LinuxQuestions.org
Review your favorite Linux distribution.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices


Reply
  Search this Thread
Old 11-28-2013, 06:52 PM   #1
Luiz Ramos
LQ Newbie
 
Registered: Jun 2010
Location: São Paulo - Brazil
Distribution: Slackware, Debian, LinuxMint, ArchLinux
Posts: 23

Rep: Reputation: 11
Suggestion: script for tracking upstream updates


Hello all,

I am a long time user of Slackware, and some things makes me think a little about things that may be lacking. One of them is how to keep the system up and running with the latest upstream version, mainly because of security concerns.

Of course Slackware security group delivers new versions when security issues hit packages Slackware packages. However, the system I typically use has some packages which come from other sources, mainly slackbuilds.org. And there are some packages which I managed to create my own slackbuild scripts, which don't have security updates, or a service which provides them in a timely manner. The bottom line is that these packages represent a hole in the whole system in terms of security.

The idea I could suggest is to build scripts which could be run for each of these packages, showing the currently installed version, the latest stable version delivered by upstream and, if possible, the URL with the latest upstream source package. Running these scripts for some or all the packages, and checking one version against the other could deliver to the system administrator a picture of what is going on in the system.

The trick is that these scripts should hint the latest version automatically, based on the upstream home page, or download page, or whatever. I tried to test this concept making such scripts for two packages I have installed in my machine (wireshark and gparted), and it seems they worked quite well for current versions. They download the "downloads" page for each project, and use 'sed' to extract the version from the contents (see below).

Now, I noticed that these scripts may be interesting also for folks which build packages for the distribution. They may help them to track upstream versions and to provide the latest packages.

I called such scripts "SlackTrackUpstream", borrowing the concept of the "SlackBuild" scripts which are coupled with (almost) every Slackware package. As the SlackBuilds, I called them <package>.SlackTrackUpstream, and assumed they should give outputs like these:

Code:
[user@machine:/home/user/gparted-0.16.2/slackbuild] $ ./gparted.SlackTrackUpstream
Local version               : 0.16.2
Upstream latest version     : 0.16.2
Upstream latest source      : http://sourceforge.net/projects/gparted/files/gparted/gparted-0.16.2/gparted-0.16.2.tar.bz2

It's quite easy to a "supervisor" script call the SlackTrackUpdate for each package of a list and check the local version to the upstream latest version for each of them. If both differ, a yellow light could be switched on, and this specific package may be subject to upgrade.

Below I provide the two scripts I built. Hope it may help somebody.

Also, if someone finds it useful, and know something about legalese, please could advise me about licences, etc.

Thanks,

Luiz Ramos
lramos dot prof at yahoo dot com dot br
São Paulo - Brazil


=== wireshark.SlackTrackUpstream =====================
Code:
#!/bin/sh

# Slackware upstream tracking script for wireshark

# Copyright 2013  Luiz Ramos, Brazil
# Originally written by Luiz Ramos (lramos.prof@yahoo.com.br)
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PRGNAM=wireshark

SRC=""
VRS=""
VARIANT[x64]=""

get_latest_src_package() {
	local _tmpfile=/tmp/slack-upstream.tmp
	local _url="http://www.wireshark.org/download.html"
	wget -q -O ${_tmpfile} ${_url}
	[ $? != 0 ] && return
	local _vrs=$(cat ${_tmpfile} | \
		sed -n -e '/The current stable release of Wireshark is/s|.\+is \([1234567890\.]\+\)\.|\1|gp')
	_pkg="http://www.wireshark.org/download/src/wireshark-${_vrs}.tar.bz2"
	echo "${_pkg}"
	rm -f ${_tmpfile}
	echo "${_vrs}"
}

get_local_vrs() {
	local LOCVRS=$(ls -1 /var/log/packages/$PRGNAM-* | \
		sed -n -e 's/.\+wireshark-\([1234567890\.]\+\)-.*/\1/g;p')
	echo $LOCVRS
}

print_output() {
	echo "Local version               : $(get_local_vrs)"

	echo "Upstream latest version     : $VRS"
	if [ -z "$VARIANT[x64]" ]; then
		echo "Upstream latest variant(x64): $VARIANT[x64]"
	fi
	echo "Upstream latest source      : $SRC"
}



# main

#set -x

set -- $(get_latest_src_package)
SRC="$1"
VRS="$2"

print_output
=== gparted.SlackTrackUpstream =====================
Code:
#!/bin/sh

# Slackware upstream tracking script for gparted

# Copyright 2013  Luiz Ramos, Brazil
# Originally written by Luiz Ramos (lramos.prof@yahoo.com.br)
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PRGNAM=gparted

SRC=""
VRS=""
VARIANT[x64]=""

get_latest_src_package() {
	local _tmpfile=/tmp/slack-upstream.tmp
	local _url="http://gparted.org/"
	wget -q -O ${_tmpfile} ${_url}
	[ $? != 0 ] && return
	local _vrs=$(cat ${_tmpfile} | \
		sed -n -e '/Stable release:/{n;s|.\+GParted \([1234567890\.]\+\).\+|\1|gp;q}')
	local _pkg=$(cat ${_tmpfile} | \
		sed -n -e '/Stable release:/{n;s|.\+href="\(.\+\)gparted-\([1234567890\.]\+\)/".*|\1gparted-\2/gparted-\2.tar.bz2|gp;q}')
	echo "${_pkg}"
	rm -f ${_tmpfile}
	echo "${_vrs}"
}

get_local_vrs() {
	local LOCVRS=$(ls -1 /var/log/packages/$PRGNAM-* | \
		sed -n -e 's/.\+gparted-\([1234567890\.]\+\)-.*/\1/g;p')
	echo $LOCVRS
}

print_output() {
	echo "Local version               : $(get_local_vrs)"

	echo "Upstream latest version     : $VRS"
	if [ -z "$VARIANT[x64]" ]; then
		echo "Upstream latest variant(x64): $VARIANT[x64]"
	fi
	echo "Upstream latest source      : $SRC"
}



# main

#set -x

set -- $(get_latest_src_package)
SRC="$1"
VRS="$2"

print_output
 
Old 11-28-2013, 11:19 PM   #2
nobodino
Senior Member
 
Registered: Jul 2010
Location: Near Bordeaux in France
Distribution: slackware, slackware from scratch, LFS, slackware [arm], linux Mint...
Posts: 1,560

Rep: Reputation: 890Reputation: 890Reputation: 890Reputation: 890Reputation: 890Reputation: 890Reputation: 890
I tried to experiment your script on the first file in the a series "acl" but can't get anything interesting (no last version): see acl.SlackTrackUpstream.
I'm not as experimented as you, so the reason for the failure?

Code:
#!/bin/sh

# Slackware upstream tracking script for wireshark

# Copyright 2013  Luiz Ramos, Brazil
# Originally written by Luiz Ramos (lramos.prof@yahoo.com.br)
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PRGNAM=acl

SRC=""
VRS=""
VARIANT[x64]=""

get_latest_src_package() {
	local _tmpfile=/tmp/slack-upstream.tmp
	local _url="http://download.savannah.gnu.org/releases/acl/"
	wget -q -O ${_tmpfile} ${_url}
	[ $? != 0 ] && return
	local _vrs=$(cat ${_tmpfile} | \
		sed -n -e '/The current stable release of acl is/s|.\+is \([1234567890\.]\+\)\.|\1|gp')
	_pkg="http://download.savannah.gnu.org/releases/acl/acl-${_vrs}.tar.bz2"
	echo "${_pkg}"
#	rm -f ${_tmpfile}
	echo "${_vrs}"
}

get_local_vrs() {
	local LOCVRS=$(ls -1 /var/log/packages/$PRGNAM-* | \
		sed -n -e 's/.\+acl-\([1234567890\.]\+\)-.*/\1/g;p')
	echo $LOCVRS
}

print_output() {
	echo "Local version               : $(get_local_vrs)"

	echo "Upstream latest version     : $VRS"
	if [ -z "$VARIANT[x64]" ]; then
		echo "Upstream latest variant(x64): $VARIANT[x64]"
	fi
	echo "Upstream latest source      : $SRC"
}



# main

#set -x

set -- $(get_latest_src_package)
SRC="$1"
VRS="$2"

print_output

Last edited by unSpawn; 11-29-2013 at 01:28 AM. Reason: //add vBB code
 
Old 11-30-2013, 06:32 AM   #3
Luiz Ramos
LQ Newbie
 
Registered: Jun 2010
Location: São Paulo - Brazil
Distribution: Slackware, Debian, LinuxMint, ArchLinux
Posts: 23

Original Poster
Rep: Reputation: 11
Not supposed to work unless hinting is adapted

Quote:
I tried to experiment your script on the first file in the a series "acl" but can't get anything interesting (no last version): see acl.SlackTrackUpstream.
Yes, it's not supposed to work automatically with every site/URL/package. The tricky thing is to code some heuristics when evaluating _vrs and _pkg.

I managed to tweak your script, and it seems to work now. See below:

Code:
#!/bin/sh

# Slackware upstream tracking script for wireshark

# Copyright 2013  Luiz Ramos, Brazil
# Originally written by Luiz Ramos (lramos.prof@yahoo.com.br)
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PRGNAM=acl

SRC=""
VRS=""
VARIANT[x64]=""

get_latest_src_package() {
	local _tmpfile=/tmp/slack-upstream.tmp
	local _url="http://download.savannah.gnu.org/releases/acl/"
	wget -q -O ${_tmpfile} ${_url}
	[ $? != 0 ] && return
	local _vrs_list=$(cat ${_tmpfile} | \
		sed -n -e '/href\="acl.*.tar.gz"/s|.\+href\="acl-\([1234567890\.]\+\)\.src\+.*\([1234567890]\{2\}-...-[1234567890]\{4\}\ [1234567890:]\{5\}\).*|\1|gp')
	local _pkg_list=$(cat ${_tmpfile} | \
		sed -n -e '/href\="acl.*.tar.gz"/s|.\+href\="\(acl-[1234567890\.]\+\.src.tar.gz\)\+.*\([1234567890]\{2\}-...-[1234567890]\{4\}\ [1234567890:]\{5\}\).*|\1|gp')
	local _pkg=$(echo "$_pkg_list" | tail -1)
	local _vrs=$(echo "$_vrs_list" | tail -1)
	_pkg="${_url}${_pkg}"
	echo "${_pkg}"
	rm -f ${_tmpfile}
	echo "${_vrs}"
}

get_local_vrs() {
	local LOCVRS=$(ls -1 /var/log/packages/$PRGNAM-* | \
		sed -n -e 's/.\+acl-\([1234567890\.]\+\)-.*/\1/g;p')
	echo $LOCVRS
}

print_output() {
	echo "Local version               : $(get_local_vrs)"

	echo "Upstream latest version     : $VRS"
	if [ -z "$VARIANT[x64]" ]; then
		echo "Upstream latest variant(x64): $VARIANT[x64]"
	fi
	echo "Upstream latest source      : $SRC"
}



# main

#set -x

set -- $(get_latest_src_package)
SRC="$1"
VRS="$2"

print_output
I made two assumptions regarding the heuristics of finding the latest version: one is that the most accurate main page of acl is the one you've pointed out. So, there is no page where the upstream developers state explictly what the latest stable version is. I used pages like that in wireshark and gparted. Second, I assumed the latest stable version is the one which is at the bottom of the list. This may not be the case in all cases.

Both assumptions may not hold forever, but until forever don't come, we'll save some time trying to catch up with the latest developments...

And one last thing: I think this case you brought to discuss seems to be a specific instance of the more general case of a project which puts all versions in a directory accessible by http (or even ftp). The script above seem to be proper for a number of other packages.

Thanks, and hopes it works fine.

Luiz
 
Old 12-01-2013, 11:59 AM   #4
nobodino
Senior Member
 
Registered: Jul 2010
Location: Near Bordeaux in France
Distribution: slackware, slackware from scratch, LFS, slackware [arm], linux Mint...
Posts: 1,560

Rep: Reputation: 890Reputation: 890Reputation: 890Reputation: 890Reputation: 890Reputation: 890Reputation: 890
Thanks for debugging my script.
I tried with one other package from sourceforge (acpid2), where the latest is at the top and not at the bottom, the result is an empty line (for the latest), and packages from sourceforge are not so rare.

Last edited by nobodino; 12-01-2013 at 12:23 PM.
 
Old 12-03-2013, 09:39 AM   #5
Luiz Ramos
LQ Newbie
 
Registered: Jun 2010
Location: São Paulo - Brazil
Distribution: Slackware, Debian, LinuxMint, ArchLinux
Posts: 23

Original Poster
Rep: Reputation: 11
A workaround

Hello, nobodino.

Quote:
Originally Posted by nobodino View Post
Thanks for debugging my script.
I tried with one other package from sourceforge (acpid2), where the latest is at the top and not at the bottom, the result is an empty line (for the latest), and packages from sourceforge are not so rare.
Yes, sourceforge packages are in a significant number. Checking directories is a strategy which should apply to this case, and to other as well (see, for instance, ffmpeg). But I still don't have a good solution. We may select the files which has a version information inside its name (excluding "-snapshot", "-current", and so on), and take the one whose number is higher. That's one approach. One which would be better IMHO, would be selecting the same files, but sorting them by date, and taking the most recent.

For acpid2, I managed to do one other trick as a good workaround. If you check this URL: http://sourceforge.net/projects/acpid2/files, there is a phrase telling explictly what the latest version is. I changed your script to get into this page and extract information from that phrase. It worked!

However, doing so, the more general case pictured above will be left for the next days...

Code:
#!/bin/sh

# Slackware upstream tracking script for acpid2

# Copyright 2013  Luiz Ramos, Brazil
# Originally written by Luiz Ramos (lramos.prof@yahoo.com.br)
# All rights reserved.
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are
# met:
#
# * Redistributions of source code must retain the above copyright
# notice, this list of conditions and the following disclaimer.
#
# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
# "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
# LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
# A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
# OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
# LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
# OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

PRGNAM=acpid2

SRC=""
VRS=""
VARIANT[x64]=""

get_latest_src_package() {
	local _tmpfile=/tmp/slack-upstream.tmp
	local _url="http://sourceforge.net/projects/acpid2/files/"
	wget -q -O ${_tmpfile} ${_url}
	[ $? != 0 ] && return
	local _vrs=$(cat ${_tmpfile} | \
		sed -n -e '/Looking for the latest version\?/{n;s|.\+acpid-\([1234567890\.]\+\)\..\+|\1|gp;q}')
	local _pkg=$(cat ${_tmpfile} | \
		sed -n -e '/Looking for the latest version\?/{n;s|.\+href=".\+\(acpid\)-\([1234567890\.]\+\)\.\(tar.xz\): .*|http://sourceforge.net/projects/acpid2/files/\1-\2.\3|gp;q}')
	echo "${_pkg}"
	rm -f ${_tmpfile}
	echo "${_vrs}"
}

get_local_vrs() {
	local LOCVRS=$(ls -1 /var/log/packages/$PRGNAM-* | \
		sed -n -e 's/.\+gparted-\([1234567890\.]\+\)-.*/\1/g;p')
	echo $LOCVRS
}

print_output() {
	echo "Local version               : $(get_local_vrs)"

	echo "Upstream latest version     : $VRS"
	if [ -z "$VARIANT[x64]" ]; then
		echo "Upstream latest variant(x64): $VARIANT[x64]"
	fi
	echo "Upstream latest source      : $SRC"
}



# main

#set -x

set -- $(get_latest_src_package)
SRC="$1"
VRS="$2"

print_output
Thanks,

Luiz
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Need Suggestion regarding Process Tracking? your_shadow03 Linux - Newbie 2 11-19-2009 10:57 PM
regarding tracking file creation and updates on linux networking environment pjchoudary Linux - Networking 1 07-19-2008 12:04 AM
LXer: Installing and tracking software updates with toast LXer Syndicated Linux News 0 04-24-2008 02:10 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware

All times are GMT -5. The time now is 08:27 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration