From aad26948aca9fbb0005ee549ce351e8afb3b221a Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sun, 6 Jul 2014 17:53:54 +0200 Subject: [PATCH 1/3] Fix updian_uri typo in example config file --- updian/config.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/updian/config.py b/updian/config.py index b9bfb05..c0b99ad 100644 --- a/updian/config.py +++ b/updian/config.py @@ -48,7 +48,7 @@ secret_key = {secret_key} # url to your installation (used for hyperlinking in mails) -updian_url = http://192.168.0.254/updian/ +updian_uri = http://192.168.0.254/updian/ # send infomails: true|false mail_active = true From c8f6d1aef6c756f14fda084c7678c472cdc18296 Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 12 Jul 2014 13:42:42 +0200 Subject: [PATCH 2/3] updian-rsh: Update allowed command lines They have changed in the course of the Python rewrite. Also, log everything to syslog. --- updian-rsh | 30 ++++++++++++++++++++++-------- 1 file changed, 22 insertions(+), 8 deletions(-) diff --git a/updian-rsh b/updian-rsh index eac3b0b..c467ee5 100755 --- a/updian-rsh +++ b/updian-rsh @@ -1,22 +1,36 @@ #/bin/bash +# +# updian-rsh: Updian Restriced Shell +# -# Updian Restriced Shell +# Send message to stdout and syslog +function msg { + echo $1 | logger + echo $1 +} + +echo "$0: Invoked by process $PPID" | logger if [[ -z $SSH_ORIGINAL_COMMAND ]] then - echo "Updian Restriced Shell: Interactive shell not allowed" + msg "$0: Interactive shell not allowed" exit 1 fi case $SSH_ORIGINAL_COMMAND in - "apt-get update -qq" | "apt-get upgrade -s" \ - | "export DEBIAN_FRONTEND=noninteractive && apt-get upgrade -y --force-yes" \ - | "apt-get autoclean" | "checkrestart" \ - | "yum check-update -q" | "yum update -y --skip-broken") - bash -c "$SSH_ORIGINAL_COMMAND" + '/bin/bash -c "test -x /usr/bin/yum"' \ + | '/bin/bash -c "test -x /usr/bin/apt-get"' \ + | '/bin/bash -c "yum check-update -q"' \ + | '/bin/bash -c "yum -y update"' \ + | '/bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get update -qq"' \ + | '/bin/bash -c "DEBIAN_FRONTEND=noninteractive apt-get upgrade -s | grep Inst"' \ + | '/bin/bash -c "PAGER=cat DEBIAN_FRONTEND=noninteractive apt-get --yes -o Dpkg::Options::=\"--force-confdef\" -o Dpkg::Options::=\"--force-confold\" upgrade"' \ + ) + echo "$0: Executing: $SSH_ORIGINAL_COMMAND" | logger + eval $SSH_ORIGINAL_COMMAND ;; *) - echo "Updian Restriced Shell: Command not allowed: $SSH_ORIGINAL_COMMAND" + msg "$0: Command not allowed: $SSH_ORIGINAL_COMMAND" exit 2 ;; esac From 1679932b2eb4a0778c43ccbfcb809b66a80a2d8d Mon Sep 17 00:00:00 2001 From: Jakob Unterwurzacher Date: Sat, 12 Jul 2014 14:52:55 +0200 Subject: [PATCH 3/3] Improve error reporting when no backend is found This used to spit out File "updian/fabric_utils.py", line 52, in _detect_backend backend = available_backends[0] IndexError: list index out of range now we get at least UnknownBackendError: Unknown backend: None Note that the actual problem is usually a missing (or not executable) updian-rsh on the remote side. --- updian/fabric_utils.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/updian/fabric_utils.py b/updian/fabric_utils.py index e23ab04..3e8f132 100644 --- a/updian/fabric_utils.py +++ b/updian/fabric_utils.py @@ -48,6 +48,9 @@ def _detect_backend(): raise RuntimeError('Auto-detection of package manager returned ' 'ambiguous results. More than one package ' 'manager found on %s.' % fabric.api.env.host) + # No backends found + elif len(available_backends) == 0: + return None backend = available_backends[0]