home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.ac-grenoble.fr
/
2015.02.ftp.ac-grenoble.fr.tar
/
ftp.ac-grenoble.fr
/
pub
/
slis
/
updates_4.0_rsync
/
slis_update-4.0
< prev
next >
Wrap
Text File
|
2007-08-19
|
11KB
|
328 lines
#!/bin/bash
# This script is part of the SLIS Project initiated by the CARMI-Internet
# (AcadΘmie de Grenoble - France 38).
# Ce script fait partie du projet SLIS dΘmarrΘ par le CARMI-Internet
# (AcadΘmie de Grenoble - France 38).
#
# SLIS : Serveur de communications Linux pour l'Internet Scolaire.
# Copyright (C) 1998-2003 Bruno Bzeznik
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
# You should have received a copy of the GNU General Public License
# along with this program (For example ./COPYING);
# if not, write to the Free Software Foundation, Inc., 675 Mass Ave,
# Cambridge, MA 02139, USA.
#
# Please send all comments and bug reports by electronic mail to:
# Bruno Bzeznik <Bruno@ac-grenoble.fr>
# or to <slis@ac-grenoble.fr>
#
# Envoyez vos suggestions et reports de bugs par e-mail α
# Bruno Bzeznik <Bruno@ac-grenoble.fr>
# ou α <slis@ac-grenoble.fr>
#
# Contact: Olivier.LeCam@crdp.ac-versailles.fr
#
# Comments:
# This script is run by the crontab once a night for upgrading the SLIS
# The SLIS admin can also run it at any moment it through the interface
# NB: The kernel upgrade can be done overnight only (bettween 0-6)
#
# Updates:
# olecam: Dec 13, 2005: script adapted to SLIS v4
# olecam: Jan 5, 2006: messages resulting of a failed apt-get are now logged to help debugging
# olecam: Jan 6, 2006: check against freezed updates (lock)
# olecam: Jan 6, 2006: get debconf less curious
# olecam: Feb 7, 2007: improved exception processing in blacklist updates
#
# Various variables
#
LOCKFILE="/var/lock/slis/slis_update-4.0"
LOGTAG="slis_update-4.0[$$]"
SLIS_LIB="/usr/sbin/slis-sys.inc.bash"
SCRIPT_STATUS_MSG="Script 'slis_update' version 4.0"
SQUIDGUARD_DB_PATH="/var/lib/squidguard/db"
SLIS_UPDATE_SQUIDGUARD="slis_update_squidguard"
BLACKLISTS="academie adult agressif audio-video dangerous_material drogue forums \
gambling hacking mobile-phone phishing publicite radio redirector \
strict_redirector strong_redirector tricheur warez webmail"
REBOOT_MANDOTORY=0
ERRCODE=0
#
# Load the SLIS library
#
if [ -f $SLIS_LIB ]
then
. $SLIS_LIB
else
MSG="Error: $SLIS_LIB not found."
/usr/bin/logger -t "$LOGTAG" "$MSG"
/bin/echo "$MSG"
/usr/bin/logger -t "$LOGTAG" "$SCRIPT_STATUS_MSG: failed."
exit 1
fi
#
# Load the variables
#
load_config
if [ "$SLIM_MAX_AGE" = "" ]
then
# This is the maximum number of seconds you think
# a monitor must leave before suspecting it to be
# freezed.
SLIM_MAX_AGE=36000
fi
if [ "$SLIM_RETRY_TIME" = "" ]
then
# This is the max number of time the script will try
# to relock when already locked
SLIM_RETRY_TIME=360
fi
#/bin/echo "[$PATH]" |/usr/bin/logger -t "$LOGTAG"
#
# Locking
#
LOCK_OUTPUT=`/usr/bin/lockfile -1 -r 3 -l $SLIM_MAX_AGE -s 0 $LOCKFILE 2>&1`; LOCK_RC=$?
#
# If unable to lock (recent lock file found)
#
if [ "$LOCK_RC" != "0" ]
then
MSG="Error: Lock found: update already running!"
/usr/bin/logger -t "$LOGTAG" "$MSG"
/bin/echo "$MSG"
/usr/bin/logger -t "$LOGTAG" "$SCRIPT_STATUS_MSG: failed."
exit 1
fi
#
# If a very old lock file is found
#
if [ "`/bin/echo $LOCK_OUTPUT |/bin/grep -i "forcing lock"`" != "" ]
then
/usr/bin/logger -t "$LOGTAG" "Warning: forcing lock and killing possibly sleeping processes."
# Perhaps some processes are freezed?
/usr/bin/killall apt-get 2>/dev/null
/bin/sleep 1
/usr/bin/killall dpkg-preconfigure 2>/dev/null
/bin/sleep 1
# Try to lock another time while waiting for the previous one to finish
/usr/bin/lockfile -5 -r $SLIM_RETRY_TIME $LOCKFILE ; LOCK_RC=$?
if [ "$LOCK_RC" != "0" ]
then
MSG="Error: second try for locking failed"
/usr/bin/logger -t "$LOGTAG" "$MSG!"
/bin/echo "$LOGTAG" |/usr/bin/mail "$SLISMASTER" -s "Update: $MSG: $HOSTNAME"
/bin/echo "$MSG"
/usr/bin/logger -t "$LOGTAG" "$SCRIPT_STATUS_MSG: failed."
exit 1
fi
fi
/usr/bin/logger -t "$LOGTAG" "$SCRIPT_STATUS_MSG: starting..."
/usr/bin/logger -t "$LOGTAG" "=== PLEASE WAIT. DO NOT USE SLIS WHILE UPDATING ==="
#
# Make updates
#
/usr/bin/logger -t "$LOGTAG" "APT: Updating package index files from the dpkg sources..."
APT_RESULT=`/usr/bin/apt-get -qq update 2>&1`
if [ $? != 0 ]
then
/usr/bin/logger -t "$LOGTAG" "ERROR: apt-get update failed. See report below:"
/bin/echo -n "$APT_RESULT" |/usr/bin/logger -t "$LOGTAG"
ERRCODE=1
else
#
# APT upgrade
#
# Ensure that we only are asked "critical" questions
export DEBIAN_PRIORITY=critical
# export DEBIAN_FRONTEND=text
export DEBIAN_FRONTEND=teletype
# export DEBCONF_DEBUG=developer
# To be even more nasty, use:
# DEBIAN_FRONTEND=noninteractive
# which should ask *no* question (at least not through debconf)
# # Get the list of upgrade candidates
# APT_RESULT=`apt-get -dsy upgrade 2>&1`
# CANDIDATES=`echo -n "$APT_RESULT" |grep Inst |awk '{print $2}' |tr '\n' ' '`
#
# if [ "$CANDIDATES" == "" ] ; then
# logger -t "$LOGTAG" "APT: Upgrading packages: none (system is up-to-date)"
# else
# logger -t "$LOGTAG" "APT: Upgrading packages: $CANDIDATES"
# logger -t "$LOGTAG" "APT: Be patient, this can take time!..."
# apt-get --force-yes -y -qq upgrade 2>&1 |logger -t "$LOGTAG"
## APT_RESULT=`apt-get -y -qq upgrade 2>&1`
## if [ $? != 0 ]
## then
## logger -t "$LOGTAG" "ERROR: apt-get upgrade failed. See report below:"
## echo -n "$APT_RESULT" |logger -t "$LOGTAG"
## else
## logger -t "$LOGTAG" "APT: Packages upgrading terminated."
## fi
# fi
#
# #
# # APT dist-upgrade (executed only when it's nighttime)
# #
# declare -i HOUR
# HOUR=`date +%k`
# if [ $HOUR -lt 6 ]
# then
# logger -t "$LOGTAG" "Well, it's nighttime, let's check for a kernel update..."
#
# # Get the list of dist-upgrade candidates
# APT_RESULT=`apt-get -dsy dist-upgrade 2>&1`
# CANDIDATES=`echo -n "$APT_RESULT" |grep Inst |awk '{print $2}' |tr '\n' ' '`
#
# if [ "$CANDIDATE" == "" ] ; then
# logger -t "$LOGTAG" "APT: Upgrading kernel: none (kernel is up-to-date)"
# else
# logger -t "$LOGTAG" "APT: Upgrading kernel: $CANDIDATE"
# APT_RESULT=`apt-get -y -qq dist-upgrade 2>&1`
# if [ $? != 0 ]
# then
# logger -t "$LOGTAG" "ERROR: apt-get dist-upgrade failed. See report below:"
# echo -n "$APT_RESULT" |logger -t "$LOGTAG"
# else
# logger -t "$LOGTAG" "APT: Kernel upgrading terminated."
# logger -t "$LOGTAG" "KERNEL UPDATED. REBOOT PLANNED IN ONE MINUTE..."
# /sbin/shutdown -r +1
# fi
# fi
# fi
#
# APT dist-upgrade. Install also kernel-image updates, but if any wait nighttime to reboot.
#
# Get the list of dist-upgrade candidates
APT_RESULT=`/usr/bin/apt-get -dsy dist-upgrade 2>&1`
CANDIDATES=`/bin/echo -n "$APT_RESULT" |/bin/grep Inst |/usr/bin/awk '{print $2}' |/usr/bin/tr '\n' ' '`
if [ "$CANDIDATES" == "" ] ; then
/usr/bin/logger -t "$LOGTAG" "APT: Upgrading packages: none (system is up-to-date)."
else
/usr/bin/logger -t "$LOGTAG" "APT: Upgrading packages: $CANDIDATES"
/usr/bin/logger -t "$LOGTAG" "APT: Be patient, this may take a long time!..."
/usr/bin/apt-get --force-yes -y -qq dist-upgrade 2>&1 |/usr/bin/logger -t "$LOGTAG"
[ $? != 0 ] && ERRCODE=1
/usr/bin/logger -t "$LOGTAG" "APT: Packages upgrading terminated."
if [ "$(/bin/echo "$CANDIDATES" |/bin/grep kernel-image)" != "" ]
then
# A kernel update has been installed - Reboot now if it's nighttime or
# do it later.
HOUR=`/bin/date +%k`
if [ $HOUR -lt 6 ]
then
/usr/bin/logger -t "$LOGTAG" "Kernel updated: a reboot is mandotory after the SLIS update..."
REBOOT_MANDOTORY=1
else
/usr/bin/logger -t "$LOGTAG" "Kernel updated: the SLIS will reboot tonight..."
/sbin/shutdown -r now |at 0100
fi
fi
if [ "$(/bin/echo "$CANDIDATES" |/bin/grep slis-update)" != "" ]
then
# slis-update has been upgraded - Reboot now if it's nighttime or
# do it later.
HOUR=`/bin/date +%k`
if [ $HOUR -lt 6 ]
then
/usr/bin/logger -t "$LOGTAG" "slis-update upgraded: a reboot is mandotory after the SLIS update..."
REBOOT_MANDOTORY=1
else
/usr/bin/logger -t "$LOGTAG" "slis-update upgraded: the SLIS will reboot tonight..."
/sbin/shutdown -r 01:00 &
fi
fi
fi
fi
#
# Update the squidGuard databases
#
HOUR=`/bin/date +%k`
if [ -e $SQUIDGUARD_DB_PATH ] && [ $HOUR -lt 8 ]
then
/usr/bin/logger -t "$LOGTAG" "Downloading the URL blacklist databases update..."
cd $SQUIDGUARD_DB_PATH
for blacklist in $BLACKLISTS
do
USE_OLD=0
/bin/mv -f $blacklist.tar.gz $blacklist.tar.gz.backup
/usr/bin/rsync --timeout=30 rsync://$RSYNC_HOST/$RSYNC_MODULE/$blacklist.tar.gz . >/dev/null 2>&1
if [ "$?" = "0" ] && [ -f $blacklist.tar.gz ]
then
/bin/tar xfz $blacklist.tar.gz
RC=$?
if [ "$RC" != "0" ]
then
/usr/bin/logger -t "$LOGTAG" "Error: '$blacklist' dabatase corrupted: keeping the old version."
USE_OLD=1
fi
else
/usr/bin/logger -t "$LOGTAG" "Warning: '$blacklist' database update could not be transfered from the central update server: keeping the old version"
USE_OLD=1
fi
if [ "$USE_OLD" = "1" ]
then
rm -f $blacklist.tar.gz
/bin/mv -f $blacklist.tar.gz.backup $blacklist.tar.gz
if [ -f $blacklist.tar.gz ]
then
/bin/tar xfz $blacklist.tar.gz
[ "$?" != "0" ] && echo "FATAL: the backuped '$blacklist' database is also corrupted. Skipping..."
else
echo "FATAL: '$blacklist' has no backup. Skipping..."
fi
else
/bin/rm -f $blacklist.tar.gz.backup
fi
done
/bin/rm -f *.backup
/usr/bin/logger -t "$LOGTAG" "Compiling the URL blacklist databases (be patient!)..."
$SLIS_BINDIR/$SLIS_UPDATE_SQUIDGUARD >/dev/null 2>&1
fi
#
# Ending script
#
if [ "$REBOOT_MANDATORY" = "1" ]
then
/sbin/shutdown -r +1
/usr/bin/logger -t "$LOGTAG" "$SCRIPT_STATUS_MSG: successed. Reboot planned in one minute."
else
/usr/bin/logger -t "$LOGTAG" "$SCRIPT_STATUS_MSG: successed"
fi
/bin/rm -f $LOCKFILE
exit $ERRCODE