home
***
CD-ROM
|
disk
|
FTP
|
other
***
search
/
ftp.ac-grenoble.fr
/
2015.02.ftp.ac-grenoble.fr.tar
/
ftp.ac-grenoble.fr
/
pub
/
slis
/
updates_4.1_rsync
/
slis_update-4.1
< prev
next >
Wrap
Text File
|
2009-09-13
|
7KB
|
230 lines
#!/bin/bash
# This script is part of the SLIS Project initiated by the CARMI-Internet
# (AcadΘmie de Grenoble - France 38).
# Ce script fait partie du projet SLIS dΘmarrΘ par le CARMI-Internet
# (AcadΘmie de Grenoble - France 38).
#
# Contact: Philippe Le Brouster <plb@ac-grenoble.fr>
#
# Comments:
# This script is run by the crontab once a night for upgrading the SLIS
# The SLIS admin can also run it at any moment it through the interface
# NB: The kernel upgrade can be done overnight only (bettween 0-6)
#
# Updates:
# olecam: Dec 13, 2005: script adapted to SLIS v4
# olecam: Jan 5, 2006: messages resulting of a failed apt-get are now logged to help debugging
# olecam: Jan 6, 2006: check against freezed updates (lock)
# olecam: Jan 6, 2006: get debconf less curious
# olecam: Feb 7, 2007: improved exception processing in blacklist updates
# plb: Jul 30, 2008: adaptation to SLIS 4.1
# plb: sep 4, 2008: some fixes according to buxy advice.
# TODO : Add 'apt-get autoremove' for lenny.
# TODO : Add 'apt-get clean' to not keep useless debian package in the dpkg cache.
#
# Various variables
#
LOCKFILE="/var/lock/slis/slis_update-4.1"
LOGTAG="slis_update-4.1[$$]"
SLIS_LIB="/usr/share/slis/slis-common.sh"
SCRIPT_STATUS_MSG="Script 'slis_update' version 4.1"
SQUIDGUARD_DB_PATH="/var/lib/squidguard/db"
SLIS_UPDATE_SQUIDGUARD="slis_update_squidguard"
BLACKLISTS="academie adult agressif audio-video dangerous_material drogue forums \
gambling hacking mobile-phone phishing publicite radio redirector \
strict_redirector strong_redirector tricheur warez webmail"
REBOOT_MANDATORY=0
ERRCODE=0
write_to_log()
{
logger -t "$LOGTAG" $*
}
send_to_slismaster()
{
echo "$*" | mail "$SLISMASTER" -s "`hostname` : Update: $LOGTAG"
}
exit_this_update()
{
write_to_log $*
send_to_slismaster $*
write_to_log "$SCRIPT_STATUS_MSG: failed."
exit 1
}
#
# Load the SLIS library
#
if [ -f $SLIS_LIB ]; then
. $SLIS_LIB
else
exit_this_update "Error: $SLIS_LIB not found."
fi
#
# Load the variables
#
load_slis_config
# This is the maximum number of seconds you think
# a monitor must leave before suspecting it to be
# freezed.
[ "$SLIM_MAX_AGE" = "" ] && SLIM_MAX_AGE=36000
# This is the max number of time the script will try
# to relock when already locked
[ "$SLIM_RETRY_TIME" = "" ] && SLIM_RETRY_TIME=360
#
# Locking
#
LOCK_OUTPUT=`lockfile -1 -r 3 -l $SLIM_MAX_AGE -s 0 $LOCKFILE 2>&1`;
[ "$?" != "0" ] && exit_this_update "Error: Lock found: update already running!"
#
# If a very old lock file is found
#
if [ "`echo $LOCK_OUTPUT | grep -i "forcing lock"`" != "" ]; then
write_to_log "Warning: forcing lock and killing possibly sleeping processes."
# Perhaps some processes are freezed?
killall apt-get 2>/dev/null
sleep 1
killall dpkg-preconfigure 2>/dev/null
sleep 1
[ "`dpkg -C`" != "" ] && exit_this_update "Warning: Some packages not installed correctly";
# Then if the lock is older than 10 days, remove the lockfile and lock again.
LOCKFILE_OLD=`find $LOCKFILE -nowarn -ctime +10 -print`
if [ "$LOCKFILE_OLD" != "" ]; then
write_to_log "Info: Very old lock found (more than 10 days), removing it."
rm -f $LOCKFILE
fi
# Try to lock another time while waiting for the previous one to finish
lockfile -5 -r $SLIM_RETRY_TIME $LOCKFILE
[ "$?" != "0" ] && exit_this_update "Error: second try for locking failed"
fi
write_to_log "$SCRIPT_STATUS_MSG: starting..."
write_to_log "=== PLEASE WAIT. DO NOT USE SLIS WHILE UPDATING ==="
#
# Make updates
#
write_to_log "APT: Updating package index files from the dpkg sources..."
APT_RESULT=`apt-get -qq update 2>&1`
if [ $? != 0 ]; then
write_to_log "ERROR: apt-get update failed. See report below:"
echo -n "$APT_RESULT" | logger -t "$LOGTAG"
ERRCODE=1
else
#
# APT upgrade
#
# Ensure that no question will be asked for
export DEBIAN_FRONTEND=noninteractive
DPKG_OPTS='-o Dpkg::Options::=--force-confdef -o Dpkg::Options::=--force-confold'
# Get the list of dist-upgrade candidates
APT_RESULT=`apt-get -dsy dist-upgrade 2>&1`
CANDIDATES=`echo -n "$APT_RESULT" | grep Inst | awk '{print $2}' | tr '\n' ' '`
if [ "$CANDIDATES" = "" ]; then
write_to_log "APT: Upgrading packages: none (system is up-to-date)."
else
write_to_log "APT: Upgrading packages: $CANDIDATES"
write_to_log "APT: Be patient, this may take a long time!..."
RES=$(tempfile)
apt-get $DPKG_OPTS --force-yes -y -qq dist-upgrade 2>&1 > $RES
ERRCODE=$?
cat $RES |/usr/bin/logger -t "$LOGTAG"
rm $RES
if [ $ERRCODE != 0 ]; then
exit_this_update "Error: apt-get failed when dist-upgrading. See /var/log/syslog"
fi
write_to_log "APT: Packages upgrading terminated."
if [ "$(echo "$CANDIDATES" | grep linux-image)" != "" ]; then
# Reboot the machine if needed
if [ "$SLIS_VIRTUALIZATION" = "none" ]; then
write_to_log "slis-update upgraded: a reboot is MANDATORY after the SLIS update..."
REBOOT_MANDATORY=1
fi
fi
NEW_KERNEL=`echo \"$CANDIDATES\" | grep linux-image `
if [ "$NEW_KERNEL" != "" ]; then
# Reboot the machine if needed
if [ "$SLIS_VIRTUALIZATION" = "none" ]; then
write_to_log "slis-update upgraded: a reboot is MANDATORY after the SLIS update..."
REBOOT_MANDATORY=1
fi
fi
fi
fi
#
# Update the squidGuard databases
#
HOUR=`date +%k`
if [ -e $SQUIDGUARD_DB_PATH ] && [ $HOUR -lt 8 ]; then
write_to_log "Downloading the URL blacklist databases update..."
cd $SQUIDGUARD_DB_PATH
for blacklist in $BLACKLISTS; do
USE_OLD=0
cp -a $blacklist.tar.gz $blacklist.tar.gz.backup
rsync --timeout=30 rsync://$RSYNC_HOST/$RSYNC_MODULE/$blacklist.tar.gz . >/dev/null 2>&1
if [ "$?" = "0" ] && [ $blacklist.tar.gz -nt $blacklist.tar.gz.backup.gz ]; then
tar xfz $blacklist.tar.gz
RC=$?
if [ "$RC" != "0" ]; then
write_to_log "Error: '$blacklist' dabatase corrupted: keeping the old version."
USE_OLD=1
fi
else
write_to_log "Warning: '$blacklist' database update could not be transfered from the central update server: keeping the old version"
USE_OLD=1
fi
if [ "$USE_OLD" = "1" ]; then
rm -f $blacklist.tar.gz
mv -f $blacklist.tar.gz.backup $blacklist.tar.gz
if [ -f $blacklist.tar.gz ]; then
tar xfz $blacklist.tar.gz
[ "$?" != "0" ] && echo "FATAL: the backuped '$blacklist' database is also corrupted. Skipping..."
else
echo "FATAL: '$blacklist' has no backup. Skipping..."
fi
else
rm -f $blacklist.tar.gz.backup
fi
done
rm -f *.backup
write_to_log "Compiling the URL blacklist databases (be patient!)..."
$SLIS_UPDATE_SQUIDGUARD >/dev/null 2>&1
fi
#
# Ending script
#
if [ "$REBOOT_MANDATORY" = "1" ]; then
echo 'shutdown -r +1' | at 4am tomorrow
write_to_log "$SCRIPT_STATUS_MSG: successed. Reboot planned tomorrow at 4 a.m"
else
write_to_log "$SCRIPT_STATUS_MSG: successed"
fi
rm -f $LOCKFILE
exit $ERRCODE