. The time now is 06:14 PM. |